Two Factor Authentication WITHOUT the Overhead of Traditional OTP

A. Ali, M. Büchner, and E. Segura (USA)


Online Authentication, Security, OTP, and Smart Card.


This paper describes a simple security architecture that supports two factor authentication for accessing Internet resources. Instead of utilizing the complex traditional OTP frameworks, which can be cumbersome to both deploy and use, we present a software architecture based on a shared knowledge between a token and a remote Internet resource; such as a web server. The confidentiality of this shared knowledge is protected by the smart card embedded in the token. The approach is explained in the context of initial token setup and a practical use-case for two factor online authentication. Despite its simplicity, this software optimization provides a comparable level of security for asserting the identity of users.

Important Links:

Go Back