Paper Based One Time Password System
||Paper Based One Time Password System
||Dr S. W. Moore
||(optional but desirable) an account on a
machine which supports WWW CGI scripts
Network security is a big issue within the University. The Computer
Laboratory (T&R) prohibits remote access to its computers unless prior
consent has been given. This is inconvenient.
A one time password system for rlogining into machine would
probably be adequate. In commercial systems such a password is usually
sourced using a device similar in shape, size and component complexity
to a picket calculator. However, such a device costs a
significant amount of money and can easily be lost.
A paper based one time password system is proposed. The user of the
system would carry around a single A4 sheet printed on both sides
which forms a code book. This code "book" would be valid for,
say, one month or 50 accesses which ever comes sooner. It could be
used in the following challenge-response scenario:
Time constraints could be added to this process. For example, the
user may only be allowed three attempts to login per hour.
- user types "rlogin gateway-host -l userID"
- machine asks for a conventional password which the user duly
- machine replies with a series of alphanumerical quintuples
- user looks up quintuples in the code book and responds
In case the user looses a code book there should be a mechanism to
withdraw the book from circulation. This could be provided by a web
page hooked to an appropriate CGI script.
The interface to code book generation could also be provided by a
local web page. A large print two page code book might be desirable
for those ocularly challenged. It would be reasonable to assume that
local printing facilities are secure enough.
back to index