|
Abstract
|
The mobile and web application have become more popular due to easy access and be convenient to everybody, it is essential to look at their security issues from different aspects. User authentication is one of these issues that plays an important role for most applications. If a system authenticates a user, it means that person can access what are allowed in the system. One-time password is a kind of authentication that helps to increase the security through identification. Common methods in this area use extra devices such as smart card, token, and cell phone. However, these devices enforce users to carry hardware, to pay money, and to maintain. In this article, we propose a mutual one-time password which employs a formula to generate password for user, and every time user must use previous password and formula to compute new password. The communication line during authentication phase is supposed insecure; and a mutual authentication helps to increase the level of security. Security analysis shows how this method is secure; and comparison with some models shows its positive points.
|