sounds like the card i use for remote dialup to certain non-public systems i use at work. it has a six digit number on the front that changes every 60 seconds. the card is registered to me. when i enter my username/password i'm prompted for the number. it's Pretty Good (tm) security, but like anything not biometric, it is vulnerable to black-bag attacks. physical possession being all that is required. if you know the algorithm and the serial number of the card and the time, even that isn't necessary.

CG> Can anybody provide me with pointers to more in-depth information CG> about this device and the algorithm(s) behind it ?

i don't know if there are any net sources for them, but i'd be suprised if not. my card references "security dynamics" of cambridge massachusetts.

You are referring to the ACE/SecurID token card from Security Dynamics. In addition to the displayed number, you should be prepending it with a memorized PIN; this prevents operation in case of theft. The server end will disable the card after x failed attemps, etc. Otherwise it is basically a one-time password system. I've had a business relationship with these folks for a year or so now-- sharp guys.