Cellular authentication token based on non-time-synchronised one-time password solution

Abstract

Traditional password authentication has been used for many years, yet at the same time is increasingly being attacked. Having realised the security breach and its potential damage to existing online resources, most individuals have diverted their research interests to a more secure authentication method. Multifactor authentication requires the user to possess security devices that compute a unique one time password, addressing “what the users’ possess” factor, as well as “what the users’ know” factor in traditional password authentication. Today’s most widely used implementations apply a time-synchronised approach to design the computing algorithm. This involves tokens which read the time from an internal clock when computing passwords. The password uniqueness is thus derived from the variable time data. Although much work has been done to date, further studies can be conducted using a nontime- synchronised approach to ascertain whether such implementations can compute passwords without the use of internal clock. Additional work can also be made on mobile phone implementations with new algorithms that target improvements in user friendliness, portability and ease of reach. The purpose of this study is to derive a non-time-synchronised approach that can carry out the same functionalities that of their counterparts. A prototype will be constructed to demonstrate the proposed algorithm alongside further enhancements made to existing implementations on mobile phones.