Componente
hardware o software diseñado para almacenar y proteger información
criptográfica. [CCN-STIC-430:2006]
En el
contexto de las autenticaciones y del control de acceso, un token es un valor
proporcionado por un hardware o software que suele funcionar con un servidor de
autenticación o VPN para realizar autenticaciones dinámicas o de dos factores..
Consulte RADIUS, TACACS y VPN.
http://es.pcisecuritystandards.org
A value provided by hardware
or software that usually works with an authentication server or VPN to perform
dynamic or two-factor authentication.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Something that the claimant
possesses and controls (such as a key or password) that is used to authenticate
a claim. See also cryptographic token. [CNSSI_4009:2010]
1. (I) /cryptography/ See:
cryptographic token. (Compare: dongle.)
2. (I) /access control/ An
object that is used to control access and is passed between cooperating
entities in a protocol that synchronizes use of a shared resource. Usually, the
entity that currently holds the token has exclusive access to the resource.
(See: capability token.)
Usage: This term is heavily
overloaded in the computing literature; therefore, IDOCs SHOULD NOT use this
term with any definition other than 1 or 2.
3a. (D) /authentication/ A
data object or a physical device used to verify an identity in an authentication
process.
3b. (D) /U.S. Government/
Something that the claimant in an authentication process (i.e., the entity that
claims an identity) possesses and controls, and uses to prove the claim during
the verification step of the process. [SP63]
NIST defines four types of
claimant tokens for electronic authentication in an information system [SP63].
IDOCs SHOULD NOT use these four NIST terms; they mix concepts in potentially
confusing ways and duplicate the meaning of better-established terms. These four
terms can be avoided by using more specifically descriptive terms as follows:
·
NIST
"hard token": A hardware device that contains a protected
cryptographic key. (This is a type of "cryptographic token", and the
key is a type of "authentication information".)
·
NIST
"one-time password device token": A personal hardware device that
generates one-time passwords. (One-time passwords are typically generated
cryptographically. Therefore, this is a type of "cryptographic
token", and the key is a type of "authentication information".)
·
NIST
"soft token": A cryptographic key that typically is stored on disk or
some other magnetic media. (The key is a type of "authentication
information"; "authentication key" would be a better
description.)
·
NIST
"password token": A secret data value that the claimant memorizes.
(This is a "password" that is being used as "authentication
information".)
[RFC4949:2007]
Également dénommé
jeton, un token est un mot de passe non re-jouable émis par un dispositif
électronique. Il s'agit en général d'une calculette capable de dérouler un
algorithme identique à celui déroulé par le serveur d'authentification. La
calculette génère ainsi des mots de passe en même temps que le serveur.
L'utilisateur se contente de recopier le mot de passe présenter sur l'écran de
la calculette à un instant donné. Ce type de dispositif nécessite en général
une synchronisation temporelle du serveur et du token.
Les token SecurID de la
société RSA Security et ActivCard One et la société ActivCard sont les plus
connus et utilisés.
http://securit.free.fr/glossaire.htm
Dans le contexte de
l’authentification et du contrôle d’accès, un token est une valeur fournie par
un matériel ou un logiciel qui fonctionne avec un serveur d’authentification ou
un VPN pour effectuer une authentification dynamique ou à deux facteurs. Voir RADIUS, TACACS et VPN.
http://fr.pcisecuritystandards.org/