A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords

This paper proposes a novel one-time password (OTP) mutual authentication scheme based on challenge/response mechanisms. In the scheme, random sub-passwords and corresponding hashes are shared between a user and a server, respectively. By performing modular algebraic operations on two or more randomly chosen sub-passwords, relatively independent OTPs can be produced in the scheme. The used sub-passwords are renewed according to random permutation functions. With tens of random sub-passwords, we can get enough OTPs that can meet the practical needs. The stores and calculations can be implemented with a microcomputer in the userʼs terminal. At the same time, the scheme can provide sufficient security in ordinary applications.

► Sub-passwords that randomly chosen to produce one-time passwords are renewed.
► Relatively independent one-time passwords can be produced.
► Enough one-time passwords are generated for one original condition.
► The calculation cost is low.