IB Security Device

Discussion in 'Interactive Brokers' started by tyrant, Oct 1, 2007.

  1. I'm sure of it! Tell us what you can if you get a chance. I've never been able to find out much about these things (duh! they're supposed to be "secure")


    Dug around Wikipedia:


    Time-synchronized one-time passwords
    A time-synchronized one-time password change constantly at a set time interval, e.g. once per minute. To do this some sort of synchronization must exist between the client's token and the authentication server. For disconnected tokens this time-synchronization is done before the token is distributed to the client, other token types do the synchronization when the token is inserted into an input device.


    [edit] Entrust IdentityGuard Mini Token
    Entrust offers two variants of their OTP token — Entrust IdentityGuard Mini Token OE and Entrust IdentityGuard Mini Token AT. The Entrust IdentityGuard Mini Token OE provides event-based, one-time passwords using the standards-based HOTP algorithm endorsed by the Initiative for Open Authentication (OATH), providing compatibility with third-party software. The Entrust IdentityGuard Mini Token AT offers time- and event-synchronous, one-time passwords based on the stronger DES/3DES algorithm. Priced at $5 per token, the Entrust IdentityGuard Mini Token provides a dramatic contrast to the traditional high-cost offerings of the past. *** this must be what Paypal uses? ***


    [edit] RSA Security's SecurID
    RSA Security's SecurID displays a number which changes at a set interval. The client enters the one-time password along with a PIN when authenticating. US patented technology.


    [edit] Vasco's DigiPass
    VASCO's DigiPass series has a small keyboard where the user can enter a PIN, in addition it generates a new one-time password every 36 seconds. US patent: 4599489 and 4609777 [2]
     
    #21     Oct 1, 2007
  2. patl

    patl

    The token has an internal clock. Every 30 seconds (or 1 minute or whatever), the code shown on the LCD is updated using a cryptographic hash of the internal clock and a "secret" known only to the device and the server. Thus the code changes dramatically and unpredictably every 30 seconds.

    The server will accept any code generated within a few minutes of the authentication challenge. This handles clock drift. In addition, the code you enter allows the server to infer something about the offset of your device's clock. The server can therefore compensate for long-term drift as long as you authenticate reasonably often.
     
    #22     Oct 2, 2007
  3. is there still a choice of what device (gold/platinum) you get?
     
    #23     Oct 2, 2007
  4. Tums

    Tums