| Summary: | 碩士 === 國立臺灣海洋大學 === 資訊工程學系 === 98 === Due to the rapid development of the Internet and online services, people now has been used to access various services via the Internet. To prevent leakages of private information and to provide personalized services, authentication mechanisms are therefore extremely important to Internet services. Currently, most web services authenticate their users by static passwords. However, independent of the importance of Internet services, it is common that an Internet user often chooses the same password for different services. As a result, the risk of passwords being stolen by malicious users hence increases.
To solve this problem, we believe that the use of dynamic password is the most effective solution to protect user accounts. In this thesis, we propose a user authentication service which does not require users to setup static password. A registered user is able to receive his one-time password via instant message services when a password is requested. To simplify the deployment process, the proposed solution incorporates the OpenID architecture so that is can be easily applied for all web services that supports OpenID. Under the circumstances that instant message accounts can be well protected, we believe that the proposed solution is able to achieve requirements of both security and convenience.
|
|---|
