Which of the following would be true about Static password tokens?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Password Tokens - Tokens are electronic devices or cards that supply a user's password for them.
A token system can be used to supply either a static or a dynamic password.
There is a big difference between the static and dynamic systems, a static system will normally log a user in but a dynamic system the user will often have to log themselves in.
Static Password Tokens: The owner identity is authenticated by the token.
This is done by the person who issues the token to the owner (normally the employer)
The owner of the token is now authenticated by "something you have"
The token authenticates the identity of the owner to the information system.
An example of this occurring is when an employee swipes his or her smart card over an electronic lock to gain access to a store room.
Synchronous Dynamic Password Tokens: This system is a lot more complex then the static token password.
The synchronous dynamic password tokens generate new passwords at certain time intervals that are synched with the main system.
The password is generated on a small device similar to a pager or a calculator that can often be attached to the user's key ring.
Each password is only valid for a certain time period, typing in the wrong password in the wrong time period will invalidate the authentication.
The time factor can also be the systems downfall.
If a clock on the system or the password token device becomes out of synch, a user can have troubles authenticating themselves to the system.
Asynchronous Dynamic Password Tokens: The clock synching problem is eliminated with asynchronous dynamic password tokens.
This system works on the same principal as the synchronous one but it does not have a time frame.
A lot of big companies use this system especially for employee's who may work from home on the companies VPN (Virtual private Network)
Challenge Response Tokens: This is an interesting system.
A user will be sent special "challenge" strings at either random or timed intervals.
The user inputs this challenge string into their token device and the device will respond by generating a challenge response.
The user then types this response into the system and if it is correct they are authenticated.
Reference(s) used for this question: http://www.informit.com/guides/content.aspx?g=security&seqNum=146 and KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.
Static password tokens are a form of authentication tokens that generate one-time passwords based on a static password. The answer to this question is option C: "The owner will authenticate himself to the system."
A static password token works by generating a one-time password based on a secret passphrase or PIN entered by the user. The user enters the PIN into the token, which uses it to generate a unique, one-time password. This password is then used to authenticate the user to the system.
Static password tokens are different from dynamic password tokens, which generate passwords based on a random seed value. With dynamic password tokens, the token itself authenticates the user to the system, while with static password tokens, the user authenticates themselves to the system using the one-time password generated by the token.
Option A is incorrect because the token does not authenticate the owner's identity directly; rather, it generates a one-time password that the user enters to authenticate themselves to the system.
Option B is also incorrect because the owner will indeed be authenticated by the token, but only indirectly, by using the one-time password generated by the token to authenticate themselves to the system.
Option D is incorrect because the token does not authenticate the system; rather, it generates a one-time password that the user uses to authenticate themselves to the system.
In summary, static password tokens are a form of authentication token that generate one-time passwords based on a static password entered by the user. The user then uses the one-time password to authenticate themselves to the system.