RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>RSA</strong> <strong>Authentication</strong> <strong>Manager</strong> <strong>7.1</strong> Administrator’s <strong>Guide</strong><br />
Token Types<br />
There are two kinds of SecurID tokens, hardware tokens and software tokens:<br />
• Hardware tokens are usually key fobs or USB keys that display the tokencode.<br />
• Software tokens and their accompanying application are installed on devices such<br />
as Palm Pilots and BlackBerries. Once installed in a device, the application can be<br />
used to display the tokencode.<br />
While the two types of tokens perform the same function, the situations in which you<br />
use them can be very different.<br />
For example, suppose your organization has internal users who must authenticate with<br />
a SecurID token when they log on to their desktop computer, as well as a remote sales<br />
force whose members must authenticate with a SecurID token when they log on to<br />
their laptop computers.<br />
You might choose to distribute hardware tokens to your internal users. Because they<br />
generally log on at their desktop machine each day, the internal users are less likely to<br />
lose their tokens than someone who travels frequently. Many users choose to attach<br />
the key fob to their keychain, so that as long as they have their car keys, they have<br />
their token.<br />
You might choose to distribute software tokens to your remote sales force. Your sales<br />
force is on the go constantly, and with a software token installed directly on a PDA or<br />
cell phone, they will be less likely to leave it at home, or lose it in an airport. As long<br />
as they have their PDA, they have their token.<br />
Tokencode Delivery Methods<br />
When a user authenticates with a token, <strong>Authentication</strong> <strong>Manager</strong> matches the<br />
tokencode entered by the user to the tokencode maintained within <strong>Authentication</strong><br />
<strong>Manager</strong>. When the two tokencodes match, authentication is successful.<br />
Hardware and software tokens deliver their tokencodes in one of two ways:<br />
time-based or event-based. The tokencode delivery dictates how <strong>Authentication</strong><br />
<strong>Manager</strong> verifies the tokencode and authenticates the user:<br />
Time-based. A time-based token displays a tokencode that automatically changes<br />
at a set interval, typically every 60 seconds.<br />
For time-based tokens, the tokencodes are kept synchronized with <strong>Authentication</strong><br />
<strong>Manager</strong> based on their internal “clocks” or time. So when the tokencode<br />
advances every 60 seconds, the corresponding tokencode in <strong>Authentication</strong><br />
<strong>Manager</strong> advances as well. When a user authenticates, <strong>Authentication</strong> <strong>Manager</strong><br />
matches the tokencodes based on time.<br />
76 3: Protecting Network Resources with <strong>RSA</strong> SecurID