Research On New One-time Password Authentication Mechanism

With the rapid development of network technology,people pay more and more attention to information security.Passwords are used in different systems as a general means of protecting identity.Once the user's password is leaked,it may cause information leakage or even huge economic loss to the user.As a traditional way of information security authentication,static password authentication has been difficult to meet people's requirements.They urgently need more secure password authentication.One-time password comes into being in this case.It is proposed for the shortcomings of static password.It is characterized by one change at a time.One-time password not only takes into account the characteristics of the static password,such as low cost,convenient authentication and fast response,but also enhances the security of the password.The first proposed one-time password scheme has many problems.Many scholars have improved its shortcomings,including Chefranov's scheme,Kogan's scheme,Park's scheme,etc.These schemes promote the development of one-time password.However,there are still many areas to be improved in the current one-time password schemes,such as the number of authentication is limited,only online authentication is supported,and the password is valid in a certain time.In order to solve the shortcomings of the one-time password scheme,we propose two new patterns of onetime password recognition.The main work of this paper is as follows:(1)To solve the problem that re-registration can be avoided but only online authentication is supported in Chefranov's scheme,this thesis use single authentication mode from user to server instead of two-way authentication mode between user and server.The new scheme can achieve unlimited authentication times and support offline authentication based on time-based one-time password algorithm without re-registration.(2)Based on the idea of Kogan's scheme and Park's scheme,this paper proposes a scheme of "one-time password authentication method with time-effective password and unlimited authentication times ".This scheme can realize the timeliness of password without re-registration.