Dynamic Password Lock

A brief description of a secure online banking system has been proposed, and today we will discuss how to construct this secure network-silver system.

To know what kind of online banking system is safe, first of all, you need to know which network banking system is not safe.

My view is that all network banking systems that do not have an identity token hardware device are unsafe.

These systems include a variety of "Volkswagen" net silver, as well as some so-called digital Certificates "Professional Edition", because they essentially, all the running code is running in the computer memory, the user all the operation can be intercepted by the Trojan. In theory, hackers can completely forge users for system logins. Only by leaving the user's computer system, using the independent authentication hardware equipment, can construct the secure network Silver system.

At present, there are two popular authentication hardware products can achieve a more secure online banking system login.

The first type of authentication product is called "Dynamic password Lock".

Dynamic Password is also known as a one-time password, which means that the user's password is constantly changing according to the times or usage times, and each password is used only once. Dynamic passwords Use a dedicated hardware called dynamic tokens with built-in power, password generation chips, and displays. Is the appearance of this product, where the number keys are used to enter the user PIN code, and the display is used to display a one-time password. Each time you enter the correct PIN, you can get a single-use dynamic password that is currently available.

This product's password generation chip runs a dedicated cryptographic algorithm that generates the current password and displays it on the display based on the current time and number of uses. The authentication server uses the same algorithm to calculate the current valid password. Because each password used must be generated by a dynamic token, only legitimate users hold the hardware, so as long as the password is verified, the system can assume that the user's identity is reliable. And each user uses a different password, even if the hacker intercepted a password, can not use this password to counterfeit the identity of legitimate users, because the next login must use another dynamic password.

The dynamic password lock system requires two cipher elements, one of which is a static PIN code, which is set and stored by the user. Another feature is a dynamic password, which is dynamically generated by a password token, is unpredictable, and is kept in sync with the access control of the background server, which is checked by the backend server. Therefore, the user must enter the correct static PIN code and dynamic password to be authenticated.

The dynamic password lock itself needs to enter the PIN code to use, static PIN code security element is that this PIN code is not entered on the computer, but in the password lock input, so that all the hacker Trojan program theoretically all failed, because these Trojans simply can not be in another hardware password lock run.

Hackers want to crack the user password, the first to obtain the user's dynamic password lock, and then to obtain the user's PIN code, so that hackers must infiltrate the user's home (computer hackers also need to learn the technology of ordinary thieves), stole the dynamic password lock, and then crack pin code. No user PIN code is still not available, and usually the dynamic password lock itself has a certain security features, input PIN code error 10 times will automatically lock dead and unusable. This also guarantees the physical security of the dynamic password lock.

Dynamic password technology can perfectly solve the security problem of client users, because no matter what method the hacker uses, it is not easy to steal the user's password, even if hackers steal a password can not log in use.

From the technology, dynamic password technology is the perfect solution, but unfortunately, the cost of dynamic password lock is too high, most of the cost is higher than 100 yuan, is not conducive to large-scale use. China currently has a number of bank charts cheap, using a kind of Word card type of so-called "Dynamic Password Card" is also used to achieve more primitive dynamic cryptographic technology. In fact, this low-cost card has the flaw is very obvious, the card content is very easy to copy, and does not protect the PIN code, others steal or copy this card can be fake login, its security far less than the real dynamic password lock authentication system.

Although the security of dynamic password lock is really good, however, dynamic password technology also has a security risk, is the server-side security. the essence of a dynamic password is single-key encryption, with only one key. in the server-side authentication system, you can calculate all the dynamic password, so if hackers will focus on cracking the Bank authentication server system, it is still possible to create a certain security threat to the banking system, in addition to this system also relies on the network of silver Administrator, The Administrator of the net bank can modify the rules of dynamic password lock on the server side, also have certain security hidden trouble.

Next time, we will introduce another kind of low-cost authentication hardware products, can realize the security authentication through the technology of double key encryption, and can make up for some security hidden trouble of dynamic password lock.

Dynamic Password Lock