DynChap provides an additional pseudo hardware token based authentication layer for PoPToP virtual private networks. The authentication uses the user's mobile phone to generate a hash that needs to be entered along with the user's password in a custom connection dialogue. Upon connecting, the VPN verifies the authenticity of the hash. The hash is generated from a serial (by default 32 printable characters) stored in the J2ME based mobile phone and the current time; the VPN server compares this hash against the serial and current time, minus or plus a small deviation (by default 2 minutes). If the username, password, and hash match, access is granted and the custom dialer is closed, the connection can now be controlled like an ordinary VPN connection.
PAM mobile token offers a PAM module and a J2ME token generator to create an authentication mechanism to be integrated into a PAM system. Only the owner of a secret (password/phrase) and a J2ME-enabled device with the token generator program will be able to satisfy the corresponding PAM module to be authenticated.