CryptoCard KT-1 Token Authentication and Resynchronization Demonstration Page

CryptoCard KT-1 Token Authentication and Resynchronization Demonstration Page

Instructions:

This page demonstrates authentication of CryptoCard KT-1 tokens from PHP. Under the hood, a compiled C program that interacts with CryptoCard's AuthEngine SDK is used.
This page will only authenticate KT-1 tokens programmed with the token options described in the compiled C program.
Enter either:

The token key, OTP, challenge, and optionally OTP window size (defaults to 3), OR
The token key, OTP, resynchronization string, and optionally OTP window size (defaults to 3).

Press the Authenticate button.

Messages describing the success or failure of the authentication will be provided.
If the authentication is successful, successive clicks of the Authenticate button will authenticate successive OTPs.
The OTP window is manipulated automatically. (If some OTP values are skipped, the challenge will be updated automatically to reflect the successful OTP. This is the same way tokens would be authenticated in practice.)

The PHP source code for this page is available here.

Token Key: The token key is the 192-bit (48 hexadecimal digit) key programmed into the CryptoCard token. For convenience, it is carried through on each click of the Authenticate button. The default value of the key is the value included in the CryptoCard example token initialization software.
OTP: The OTP (one-time password) is the value displayed on the token when either the token button is pressed or the token is resynchronized.
Resynchronization String: The resynchronization string is the value manually entered into the token. This would normally be necessary only if the token were activated but the OTP generated were not used (for example, if children were allowed to play with the token).
OTP Window Size: The OTP window size represents the number of consecutive expected values of the token OTP that will be allowed for authentication. A value greater than 1 is more convenient for the user, as it lessens the probability that a resynchronization will be required. This window allows accidental activation of the token without using the OTP without forcing resynchronization.
Challenge: The challenge is a 128-bit (32 hexadecimal digit) number that is held as state in the token (separate from the key). On each generated OTP, the challenge is incremented.

This web page is maintained by David T. Ashley. Local time on this server (at the time the page was served) is