Abstract: This paper analyzes one-time-password and graphical password, and discusses some shortcomings of graphical password in the case of authentication through an open network. This paper proposes an improved method of high feasibility, reliability to remedy these shortcomings which based on the one-time-password, which enhances the security of the password and avoid replay attack and shoulder-surfing attack. Similar techniques can be used to boost up the security of the application security systems for more flexible application.

Key words: authentication, graphical password, one-time-password, visual hash

摘要： 分析和比较一次性口令和图像口令的相关技术，指出在开放网络环境下进行身份认证时，图像口令存在的缺陷，并论证采用一次性口令弥补该缺陷的可行性和可靠性。基于一次性口令产生的会话密钥，设计一种有效的图像口令身份认证方案。该方案提高口令的安全性，能够防止窥探攻击和重放攻击。类似技术被应用于更加灵活的实际环境中，并增强了应用系统的安全性。

关键词: 认证, 图像口令, 一次性口令, 可视化哈希

CLC Number: 

• TP309