1. Technical Field
The present teaching relates to methods, systems, and programming for cryptography. Particularly, the present teaching is directed to methods and systems of digital signature-based adjustable one-time password (OTP) setup, sign-in, and verification for identity verification.
2. Discussion of Technical Background
As the Internet grows and personal devices (e.g., desktop computers, laptop computers, smart phones, etc.) have become widely available, a desirable cryptographic system is critical to prevent from hacking of the personal devices and/or application programs installed on the personal devices (such as emails, online shopping applications, personal banking applications, etc.). One example of the cryptographic system is based on a one-time password (OTP) scheme. In an OTP cryptographic system, a user holds a setup tool (e.g., a security token) that generates a message and enters the generated message in an application installed in a client device (e.g., a smart phone, a laptop computer, a desktop computer, etc.) with an attempt to log in the application on the client device. After obtaining the message from the user, the client device sends the message to a server for verification. The server verifies the message and informs the client device whether the message passes the verification or not. The user can sign in the application when the message that the user enters passes the verification, and cannot sign in the application when the message fails the verification. In the OTP cryptographic system, the message generated by the setup tool can only be used for one time.
The existing OTP cryptographic system is susceptible to data breach activities by hackers due to a symmetric-key configuration. In particular, both the setup tool and the server store the same key (e.g., the symmetric key) for message generation and verification. A hacker may obtain the same key by hacking the server and generate the correct message using the obtained key. This, as a result, makes the cryptographic system ineffective.
Therefore, there is a desire to develop a secure OTP cryptographic system insusceptible to the data breach activities by hackers.