Information and Network Security (INS)

Implementing One Time Password Authentication Mechanisms using Client-Server model in Java

Author: Manav Sanghavi

Server Side Program
/*
	Implementing Basic One Time Password Authentication Mechanisms using Client-Server model in Java
	Server Program
	Author: Manav Sanghavi		Author Link: https://www.facebook.com/manav.sanghavi
	www.pracspedia.com
*/
import java.util.*;
import java.io.*;
import java.net.*;

class TimeOutTask extends TimerTask {
	boolean isTimedOut = false;
	
	public void run() {
		isTimedOut = true;
	}
}

class OTPServer {
	public static void main(String args[]) throws IOException {
		ServerSocket serverSocket = new ServerSocket(7777);
		System.out.println("Server running and waiting for client...");
		Socket clientSocket = serverSocket.accept();
		PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);
		BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
		
		// Server waits for a client to send its user ID
		String id = in.readLine();
		
		// Server generates an OTP and waits for client to send this
		Random r = new Random();
		String otp = new String();
		for(int i=0 ; i < 8 ; i++) {
			otp += r.nextInt(10);
		}
		System.out.println(otp);
		
		// Server starts a timer of 10 seconds during which the OTP is valid.
		TimeOutTask task = new TimeOutTask();
		Timer t = new Timer();
		t.schedule(task, 100000L);
		
		// Server listens for client to send its ID and OTP to check if it is
		// valid
		String newId = in.readLine();
		String newOtp = in.readLine();
		if(newId.equals(id)) {
			// User ID is verified
			if(task.isTimedOut) {
				// User took more than 100 seconds and hence the OTP is invalid
				out.println("Time out!");
			} else if(!newOtp.equals(otp)) {
				out.println("Incorrect OTP!");
			} else {
				out.println("Logged In!");
			}
		}
		System.exit(0);
	}
}

Client Side Program
/*
	Implementing Basic One Time Password Authentication Mechanisms using Client-Server model in Java
	Client Program
	Author: Manav Sanghavi		Author Link: https://www.facebook.com/manav.sanghavi
	www.pracspedia.com
*/

import java.util.*;
import java.io.*;
import java.net.*;

class OTPClient {
	public static void main(String args[]) throws IOException {
		Scanner scan = new Scanner(System.in);
		System.out.println("Connecting to the server...");
		Socket clientSocket = new Socket("localhost", 7777);
		PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);
		BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
		
		// Client enters ID. This will be used by the program for verifying who
		// is communicating as well as check the OTP against the ID, on the
		// server side
		System.out.println("Enter your ID:");
		String id = scan.nextLine();
		System.out.println("Contacting server...");
		out.println(id);
		System.out.println("Server has sent the OTP. Please enter it here:");
		String otp = scan.nextLine();
		System.out.println("Verifying...");
		out.println(id);
		out.println(otp);
		System.out.println(in.readLine());
		
		in.close();
		out.close();
		clientSocket.close();
	}
}
Download Source Code Program List

Steps on how to Execute:


Step 1. First compile and execute Server Side Program i.e OTPServer.java

Step 2. Then compile and execute Client Side Program i.e OTPClient.java
Note: Do not close the Command Prompt after executing OTPServer.java. Open another Command Prompt and the perform the step 2.

Step 3. Client Program will ask to "Enter your ID". Enter anything you wish (eg. Manav) and press Enter.

Step 4. On the Server Command Prompt an ID will appear. Enter the same ID in the Client Command Prompt.

Step 5. If you entered the same ID, a message will appear in the Client Command Prompt saying "Logged In!"


Client Side Output

one time password authentication mechanism client output

Server Side Output

one time password authentication mechanism server output