To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session...http://www.google.com.tw/patents/US7840993?utm_source=gb-gplus-share專利 US7840993 - Protecting one-time-passwords against man-in-the-middle attacks
