A practical one-time password authentication implement on internet

A one-time password authentication protocol is proposed which can be used by common Internet users and services providers. The protocol is simple to implement and secure for common applications without additional hardware involved. Static password is used widely in conventional authentication. In the light of a threat of guessing attacks, a strong secret should be shared by communication participants. But the strong password is too hard to remember and easily eavesdropped by adversaries when transferred on-line. One-time password technology can counter replay attack resulted from eavesdropping. But existing one-time password schemes is too complicated to be accepted by common Internet users. The proposed protocol is simple to implement and secure for common Internet appliance without additional hardware involved. It is an improved version of challenge/response one-time password mechanism.