1982, a researcher in Bell Laboratories put forward a design scheme of one-time password in a paper, so that even if others cracked the password, they could not use it again. This is the first time to systematically put forward the problem of dynamic password and its solution. Subsequently, RSA Company of the United States discovered the value of this technology, deeply studied and improved the dynamic password, and put forward the "time synchronization technology". It applied for a patent in 1984, developed the first dynamic instruction product SecurID in 1986, and produced the first dynamic password product in a factory in Hong Kong.
However, what really made this product successful was after Security Dynamics Inc acquired RSA. They realized the great value and business opportunities of RSA's own brand, kept the brand of RSA, and turned the sales model that used to be mainly tied with operating system or system software into the application field. Soon, they achieved great success in the fields of banking, government, military, insurance and internal security of enterprises, and eventually became a listed company with annual sales of 280 million US dollars (2000 figures).
In the United States, RSA has now occupied 70% of the dynamic password market, and the1year has produced the100000 SecurID.
RSA has long wanted to open the China market. With some well-known foreign enterprises entering China, the dynamic password technology used in their internal management has also set foot on the land of China. In order to provide services to these foreign companies, RSA set up its first office in China on 1995. At 1996, the first international communication exhibition in China, RSA introduced its entire line of products to China. However, because the network market in China was still in its infancy at that time, most people didn't know what the network could do, let alone security issues, so almost no one noticed this thing. Later, Korean manufacturers also tried to promote similar products in China and failed.
However, the indifference of the market reaction does not mean that China people don't care about this technology. As early as the mid-1990s, China Electronics Industry Research Institute 15, Graduate School of Chinese Academy of Sciences, DCS Center (China Digital Security Technology Research Center), national security organs and some scientific research institutes were tracking the development of foreign dynamic password and cryptography technology, and made some samples. But it was not until 1997 that Fujian Kate got this technology from the National DCS Center and turned it into a product, becoming the first person to eat crabs in China. It's just that the market situation has not been optimistic. By the end of 200 1, we can find that the number of users using domestic dynamic password products does not exceed 10. Even Fujian Kate, which entered this field the earliest in China, used the income from system integration and software development to subsidize this part of the loss, not to mention other manufacturers.
Compared with other network security products, the development of dynamic cryptography in China is a bit special. For example, firewall technology appeared in foreign countries in the early 1990s, but it was widely adopted by many domestic core departments in 1995 and 1996. Shortly after CA certificates and digital signatures appeared abroad, domestic banks began to build CA centers (CFCA). Antivirus technology is completely synchronized with foreign countries, and there are even more advanced places. The first product of dynamic cryptography appeared in 1986, which was widely used abroad in the early 1990s, but we didn't realize its importance until 200 1. In this field, we are 10 years behind!
There are many factors: First, due to the strict restrictions on security products imposed by the National Cryptography Commission and other security agencies, only designated units can develop, produce and sell them, and it is difficult for foreign products to enter the non-commercial encryption market in China. Secondly, China's network market basically adopts the strategy of "opening first, then security", that is, the network system is established first, the application is produced first by adopting the strategy of full opening, and security protection is carried out after the application is rich and the security problems are recognized. In particular, e-commerce in China is still in its infancy, and the demand for commercial encryption market is not urgent. The high price of foreign products has affected its promotion in China.
Since 2000, online transactions in China have developed by leaps and bounds, especially the users of online transactions and online banking have exploded. At the same time of rapid growth, there are also many problems related to network security, such as credit card imitation and stock piracy, which make everyone realize the importance of commercial encryption. Therefore, dynamic password products have won the favor of the domestic market.
Talk about hidden dangers
Dynamic password is not absolutely safe, it is both software and hardware, so it will fail in other software and hardware. Possible hidden dangers of dynamic password cards include:
1. Card issuer. For example: developers and users of the system. Every user needs a card that can generate a dynamic password, just like your credit card. If the user loses this card, the card issuer can copy the same card for you after reporting the loss. Then if the person in charge of issuing the card really wants to steal the account, he can use his authority to copy anyone's card.
2. System administrator. At present, most dynamic password cards calculate dynamic passwords through time synchronization. If the system administrator accidentally modifies the system time (which is an easy mistake), it may cause great confusion to the whole system and paralyze the whole trading system.
3. the server. At present, the operating system of dynamic password server is usually Windows 2000 or Unix platform, and these two operating systems have many "loopholes" themselves, which are likely to be the targets of hackers or viruses. Even if they can't steal users' account information, they may paralyze the whole trading system.
4. Encryption method. At present, the encryption principles and authentication methods adopted by various manufacturers are not exactly the same, some adopt public encryption methods, and some adopt their own encryption methods. No one can prove that his encryption method is safe with his own product with encryption method. In particular, developers are likely to leave some "back doors" for themselves (such things happen in many foreign banking systems), which will become the biggest hidden danger of the whole system.
5. The reliability of the dynamic password system itself. Because most domestic dynamic cryptographic systems are new products, their reliability and security have not been tested by practice, such as the ability to deal with concurrency, disaster recovery, and the ability to prevent abnormal attacks.
In view of the above possible hidden dangers, Changsha Huatang Electronic Technology Co., Ltd. does this:
In Huatang authentication system, the password card cannot be copied. Even if the loss is reported, different cards will be redistributed, and the original password card will be invalid.
Any management event made by the system administrator has an auditable detailed log.
The encryption method is a combination of public encryption method and self-developed encryption method.
For real-time trading system, it can provide multi-machine cold and hot backup of authentication server.