A dynamic token is a device dedicated for generating a dynamic password, generally presented in form of hardware. The dynamic token has a built-in micro processor chip for processing data running specific password algorithm, generating a current dynamic password based on factors such as current time and the number of using times and displaying the dynamic password on its display screen.
A current dynamic password generated by the dynamic token needs to be authenticated by a back-end authentication server system. The back-end authentication server system uses algorithms, keys and dynamic factors identical to those being used inside the dynamic token. Only if the dynamic password generated by the dynamic token is identical to the dynamic password generated by the authentication server, the validity of the identity of a user who uses the dynamic token can be confirmed.
In the prior art, a key of the dynamic token is usually constant. Once the key is leaked by accident, a non-license user will use the dynamic token.