Paper Based One Time Password System

Simon Moore

Title : Paper Based One Time Password System
Originator : Dr S. W. Moore
Special Resources : (optional but desirable) an account on a machine which supports WWW CGI scripts


Network security is a big issue within the University. The Computer Laboratory (T&R) prohibits remote access to its computers unless prior consent has been given. This is inconvenient.

A one time password system for rlogining into machine would probably be adequate. In commercial systems such a password is usually sourced using a device similar in shape, size and component complexity to a picket calculator. However, such a device costs a significant amount of money and can easily be lost.


A paper based one time password system is proposed. The user of the system would carry around a single A4 sheet printed on both sides which forms a code book. This code "book" would be valid for, say, one month or 50 accesses which ever comes sooner. It could be used in the following challenge-response scenario: Time constraints could be added to this process. For example, the user may only be allowed three attempts to login per hour.

In case the user looses a code book there should be a mechanism to withdraw the book from circulation. This could be provided by a web page hooked to an appropriate CGI script.

The interface to code book generation could also be provided by a local web page. A large print two page code book might be desirable for those ocularly challenged. It would be reasonable to assume that local printing facilities are secure enough.

back to index