Mobile Networks and Applications
| Hi-index | 0.00 |
Using One-time Password (OTP) in a Two-factor Authentication (2FA) system is very popular nowadays. OTP function has been embedded into many devices such as standalone token, PC, PDA and cellular phone. The generated OTP code is entered into the login window to complete a user’s authentication procedure. These tokens and devices do bear extra cost to the user. Deployment or support of such OTP tokens can not be fully done through Internet to reduce the expense and work load. And certain designs may compromise network security when token is lost or stolen. We propose a secure way to generate the OTP code by way of a web browser. A user does not need any electronic device on hand to obtain OTP for 2FA login. A new Rubbing Encryption Algorithm (REAL) is proposed as the base technology. Implementation method of such web-based OTP token is presented and analyzed. The token is licensed to a company to promote product sales. It operates through a web-browser with a REAL dynamic session key. It can be integrated into many secure Internet commerce applications as well.