Synchronous Dynamic Password Tokens

A.

Synchronous dynamic password tokens: - The token generates a new password value at fixed time intervals (this password could be the time of day encrypted with a secret key)

- the unique password is entered into a system or workstation along with an owner's PIN.

- The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is valid and that it was entered during the valid time window.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.

Synchronous dynamic password tokens are commonly used for authentication purposes in computer systems, networks, and other digital environments. These tokens generate a unique password value that changes at fixed time intervals and is used to authenticate a user's identity.

Option A: "The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key)" is the correct answer. The synchronous dynamic password token generates a new password value at fixed time intervals, usually every 30 or 60 seconds. The token uses a secret key to encrypt the current time and generate a unique password value. The token's secret key is known by both the token and the authentication entity (such as a server or a workstation) that verifies the password's validity.

Option B: "The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key)" is incorrect. The password generated by a synchronous dynamic password token is always unique, and its value changes every time interval. If the password value was not unique, an attacker could potentially guess the password value based on previous values generated by the token.

Option C: "The unique password is not entered into a system or workstation along with an owner's PIN" is incorrect. To authenticate a user's identity, the user must enter both the password generated by the token and a personal identification number (PIN) associated with their account. The authentication entity then verifies the entered password and PIN against the user's account information.

Option D: "The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window" is incorrect. The authentication entity does not know the owner's secret key, only the token does. The authentication entity verifies the entered password and PIN against the user's account information and checks whether the entered password is valid within the current time window.

In summary, synchronous dynamic password tokens generate a new unique password value at fixed time intervals using a secret key and are used with a user's personal identification number (PIN) for authentication purposes. Option A is the correct answer.