Site:Home > Service > Classic question and answerClassic question and answer


1, what are the potential static password?
Answer: in order to facilitate memory, the users select commonly used words or numbers as the password, the attacker can use" dictionary attack" to decipher, used the word in the dictionary and try to the user's password; at the same time use the exhaustive test method, with the string works as a dictionary, if the user's password is shorter, is easy to be exhaustive out of;
     If a password is used many times, it is easy to be obtained by an attacker through using capture / playback way, and through simple encryption transmission after authentication information resolution, but also can calculate the user's password;
     Because the current network transmission of the authentication information are mostly unencrypted plaintext, a hacker can distinguish the authentication information from the Internet or telephone line through the network data stream tapping method, intercepted password, and can easily get the key information of the users, to attack; with increased employees mobility, the internal authorization code was taken out of the company and may be malicious use;
     The attacker uses the attacked system to access, monitor installed or personally and legal user password input process, so as to obtain the password, management or other internal personnel can also be achieved through legal authorization user password and the illegal use;
     Due to computer performance, automatic password decipher tools password time has greatly been shortened, and even overcome cryptographic problems; the attacker poses legitimate users by email or call management personnel, to win the user password
     By searching the attacker waste, the attacker gets attacked information in order to achieve the purpose of theft of password.
2what is the dynamic password?
Answer: dynamic password ( Dynamic Password ) is also known as a one-time password, it refers to the user's password according to time or frequency of use dynamic change, each password is only used once. Dynamic password uses a known dynamic token dedicated hardware, power supply, password generation chip and the display. The numeric keys for entering user PIN code, the display screen is used for displaying the one-time password. Every time you input the correct PIN code, you can get a currently available one-time dynamic password.
     Cipher chip running specialized cryptographic algorithm, according to the current time and frequency of use for generating a current password and displayed on a display screen. The authentication server uses the same algorithm to calculate the current valid password. Because each time you use the password must be dynamic token to generate, only legitimate users can hold the hardware, so as long as the password authentication system can think through, the identity of the user is reliable. And every time a user password is not the same, even if a hacker intercepted a password, also cannot use this password to counterfeit the legitimate user identity, because the next logon must use another dynamic password.
3 the token can be used how long?
the battery replacement token product, when battery power is insufficient, a direct replacement of the corresponding models of battery ( battery ) can continue to be used; for no battery replacement token product, service life is 2 year, 3 year and 5 year period.
4what if the user has lost token?
Answer: if the user has lost token, in order to prevent the possible security risks, you shall promptly contact the system administrator and inform them that your token is lost, the system administrator in authentication system will make the token" lost" or" freeze".
5the user forgets the token to log in to the system?
Answer: the user forgets the token and the use of the system requirements, you can contact the system administrator, administrator will give this user authentication method for static identity authentication, the user can use a predetermined set of static password system
6a token can log in a plurality of application system?
Answer: can, GICOM Network unified identity authentication system can be simultaneously connected with a plurality of application system, to provide identity authentication service.
7what is the double factor authentication?
Answer: the double factors of cryptography is a concept, in theory, identity authentication has three elements:
The first element ( know content ) : the need for user memory authentication content, such as passwords and ID number.
Second elements ( possession of the goods ): users have certified special strengthening mechanism, such as dynamic password card ( token ), IC card, magnetic card etc.
Third elements ( has the characteristics of itself has only ): user characteristics, such as fingerprints, pupil, sound.
Individually, the three elements of any one of a problem. " Possession of the goods" can be stolen;" know" can be guessed, to be shared, complex content may forget;" have special syndrome" is the most powerful, but the price is expensive and the owner is vulnerable to be attacked, usually in a top safety requirements. The first two combined elements of identity authentication method is the "double factor authentication".
Two factor authentication and ATM withdrawals are similar : the user must use an ATM card ( authentication device), and then enter a personal identification number ( known information ), in order to extract the account payment. Due to the need of user identity authentication, double factor authentication technology can resist illegal visitor, improve the reliability of certification. In short, the technique reduces the electronic commerce two risks: from the external illegal visitor identity fraud and from the interior of the more covert network infringement
The company provides products based on token two-factor authentication solutions, can be widely used in the authentication system, authentication of network device, a remote access authentication, authentication and other business system.
8what types does the double factors identity authentication ?
Answer: the current dynamic password is generally divided into two types: event synchronization, time synchronization. In addition there is a higher challenge response mode.
Time synchronization:
  Based on token and server time synchronization, through operation to generate consistent dynamic password, and based on the time synchronization token, generally the update rate for each 60s, every 60s generates a new password, but due to the synchronization is based on international standard time, the server can be very precise for maintaining the correct clock, at the same time the token frequency of crystal oscillator has strict requirements, thereby reducing the probability of losing synchronization system. On the other hand, based on the time synchronization token in each authentication, the server will detect a token clock offset, corresponding to constantly fine-tune their time recording, thereby ensuring the token and the synchronizing server, to ensure that the daily use. The time synchronization device system clock protection is very necessary, especially for software token, due to its dependence on the user terminal PC machine or a mobile computer system clock, when a token amount of dispersed, and the terminal belonging to a plurality of controllable network system, ensure numerous terminal with the authentication server clock synchronization is very important. Similarly, for time synchronization of one or more servers, shall be strictly protect the system clock, may not change, in order to avoid the synchronization problem, which affects all based on this server authentication token. To lose time synchronization token, there by increasing offset technology ( around 10 minutes ) for remote synchronization, to ensure that they can continue to use, reduce the effect on application, but beyond the default value ( 20 minutes ) time synchronization token, cannot continue to use or for remote synchronization, must be made by the system the administrator on the server side separately.
Event synchronization:
  Based on synchronous event token, its principle is through a specific sequence of events and the same seed values as input, the algorithm calculates the consistent code, its operation mechanism determines is the whole working process at the same time clock independent, without affecting the clock, the token does not exist in the time pulse oscillator, but because of its algorithm consistency, the password is known in advance, by a token, you can know the future multiple passwords in advance , so when the token is lost and without the use of PIN code on the token are protected, the existence of illegal landing risk is great, so the use of event synchronization token under the PIN code protection is very necessary. Similarly, based on event synchronization token also lose synchronization risk, such as the user repeatedly to generate password, for tokens out of step, event synchronization server uses increasing offset manner resynchronization, the server will automatically backward pass a certain number of password, to synchronize the token and the server, when the failure step through the very serious situation, large range beyond the normal range, through continuous input two token figure out the password, the server will be in bigger range token synchronization, under normal circumstances, the token required for synchronization is more than 3 times. But in extreme cases, not from the loss of synchronization likelihood, for example if the power runs out, when replacing the batteries mistaken operation. At this point, the token can realize remote synchronization, without returning to synchronization server through manual input by an administrator generates a set of sequence value.
Challenge response:
  For the asynchronous tokens in the token, because in addition to the same algorithm between the server and there's no need for synchronous conditions, so it can effectively solve the problem of token step and reduce the effect on application, and greatly increases the reliability of the system. The main drawback of Asynchronous password uses is that when in use, the user needs more input challenge value step, for the operating personnel andcincrease the complexity, the application will be based on the user application on sensitive degree and the demands for the security level to choose the password generation method.