Due to large-scale proliferation and use of online banking, shopping, and secure Internet transactions, sophisticated forms of online theft are increasing. As a result, many online systems utilize authentication algorithms to determine whether a given user is who they claim to be. Authentication is the cornerstone of information security since a weak authentication mechanism substantially increases system security risks. Conventional authentication mechanisms typically use one or more of the followings four factors [1]:                User knowledge such as a password and/or Personal Identification Number (PIN).        User possessions such as a smart card and/or token.        User personal information such as a fingerprint.        User behavioral characteristics such as a signature and/or voice.Password based authentication is the most widely used of the above four methods because of its simplicity and low cost. A one-time password mechanism solves the password security problem that could result from reusing the same password multiple times.        
Two-factor authentication mechanisms have been adopted by some online banking systems as a proposed solution to address increased security risks. Two-factor authentication utilizes, for example, Short Message System (SMS) services to send messages that contain a One Time Password (OTP) to a mobile consumer. Traditional SMS-OTP works by sending SMS message to a mobile consumer contains OTP used to complete the processing. However, such conventional techniques are substantially limited in view of SMS cost, spying, delay, and roaming restrictions. Self-generated OTP systems were introduced to address these and other shortcomings. However, self-generated OTP systems are also limited in application. For example, self-generated OTP systems are typically based on an internal clock synchronized a main server. Due to the general nature of mobile phones (e.g., out of network, etc.), however, such synchronization cannot typically be guaranteed.
Accordingly, new solutions for mobile telephony subscribers that utilize SMS have been proposed. One proposed solution utilizes backward hash chains to generate an OTP for authentication purposes. This proposed solution, however, generally requires intensive computation on the multiple if any client, which typically has limited computational resources. Additionally, there is a restriction in the length of the chain. Another proposed solution suggests utilization of signature chains to address the chain length restriction by involving public key techniques. This latter proposal, however, also increases computation costs.