Study And Implementation Of One-Time Password System Based On Event

This paper firstly analyzed various mainstream identity authentication mechanisms as well as their securities and ranges of application. Then, a profound research on four models of One-Time Password authentication scheme including their securities and practicabilities was given in the paper. Finally, a modified One-Time Password System based on event including the Authentication Protocol and the Algorithm for generating one-time password was introduced for conquering the drawback that secret pass phrase was easily attacked by off-line dictionary.One-Time Password Generating Algorithm in the paper did not rely on the secret pass phrase of the user but generated one-time password by symmetric secret key encryption for counter value adopting the transformational value of token serial number as token key. And a hardware token which was in low cost and a long life was designed for the present deficiencies .Improved One-Time Password Authentication Protocol adopted dual factors identity authentication and the counter value to realize synchronization. It can effectively prevent wiretapping, replay, password guessing and decimal fraction attacks. The server kept token serial number instead of token key. The token key was generated by using system key to encrypt the token serial number when needed. It made key management easy because the server only needed to keep the system key but didn't need to keep all of the token keys.Characteristics of improved One-Time Password System based on event were in low cost, no software on client end and easy deploying. It was adapted for perfecting application system of existing static password authentication or other authentication systems.