Showing papers on "Password published in 1989"

Method and system for personal identification

Abstract: The method and system of the invention utilizes a private key of a public-key cryptosystem key pair to encrypt a non-secret password into a digital signature. The password and the digital signature are then encoded and stored on a magnetic stripe or other memory device of the card. To effect a transaction, the digital signature on a received card must be shown to have been generated from the password on the received card. The password preferably includes a digitized photograph of the authorized cardholder which is capable of being displayed at the transaction terminal. This enables the operator of the terminal to verify the identity of the cardholder by visual inspection.

UNIX Password Security - Ten Years Later

Abstract: Passwords in the UNIX operating system are encrypted with the crypt algorithm and kept in the publicly-readable file /etc/passwd. This paper examines the vulnerability of UNIX to attacks on its password system. Over the past 10 years, improvements in hardware and software have increased the crypts/second/dollai ratio by five orders of magnitude. We reexamine the UNIX password system in light of these advances and point out possible solutions to the problem of easily found passwords. The paper discusses how the authors built some high-speed tools for password cracking and what elements were necessary for their success. These elements are examined to determine if any of them can be removed from the hands of a possible system infiltrator, and thus increase the security of the system. We conclude that the single most important step that can be taken to improve password security is to increase password entropy.

Reducing risks from poorly chosen keys

Abstract: It is well-known that, left to themselves, people will choose passwords that can be rather readily guessed If this is done, they are usually vulnerable to an attack based on copying the content of messages forming part of an authentication protocol and experimenting, eg with a dictionary, offline The most usual counter to this threat is to require people to use passwords which are obscure, or even to insist on the system choosing their passwords for them In this paper we show alternatively how to construct an authentication protocol in which offline experimentation is impracticable; any attack based on experiment must involve the real authentication server and is thus open to detection by the server noticing multiple attempts

Password controlled switching system

Abstract: A password controlled switching system (1) having voice password apparatus (2) and a method of operation for enrolling and storing passwords identifying lines and trunks of the switching system denied access thereto by other lines and trunks and which is operable upon a match of a calling party command with an enrolled and stored password for selectively interconnecting the calling party via a line with ones of the restricted lines and trunks.

Method and apparatus for controlling access to a communication system

Abstract: All subscribers operating within a communication system initially generate and transmit a random password and their ID code to the operation (control) center of a communication system. Thereafter, in a first embodiment, subscribers are commanded to modify (in a predetermined manner) and re-transmit their password and ID code either periodically or upon requesting access to the communication system. The modified password is retained as the current (authorized) password by both the subscriber and the system. In a second embodiment, subscribers are commanded to generate and transmit a new random password and their ID code to the system, which maintains a history of each subscriber's current and previous passwords. According to the invention, some of the subscribers having an unauthorized (duplicated) ID code may be inactive (off) when the subscriber is commanded to modify or generate a password. In this way, one of the subscribers having an unauthorized (duplicated) ID code will become out-of-sync with the system, and eventually transmit an unauthorized password. When the system receives an incorrect password for an out-of-sync subscriber, access to the communication system may be denied, and the subscribers that duplicate (or permit others to duplicate) ID codes may be identified.

Methods and apparatus for controlling access to information processed a multi-user-accessible digital computer

Abstract: Method and apparatus are disclosed for controlling access to information borne by information records installed in information recorders, which information recorders constitute a part of at least one digital computer system. The digital computer system is an unmodified general purpose digital computer, and each authorized accessant is supplied with an access control kit including a password issuing device and a record adapted to be installed in one of the recorders of that digital computer system.

Process for encrypted information transmission

Abstract: A secure voice transmission system is disclosed in which enemy interception problems are overcome by analyzing the speech characteristics of a password from a known operator. Some of the voice characteristics remain in the central computer, while others are stored in the message entry device. If a captured operator is forced to enter the password, the characteristics under such extreme stress will not match those stored within the devices and the capture of the operator will be assumed. Before the start of the mission, the portable device receives a preliminary public key; the first remote message of the mission can thus be sent in the clear, with no chance of the enemy using the information or the device, should the operator be prematurely captured. After the operator has been recognized as being a noncaptive, his device requests permission from the command center to create a crypto keyset; the device keeps the private key and transmits the public key to the command center. In this way, the command center has an opportunity to send the final public key to the device, thus establishing two-way crypto communication.

