At present, more and more online crimes emerge, which is mainly resulted from disadvantages inhered in authentication method. The commonly-used method is static password authentication. The so-called static password authentication method means that data used in the authentication process is static data, this means that, the password in each authentication is constant, therefore the static password is easy to be got through memory scanning or online listening. It is a potential threat to security.
For recent years, slow development in password technology and rapid development in decryption technology make it a threat to reliability of authenticating a user.
A dynamic password authentication technology is developed in order to eliminate the security problems derived from the static password. The dynamic password, also called the one time password, is a name relative to the traditional static one.
The dynamic password differs with the changeable dynamic factor used for generating the password. Double factors are applied in algorithm for generating the dynamic password. Among the two factors, one is for identifying a user, which is constant, such as the user's private password, while the other is a changeable factor, such as time, random data, and a counter value etc.
The dynamic password technology applies a special apparatus named one time password token with a built-in power, a password generating chip, and a screen. The password generating chip executes special password algorithm, and a password is generated based on the current time and frequency value and is displayed on a screen.
Due to advantages that the one time password token is hold by a user himself and therefore others cannot get the password therein along with that the password cannot be predicted, the technology meets the need for authenticating and authorizing a user during a process of distant logging-on online information service system.
However, the present one time password generating apparatus has disadvantages such as lack of a function of authenticating a user as a valid holder of the apparatus thereon, only for one user with the old apparatus, and imitation of the apparatus when it is lost or theft.