Showing papers on "Password published in 1992"

Encrypted key exchange: password-based protocols secure against dictionary attacks

Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >

Method for encouraging purchase of executable and non-executable software

Abstract: A method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information which is accessed on a User's System via a Programmer's Program Software tools which can be incorporated into a Programmer's Program allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password which is unique to a particular Target ID generated on an ID-Target such as the User's system Advanced features will thus re-lock if the Password is copied to another ID-target If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that Password in a place accessible to the User's System on subsequent occasions The present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords

Foiling the cracker: A survey of, and improvements to, password security

Abstract: With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system {open_quotes}crackers,{close_quotes} data theft, and data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed. 11 refs., 2 tabs.

Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system

Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.

A cryptographic protocol for secure communications

Abstract: A cryptographic communication system. The system, which employs a novel combination of public and private key cryptography, allows two parties, who share only a relatively insecure password, to bootstrap a computationally securecryptographic system over an insecure network. The system is secure against active and passive attacks, and has the property that the password is protected againstoff-line "dictionary" attacks. If Alice and Bob are two parties who share the password P one embodiment of the system involves the following steps: (1) Alice generates arandom public key E, encrypts it with P and sends P(E) to Bob; (2) Bob decrypts to get E, encrypts a random secret key R with E and sends E(R) to Alice; (3) Alice decrypts to get R, generates a random challenge CA and sends R (CA) to Bob; (4) Bob decrypts to get CA, generates a random challenge CB and sends R (CA ,CB) to Alice; (5) Alice decrypts to get (CA ,CB), compares the first against the challenge and sends R(CB) to Bob if they are equal; (6) Bob decrypts and compares with theearlier challenge; and (7) Alice and Bob can use R as a shared secret key to protect the session.

Wireless device for verifying identification

Abstract: A wireless communication device using a verification protocol for verifying the identification of the wireless device by a wireless network control station in the presence of eavesdroppers is disclosed. Upon receiving a call request from a wireless device claiming a particular identity, the wireless network control station sends a mask consisting of binary digits in a random order. The wireless device is expected to respond to this mask with a reply that is consistent with both the password contained in the device and the mask. Specifically, the bits of both the password and the mask are "ANDed" and the result transmitted to the wireless network control station as the reply.

Secure user authentication from personal computer

Abstract: A method and apparatus for authenticating a human user on a personal computer without requiring the user to expose his password or authentication secret to the personal computer of a server. Also a method for protecting a floppy disk with login software from unauthorized use.

Nondisclosing password entry system

Abstract: A password access method/algorithm is effected by generating a pseudorandom array of each letter of the alphabet and the numerals 0 through 9 such that the password entry can be monitored without disclosing the letters or numerals contained in the password. The preferred arrangement is a square matrix of six rows and six columns of characters. The user enters the password by selecting either the row or column containing each letter of a memorized password.

Voice controlled messaging system and processing method

Abstract: A voice controlled voice-messaging system (1) permits manipulation of voice messages over the telephone without the need for keypressed commands Manipulation includes playback of messages, deletion of messages, saving messages, and sending a new message to a recipient from a user-defined list Access to the system is by spoken password Voice input also allows: enrollment of a spoken password; granting or refusing user access to the system based on verification of the user speaking a password; recognition of spoken 'yes' or 'no' in response to prompts by the VMS; recognition of 'stop' to interrupt and stop a voice message during playback; enrollment of a spoken personal directory of names of potential message recipients; and recognition of names in the spoken personal directory The invention uses speaker verification, speaker-independent recognition (SIR) of 'yes/no', speaker-independent recognition of 'stop' during message playback, and speaker-dependent recognition (SDR) of limited vocabulary of short phrases such as a list of message recipients' names Spoken password processing comprises calibration, enrollment and verification modes

Computer data security device and method

Abstract: An apparatus and method for protecting data stored on a disk of a computer The invention provides data access protection using a security software program, a hardware key, and a user password to permit access to the hard or floppy disk used in the computer The program stores the hardware key code and password on the disk and encrypts disk partition data, and without using the correct hardware key and password, the partition data is unreadable An encryption algorithm operates at all times and prevents unauthorized entry once the computer is turned off A microcircuit key provides a unique stored code when energized, and a key connector is provided to use the key The computer connector may also be adapted to permit coupling of an output device to the computer Versions are disclosed for use with ports having bidirectional and unidirectional input and output lines

LAN station personal computer system with controlled data access for normal and unauthorized users and method

Abstract: A method and medialess personal computer system workstation (or LAN station as herein defined) adaptable for securing the system against attack on a secured network with which the LAN station is associated. A flag bit is set in system memory during a power on self test to indicate whether access may be had to certain security features of the system, and a procedure is described by which access to a network stored configuration setting program may be gained in order to install, change or remove a password used for securing the LAN station while avoiding passing the critical password data through the network.

Observing Reusable Password Choices

Abstract: From experience, a significant number of recent computer breakins — perhaps the majority — can be traced back to an instance of a poorly-chosen reusable password. Once a system intruder has gained access to one account by breaking a password, it is often a simple matter to find system flaws and weaknesses that thereafter allow entry to other accounts and increasing amounts of privilege. The OPUS project being conducted at Purdue is an attempt to screen users’ selection of passwords to prevent poor choices. The focus of the project is on using screening methods that are both time and space-efficient and to provide a mechanism that is effective for workstations with little or no disk as well as mainframes. To test this mechanism, we require a representative sample of real passwords. Thus, we constructed a method of sampling real passwords choices as they were made by users. The challenge of such a sampling mechanism is how to protect it from attack, and how to protect the results from being used against the system. This paper discusses our approach, and some of our initial observations on the words collected.

Method of verifying identification

Abstract: A method for secure exchange of password information between a requester node and a server node using a verification protocol for confirming the identification of the requester node by the server in the presence of eavesdroppers is disclosed. By adjusting the parameters of the protocol the possibility that an intercepter of the exchanges can impersonate a requester node after receiving a specified number of exchanges may be engineered to satisfy security objectives.

Password processing system for computer

Abstract: A CPU determines whether a password canceller is connected to a system main body prior to execution of password check processing on the basis of stored password information at the start of the system. When the password canceller is connected to the system main body, the CPU clears the stored password information to start the system. However, when the password canceller is not connected to system main body, the CPU executes password check processing and controls the start of the system.

Facsimile apparatus and method for sending and receiving private information

Abstract: A FAX-receiving-and-output device for secret information and method therefore, which comprises a first and a second information transmission channels for transmitting non-secret information and secret information respectively; the second information transmission channel includes a memory for storage of secret information, and a memory for storage of identifying code and memory address of a secret information. To transmit a secret information, the sender first inputs the identifying code of the intended recipient of that information before transmitting that secret information. An identifying module at an receiving terminal would recognize such identifying case, and the secret information will be stored in a memory. An identifying code of the intended recipient will be printed out allow the intended recipient to enter the password with a keyboard of a card scanner for configuration; if every identification is correct the secret information will be printed out so as to allow the information to be transmitted in a secured manner.

Integration of user authentication and access control

Abstract: User authentication and access control are both necessary mechanisms for data protec- tion in a computer system. Traditionally, they are implemented in different modules. In this paper, a new solution is presented to provide both user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms. The secret information required for the whole system is minimised and the difficulty of password compris- ing increased to improve system security. More importantly, with time complexity of implementa- tion almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space, both user authentication and access control can be achieved at the same time.

Computer with security device for controlling access thereto

Abstract: A computer has a floppy disk drive provided in one of the spaces for receiving disk drives of the computer, a computer keyboard and a main system board. An access control device includes a casing placed into another one of the spaces for receiving disk drives of the computer, a keypad provided on a front panel of the casing and operated so as to provide an input password, and a control unit provided within the casing and electrically connected to the keypad. The control unit includes a memory unit which contains a desired password, a microprocessor unit which receives the input password from the keypad and which generates an activating signal when the input password tallies with the desired password in the memory unit, and at least one control circuit connected to a respective one of the computer keyboard, the floppy disk drive and the main system board. Each of the control circuits is actuated by the activating signal from the microprocessor unit so as to unlock and enable the respective one of the computer keyboard, the floppy disk drive and the main system board and permit normal operation of the computer.

A keyring methaphor for users' security keys on a distributed multiprocess data system

Abstract: In a distributed data system in which processes running in trusted systems whose results may be proprietary or sensitive in nature may be invoked by operators at remote, untrusted workstations, and in which said processes are provided with locks which do not permit proprietary or sensitive actions unless a request includes a key matching the lock, a method of associating keys with operators is based on each operator's presenting his ID and a valid password at the workstation at the time he logs on to the system, verifying his password in a trusted system, correlating his ID with a role or group of roles he is authorized to fulfill, and retrieving and storing in the memory of the trusted system, associated with the operator's ID, a list of keys (a "keyring") for each of those roles. The operator's ID is appended to every request he invokes, a process containing a lock interrogates the stored list and will not grant a proprietary action unless the stored list contains a key matching the lock.

Picture processing unit

Abstract: PURPOSE:To prevent illegal leakage of a secret document due to copying by embedding additional information used to identify the user to a picture of an original and enabling to the information with a specific extract means. CONSTITUTION:Analysis sections 11, 12 extract picture information and additional information from picture information from an external IF section 1 and an FDD section 2 respectively. Furthermore, an original read by an IR section 3 is given to a picture discrimination decoding section 13, in which the picture information and the additional information are extracted and decoded. The additional information is information in which information such as original identification and equipment identification and user identification information are imbedded in a picture in an unremarkable way. The extracted additional information is collected by an additional information management section 18 and imbedded to picture data stored in a picture memory 16 and sent to a management equipment via a communication management section 5. On the other hand, when a secrecy management section 20 detects a secret document, the password is collated with a password from an operation section and when they are different, the operation is inhibited. Thus, illegal leakage of the secret document is prevented.

