Information Technology Reference
In-Depth Information
(RFID) tags are all examples of this type of token. When used
in proximity-detection systems, these tokens can be employed for
both electronic and physical access management. RFID-based tag-
ging systems were originally used on animals, but they have since
been applied to inventory management, vehicular toll tags, and
even human identification systems using small implantable chips.
Access cards and passive electronic tokens used to unlock terminal
access are also common in critical infrastructure and governmen-
tal networks.
•
Tokens that provide information.
These tokens provide infor-
mation that is employed in a secondary identification mechanism.
Time-synchronous pass code and one-time-password generators
may be used to supply log-on identification credentials that cannot
be divulged by simply writing down a log-on and password, because
the token is also needed in order to provide part of the required
“what you know” information automatically. Synchronized identifi-
cation is also used widely between electronic endpoint authentication
and data transport agents, as with the time-synchronized Kerberos
authentication protocol or the public-key-validated Secure Sockets
Layer (SSL) transport mechanism. Active-content “smart” tokens
can also provide information of this type, responding to interroga-
tion with an appropriate calculated response message.
Single-factor identification solutions that employ the “what you have”
test can be circumvented by theft of the token, accidental proximity to
sensing elements, or outright forgery of the identifying token. Some auto-
mobile manufacturers employ key-fob RFID tags in order to unlock cars
and trunks, and even to start up the vehicle's ignition in some models.
Because the current generation of RFID authorization systems does not
employ st ronger encr y pt ion suc h a s A dva nc ed Encr y pt ion St a nd a rd (A E S)
or other more secure protocols, they are subject to certain forms of hack-
ing that can provide a means for physical access and theft of the protected
vehicle using nothing more than a transmitter and a laptop computer able
to generate counterfeit RFID challenge/response information.
What You Are
The ultimate proof of identification essentially becomes a test of the
“what you are” form of identification. In theory, each person is the only
