Index

TN-SWEKEY-002

Using a Half Random Token (optimization)

Targeted Audience

This document is intended for web masters who want to use Swekey Authentication in their web sites. 
This document assumes that the following Tech Notes have been read:

Introduction

As explained in the tech note TN-SWEKEY-001, 2 synchronous http queries must be performed to validate the presence of a Swekey:
The first one to get a Random Token, the second one to validate the One Time Password generated by the Swekey.
This document explains how to avoid the first synchronous call in order to cut the authentication time by half.

Random Token Sharing

Reminder

As explained in TN-SWEKEY-001, a Random Time has a 2 minutes validity period.

Proposed Optimization

Your web site can run a background process that gets a new Random Token every minute and store it in a file or in memory.
Each authentication could then use this RT directly instead of sending a synchronous query to the token server.

Problem

This solution has a major drawback. Using the same RT during a minute can cause security problems since a same Swekey will issue the same OTP twice.

Half Random Token

To work around this problem, the token server can issue a Half Random Token (HRT).
A Half Random Token is exactly like a Random Token but the last 32 last digits are zeros and can be replaced by any hexadecimal value.
A typical RT will look like this:
8B8373D4952B58CC598DD60CF6D9A3D800000000000000000000000000000000
Replacing those zeros by any unique value will let you generate a unique valid RT.

Asking for a Half Random Token

To get a HRT you must send a query to the “auth-rnd-gen.musbe.net” server.
The complete URL is:
http://auth-rnd-gen.musbe.net/HALF-RND-TOKEN
The reply to the query will be a 64 char string containing the HRT.
You can try it directly from your web browser to see the result.

Everything is already done for you

The Swekey SDK already contains APIs that use the Half Random Token technique to accelerate the authentication process.
To gmake the most of the half-random token to accelerate your authentication, just use the FbAuth_GetFastRndToken() in place of the FbAuth_GetRndToken() function.