At present, more and more online crimes emerge, which is derived from shortcomings in authentication method. The authentication method of static password is commonly used so far, which means that data used in authentication is static, or the password in each authentication is constant. However, since the static password is easy to be intercepted by memory scanning or online listening, it is unsafe.
For recent years, the slow development in password technology and rapid development in decryption technology make a threat to the reliability of authenticating an account. On this demand, the authentication technology of dynamic password is developed. The dynamic password, also called one time password, is a relative name to the traditional static password, and it is changeable due to changes in factors for generating it, thereby eliminating the security threats made by a static password.
The one time password technology applies a special apparatus, called one time password token, which is equipped with a built-in power, a one time password generating chip and a screen. The one time password generating chip executes special algorithm for generating a one time password with the current time or number of times the token being used and displays the password on the screen. The present token is powered by batteries, this means that, the token must be disposed once power is shut-off, or the battery is changed or out of use.
For the present one time password token, there are three problems to be solved. The first is that a user may not remember a password generated just now by a button because duration for displaying the password is too short in order to save power. The second is that the present token is easy to be asynchronous with a server, this means that, if the token is mis-triggered by N times, the asynchronous times between the token and the server will increase by N times, therefore once the asynchronous number of times exceed the preset number of times in the server, the token will be out of use. The third is that if there is more time to display a password for a user to remember the password, more power loss will be taken in the token.