A security token is a hardware component used to identify and authenticate users. Occasionally, it is also used to refer to software tokens. They are usually part of an access control system with two-factor authentication.
The terms electronic key or chip key are also used to refer to a token. If necessary, other features must be used for authentication against misuse, including knowledge of a password or PIN or biometric features of the user. Security tokens can be personalized, they are then uniquely assigned to a specific user. The technical umbrella term security token refers to all technologies used equally and does not depend on a specific appearance of the hardware. This includes all items that can store and transmit information for the purpose of identification and authentication.
Uses of Security Tokens
Security tokens are usually used as (user) IDs to secure transactions:
- for logging on to workstations, (company or government) networks
- for the use of Internet services, in particular for online banking
- as a key container for data and e-mail encryption as well as digital signatures
- as access authorization and ID
- for personnel time recording
- as a SIM card in mobile phones
- as a means of payment and/or customer card at vending machines and customer terminals (e.g. telephone booth)
- as an access card to pay-TV offers
- as a bank card, usually in unit with the cash card, for the use of ATMs and payment terminals
- as a health insurance card; the (future) electronic health card will also be used as a token for access to a data network
- as transport tickets and admission tickets
- as a security module for unambiguous identification, e.g. Trusted Platform Module
- in digital rights management; here, the right of use to data (software, music, e-books, …) may be tied to the hardware
In general, decentralized systems, in which data was stored on the token itself, are increasingly being replaced by networked systems in which the token only serves as an identity card.
The issuers of the tokens prefer to integrate several functions into one token in order to achieve “added value” through the use of the token and to create comprehensive usage and movement profiles.