A secure token (also called a security token) is a device used to authenticate a user to a computer. In an access control system, the user must insert the token into a token reader connected to a computer, which may be connected to a network. The token then obtains access on behalf of the user (to a remote computer, for example) by providing the necessary authorizations and confirming the user’s identity.
The token can read and verify digital signatures from the computer so that the card will not be fooled into giving away sensitive information to a computer acting as an impostor. The token also can send its own encrypted digital signature so that the computer knows that the token is not an imitation. No intruder can obtain access to the computer without the token and knowledge of secret information needed to activate the token (for example, a password).