Electronic trusted party

Abstract: A portable electronic device for comparing and then destroying information, comprising a keyboard for input of information by two or more users, a microprocessor for comparing the information and then destroying it, and a visual display for revealing the results of the comparison; whereby each user may enjoy the results of the comparison and still be assured that his or her own information remains private, and cannot be extracted from the device either during use or at any later time. In its preferred embodiment the device looks rather like a hand calculator with alphanumeric keyboard, but has a cover with a shield attached, permitting privacy in use of the keyboard. Among the tasks which the device can perform are matching, that is, testing to see if two or more users have input identical information; ranking of users according to numerical input; and tallying of votes. Applications envisioned include password exchange, gossiping, secret ballot voting, boardroom polling, bidding, secret comparison, overcoming shyness, police interrogation and adult games.

A study of password security

Abstract: Our work is motivated by the question of whether or not the password scheme used in UNIX is secure. The following password scheme is a somewhat simplified version of the actual password scheme used in UNIX. We feel that this simplified version captures the essential features of the actual password scheme used in UNM. When a user logs in for the first time he creates a random password and types his user name together with the password into the system. The system creates an encryption of the password using the Data Encryp- tion Standard (DES) and stores this (only the encryption, not the password) together with the user name in a password file. Thereafter, whenever the user logs in and types in his user name and password the system computes the encryption of the password and only allows the user to successfully log in if the encryption matches the entry stored with the user name in the password file.

Method and apparatus for securing access to a ladder logic programming and monitoring system

Abstract: The present invention discloses a method of securing access to different functions in a ladder logic programming and monitoring system. Access to various functions of the software package can be controlled using the security system of the software package. When shipped, the security system is disabled. The security system can be activated after a master password is entered for the first time. The person configuring the security system, i.e., the system supervisor, sets up the access rights of all other users. Thereafter, to gain access to the software package, the user must enter his name and unique password. The user can access only those functions assigned to his name and password.

Personal identification number base key managing device using common use cryptography

Abstract: PURPOSE: To easily attain individual cryptographic communication and group communication at a high speed by using personal password and identification(ID) number and the ID number of a communication opposite party. CONSTITUTION: When a password and an ID number are inputted, a comparator 2 compares the inputted password and ID number with a reference password and a reference ID number stored in a reference password.reference ID number storing part 1, and when both values coincide with each other, outputs a coincidence signal and a gate circuit 4 outputs a master key inputted from a master key storing part 3. Then a common use cryptography processing part 6 ciphers coupled ID number information obtained from a coupling circuit 5 by the master key passing through the gate circuit 4 to form the common use cryptographic key. COPYRIGHT: (C)1991,JPO&Japio

Individual identifying system

Abstract: PURPOSE: To allow a card possessing person to designate a desirable graphic as password information, and to obtain an excellent individual discriminating system by providing a password information input means consisting of a card write means, a graphic recognizing means and a brushstroke strength detecting means. CONSTITUTION: A password information input means 6, which consists of a card write means 3 to write the password information into a card by means of a just card possessing person, a graphic recognizing means 6a to recognize and display the traced graphic, and a brushstroke strength detecting means 6b to detect the brushstroke strength at the time of inputting the figure, is provided. Thus the card possessing person can designate not a fixed figure but the desirable graphic as the password information, and based on the brushstroke strength at the time of inputting the graphic, whether or not the card possessing person is the just card owner can be discriminated. COPYRIGHT: (C)1990,JPO&Japio

Password authentication using public-key cryptography

Abstract: Password authentication is one of the most common and elementary applications of encryption techniques, and when these authentication services are embedded into the underlying operating system, their security is usually assured. However, there are an increasing number of systems requiring authentication services which are layered on top of a host operating system. In these cases, the security of the application system is highly dependent on the security of the password file, and, when operating outside the host operating system, compromises of the password file need to be taken seriously. In this paper we propose three different password protection schemes which preserve system security even if the password file is compromised. These schemes are based on the concepts of public-key cryptography: public-key encryption, public-key distribution and quadratic residues. In each scheme the user's password is effectively bound to the user's identification, regardless of the state of the password file, in a time-efficient and simple manner. We discuss the special features, degree of secrecy, advantages and disadvantages for each scheme.

