Reference document

Hardware Security Token

The Hardware Security Tokens is a physical device used to enable physical access to buildings and controlled spaces and/or to support logical access control in a cyber environment. Hardware Security Tokens are used in addition to or in place of a password to prove that the user is who he/she claims to be. Information stored on or generated by this equipment act like an electronic key to access a requested resource. Hardware Security Tokens can be further categorized into disconnected and connected tokens. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via a keyboard or keypad. Some may be equipped with small keypads to allow entry of a PIN or a simple button to start a generating routine. Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification. Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. Tokens in this category automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information. Authentication information stored on the token may include cryptographic keys, such as a digital signature, or biometric data, such as fingerprint minutiae. In order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader (typically with RFID functions or Bluetooth wireless interface) and a USB port respectively.

User Identification Equipment