| The era of network has opened a new world, in which more traditional field has brought to people great convenient by network, as well as great challenges and tasks, one of which is how to keep kinds of intrinsic chacteristics, including confidence, privacy protection, identity authentication and non-repudiation.The problem of security of E-bank is gaining more concern. For now, static password is an identity authentication method widely used in user end. But, it can be stolen by system monitoring in user end and sniffering in network. For this, banks should extend security protection to every user's desktop by strengthen the design of mechanism in identity authentication, wich can be realize by adding server's active participation in user's login precess. One time password(OTP) is such a scheme of identity authentication pointing to weakness of static password.OTP strengthen the security of password in transmission by mixing uncertainty into user's login precess. From the beginning of its emerging, it has become an identity authentication model widely used in E-exchange of network. But, it is proved that appling of OTP only on process of identity authentication without connecting it with process of exchanging is easy to be suffered to the attack of man in the middle(MITM). So, a lot of enterprises make help of public key infrastructure(PKI). But, PKI has its own weakness, such as system complexity, high technique shreshold, high cost and Lack of unity in technique standard, etc.This dissertation discusses and analysises the advantage and shortage of kinds of OTPs, and present a sheme that connect process of authentication with process of exchanging seamlessly, which use outcome of authentication as initiation data of exchanging, so extened OTP into process of exchanging. This dissertation trie to build a set of system of dynamic password identity authentication which is based on MD5 and run in C/S model, and composed by module of OTP authentication server and client program responsible for dynamic password generation. The web server is used to communicate with client program, and authentication server is responsible to generate a challenge number and authenticate user's identity. Aftwer that, server will send a one-time random number to user before every change, which is base on OTP and used to mixing with password to encrypt data flow. This shemes can resist to replay attack, MITM attack, and using crypt algorithms and hash function in design process, so keeping good security without complexity of PKI deploying. |
PDF Full Text Request