Design And Implementation Of One-time Password Identity Authentication System Based On Digital Certificate

With the widely use and popularization of Internet, people pay more attention to the network security, which has become an important research topic in the field of the network communication.There are some bugs in the process of designing network protocols, operating system or other application software systems.Attackers may use these bugs to break into the network system and steal the sensitive data, which may harm the interests of users and even endanger state security. As a result, it is necessary for us to take some security measures to prevent illegal users from invading systems. Nowadays, there are several security services in the network communication, such as identity authentication, access control, confidentiality, integrality and non-repudiation. Identity authentication is the first line of the defense in the security application system, and the implementation of other services needs the support from identity authentication.Therefore, the research on identity authentication has important theoretical significance and practical values.As a foundation of identity authentication, the basic knowledge on the cryptography is firstly introduced in this paper, and then the advantages and disadvantages of static-password authentication mechanism are analysed.There are some disadvantages of static-password mechanism, for example, it can not resist these attacks such as replay attack, man-in-middle attack and network sniffer attack. Against these disadvantages, the design principles of one-time password identity and mutual authentication are emphasized in this paper. At the same time, combined with the idea of the data encryption, a scheme of one-time password identity authentication based on digital certificate is presented in this paper, which is also called the scheme of CertOTP identity authentication. According to the scheme, the design and implementation of the CertOTP system are presented in details in the end of the paper, using the language of Java, the language of JSP and the development kit of CryptoAPI. There are several advantages of the CertOTP system, for example, many attacks, such as password guess, network sniffer, replay attack, man-in-middle attack and social engineering attack can be resisted by using this system.By running and testing this system,the results show that the scheme of one-time password identity authentication system based on digital certificate is correct, reasonable and safe.