To Secure Efficient Two-Server Password and Authenticate Key Exchange using Transaction Processing System against Dictionary Attack

A user and a server, who exchange their data or messages by using cryptographic key as well as sharing the password and authenticate with each other, this is the primary approach for password-Authenticated Key Exchange (PAKE). In the existing work, there are dualistic solutions for two-server PAKE either symmetric or asymmetric. In this it presents asymmetric solution for two-server PAKE, where a user can create various cryptographic solutions to the two servers. The current asymmetric two-server PAKE protocols are used in parallel computation. The proposed work extends the model by imposing different levels of trust upon the two servers, and generates a unique method at the technical level in the designing of protocol. As a result, we propose a practical two-server password authentication and key exchange system that is secure against offline dictionary attacks by servers when they are controlled by adversaries. Our proposed scheme is, a password-only system in the sense that it requires no public key cryptosystem and, no PKI. In the proposed system it introduced the new technique which is TTP (i. e. , Trusted Third Party) server where, a users data will be passed on to the TTP server via web-service access in SOAP protocol by using the TPS i. e. , Transaction Processing System and then the true encrypted data will send it to both the servers. The paper work, generalize the single back-end server architecture for basic two server model to supports the multiple front-end servers and for the federated enterprises of envision interesting applications. In the authentication system, to provide the more security we use SMS integration API for two step verification like Gmail.