2.  Challenge sent from server to client.
                   3.  A client enters the challenge on the token
                       device.
                   4.  Client reads response.
                   5.  Client enters response.
                   6.  Response sent to the server.
                   7.  The server verifies response with the user
                       profile database.
               •  Synchronous:
                       •  Careful timing is essential; else the login
                          will fail
                   1.  A user sends a one-time password (pin on
                       synchronous device + time = one time
                       password).
                   2.  Authentication server housing the user
                       profile database knows the symmetric key of
                       the device.  The server opens a one-time
                       password, and if the time is the same, there
                       is a match, and the user is authenticated.
               •  Smart cards:
                   •  Memory chips – storage devices that cannot
                       process information
                   •  Microprocessor chips – like having a
                       miniature computer on a card
            •  Biometric:
                   •  Much more efficient for authentication
                       (verification) than identification (assertion).
                   •  Physiological (e.g., fingerprint) or behavioral
                       (e.g., keystroke).
                   •  Accuracy: