Showing papers on "Password published in 1991"

Remote password authentication with smart cards

Abstract: A remote password authentication scheme based on the Chinese remainder theorem is proposed. The scheme can verify the remote password without verification tables. In the initial phase, the password generation centre generates and assigns a password corresponding to each user. The ideas of smart cards and the identity-based signature scheme introduced by Shamir are employed in this phase. Each user possesses a smart card for later login and authentication. In the login phase, the user submits the identity and password associated with the smart card. In the authentication phase, the system verifies the remotely submitted password to check if the login request is accepted or rejected. A signature scheme and communication timestamps are provided in the authentication phase against the potential attacks of replaying a previously intercepted login request.

Simultaneous speaker-independent voice recognition and verification over a telephone network

Abstract: The present invention describes a system and method for enabling a caller to obtain access to services via a telephone network by entering a spoken password having a plurality of digits Preferably, the method includes the steps of: (1) prompting the caller to speak the password beginning with a first digit and ending with a last digit thereof, (2) recognizing each spoken digit of the password using a speaker-independent voice recognition algorithm, (3) following entry of the last digit of the password, determining whether the password is valid, and (4) if the password is valid, verifying the caller's identity using a voice verification algorithm

Dynamic identity verification via keystroke characteristics

Abstract: The implementation of safeguards for computer security is based on the ability to verify the identity of authorized computer systems users accurately. The most common form of identity verification in use today is the password, but passwords have many poor traits as an access control mechanism. To overcome the many disadvantages of simple password protection, we are proposing the use of the physiological characteristics of keyboard input as a method for verifying user identity. After an overview of the problem and summary of previous efforts, a research study is described which was conducted to determine the possibility of using keystroke characteristics as a means of dynamic identity verification. Unlike static identity verification systems in use today, a verifier based on dynamic keystroke characteristics allows continuous identity verification in real-time throughout the work session. Study results indicate significant promise in the temporal personnel identification problem.

Knowledge based system for document authentication

Abstract: The document authentication apparatus provides document authentication and authenticity capability. Document authentication requires that the person to be charged apply an authenticating mark on the document indicating intent to authenticate the document. This requirement is analogous to a signature on a printed document and is implemented in the document authentication apparatus electronically through the use of both hardware and software. A program which immediately checks the identicalness of the document at the transmitting and receiving station through a high speed comparison, locks in the document such that no modification can occur and then awaits authentication handshakes from the two end points. Such authentication is real-time and can be both hardware and software executable, i.e., password and physical confirmation.

An encryption system based on chaos theory

Abstract: An encryption system and method based on the mathematics of Chaos theory, which provides protection of data from unauthorized modification and use during its storage and transmission. At its core are nonlinear equations which exhibits random, noise-like properties, given certain parameter values. When iterated, a periodic sequence is produced with an extremely long cycle length. A domain transformation process is then used to convert the floating-point iterates into binary form for summation with the digital data to be protected. The result is an encrypted message that cannot be modified, replaced, or understood by anyone other than the intended party. The use of Chaos theory in combination with the domain transformation process results in an easily implemented cryptographic system with extremely robust cryptographic properties. The concepts of the present invention also lend themselves well to either hardware or software implementations. The cryptographic system of the present invention may be employed to encrypt and decrypt sensitive information, to authenticate data and video links, or similar applications. It can also be used to provide a simple hash function for the secure storage of passwords in a computer system. Its simplicity, requiring only floating-point operations at its core, allows a lower cost and higher performance product with cryptographic security equivalent to conventional cryptographic systems.

Consumer oriented smart card system and authentication techniques

Abstract: A consumer oriented secure smart card with various accounts which are accessible only through proper use of security measures. Security measures consist of encryption with described automatic key generation and management technique and a technique to authenticate the individual presenting the card. The encryption key generation and management technique involves having a secret constant or several secret constants programmed into the card and reader, having a secret mathematical function (algorithm) programmed into the card and reader and having both units generate a group of random characters or bits which are used locally and transmitted to the counterpart unit to generate a set of session encryption keys. The random bits and the constants undergo the algorithm in order to produce a unique transmit and receive key for each session. The method of authenticating an individual as authorized to present the card involves the individual's entering a password or personal identification number and having the equipment measure the time of each key depression, the time from release of one key to depression of the next, comparing these measurements and other derivative measurements to previously stored counterparts in order to determine if sufficient positive correlation exists to authenticate the presentor.