Usability Analysis of Messages from a Security System

Abstract: Most software systems issue messages to reflect their progress in processing users' requests and to report error conditions. By instrumenting systems to collect these messages for later processing, a rich source of information about system and user behavior can be tapped. The work described herein is a study of system and user behavior related to messages, in an actual use setting. Our objective is assessing and improving the interaction with VMSECURE, a user directory management and security package for IBM's VM operating system. (VM is IBM's interactive system for mainframe computers. VMSECURE manages user resources and controls data access.)Pareto's principle applies to VMSECURE messages and error messages. A few different messages make up most of the traffic. Password prompting provides efficient, effective protection against unauthorized use of VMSECURE. Users of VMSECURE, when they receive an error messages, often re-enter the same, unsuccessful command again. Users of VMSECURE do not improve their ...

Data-processing apparatus and method

Abstract: An encryption apparatus has a keyboard 1 for the input of message data and a processor 2 for encrypting that data under a working key. The working key is not, however, permanently stored in the apparatus. Rather, the working key is derived by encrypting "precursive key data" stored in a memory 5 of the apparatus under a key represented by, or derived from, a password input via the keyboard, and is erased after each use. In this way, the secrecy of the working key is not dependent on maintaining the ultimate physical security of the apparatus against possible attempts to gain access to its memory, but rather on the secrecy of the password which is input to the apparatus only as and when it is necessary to derive the key for performing the encryption process.

Electronic signature preparing device

Abstract: PURPOSE: To prevent an unlawful act at a terminal by storing a secret key at a user inherent computer side and preparing a signature through the use of the secret key to be stored at the time of inputting a signature permitting instruction. CONSTITUTION: Before a signing action, the user inserts an IC card 3 into an IC card reader-writer 2. Thereafter, when the keyboard of an external terminal 1 is operated and a password is inputted by the user, the external terminal 1 supplies the above-mentioned password successively through the IC card reader-writer 2 and a communicating part 6 of the IC card to an arithmetic part 5, and whether or not the password and a password stored in a storage part 9 coincide is checked. A message A made into a signature object is displayed on the IC card 3, the contents of the message M are confirmed by the user, and the signing action is executed. COPYRIGHT: (C)1991,JPO&Japio

Next generation ic card

Abstract: PURPOSE: To develop high security effect and to increase an access speed by mounting an IC chip, wherein a signal transmitting/receiving exclusive circuit and a memory capable of writing read/write possible and impossible password function and data memory function at the time of the publishment of a card are fused, in the board of the card. CONSTITUTION: A single IC chip wherein a gate array 2 becoming a data signal transmitting/receiving exclusive circuit and a memory 3 are fused is mounted in the card board 1 of an IC card and sheet-like electromagnetic coils (4A) - (4D) mutually transmitting a data signal between a reader/writer and said coils through electromagnetic force are mounted in said card board 1. A white card 1A is formed at the time of manufacturing and the writing of a password for recovering password function, the allotment of a function password and the allotment of the memory at every function are performed in a card publishing stage and the writing of the function password is performed. The card 1 is inserted in the reader/writer to give the function password and, when said password coincides with the written function password, the reading/ writing of the allotted memory is performed. In case of non-coincidence, the number of errors is counted and, when the count value exceeds a set value, read/write becomes impossible. COPYRIGHT: (C)1991,JPO&Japio

An implementation of a zero-knowledge protocol for a secure network login procedure

Abstract: The concept of a zero-knowledge protocol has led to the consideration of the feasibility of implementing a secure password protocol, one that does not involve the transmission of any information concerning the password during the logon process. The authors have constructed a demonstration of the feasibility of the use of such a model, and describe a number of instances in which the zero-knowledge protocol model could practically be used for greater operating system security. The protocol was executed on a Sun-3, model 110, using a number of different values for the size of the secret and also for the number of iterations. It is shown that values of the pair (log p,n) approximating (60,35) can run in approximately five minutes on currently available workstations. >

Security device to limit remote access to computers over a telecommunication network

Abstract: The device is an independent unit with a timer, memory and random password generator, able to store, generate, recognise and transmit passwords; store and transmit telephone numbers and recognise and retransmit permitted signals. Telephone numbers, passwords and signals may only be programmed into the device when a key is inserted into the unit and a suitable input device used. As the unit is able to effect call back procedures and recognise certain signals and retransmit them independently of the computer it protects the potential hacker is never able to gain access to the protected computer. The call back and signal screening (indirect access) function may be used jointly or independently.

