Method for updating seeds of dynamic password token

Abstract

The invention discloses a method for updating seeds of a dynamic password token. The method comprises the following steps: firstly, a user performs mutual authentication by using a dynamic password token and a server, and seeds in the dynamic password token are updated if legal; the server generates a seed updating identification and transmits the seed updating identification to a client; the dynamic password token uses the seed updating identification to generate a temporary seed and authenticates a dynamic password again by using the temporary seed, and updates the seeds stored inside if the authentication is successful; and the server also updates the seeds to be stored by the dynamic password token. The invention prevents token manufacturers from knowing the condition of seeds in eachtoken by updating seeds in the dynamic password token, therefore the safety is improved.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for updating the seed of a dynamic password token. Background technique [0002] With the development of network technology, people need to transmit a large number of important information such as transactions on the Internet, but ordinary static password technology is no longer safe, and can be easily intercepted by hackers. Hackers use static passwords to log in to users' legitimate accounts. , Carrying out illegal activities poses a great threat to people's information security. [0003] In recent years, a dynamic password technology has emerged. Through this technology, the feature of one-time encryption can be achieved during the process of user inputting the password. Even if the user's login password is intercepted this time, the password will be invalidated when the user logs in next time. It cannot be used and can no longer pose a threat to users, which grea...

AI Technical Summary

Problems solved by technology

Among them, a lot of use includes a challenge-response dynamic password system. This method uses a small intelligent security device with buttons, which can also be called a dynamic password token. The token has a built-in security algorithm, and each token is set There is a unique seed (used to calculate the static parameters of the dynamic password), usually, the token is provided with buttons and a display screen, the buttons are used as an input device to input challenge codes, etc. The seed in the token is confidential and stored in the token and cannot be read out. Hackers cannot crack the user's dynamic password if they cannot obtain the seed.

[0004] However, there are still security holes in such tokens. In general, OTP tokens are produced by security product manufacturers. The manufacturer uses a seed production tool to generate a seed for each token, and writes the unique seed to At the same time, each token is numbered, and the number and the seed correspond to each other. When the dynamic password token is sold to the service provider, the corresponding seed is distributed to the service provider at the same time, and the service provider distributes the token. Authenticate users using

And, usually, the service provider does not have the hardware interface to change the seed in the token, and cannot update the seed, thus creating a security hole

Images