ABSTRACT
In the synchronous mode, the access control software
requests the password without calculating and presenting a
challenge to the user. The user turns on the password
generator, enters a PIN, reads the response from the dis-
play, and keys that value into the keyboard of the terminal
or workstation. The computer knows the expected response
through a combination of three factors: It knows the algo-
rithm the token uses to calculate the response, it knows the
unique key assigned to that token that will be used in
calculating the response, and it knows the method used
by the token to maintain dynamic password synchroniza-
tion with the access control system. Maintaining password
synchronization is a key factor in synchronous tokens.
Asynchronous tokens essentially are resynchronized each
time they are used, because the access control system
issues a new challenge on each use. Synchronous tokens
essentially issue their own challenge, and the access con-
trol system must be able to determine what that challenge
is. The three common methods to do this are time synchro-
nous, involving the use of time and other factors (using the
clocks in the token and in the access control system and
allowing for clock drift); event synchronous, involving use
of a value developed from one-timemodification of the last
entry; and algorithmic synchronous, involving reverse
engineering of the response to determine if the specific
token could have generated that response. As in the asyn-
chronous mode, if the two responses match then the user is
granted access.
