When we think about Time-Synchronized One-Time Passwords as I mentioned, this change constantly at a set time interval, so, every 15 seconds, we generate a new one, whatever it may be, and as a result of that, that password is never reused in theory, hence the one-time password concept. But notice that, we can become unsynchronized. Again with the idea with time here, is that there is a time element, a synchronization element that is required between the server that's authenticating, and the token that's generating, and the two must work together within a very narrowly defined set of time parameters. For any reason, there is a modification, or decoupling of that time parameter, then the system usually stops working. And that's something we have to be aware of. When we think about physical types of tokens, we have the different ways in which tokens can be implemented in other words. So, we have Disconnected Tokens, Connected Tokens, we have Contactless Tokens, and Bluetooth and Mobile Device Tokens. This is different from the technology used to drive the authentication mechanism within the token. In other words, when we think about the uses of token information, and how tokens generate the authentication parameters, we're thinking about synchronous dynamic, asynchronous data challenge response. But when we're thinking about the way in which the token is implemented, the physical token itself, we're thinking about these types. I want to make sure we differentiate between the two. Disconnected tokens, tokens that are not connected to anything. They are going to be inserted, let's say, excuse me, not inserted into a system, but rather, not going to be synchronized, not used in any way, they're simply going to generate something, we can look at a screen and say, "Look!" every 20 seconds I get a new value, and I'm going to then use that to send some sort of response off to a system, and authenticate. But they're not connected or synchronized to anything. Connected tokens, a little bit different, they're connected to a system, and they're obviously talking and doing something with that system. A contactless token, may be a logical connection that we create to the client, so we may not have to physically plug the token into the system, but rather logically we're able to use it, there may be a proximity solution like Bluetooth and mobile device tokens, where, maybe on your phone, within 15 or 20 feet, we can get next to a reader, and we can use that device for that information, and pass it electronically, all the rage these days where they have, you know, e-pay solutions, where you can use your phone, and use your phone to effectively provide your payment information, think like Starbucks cards, things like that. That would be an example of a device token that's a mobile token. So, just depends on the physical types we have, but connected tokens typically plugged into a system and read directly, disconnected, are not connected, but provide some sort of information that we then use. Contactless token are maybe some sort of software solution that we install, it's logically connected as opposed to physically connected. And so, we think about that, and we understand the different ways in which these token types may be used. We have probably at some point, we I mean all of us, myself and those of you following along with me in the class, have probably seen smart cards at some point, if you reach into your pocket, and you have either a credit card with a chip of some kind embedded in it that holds some sort of digital identity certificates for you, if you have, maybe a swipe card of some kind that you use to access a system, if you have some sort of a HID card that's used on a strike plate to open up a secured door. Those are all examples of types of cards, and may have some element of smart capabilities built into them. There's some sort of computer chip in them that stores and transmits data. That's what the classic definition of a smart card is. When you pull out your badge, or your employee ID, and you look on the back, and there is a chip embedded in it, that's a smart card, or your license which has a magnetic stripe on it, that you can swipe in a reader, it's not really the same thing as a traditional smart card, it's not storing stuff on a chip if you're using a magnetic stripe, but it does store information, and it can transact that information into a reader, but not really the classic definition of a smart card. So, just wanted to differentiate that really the key there, is the use of the computer chip, want to make sure we're thinking about that. So, Types of Smart Card Technology, what types of smart cards exist? You'll see we have four types here. Contact smart card, contactless card, what's called the hybrid card, and then what's also referred to as a Dual-Interface card. Each one is different, based on the definition on the screen. A contact smart card must be inserted into a reader. This is the traditional classic example is the CatCard that you plug into a USB card reader, and then the card is able to activate based on being placed into the physical device, and that card then is able to provide information of the chip embedded in the card. So, the card must be placed into a device in order to power up and work in other words. Contactless card is required in proximity to a reader. This is where you wave your ID within about a foot of the pad on the door, and it opens up, you see a lot of people that are walking down the hall, have their ID or their credential typically in the breast pocket, or in their wallet, so they'll take out their wallet and wave it at the plate on the door, and the men they'll kind of do one of these, and you know, the plate gets within about a foot or two of their pocket, and reads the credential. That's what we're talking about with a contactless card. A hybrid card, has two chips in it, as I point out on the slide, one contact base, so, one that has to be read by a reader, one contactless, one that's approx solution, but they're not connected to each other, they're not interconnected, they're separate, wired up separately, and operate on separate channels within the card. The card may be used in one or both ways depending on how the card is programmed, but they are separate, distinctly separate from one another, the architecture in the card separates the two systems, and they don't connect or interact, whereas with a Dual-Interface card, we have a single chip that is wired in such a way that works in both contact and contactless form, they have interfaces that effectively operate the same way off one ship. So, it's like a hybrid card, but combined together with wiring inside the crosses, the two over on a single chip, and as a result, the card can operate again in either mechanism, depending on how it is set up, but the card may actually be able to operate using both technology simultaneously. So, you want to make sure you understand the difference between the two, especially the subtle, but important difference between hybrid cards and Dual-Interface cards, and making sure we pick up on the fact that, one is separate technology with two distinct systems, one is combining the two together in a single chip. That's going to be an important, but very, very specific difference, and you want to make sure you pick up-.
