What is a token and why is it needed?

Humanity is constantly inventing new methods of protection against intruders. One of them is a USB token. What is the mechanism of its work? What is he like? What is a token in general? Here is a short list of issues that we will consider.

What is a token?

This is the name of a hardware device that can form a key pair and put an electronic digital signature. In order for it to be able to perform operations, you must enter the PIN code. However, for its interaction with the computer, you do not need to install various add-ons or drivers. The token in this case is determined by the computer as a HID device. It also often has a small data warehouse as additional functionality. But its main goal is to act as a key repository. It will be very difficult for an attacker to find a password due to the fact that after a third unsuccessful attempt to enter it, it will be blocked. This is what a token is.

Other functions

In addition to the options already considered, this device can perform other tasks that are assigned to it. Among them:

1. Encryption / decryption of data using a / symmetric algorithm.
2. Formation and verification of EDS.
3. Data hashing.
4. Generation of encryption keys.

To complete the image of the token, it can be represented in the form of a “black box”. So, during cryptographic operations, the data is input, it is converted in the device itself (the key is used for this) and transmitted to the output. Tokens have quite a lot in common with microcomputers. So, information is supplied and displayed using a USB port, the device has its own operational and long-term (and also protected) memory, as well as its own processor.

About passwords

They have become classics of our time. The main advantage of passwords that make them so common is the ease of use. But our forgetfulness, transmission using unprotected channels, their typing on the keyboard, predictability and many other aspects cast doubt on our security. The encryption problem is also acute. Let's look at a 256-bit cryptographic key. If you use a pseudo-random number generator, then the resulting password will have good statistical properties. And what are the combinations that people choose to protect their data? In many cases, passwords are words from the dictionary or something important for them (their name, date of birth, etc.).

It is enough to read the news about the next hacking of the database of a large site or company and see what combinations people choose for themselves. Very often there are numbers in a row, starting from one, or the combination of a name and a year of birth. This is certainly very bad. For such cases, the use of tokens is provided. After all, they will be able to protect data at the highest level using the recommended parameters, when it will be difficult for attackers to simply pick up a password. After all, the token code will be compiled in accordance with all the rules of cryptographic protocols. An example is authentication. Due to the fact that the principle "any of the thousands" will be implemented, even if the attacker intercepts traffic or the database disappears from the server, the offender is so unlikely to have a chance of success that it can be called non-existent. In addition, you can forget the password, but the key is not. After all, it will be stored on the token.

Data encryption

We examined what a token is, now let's look at how the specified security system works. The data itself is encrypted using a cryptographic key.It, in turn, is password protected. The latter does not always satisfy the safety requirements and can also be successfully forgotten. In this case, there are two options:

1. The key is on the token, while it does not leave the device. This option is suitable when there is a small amount of information. In this case, we have a low decryption speed and the fact that it is practically impossible to extract it from the intruder.
2. The key is on the device, and when the data is encrypted, it is transferred to the RAM. This option is used when working with a large amount of data. It is possible to get a key in this case. But this is not an easy task - all the same password is easier to steal.

If you want to get a token, then you need to understand that you will have to pay for it. Despite the fact that these devices can perform a number of different cryptographic operations, which are quite difficult for most people to understand, the use of such devices will not create problems, because this process is intuitive. The user does not need specialized specialized knowledge, as well as understanding what is happening in the token.

Conclusion

So we examined what a token is. In theory, distributing this security solution in the future will help to avoid cases where valuable data or passwords are stolen. Ultimately, this will result in an increase in security.