The invention discloses a composite dynamic
password authentication method and an
authentication system applicable to a plug-and-play terminal. The method and the
system comprise the following steps: providing remote time service to an embedded terminal through a
server, and calculating a first key K1 and feeding back the first key K1 to the
server according to
time factor change T' and a built-in
static key C through the terminal; generating a random number group A according to the situation that terminal right is authenticated by using K1 through the
server, and calculating second keys K2, wherein the random number group A comprises a
change factor ai, and K2 are HASH values of A, T', C and a built-in dynamic key D; receiving K2 through the terminal, comparing K2 with K2' calculated by the terminal, if the result shows that K2 is accordant with K2', determining whether a
password is jumped or not according to characteristic values calculated according to T', if the
password is jumped, obtaining ai in the random number group A according to a sequence L and a pointer P, calculating a new key D' according to D so as to replace the key, and loading the new key D' into a non-
volatile memory. Two time / event synchronous dynamic password
modes are adopted simultaneously, the change characteristics of the password are increased, and the method and the
system are particularly applicable to bidirectional
authentication of plug-and-play terminals and servers.