Understanding RSA Secureid

eemoon
eemoon used Ask the Experts™
on
Hi I am trying to understand RSA Secureid. Here is a token, which can provide random digit number for us to login onto a server with something like username and passcode. For example, the token has 20 numbers, each of 20 has registered with the server already. and different token has different 20 number. so when logging to server, the server will decide if we can logging based on the one of 20 numbers that has registered and username and passcode, right? Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant
Commented:
The token generates a new number every 60 seconds, this number is mathematically linked to the serial number of the token itself, and to the time.

The authenticator can use some very complicated maths to check your response to make sure the number you entered is the number that currently displayed on the token, this fulfils the 'something you have' i.e the token. To fulfil the  'something you know' you supply a passcode, which the authenticator also knows is yours, if it gets them both, then you will be allowed access.

Author

Commented:
Thank you for your reply. so the server how to know whether the number that i entered is the number that I got from the token?
Exec Consultant
Distinguished Expert 2018
Commented:
Token codes cannot be re-used. The Token hardware cycles those codes every 60 seconds. Once a code has been used you must wait for the display to change the tokencode in order to login elsewhere.

Actually the technicalities for SecurID is that it is using the algorithm called TOTP(Time-Based One-Time Password Algorithm), a hash algorithm. In short, the recycling go through using as unique key called a seed, that combined with the current time in 60 second steps refreshes the code.

What you see on the Token is called Token Code that recycles while you will also have a secret called PIN that does not recycle based on the time. These two information  is normally used for login. E.g. Users enter their RSA SecurID username and passcode in the RSA SecurID login dialog box. An RSA SecurID passcode typically consists of a PIN followed by a token code.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial