Challenge-Response Tokens Generation

A.

Challenge-response tokens are: - A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN.

- The token generates a response that is then entered into the workstation or system.

- The authentication mechanism in the workstation or system then determines if the owner should be authenticated.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37

Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137).

Challenge-response token generation is a method of authentication that involves the use of a token, a hardware device or software application, that generates a random challenge string. This challenge string is then presented to the user, who must enter it into the token along with the correct PIN in order to authenticate.

Option A describes this process accurately. A workstation or system generates a random challenge string, which is presented to the user. The user then enters this challenge string into the token, along with the proper PIN, to authenticate.

Option B is incorrect because a random login id is not part of the challenge-response token generation process.

Option C describes the use of a special hardware device that generates random text in a cryptography system. While this device may be used in the authentication process, it is not specific to challenge-response token generation.

Option D is incorrect because challenge-response token generation is a method of authentication that is used to determine if the owner should be authenticated.

In summary, the correct answer is A. Challenge-response token generation involves the use of a workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.