Log in system

Abstract: PURPOSE:To prevent the illegal use of a system by recognizing a user by a used ID and a password, temporarily disconnecting a line and connecting again by a telephone number corresponding to the user ID CONSTITUTION:A log in completing information is fed to a user recognizing means 13 by inputting the user ID and the password through a communication means 15 from a remote terminal 2 Then, the means 13 recognizes whether the inputted user ID is registered in a user registering file 31 or not and if it is registered, whether it coincides with one of the file 31 or not is judged Then, it is judged that they coincide, a user recognition completing information is fed to a user connecting means 14 When the 14 receives the information from the means 13, it temporarily disconnects the currently line, takes out the telephone number corresponding to the user ID from the file 31 and connects the line again Thereby, even when the user ID and the password are known by others except the user, the illegal use of the system can be prevented

Telephone exchange system

Abstract: PURPOSE:To utilize sufficiently functions that message waiting service and to improve its serviceability by checking whether there is a message at an incoming destination specified with password information or not and outputting the message to an inquiring terminal when there is the message. CONSTITUTION:A message waiting control part 12 is provided with a means 13 which decides the password information corresponding to an incoming destina tion terminal from the inquiring terminal, a means 14 which checks whether or not there is the message at the incoming destination specified with the pass word information, and a means which outputs the message to the inquiring terminal when so. Consequently, the password information specifying an incom ing terminal is inputted from an optional terminal other than the incoming destination terminal to inquire whether or not there is an incoming message to the incoming destination terminal, and the originating terminal of the message is called back automatically from the inquiring terminal when necessary, thereby utilizing sufficiently the functions that the message waiting service has.

Control method and device for internal combustion engines

Abstract: A control device for an I.C. (10) engine fitted to a vehicle has a memory divided into zones (20 to 28) access to which can only be gained by entering a respective password on a keyboard 34. The zones store respectively the basic software program, security-related data, engine-related data, vehicle-related data and adjustable data.

Problems with the normal use of cryptography for providing security on unclassified networks (invited)

Abstract: The normal use of cryptography in unclassified computing systems often fails to provide the level of protection that the system designers and users would expect. This is partially caused by confusion of cryptographic keys and user passwords, and by underestimations of the power of known plaintext attacks. The situation is worsenned by performance constraints and occasionally by the system builder's gross misunderstandings of the cryptographic algorithm and protocol.

