Ownership

            The use of smartcards, tokens, RFID (radio frequency identifier)
            badges or other items represents the principle of authentication
            by ownership. Tokens are usually used to generate one time or
            dynamic passwords - a password that is only used once and then
            discarded so that it cannot be used in a replay attack even if an
            attacker learns the password. Ownership based systems may be
            very simple such as a scratch card or very expensive systems
            with card readers installed at each workstation. Tokens and
            smartcards are usually either synchronous or asynchronous
            working on either an event or time based or challenge-response
            scheme.



            Synchronous Tokens
            Synchronous tokens use a token that is in sync with the
            authentication server (AS). The AS knows the value on the
            token and will permit access to the user if the user provides the
            correct value. In many cases, the user must enter a PIN number
            (sometimes using the employee ID number) to activate the
            device. Synchronous tokens are usually either event-based or
            time-based.



            Event-based Synchronous Tokens

            Event-based tokens generate a new random value each time the
            user presses a button or requests a new value. When a user
            attempts to log in, the system will challenge the user for the next
            value generated by their token. The user will request that value
            from the token and supply it back to the authentication server. If
            the value is correct, access will be granted.