What are the Dynamic Password Authentication in information security?

Dynamic Password is also known as One Time Password. It is used to solve the traditional problems which occur when the static Password authentication cannot cope with eavesdropping and replaying, making, guessing, etc.

Using dynamic password, uncertainties will be treated in authentication information during the procedure of lodging to make authentication information different every time, which can enhance the security of information in the procedure of lodging. This technology can effectively prevent replay attack, and solve the issues that the static password is likely to be stolen in transmission and database.

There are three fields which are transmitted to authentication server or KDC. Those are Principal ID, Principal Password & current system timestamp of user‘s device. Principal password & timestamp are hashed first & then sent.

In server side, server checks to view that user is the right one or not who it assume to be. Server has its database of authentic Principal ID & Principal Password pairs. Server firstly verify for replay attack by comparing the timestamps. Then server checks to view a right password is supplied or not by comparing hash values of received & server generated values. The next process is generation of secret key used to encrypt the ticket.

The dynamic password method enhance traditional password approaches by using the processing capability of smart cards for making a multiple password for each authentication attempt. The smart card creates new passcodes several times a day. The host implements the same algorithm as the smart card, therefore it knows the password token's current valid password at any given time.

The card issuer boot up each card in the system with a synchronization procedure that loads an initialization code, or seed, into both the password token and host. The seed and the algorithm for deciding the passwords are kept secret. The seed value and initialization code for each card are unique such that no two cards must have the same password at a given time. It is unlikely that someone can predict the valid password at any given time without understanding the algorithm, seed, and initialization value.

During authentication, the password token shows the current password, which is sent to the host. The verifier compares the password received to the normal value. The host accepts the card if the identifiers connect. This method provides card authenticity, due to the lifetime of each password is short and the algorithm is variable with each card and maintain secret.

This approach implements authentication without using a CAD. Rather than, the user enters data (i.e., card identity number and password) into a computer terminal enabling remote log in. Smart cards used for this authentication method needed a battery, a display, and sometimes a keypad.