A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords

摘要

This paper proposes a novel one-time password (OTP) mutual authentication scheme based on challenge/response mechanisms. In the scheme, random sub-passwords and corresponding hashes are shared between a user and a server, respectively. By performing modular algebraic operations on two or more randomly chosen sub-passwords, relatively independent OTPs can be produced in the scheme. The used sub-passwords are renewed according to random permutation functions. With tens of random sub-passwords, we can get enough OTPs that can meet the practical needs. The stores and calculations can be implemented with a microcomputer in the userʼs terminal. At the same time, the scheme can provide sufficient security in ordinary applications.