Shulou(Shulou.com)06/01 Report--

In many security authentication projects, many security authentication methods are involved, such as dynamic password, CA certificate, USBKEY, fingerprint and so on. Here is a brief introduction to the principle of dynamic passwords.

What is an OTP token?

Dynamic password token is a kind of special hardware with built-in power supply, password generation chip and display screen, which automatically updates dynamic passwords at regular intervals according to special algorithms. The system based on this dynamic password technology is also known as one-time OTP system, that is, the user's authentication password is changed, the password will expire after using it once, and the password at the next login is a completely different new password. As an important two-factor authentication tool, dynamic token is widely used in the field of security authentication. Such as the general order of NetEase and the E-TOKEN of the Bank of China

What are the advantages of OTP tokens?

The advantage of dynamic token is that it is not only very safe, but also easy to use. Dynamic passwords, also known as one-time passwords, are generally updated randomly every 60 seconds. Its advantage is that one password is used only once in the authentication process, and another password is used the next time it is authenticated, making it difficult for lawbreakers to imitate the identity of legitimate users, and users do not need to remember passwords. The use of OTP is simple.

Principle

The password of dynamic password is not random, but regular. At present, dynamic passwords can be divided into two categories, timeliness and eventuality. What is a temporal dynamic password? The dynamic password of this kind of token is based on the time as the parameter, while the event is generally based on the number of times used. We take the temporal dynamics as the main explanation object. The whole verification process is as follows:

1. Dynamic password token generates dynamic password with time and seed as parameters, iterates to get dynamic password, the time here is generally the number of seconds. A clock chip is built into each temporal dynamic password token.

two。 The server verifies the dynamic password. The server reads the system time plus the seed, obtains the dynamic password with the same iterative method, and then compares it between the two sides.

Speaking of which, it may be doubtful that the time of the token must be the same as that of the server. My answer must be inconsistent. Then how can we check the past? It turned out to be very simple, the server check is verified in a time interval, for example, it is 12:00, the server will generate all the dynamic passwords between 11:55 and 12:05, and then compare them with the dynamic passwords generated by the token. In this way, the problem of time inconsistency has been solved. In addition, the server will record the time difference between the token and the server, and the next test will first record the offset value to reduce the number of dynamic password iterations, so as to complete another important function, the offset value will be adjusted automatically.

The above is the basic principle of dynamic password, I hope it can help you.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.