基于Ajax的智能终端一次性口令身份认证仿真

One-Time Password Authentication Simulation of Intelligent Terminal Based on AJAX

为解决一次性口令认证简单,容易被非法用户恶意攻击和篡改,冒充正常用户盗取隐私信息的问题,提出基于Ajax的智能终端一次性口令身份认证方案。以历史流量分布均值为参考值,在实际流量估计区间内判断网络是否安全,若无异常情况,服务器利用公钥加密保存通关密语,智能终端和服务器分别迭代换算成两个密钥,用于互相鉴别,并加入时间戳以防止被篡改。在用户注册阶段一次性存储用户身份信息,每次登录都通过挑战应答方式鉴定用户身份信息。经仿真证明,所提方案认证速度快、延迟短,网络利用率高,能够同时容纳更多用户,且安全性高,可适用于不同的服务器。

At present,one-time password authentication is too simple,so user information is easy to be maliciously attacked and tampered with by illegal users.Therefore,a one-time password authentication scheme of Ajaxbased intelligent terminals was proposed.Taking the mean value of flow distribution as the reference value,we could judge whether the network is safe within the actual traffic estimation interval.If no anomaly,the server used public key encryption to encrypt and save the passphrase.The intelligent terminal and the server were iteratively converted into two keys for mutual authentication.Meanwhile,a timestamp was added to the keys,thus preventing tampering.In the stage of user registration,the user information was stored once,and the user information was authenticated by challenge and response mode at each log-in.Simulation experiments prove that the proposed scheme can achieve fast authentication,with short delay and high network utilization.Moreover,more users can be accommodated at the same time.Due to high security,this scheme can be applied to different servers.