Token Passwords (was Re: Passwords)

[David "Chip" Reynolds]

In article <72985 at brunix.UUCP> cs132041 at cs.brown.edu (Jeremy Gaffney) writes:
>
>What prevents this card from being stolen in the same fashion as a password book?
>If the user simply gives back what the card tells him/her, what prevents the card
>from being used by J. Q. Cracker who stole the card?  Perhaps a pre-memorized function
>(albeit simple, by necessity) could be applied by the user, but at this point, the 
>procedure is too complicated for any but the by necessity most secure system.  Just
>far too complicated...
>
>-jg  (cs132041 at brownvm.brown.edu)
>
>
  Our cards also provide the ability to enter a P.I.N. (Personal Identification Number), and you can use that to shorten your Challange as well.

For example:  If I use a four digit PIN, and a three digit Challange, I'm not 
sacrificing any security.  If I enter in an incorrect pin, the card doesn't tell
me so, it just provides me with an incorrect response.  The number of incorrect responses that are accepted before "Attacker Lockout" is activated can be
set by the administrator, as well as the method by which it is reset (time or
cleared by the sys-admin)
Full audit trails are kept, in an encrypted database.
There is also a "duress pin." This is a function allowing a user that is being foreced to use his/her PIN to type in a PIN that is incorrect, but also activates
the attacker lockout, and notifies the sys-admin immediatly.

For those that asked for more information:

I'm currently in the process of typing-up some of our spec-sheets.  Please be
patient a little longer.
Or, I can fax them to you, mail me your fax number.

Thank you,

-*- DCKR -*-   David Reynolds
Blessed Be!

chip at seeker.UUCP
decwrl!prememos!chip at seeker.MYSTIC.com

root at diana.UUCP

 David Reynolds
Programmer, Product Manager UnixSafe/GatewaySafe
Enigma Logic Inc.
2151 Salvio St. Suite 301
Concord Ca. 94520
(415) 827-5797