Skip to Main Content
Many two-factor authenticated key exchange protocols have been proposed, and the common ones are based on a secure device and a user's password. But most of them do not use the one-time password system. In one-time password systems, users have many passowrds and use each password only once. This paper presents a new two-factor authenticated key exchange protocol using one-time passwords and a secure device, which achieves mutual authentication, session key agreement, and resistance to phishing attacks. This paper also gives a formal proof for security of the protocol.