User authentication devices such as authentication tokens are typically implemented as small, hand-held devices that display a series of passwords over time. These passwords, which may be one-time passwords, are more generally referred to as tokencodes. A user equipped with such an authentication token reads the currently displayed password and enters it into a computer or other element of an authentication system as part of an authentication operation. This type of dynamic password arrangement offers a significant security improvement over authentication based on a static password.
Conventional authentication tokens include both time-based tokens and event-based tokens. The latter are also referred to herein as event-triggered tokens. In a typical time-based token, the displayed passwords are based on a secret value and the time of day. A verifier with access to the secret value and a time of day clock can verify that a given presented password is valid. Event-based tokens generate passwords in response to a designated event, such as a user pressing a button on the token. Each time the button is pressed, a new password is generated based on a secret value and an event counter. A verifier with access to the secret value and the current event count can verify that a given presented password is valid.
Passwords can be communicated directly from the authentication token to a computer or other element of an authentication system, instead of being displayed to the user. For example, a wired connection such as a universal serial bus (USB) interface may be used for this purpose. Wireless authentication tokens are also known in such tokens, the passwords are wirelessly communicated to a computer or other element of an authentication system. These wired or wireless arrangements save the user the trouble of reading the password from the display and manually entering it into the computer.
Additional details of exemplary conventional authentication tokens can be found in, for example, U.S. Pat. No. 4,720,860, entitled “Method and Apparatus for Positively Identifying an Individual,” U.S. Pat. No. 5,168,520, entitled “Method and Apparatus for Personal Identification,” and U.S. Pat. No. 5,361,062, entitled “Personal Security System,” all of which are incorporated by reference herein.
It is generally desirable in authentication tokens and other hand-held devices to minimize power consumption. This is especially the case with respect to authentication tokens as the battery cannot be replaced. In such tokens, the battery is stored in a sealed secured environment. Because of security issues surrounding the tokens, it is not possible to replace the battery without rendering the device ineffective. Consequently, the authentication tokens have a finite life.