Ver:
· Mochila
Componente
hardware o software diseñado para almacenar y proteger información
criptográfica. [CCN-STIC-430:2006]
En el
contexto de las autenticaciones y del control de acceso, un token es un valor
proporcionado por un hardware o software que suele funcionar con un servidor de
autenticación o VPN para realizar autenticaciones dinámicas o de dos factores..
Consulte RADIUS, TACACS y VPN.
http://es.pcisecuritystandards.org
A value provided
by hardware or software that usually works with an authentication server or VPN
to perform dynamic or two-factor authentication.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Something that
the claimant possesses and controls (such as a key or password) that is used to
authenticate a claim. See also cryptographic token. [CNSSI_4009:2010]
1. (I)
/cryptography/ See: cryptographic token. (Compare: dongle.)
2. (I) /access control/
An object that is used to control access and is passed between cooperating
entities in a protocol that synchronizes use of a shared resource. Usually, the
entity that currently holds the token has exclusive access to the resource.
(See: capability token.)
Usage: This term
is heavily overloaded in the computing literature; therefore, IDOCs SHOULD NOT
use this term with any definition other than 1 or 2.
3a. (D)
/authentication/ A data object or a physical device used to verify an identity
in an authentication process.
3b. (D) /U.S.
Government/ Something that the claimant in an authentication process (i.e., the
entity that claims an identity) possesses and controls, and uses to prove the
claim during the verification step of the process. [SP63]
NIST defines four
types of claimant tokens for electronic authentication in an information system
[SP63]. IDOCs SHOULD NOT use these four NIST terms; they mix concepts in
potentially confusing ways and duplicate the meaning of better-established
terms. These four terms can be avoided by using more specifically descriptive
terms as follows:
·
NIST
"hard token": A hardware device that contains a protected
cryptographic key. (This is a type of "cryptographic token", and the
key is a type of "authentication information".)
·
NIST
"one-time password device token": A personal hardware device that
generates one-time passwords. (One-time passwords are typically generated
cryptographically. Therefore, this is a type of "cryptographic
token", and the key is a type of "authentication information".)
·
NIST
"soft token": A cryptographic key that typically is stored on disk or
some other magnetic media. (The key is a type of "authentication
information"; "authentication key" would be a better
description.)
·
NIST
"password token": A secret data value that the claimant memorizes.
(This is a "password" that is being used as "authentication
information".)
[RFC4949:2007]
Également dénommé
jeton, un token est un mot de passe non re-jouable émis par un dispositif
électronique. Il s'agit en général d'une calculette capable de dérouler un
algorithme identique à celui déroulé par le serveur d'authentification. La
calculette génère ainsi des mots de passe en même temps que le serveur.
L'utilisateur se contente de recopier le mot de passe présenter sur l'écran de
la calculette à un instant donné. Ce type de dispositif nécessite en général
une synchronisation temporelle du serveur et du token.
Les token SecurID de la
société RSA Security et ActivCard One et la société ActivCard sont les plus
connus et utilisés.
http://securit.free.fr/glossaire.htm
Dans le contexte de
lauthentification et du contrôle daccès, un token est une valeur fournie par
un matériel ou un logiciel qui fonctionne avec un serveur dauthentification ou
un VPN pour effectuer une authentification dynamique ou à deux facteurs. Voir RADIUS, TACACS et VPN.
http://fr.pcisecuritystandards.org/
Temas relacionados