Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info



Token-Based Authentication

Related Entries    Web Links    New/Updated Information

Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Token-based authentication is a security technique that authenticates users who are attempting to log in to a server, a network, or some other secure system. These devices strengthen the logon sequence. Today, most remote authentication schemes do not send passwords over the wire, either in the clear or encrypted. Remote users who need to access corporate servers are assigned a user account and given a secret password that is known to the user and the server. A successful authentication takes place if a user can prove to a server that he or she knows the shared secret without actually transmitting that secret across the wire.

CHAP (Challenge Handshake Authentication Protocol) provides the best example of this technique. Basically, the server sends a random message to the user. The user then appends the shared secret password to the message and runs it through a hash function, producing a message digest. This is returned to the server, which has also produced a message digest from the same information. The server compares the two message digests and, if they compare, the remote user is considered authentic.

This topic continues in "The Encyclopedia of Networking and Telecommunications."

The following Internet RFCs provide additional information about this security technology:

  • RFC 1510 (The Kerberos Network Authentication Service version 5, September 1993)

  • RFC 1511 (Common Authentication Technology Overview, September 1993)

  • RFC 1704 (On Internet Authentication, October 1994)

  • RFC 1994 (Challenge Handshake Authentication Protocol, August 1996)

  • RFC 2289 (A One-Time-Password System, February 1998)

  • RFC 2401 (Security Architecture for the Internet Protocol, November 1998)

  • RFC 2808 (The SecureID SASL Mechanism, April 2000) defines authentication mechanisms for RSA Security SecurID token card products.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.