Logical Access Control
Logical Access Control is where systems and services are protected against unauthorised access so that only legitimate users can access the information required. Typically this is to log on to a service such as banking, medical, or other such secure information.
At CPS we provide tokens that allow you to integrate logical access control in to your computer environment using a One Time Password (OTP) which is normally used as part of a Two Factor Authentication (2FA) system.
The types of tokens used can either be counter based (HOTP) or time based (TOTP).
HMAC Based One Time Password (HOTP)
HOTP uses a caluculation based upon a shared secret on the token and server along with a usage counter. When the user presses a button on the token it will display the calculated security value and the user is prompted to enter this value and the server will compare it to the result it is expecting. If the value is correct then the server can be confident that the user trying to access the system has the physical token associated to the account and can therefore be allowed to proceed with what they want to do.
As a user may press the token button without using the security value, or may enter the value incorrectly, the server will be set up to allow a drift in the counter as a configurable element.
Time Based One Time Password (TOTP)
In a TOTP system the process is very similar to a HTOP environment, just the additional factor is time. Typically systems will be set up with either a 30 or 60 second window within which the generated security value will be valid. The complicating factor is synchronising the token clock with the server clock. As the sever is normally online the time can be automatically updated to be correct, however tokens do not have this external connection. Over time there may be drift between the token and the server, so settings to allow for drift can be included in the configuration of the server. If a server does not allow resynchronisation then over time the TOTP token will no longer be able to be used for validation if the clock drifts too much.
For more information about our card printing and card personalisation services, or how CPS can help your organisation, please use our contact us page or give us a call on 01242 588599.