E-token is a kind of special hardware which is equipped with built-in power supply, password generation chip and display screen, and automatically updates dynamic password every certain time according to special algorithm. The online banking system based on the dynamic password technology is also known as one time password (OTP) system, that is, the user’s authentication password is changed.
E-token is a kind of special hardware which is equipped with built-in power supply, password generation chip and display screen, and automatically updates dynamic password every certain time according to special algorithm. The online banking system based on the dynamic password technology is also known as one time password (OTP) system, that is, the user’s authentication password is changed, the password will be invalid after using it once, and the password at the next login is a completely different new password.
作为一种重要的双因素认证工具，电子令牌被广泛地运用于安全认证领域，从而大大提升了网上银行的登录和交易的安全性。我行采用的电子令牌每 60 秒随机更新一次动态密码，密码长度为 6 位。电池寿命为出厂后三至四年，超过上述期限后，电子令牌将失效。届时您需要到柜台办理电子令牌更换。
As an important two factor authentication tool, electronic token is widely used in the field of security authentication, which greatly improves the security of online banking login and transaction. The electronic token adopted by our bank will be randomly updated with dynamic password every 60 seconds, and the password length is 6 digits. The battery life is three to four years after leaving the factory. After the above period, the electronic token will be invalid. At that time, you need to go to the counter to change the electronic token.
动态口令令牌，不使用任何对称或者非对称加密的算法，而采用时间同步型动态口令算法，即 TOTP(Time-Based One-Time Password Algorithm)。采用 TOTP 算法，令牌卡对种子文件和当前时间（令牌卡内部有自己的时钟，不依赖电脑时区）进行运算，以源源不断地产生不同的动态口令，并显示到屏幕上，与此同时，银行服务器会进行同样操作。
The dynamic password token does not use any symmetric or asymmetric encryption algorithm, but adopts the time synchronous dynamic password algorithm, namely TOTP (time based one time password algorithm). Using TOTP algorithm, the token card calculates the seed file and the current time (the token card has its own clock and does not depend on the computer time zone) to continuously generate different dynamic passwords and display them on the screen. At the same time, the bank server will perform the same operation.
It can be seen that the time synchronization dynamic password requires high time synchronization between the token card and the server, and the time error will cause the failure of the whole token. Therefore, each time a user successfully uses the token authentication, the server will correct the corresponding time error. The specific process is as follows: the token card calculates the password according to the current time and sends it to the server. The server calculates the password according to several time points before and after the current time. If one of the passwords matches, the authentication is considered successful, and the error value is recorded. Then, when the server authenticates the password, it directly adds the error value to the current time to calculate the password.