Hard Authentication Tokens
A hard authentication token is an authentication token generated by a cryptoprocessor on a dedicated hardware device.
- authentication design means that there is no transmission of the token itself
- Several device-based authenticators can be used to implement hard tokens:
- smart cards
- implement certificate-based authentication
- stores:
- user’s digital certificate
- private key associated with the certificate
- and a personal identification number (PIN) used to activate the card
- must be presented to a reader
- card types
- physical contact
- contactless near-field communication (NFC)
- One-time password (OTP)
- refers to a cryptoprocessor that can generate a token
- does not need an interface to connect with a computer
- user just reads the code displayed
- Security key
- refers to a portable hardware security module (HSM) with a computer interface
- most closely associated with U2F,
- some might also support certificate-based authentication or HOTP/TOTP
- must be activated to show presence
- Some keys just have an activation button, but most use a biometric fingerprint reader for better security
- PIN must also be configured as a backup mechanism
- smart cards
Info
There are also simpler smart cards and fobs that simply transmit a static token programmed into the device.
- For example, many building entry systems work on the basis of static codes
- These mechanisms are highly vulnerable to cloning and replay attacks