Distributed user authentication protocol

Abstract: A distributed authentication system that prevents unauthorized access to any computer system in a distributed environment. Authentication using the present invention involves three distinct phases. In the first phase, user passwords are generated by the computer system and encrypted on a coded card together with a message authentication code to prevent alterations prior to any access attempts. These are complex and impersonal enough not to be easily guessed. This coded card must be used whenever requesting access to the system. Second, in addition to supplying a password, the user is required to correctly respond to a set of randomly selected authentication challenges when requesting access. The correct responses may vary between the right response, a wrong response or no response depending on some predetermined variable, e.g., the day of the week or hour of the day. The dual randomness thus introduced significantly reduces the usefulness of observed logon information. Third, at random times during the session, the user is required again to respond to selected authentication challenges. This detects piggybacking attempts. Since authentication depends on the correctness of the entire set of responses rather than on the response to a single question, the present invention provides a significant increase in the probability of detecting and preventing unauthorized computer access.

Method and apparatus for password protection of a computer

Abstract: A method and apparatus for password protecting a personal, laptop or single user computer. The user's password entry is compared to the value of a secondary password retained by the computer as well as the value of the user's stored primary password. The user may thus access the computer when his primary password is corrupted or forgotten by obtaining an alternate password from the computer manufacturer which matches the secondary password generated or stored by the computer. The operation of the method and the organization of the apparatus make the secondary and alternate passwords valid for a limited time, thereby preserving the overall integrity of the password protection system. The primary, secondary and alternate passwords may be encrypted for added security.

Method and apparatus for providing secure access to a limited access system

Abstract: Disclosed is a method and apparatus that protects user passwords and identification numbers by using dynamic and fixed cipher keys to generate one-time access codes that are recognized by an authorization center. The authorization center provides a user with a pool of user selectable algorithms that are easily remembered by a user. When access is desired the user mentally generates and subsequently enters a non-machine generated access code formed by using the selected algorithm, the password, and a dynamic variable. The authorization center also generates a corresponding access code using stored user data. If the two access codes match access is granted.

Voice password-controlled computer security system

Abstract: A voice password-controlled computer security system and method of operation for querying a user to provide voice password information and, upon a match thereof with stored voice information for the user, initiating a data connection to a preassigned terminal associated with the identified user.

A dynamic password authentication method using a one-way function

Abstract: A new password-based authentication system CINON is proposed for use in communications and computer systems It employs a one-way function to perform the required authentication of communicating users CINON maintains its security in spite of a wiretap or the theft of a password file, and it is not necessary to replace the correspondents' public passwords CINON can be realized with only a few computations This paper evaluates the CINON system and compares it with the Lamport authentication system, an earlier system which uses a one-way data transformation In comparison with the Lamport system, CINON's execution speed is faster by a factor of perhaps several hundred to a thousand

Method for authenticating the user of a data station connected to a computer system

Abstract: In a process for authenticating a user using a data station (16) in relation to a computer system (14) connected to the data station (16), a first value z is determined in the computer system (14) from an identification word (u) stored for the user in the computer system and a random number r generated in the computer system, and a second value y is determined in the computer system (14) from the password a given by the user and the random number r. The password a is encoded before being sent to the computer system (14) and coded there by a one-way function (30). As a result of these measures, the password a does not appear in the clear text at any point in the data transmission.

IC card and read/write control method for controlling data readout/data write-in with respect to data storing means contained in IC card

Abstract: In an IC card of this invention, a plurality of password numbers are previously stored and data can be read out from the IC card and written into the IC card when any one of the plurality of password numbers is input. Further, data readout and write-in with respect to the IC card are partially limited according to the input password number.

System and method for registering passwords

Abstract: A system and method for registering a password includes a data center that processes and stores transaction data, and a teller window transaction device communicating with the data center. The teller window transaction device has a first input device such as a keyboard used by a teller for inputting transaction data, a first display unit used by the teller for displaying the transaction data, a second input device such as an input panel used by the customer, and a second display unit used by the customer for displaying the transaction data. When a new customer's card is issued, the first input device is used by the teller for inputting information such as the customer's name and address, and this information is shown on the second display unit as well as the first display unit so that the customer can confirm that it has been accurately entered. Thereafter the customer is prompted to use the second input device to enter a secret password, which has not been disclosed to the teller. Preferably the customer enters the password several times, to impress it on his memory and to permit one entry of the password to be checked electronically against another entry of the password. Other embodiments permit a customer who has already been issued a card to change the password without revealing the new password to the teller or others. This updating of the password may be conducted regardless of whether the customer still possesses the card. The teller display and the customer display are arranged in substantially face-to-face relationship. Passwords are entered by the customer at the second input device without revealing the passwords to others.

Preventing Weak Password Choices

Abstract: A common problem with systems that use passwords for authentication results when users choose weak passwords. Weak passwords are passwords that arc easy to guess, or likely to be found in a dictionary attack. Thus, the choice of weak passwords may lead to system compromisation. Methods exist to prevent users from selecting and using weak passwords. One common method is to compare user choices against a list ofunRcceptable words. The problem with. this approach is the amount of space required to store even a modest-sized dictionary of prohibited password choices. This paper describes a space-efficient method of storing a didionary of words that are not allowed as password choices. Lookups in the didionary are 0(1) (constant time) no maHer how many words are in the didionary. The mechanism described has other interesting features, a few of which are described here.

Method and apparatus for securing access to telecommunications based assets and services

Abstract: A method and apparatus for authorizing access to telecommunications based assets and services includes acknowledging an attempt by a caller to use the service, requesting entry of a service access, requesting entry of an authorization code, requesting voice entry of a password, verifying the identity of the caller based on the caller's voice, and allowing access to the service if the caller's identity is verified as being that of a valid subscriber to the service. Other methods and apparatuses are also disclosed.

Process for the control of the use of a data processing work station by a password and data processing work station using this process

Abstract: Method for controlling the use of a data-processing workstation (1) by password, comprising storage of the password within the workstation and, at each initialization of this latter, acquisition of a password proposition followed by a comparison of this proposition with the stored password. The password is stored in a controlled-erasure permanent memory unit. In order to release the workstation (1) in the event of loss of the password, provision is made for generation (D1) of a set (36) of data associated with the blocked workstation, communication (D2) of part of these data by the user to an authorized service (S), supply (D3) in return by this service of coded release data (43), acquisition (D4) of these latter by the user on the workstation, thereby resulting, in the event of compliance, in erasure of the initial password and in release of the workstation. Application in an industrial environment to control of the use of offline or network workstations.

Methods for configuring and performing 3-level password searching in a distributed computer system

Abstract: A password scheme wherein a node is provided a configuration message at start-up which configures a shell of the node directing a search order of network password files. The node, group, and network password files are then transparently searched in the order specified by the configuration message.

Automatic answering telephone apparatus with device to detect a remote control password

Abstract: An automatic answering telephone set comprises a voice synthesizing unit and a voice detector for reproducing a recorded message in response to a remote control performed by using a predetermined password number. A plurality of decoy numerals are inserted immediately before each of numerals constituting the preestablished password number to thereby form a pseudo-password number including the decoy numerals. A calling party is inquired of with the pseudo-password number. An input password number is then formed in accordance with replies of the calling party as detected by the voice detector. Only when coincidence is found between the predetermined password number and the input numerical password, the remote control is accepted.

Selective call receiver with secured message presentation

Abstract: A selective call receiver (100) comprises a memory (108) that stores received messages. The selective call receiver (100) further accepts a password that is compared to a stored password and when substantially similar activates a display (110) or voice output (118) that presents the message.

A public-key based dynamic password scheme

Abstract: A dynamic password authentication scheme based on public-key concept is proposed. The login password is changed dynamically and users can use this scheme within a remote login environment. Since we employ the public-key concept to bind each user's password to that user's identification, we eliminate the necessity for the system to store the encrypted password file. This approach has greatly reduced the risk of cracking the password from attacking the encrypted password file. In addition, the amount of information needed to be stored in the host system is reduced. >

Better Login Protocols for Computer Networks

Abstract: Authenticating computer users is a fairly old problem. Password based solutions were acceptable until the growth of computer networks based on insecure communication. Today many systems still use fixed passwords as a means of authentication. We show in this paper how an old scheme by Lamport can be used to provide more security. Relying on that scheme and zero-knowledge techniques, we show extensions providing much more general access control mechanisms.

Cryptographic authentication of passwords

Abstract: A password authentication scheme based on El Gamal's (1985) public key cryptosystem and signature scheme is proposed. This scheme permits each user to choose passwords and identities individually. The password is used as the user's secret key. Using the users public key and identity, the computer system can generate a set of test patterns and store them in a verification table. In the test pattern generation procedure, users do not need to submit their secret key. In the authentication procedure, the system does not need to use the system's secret key. Thus the system's secret key and users' secret key can be well protected. >

Password setting system by remote control

Abstract: PURPOSE:To relieve the CE job load and to quickly revise a password by managing new and old 2-generation of passwords with respect to the password setting system for setting passwords for plural terminal equipments via a line. CONSTITUTION:The system is provided with a monitor center 1 having new and old 2-generation of passwords and a terminal equipment 2 having the password. Data communication is implemented between the terminal equipment 2 and the monitor center 1 when the terminal equipment 2 is connected to the monitor center 1 through a line and only when the password possessed by the terminal equipment 2 is coincident with any of the new and old 2-generation of passwords. Furthermore, the monitor center 1 sends a new password to the terminal equipment 2 having the old password and the terminal equipment 2 receiving the new password sets its password to the new password.

User password identification for data processing network access - generating multiple-parameter key from single password per user to enable access to many routines

Abstract: The data processing network contains a password identification unit. Upon entry of a password, a user is allocated a unique `key' which determines access limits to the network and may be constructed of the following parameters: a mask defining routines to which access is allowed, user network location, entry date, permitted access duration. The identification unit may also encode the `key' for added security. ADVANTAGE - Single password per user for entering several processes. Ease of central password management without affecting network routines. Password identifier and `key' generator protected from tampering. Unused passwords can be set to expire automatically.

Workstation and procedure for password controlled use of workstation

Abstract: Procedure for password controlled use of a computer workstation (1), comprising storage of the password within the workstation, and on each initialisation of the latter, acquiring a proposed password, followed by comparison of this proposal with the stored password. The password is stored in a permanent memory unit with controlled erasing. In order to unlock the workstation (1) in the event that the password is lost, there is provided generation (D1) of a set (36) of data associated with the blocked workstation, communication (D2) by the user to an authorised department (S) of part of these data, supply (D3) in return by this department of coded unlocking information (43), acquisition (D4) of the latter by the user on the workstation, leading in the event of conformity, to erasure of the initial password and to the unlocking of the workstation. Application in the industrial environment for control of use of freestanding or networked workstations.

Magnetic card vending machine

Abstract: PURPOSE:To prevent illicit use of a credit card by providing a data writing means which writes the password number arbitrarily designated by a purchaser on a prepaid card CONSTITUTION:A magnetic card vendor 1 is provided with a credit card reader/ writer 10 and a prepaid card issuing device 12, and various data are written on a raw card to issue the available prepaid card, and its price is adjusted by the credit card At the time of issuing the prepaid card, the purchaser designates his password number by an input means like a keyboard 20 to write data indicating the password number in a prescribed data area of the prepaid card This password number is so selected that it is different from the password number of the credit card Thus, the password number of the credit card is not leaked to the others and the illicit use of the credit card is prevented when both of the prepaid card and the credit card are simultaneously lost

Interactive processing computer device

Abstract: PURPOSE:To identify a request from an illegal user by requesting a second password to an interactive terminal when a session opening request is applied from a legal user, to which a new password is not announced, after the password is changed. CONSTITUTION:At the interactive processing computer device to apply the permission of use according to the password, during a period moving to the new password, a session can be opened by a second password 63, which is announced to the legal user in advance, and a former password 64. When the illegal user applies the session opening request by using the former password, it is identified by the second password whether the user is legal or not, and the opening request of the illegal user is excluded.