Browse Prior Art Database

HOTP: An HMAC-Based One-Time Password Algorithm (RFC4226)

IP.com Disclosure Number: IPCOM000132585D
Original Publication Date: 2005-Dec-01
Included in the Prior Art Database: 2005-Dec-23
Document File: 38 page(s) / 77K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. M'Raihi: AUTHOR [+5]

Abstract

This document describes an algorithm to generate one-time password values, based on Hashed Message Authentication Code (HMAC). A security analysis of the algorithm is presented, and important parameters related to the secure deployment of the algorithm are discussed. The proposed algorithm can be used across a wide range of network applications ranging from remote Virtual Private Network (VPN) access, Wi-Fi network logon to transaction-oriented Web applications.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group                                         D. M'Raihi
Request for Comments: 4226                                      VeriSign
Category: Informational                                       M. Bellare
                                                                    UCSD
                                                            F. Hoornaert
                                                                   Vasco
                                                             D. Naccache
                                                                 Gemplus
                                                                O. Ranen
                                                                 Aladdin
                                                           December 2005


           HOTP: An HMAC-Based One-Time Password Algorithm

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes an algorithm to generate one-time password
   values, based on Hashed Message Authentication Code (HMAC).  A
   security analysis of the algorithm is presented, and important
   parameters related to the secure deployment of the algorithm are
   discussed.  The proposed algorithm can be used across a wide range of
   network applications ranging from remote Virtual Private Network
   (VPN) access, Wi-Fi network logon to transaction-oriented Web
   applications.

   This work is a joint effort by the OATH (Open AuTHentication)
   membership to specify an algorithm that can be freely distributed to
   the technical community.  The authors believe that a common and
   shared algorithm will facilitate adoption of two-factor
   authentication on the Internet by enabling interoperability across
   commercial and open-source implementations.

M'Raihi, et al.              Informational                      [Page 1]
RFC 4226                     HOTP Algorithm                December 2005


Table of Contents

   1. Overview ........................................................3
   2. Introduction ............