Author : HASSAN MD TAREQ | Updated : 2020/05/31

Web Security

Token

Security token

  • A soft token is a security resource often used for multifactor authentication
  • A token is a representation of something in its particular ecosystem. It could value, stake, voting right, or anything. A token is not limited to one particular role; it can fulfill a lot of roles in its native ecosystem
  • A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something
  • A security token is a portable device that authenticates a person’s identity electronically by storing personal information
  • Links:

Purpose of a security token

  • Security tokens are (protected) data structures
    • contain information about issuer and subject (claims)
    • signed (tamper proof & authenticity)
    • typically contain an expiration time
  • A client requests a token
  • An issuer issues a token
  • A resource consumes a token (has a trust relationship with the issuer)