A Secure One-Time Password Authentication Scheme Using Smart Cards

Tzu-Chang YEH
Hsiao-Yun SHEN
Jing-Jang HWANG

IEICE TRANSACTIONS on Communications   Vol.E85-B    No.11    pp.2515-2518
Publication Date: 2002/11/01
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
authentication,  one-time password,  smart card,  replay attack,  off-line dictionary attack,  

Full Text: PDF>>
Buy this Article

Using the great one-time password concept, the widely utilized one-way authentication scheme S/Key provides well protection against replay attacks. In this paper, S/key is enhanced to secure transactions in a critical environment. The proposed scheme is free from any of server spoofing attacks, preplay attacks, and off-line dictionary attacks. A session key here is also established to provide confidentiality. Moreover, simplicity and efficiency are taken into consideration from the user's point of view. A smart card is applied to simplify the user login process and only the hash function is used to keep its efficiency. Therefore, the scheme proposed hereinafter is able to build a safer shield for sensitive transactions like on-line banking or on-line trading in bonds and securities.