Principle of dynamic cryptography

Recently took over a security certification program. It involves a lot of security authentication means, such as dynamic password, CA certificate, Usbkey, fingerprint and so on. This is a simple introduction to the principle of dynamic cryptography.

What is a dynamic password card.
Dynamic password card is a built-in power supply, password generation chip and display, according to the special algorithm to automatically update the dynamic password every time the special hardware. Based on this dynamic cryptography system is also called a one-time (OTP) system, that is, the user's authentication password is changed, the password is used once after the expiration of the next logon password is completely different new password. As an important two-factor authentication tool, dynamic password card is widely used in the field of security authentication. such as NetEase's General order, Bank of China's E-token
What are the advantages of a dynamic password card?
The advantages of dynamic password card are embodied in not only very safe, but also very convenient to use. Dynamic password is also called one-time password, usually every 60 seconds randomly updated once, the advantage is that a password in the authentication process only use once, the next time the certification is replaced with another password, making it difficult to counterfeit the identity of legitimate users, users do not need to remember the password. The use of dynamic password cards is very simple.

principle

The password of the dynamic password is actually not random, but by the regular. The current dynamic password is divided into two categories, time and event. What is a time dynamic password? This class token output dynamic password is time parameter, and the event is usually the number of times used as parameters. We take the time dynamics as the main description object. The entire validation process is as follows:

1. Dynamic password tokens generate dynamic passwords with time and seed parameters, iterations, to obtain dynamic passwords, where the time is generally seconds. A clock chip is built into each time dynamic cipher token.

2. The server verifies the dynamic password. The server reads the system time plus the seed, and the same iterative method is used to derive the dynamic password, and then the two sides are compared.

On this side, there may be doubt whether the time of the token and the time of the server must be the same. My answer must have been inconsistent. How can you test the past? Originally very simple, the server checksum is in a time interval checksum, such as now is 12:00, the server will generate all the dynamic password 11:55-12:05, and then the dynamic password generated by the token, so that does not solve the problem of inconsistent time. In addition, the server will be the difference between the token and the server record, the next test will be the first record of the offset value to reduce the number of dynamic password iterations, so that the completion of another important function, offset automatically adjusted.

Dynamic password principle is very simple, oh, I am now a few important manufacturers of dynamic password integration into the certification system, mastered the principle, integration that is quite simple.