摘要
一次性口令(简称OTP)认证机制可以实现一次一密,具备更高的安全性,同时,其实现简单、成本低、无需第三方公证,十分适合于受限的移动应用,但难以抵御小数攻击以及没有实现双向认证,其安全隐患主要在于参与一次性口令生成的随机数以及口令认证信息均以明文方式传送,因此,可以采用椭圆曲线密码体制ECC对随机数及认证信息进行加密。
One-Time Password(OTP) authentication mechanism has higher security by one time padding.It is implemented simply,cost less and needed no third-party notarization,and so it is more suitable for limited mobile commerce environment,but it couldn't resist decimal attack and realize bidirectional authentication.The main reason is that random number generated one-time password and authentication information are transmitted by plaintext,so Elliptic Curve Cryptosystem(ECC) is used to encrypting random number and authentication information.
出处
《计算机安全》
2011年第8期16-19,共4页
Network & Computer Security
基金
北京联合大学自然科学基金资助项目(ZK201014X)
