Data Protection and Security

VII

Identification and Entity Authentication

VII.III

Authentication Protocols

Two modes of operation for OTPs are possible and their corresponding advantages are as follows:

Workstation environment: In this first mode of operation, to facilitate user-friendliness, each user has only (and need to memorize) one password just like traditional password schemes. This password is used to authenticate the user to the client machine and this machine generates the one-time password to be authenticated by the server. On the network between the client and server machine only the one-time password is transmitted and hence safeguards only from "eavesdrop and replay" kinds of attack.

Human and paper environment: For the applications that require stronger security, it is possible to have the user enter the one-time passwords without getting any help from the system. In this case not only "eavesdrop and replay" attacks are impossible but some other problems of traditional passwords are avoided as well.