A challenge/response system is a technique where it can overcomes the problem of attacker eavesdropping by initiating a dialog between the host and the user. The information exchanged as part of the dialog depends upon some secret information held by the host and user, but this secret information is never transmitted.
In this system, identification is by the user-ID. Each user is issued an intelligent token. Not only that, they will also be assigned a unique PIN value and a unique key value. Then, user will loaded in the key value that had been assigned to them into the intelligent token that assigned to them and also into the logical security system's record for their user-ID. Besides that, their (reference) PIN value will also be loaded into the intelligent token which had been assigned to them.
After that, user keys their user-ID into a log-on request at their workstation, and sends it to the host.
Host system will then randomly generates a challenge containing only characters in the range 0-9. Host will displays this on the user's workstation and users will keys their (transaction) PIN and also the challenge that displayed to them into their intelligent token. After that, intelligent token will computes, and displays, response based on the challenge, user's (transaction) PIN and user key. So, what actually happened here is that when user keys the challenge into their workstation as their transaction password and sends it to the host, the host will computes the response, uses it as the user's reference password, and compares it with the transaction password it receives.
For instance, suppose that the secret information is +, 35, x. At login the host sends two numbers, for example "26" and "11" as a challenge. The user computes: (26 + 35) x 11 =...