| With the development of computer network and the popularization of Internet, the security of Internet is more and more emphasized. The identity authentication is one of the most important parts of the network security, since it is the first protecting line of the network application system.The identity authentication is to make sure that the identity of users is true to avoid the attack from network hackers. At present, the most commonly used identity authentication is static identity authentication. It is brief but dangerous, easily be attacked.Another kind of identity authentication which is usually used is the identity authentication based on certificate. It is relatively safe, but quite complicated because it must be confirmed by the CA organization. And this technique is expensive and not very self-contained at present.Therefore, a new scheme—One-Time Password is proposed. The One-Time Password is an identity authentication technique which needs not the third party as CA. It takes advantage of the "one time one cipher", which can keep from password detecting and transmission leaking, etc. Although, OPT can still not avoid the attacks such as small integer and un-secure server.Based on the transitional OPT scheme and the RSA algorithm, a new improved and secure OTP scheme—NOTP is proposed. In our scheme, in combination with the specialties of One-Time Password, the RSA and MD5 encrypting algorithms, the plaintexts including the challenging information from the server and OPT message from the client are transformed after encrypted and the server is effectively affirmed. Further more, we add a symmetric key k used for conversation in this scheme, which make the users be able to encrypt the information transmitted on network after they have passed the mutual identity authentication. |
PDF Full Text Request