Improvement on OTP authentication and a possession-based authentication framework

Abstract

Authentication plays a paramount role in online services. Today many online services are still using password as single authentication method, but this is not considered secure any more. There have been many attempts to introduce multifactor authentication mechanism, for example, counter-based one-time password, and time-based one-time password. In this paper, we first list some limitations and weaknesses of the existing multifactor authentication methods, then propose an improvement to one-time password algorithms, and finally apply it in a general-purpose possession-based authentication framework. The framework can be implemented in popularly used smartphones but does not rely on cellular network or wifi network. The purpose of the framework is for current password-authenticated online services to adopt multifactor authentication easily.