Ubiquitous One-Time Password Service Using Generic Authentication Architecture
In this paper the authors exploit GAA to build a scheme that converts a simple static password authentication mechanism into a One-Time Password (OTP) system. The scheme employs a GAA-enabled user de-vice with a display and an input capability (e.g. a 3G mobile phone) and a GAA-aware server. Most importantly, the device does not need to be user or server specific, and can be used in the protocol with no registration or configuration (except for the installation of the necessary application software). The system also fits well to the multi-institution scenario and hence enables the provision of ubiquitous and on-demand OTP services.