摘要 |
A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage. |
主权项 |
1. A key updating method comprising:
Step 1, receiving and authenticating, by a back-end authentication system, a current dynamic password generated by a dynamic token, and
generating key updating information and proceeding to step 2 in the case where the authentication succeeds;quitting the key updating in the case where the authentication fails; Step 2, generating, by the back-end authentication system, a first updating key with the key updating information and a first initial key stored in the back-end authentication system, copying, by the back-end authentication system, the first updating key to a buffer of the first initial key in the case where the back-end authentication system fails to authenticate a dynamic password with the first initial key and succeeds in authenticating the dynamic password with the first updating key; obtaining and authenticating, by the dynamic token, the key updating information, generating, by the dynamic token, a second updating key according to the key updating information and a second initial key stored in the dynamic token and copying the second updating key to a buffer of the second initial key in the case where the authentication succeeds; or quitting, by the dynamic token, the key updating in the case where the authentication fails. |