Rubbing encryption algorithm and security attack safe OTP token

摘要

The present disclosure proposes a secure way to generate the OTP code by way of a web browser. A user does not need any electronic device on hand to obtain OTP for 2FA login. A new Rubbing Encryption Algorithm (REAL) is proposed as the base technology. Implementation method of such web-based OTP token is presented and analyzed. It operates through a web-browser with a multiple REAL keys. It can be integrated into many secure Internet commerce applications as well. A system is provided for secure access to a software program or website. The system has a first entity with a computing device with a processor and a memory. The first entity provides a plurality of data items. The system also has a second entity with at least one display for displaying the plurality of data items. The data items are arranged in a predetermined format. The display also displays a prompt for a user identification and a prompt for a code. The second entity has a member with a transparent portion. The transparent portion comprises a periphery with a plurality of markings placed around the periphery. The markings point to a first direction or to an opposite second direction. The second entity overlays the member over the data items. The markings point to the plurality of data items to reveal a code. The code is input and permits access of the second entity to the computing device of the first entity.