How do RSA SecureID ® Keys Work?
I have been using RSA SecureID ® Keys for quite some time now (perhaps 10 years), for things such as securely my home banking account online or accessing my company's network of computers from home. These keys generate a 6-digit numeric token which is set to expire However, I've always wondered how these work.
On the right-hand side there is a dot (not shown on the picture) which blinks once per second, and on the left there is a stack of six vertically-stacked horizontal bars, each of which disappears once every ten seconds. Every time sixty seconds have passed, the token resets itself, and the previous token becomes invalid.
AFAIK these devices don't make use the network, and the numbers they generate must be checked by the server (whether the server be a bank or a company's server). Hence, inside this device there must be stored an algorithm that generates random numbers with a mechanism that includes a very precise timer powered by a small battery. The timer must be very precise, since, the server needs to check the validity of the generated digits in the very same time interval. For every user/employee, the server must, as far as I understand, store the same random number generating algorithm, with one such algorithm per customer/employee. The chip must of course be constructed in such a way that if it is stolen then the attacker cannot access the random number generating algorithm stored therein, even if the device is broken.
Is this how this works?
Thanks!