Enhanced call-back authentication method and apparatus for remotely accessing a host computer from a plurality of remote sites

Abstract: A method and apparatus for remotely accessing a host computer from a remote location. The invention permits a user to remotely change a telephone number that allows the host computer to dial the user's current location. A user performs this change only after he has been strongly authenticated using a distributed user authentication protocol in addition to a simple user ID and password. This allows the user to move between locations and access the host computer, while the call-back feature protects the host computer from unauthorized intrusion. Also, a second registered user who does not have call-back authority may gain access to the host computer through a user that has call-back authority. In this case the user with call-back authority gains entry into the host computer and causes it to call the second registered user, who then enters a user ID and password to gain entry to the host computer. The present invention may be implemented in the host computer or in an interface coupled between the host computer and its modem.

Keyboard activated screen blanking

Abstract: A keyboard controller which scans entered input sequences for an input sequence to activate a display blanking feature. A password and particular hot key are loaded by the system microprocessor. The keyboard controller then scans until the designated sequence is activated. The display on the monitor is blanked until a password sequence is entered. The password mode may be directly activated from the system microprocessor. The display blanking feature is especially useful in conjunction with a keyboard password lock.

Method and apparatus for restricting access within a wireless local area network

Abstract: User module (12) access capabilities are provided within a wireless Local Area Network (LAN) having distinct user groups (1-3). In this effort, a password is entered into a UM (12) seeking access within a user group (1-3). In response to the password, the UM (12) selects a key and a polynomial from memory (20). Thereafter, packets received by and transmitted from the UM (12) are encrypted, by encryption circuit (52), with the selected key and polynomial. Communictions is permitted if the UM selected key and polynomial are identical to those used by the user group CMs (10). Alternatively, the key is generated as a function of the password, while a polynomial is selected from memory (20).

System and method of detecting unauthorized use of identifiers

Abstract: A system detects unauthorized use of an identifier in a communication system which includes at least one terminal coupled to a communication center via a communication network. The system includes a first part provided in the communication center for managing a password and a previous caller telephone number in correspondence with each identifier, and a second part provided in the communication center for sending a warning message to the terminal if an access identifier and an access password input from the terminal from which an access request is made respectively match one of the identifiers and a corresponding password managed by the first means but a present caller telephone number from which the access request is made is different from the previous caller telephone number.

Facsimile apparatus with code mark recognition

Abstract: A mark indicating strictly confidential information is given in a predetermined portion of a manuscript to be transmitted. When the mark is read and the received manuscript is judged to be strictly confidential information at a receiving party (ST41), the received manuscript data is stored in a memory (ST42). When a password is entered, the data stored in the memory is then printed out (ST44) only if the entered password matches a registered password (ST43). Whereby, the strictly confidential documents is transmitted in safety.

Password verification system based on a difference of scores

Abstract: Apparatus and method for operating a speech password system. The system apparatus records and stores a plurality of alphanumeric models. A user password is enrolled by the apparatus recognizing spoken sounds and comparing spoken password enrollment sounds with each of the alphanumeric models. Each user password is stored in the system by recording a pair of clusters identifying five alphanumeric models closest to and farther from the user spoken password enrollment sounds of the password. The system identifies subsequent passwords by recognizing a spoken access password and comparing the sounds thereof with each of the cluster identified alphanumeric models and assigning scores representing the similarity of the password access sounds with the alphanumeric models recorded in the pair of clusters. The spoken password access sounds are identified as a previously enrolled password by summarizing the cluster assigned scores and comparing the summation thereof with a predetermined threshold.

System for detecting improper rewrites of data system for using separate reader writer passwords

Abstract: In storing data in one file, consisting of a plurality of blocks of data, a first code is generated by converting a password and a predetermined portion of each of the blocks of data. This portion may be, for example, the data block itself or identification information such as a name. The code is stored in correspondence to the stored data. In reading the stored data, a second code is generated by performing the same conversion on the password and the predetermined portion of the stored data. A comparison is made between the generated second code and the first code stored. Failure of the two to match indicates that an improper rewrite has occurred. In such a case, that occurrence may simply be noted, access to the data may be prohibited; more generally, what processing is performed, or is permitted, is varied according to the result of the comparison.

Security device for computer system and process for resuming operation

Abstract: The invention relates to a security device for computer system including a device making it possible to run application programs each of which is made secure by an identifier and an access key or password (5202) defined for each user (5203) and associated via a card reader (2) with a memory card (5) containing all the access keys (52020 to 5202n) of a given user for access to each application program (52010 to 5201n), characterised in that during the session opening procedure for the protection program (PASSMAN), the access file (52) stored in the transactional area ZT is transferred to the random-access memory (110) of the operating system and saved in enciphered form in a file (14) for backing up (BACK-UP) the permanent storage means (12, 13) of the system.