User unique identification

Abstract: Traditionally, users have been authenticated by asking them to provide some form of password. This password has been stored securely in the computer and used to check the identity of the user at various times, such as when they first log on. However such authentication only proves that the challenged user knows the password it doesn't identify the user. This has often been a security problem in time-shared computer installations, when unauthorised users (the proverbial "hackers") have obtained the passwords of valid users and used these to penetrate the site's security. This has led to much work to identify users uniquely by more secure means, such as fingerprints. Such measures all try to identify a user by checking some attribute of the person. In what follows we will discuss various identification schemes based upon work done at the University of Sydney. Disciplines Physical Sciences and Mathematics Publication Details Jones, T, Newberry, M and Seberry, J, User unique identification, in Proceedings of ACSC-12, University of Wollongong, 1989, 163-172. This conference paper is available at Research Online: http://ro.uow.edu.au/infopapers/1039 User Unique Identifcation Terry Jones Mike Newberry Jennifer Seberry Basser Department of Computer Science University Of Sydney Traditionally, users have been authenticated by asking them to provide some form of password. This password has been stored securely in the computer and used to check the identity of the user at various times, such as when they first log on. However such authentication only proves that the challenged user knows the password it doesn't identify the user. This has often been a security problem in time-shared computer installations, .when unauthorised users (the proverbial "hackers") have obtained the passwords of valid users and used these to penetrate the site's security. This has led to much work to identify users uniquely by more secure means, such as fingerprints. Such measures all try to identify a user by checking some attribute of the person. In what follows we will discuss various identification schemes based upon work done at the University of Sydney. 1. Type-Signatures The idea of a type-signature is one such approach, first proposed by Terry Jones [Jones1985]. It incorporates a statistical measure of the typing style of the user. 1.1 Type-signature Password Systems In December 1986 we commenced testing the concept of the type-signature l . Over the next two months several mini password systems, based around this concept. were developed and installed by Mike Newberry on various machines to test them under different conditions (all of these machines were DEC VAX 11/780's running various forms of UNIX). These systems checked both the type-signature and the password when a user attempted to log-on. The type-signatures were allowed to change over time as users became more proficient with their passwords. Facilities were also established for accounts to be owned by more than one person. The results from these test systems were that valid users were able to log-on 89% of the time, while intruders, once they were told an account's password, could log-on only 43% of the time. It should be noted that in a real system the second figure would be smaller as intruders would have no way of knowing whether they they possessed the correct password, until they guessed the correct typing style. These results are further discussed in [Newberry and Seberry 1987). A type-signature system would be proof against the common password attacks. For example, attempts to exhaustively test every possible password~ either manually or by machine, would be unlikely to succeed, as intruders would be unable to determine whether or not they had chosen the correct password, and had used the wrong typesignature, or had simply entered the wrong password. Certainly attempts to exhaustively 1. This was funded by a grant from A TERB.

Remote maintenance system

Abstract: PURPOSE:To protect a data processor from the operating mistakes of the maintenance engineers, etc., by limiting the remote maintenance actions based on the maintenance contents set in response to a password. CONSTITUTION:A remote maintenance device 5 transmits and receives messages between a MODEM 4 and a data processor 6 via a message transmission/ reception part 51. These messages are analyzed by a message analyzing part 52. A password setting part 53 sets a password of the processor 6 via a user, and the password set for a host maintenance enginner is stored in a password memory part 54. While the passwords set for the lower rank maintenance engineers are stored in a password memory part 55. A remote maintenance function limiting part 56 limits the remote maintenance functions based on those remote maintenance functions registered in a remote maintenance function limit memory part 57 and can be carried out by both host and lower rank maintenance engineers. Thus it is possible to protect the processor 6 from destruction of a register or a memory caused by the operating mistakes of the maintenance engineers, etc.

Experience of using a type signature password system for user authentication in a heavily used computing environment

Abstract: This paper describes a user authentication system based around the user's type signature, a statistical measure of the user's typing style. It was tested on two heavily loaded computers. Disciplines Physical Sciences and Mathematics Publication Details Newberry, M and Seberry, J, Experience of using a type signature password system for user authentication in a heavily used computing environment, Computer Security in the Information Age, (W. J. Caelli, (Ed.)), IFIP/ SEC'88 -5th World Computer Security Conference, Elsevier Science Publishers B. V., North Holland, 1989, 303-307. This journal article is available at Research Online: http://ro.uow.edu.au/infopapers/1041 Computer Security in the Age of Information WJ. Caelli (Editor) Elsevier Seience Publish.ers B. V. (North-Holland) © IFIP, 1989 303 Experience of Using a Type Signature Password-5ystem for User Authentication in a Heavily Used Computing Environment Mikt Ntw~rry JtMi[U Stbtrry Department of Computer Science University College, University of NSW

Password enciphering system

Abstract: PURPOSE:To prevent a password from leaking even when a communication line is intercepted by enciphering an inputted password based on the input time of the password, and transmitting an enciphered password to a central control unit via the communication line. CONSTITUTION:A timepiece 24 and a password enciphering means 13 which enciphers the password based on the input time of the password represented by the timepiece 24 are provided on a terminal 1. And the password enciphered by the password enciphering means 13 is sent to the central control unit 2 via the communication line 3. In other words, the password inputted to the terminal 1 is enciphered based on the input time by the password enciphering means 13, and is sent to the central control unit 2 via the communication line 3. In such a way, it is possible to prevent the password from leaking even when the communication line 3 is intercepted.