Showing papers on "Password published in 1996"

System and method for providing trusted brokering services over a distributed network

Abstract: An Online Brokering Service provides user authentication and billing services to allow users to anonymously and securely purchase online services from Service Providers (SP) sites (e.g., World Wide Web sites) over a distributed public network, which may be an untrusted public network such as the Internet. Users and SP sites initially register with the Brokering Service, and are provided with respective client and server software components for using the Brokering Service. In one embodiment, when a user initially connects to an SP site, the SP site transmits a challenge message over the public network to the user computer, and the user computer generates and returns and cryptographic response message (preferably generated using a password of the user). The SP site then passes the response message to the Brokering Service, which in-turn looks up the user's password and authenticates the response message. If the response message is authentic, the Online Brokering Service transmits an anonymous ID to the SP site, which can be used for subsequently billing the user. In addition, the Online Brokering Service transmits user-specific access rights data to the SP site, allowing the SP site to customize its services for the particular user. Billing events generated by the SP sites are transmitted to the Brokering Service, which maintains a user-viewable bill that shows all charges from all SP sites accessed by the user. Advantageously, the payment information (e.g., credit card number) and other personal information of users are not exposed to the SP sites, and are not transmitted over the distributed network.

Strong password-only authenticated key exchange

Abstract: A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusive class of methods which provide authentication and key establishment over an insecure channel using only a small password, without risk of offline dictionary attack. SPEKE and the closely-related Diffie-Hellman Encrypted Key Exchange (DH-EKE) are examined in light of both known and new attacks, along with sufficient preventive constraints. Although SPEKE and DH-EKE are similar, the constraints are different. The class of strong password-only methods is compared to other authentication schemes. Benefits, limitations, and tradeoffs between efficiency and security are discussed. These methods are important for several uses, including replacement of obsolete systems, and building hybrid two-factor systems where independent password-only and key-based methods can survive a single event of either key theft or password compromise.

System, method and article of manufacture for network electronic authorization utilizing an authorization instrument

Abstract: An electronic monetary system provides for transactions utilizing an electronic-monetary system that emulates a wallet or a purse that is customarily used for keeping money, credit cards and other forms of payment organized. Access to the instruments in the wallet or purse is restricted by a password to avoid unauthorized payments. When access is authorized, a graphical representation of the payment instruments is presented on the display to enable a user to select a payment method of their choice. Once a payment instrument is selected, a summary of the goods for purchase are presented to the user and the user enters an electronic approval for the transaction or cancels the transaction. Electronic approval results in the generation of an electronic transaction to complete the order.

Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys

Abstract: A detachable PCMCIA memory card incorporating a smartcard integrated circuit for storing a password value and logic circuitry for preventing access to information stored on the memory card unless the user of the host computer to which the memory card is connected can supply a password matching the stored password. The smartcard integrated circuit may also be used to store public and private key values used to encrypt and decrypt data stored on the card or elsewhere on the host computer or exchanged with a remote computer.

A One-Time Password System

Abstract: This document describes a one-time password authentication system (OTP). The system provides authentication for system access (login) and other applications requiring authentication that is secure against passive attacks based on replaying captured reusable passwords. [STANDARDS-TRACK]

Password helper using a client-side master password which automatically presents the appropriate server-side password to a particular remote server

Abstract: A user operating a client system may access a plurality of remote servers requiring passwords for access by employing a master password. The master password is used to decrypt a stored password for a particular remote server to which the client desires access. The client system maintains a database of encrypted passwords and user IDs for remote servers to which the user is registered. Although each remote server is accessed using a different password, the user need only remember one master password. Since only the master password need be remembered, the passwords particular to specific remote sites may be made more random and thus more secure. Implementation of the password management system need not require modification of any remote servers.

Method and system for authenticating users to multiple computer servers via a single sign-on

Abstract: A method for authenticating an authorized user to multiple computer servers within a distributed computing environment after a single network sign-on is disclosed. In accordance with the method and system of the present invention, an authentication broker is provided within the distributed computing network. The authentication broker first receives an authentication request from a workstation. After a determination that the authentication request is valid, the authentication broker then issues a Kerberos Ticket Granting Ticket to the workstation. At this point, if there is a request by the workstation for accessing a Kerberos Ticket-based server within the distributed computing network, the authentication broker will issue a Kerberos Service Ticket to the workstation. Similarly, if there is a request by the workstation for accessing a passticket-based server within the distributed computing network, the authentication broker will issue a passticket to the workstation. Finally, if there is a request by the workstation for accessing a password-based server within the distributed computing network, the authentication broker will issue a password to the workstation. By this, accesses to all of the above servers within the distributed computing network can be granted via a single network authentication request.

Financial transaction system

Abstract: An automated payment system particularly suited for purchases over a distributed computer network such as the Internet. In such a distributed computer network, a merchant or vending computer contains certain promotional information which is communicated to a customer's computer. Based upon the promotional information, the operator of the customer's computer decides to purchase the services or goods described by the promotional information. The customer's computer is linked to a payment processing computer and the customer's credit card number and the amount of the goods or services is transmitted to the payment processing computer. The payment processing computer automatically contacts a bank for verification of the credit card and amount; the bank transmits an authorization to the payment processing computer. The payment processing computer communicates a self-generated transaction indicia, and in some embodiments a password, to the customer's computer. In the embodiment where a password is used, the customer's computer uses the password with the merchant's computer in obtaining access to protected information or to establish shipping instructions.

Security system for internet provider transaction

Abstract: This invention provides security controls against exposing Confidential Information that is required to purchase goods and services from Internet Entity 56 offered on a home page site. The Confidential Information is input to a data base 52 which is part of a tracking and authentication module 50. Including in the tracking and authentication module 50 is a certification server 54, and authentication server 53 and the data base 52. A series of look-up tables, 200, 300 and 400 are provided in the data base 52 and the data entries in the tables, including the Confidential Information, is tied to a first data set which typically includes a user's ID/password and a second data set comprising a framed IP address issued for use only during each log-in - log-out session. It can be any form of alpha-numerical designation. The Confidential Information contained in table 400, if misappropriated, could be used to make purchases chargeable to the user. The purchases can be made without the Confidential Information leaving the data base 52 (table 400). The second data set is used to query the module 50 for validation of the user's creditworthiness and transaction completed by the data base sending a message to the issuer of the credit card to charge the user's account or alternatively noticing the Internet Entity to directly bill user. An additional security measure is provided by the system assigning a third data set consisting of the destination address of each and every Internet Entity that the user contacts during a log-in - log-out session which is tracked by being entered into any one of the tables 200, 300 or 400. It provides another level of validation against the first and second data sets.

Method and apparatus for in-camera image marking and authentication

Abstract: A camera with a built in microprocessor system programmed to receive an input password and indicium from a host computer. The camera is configured to use the indicium in combination with a conversion formula to mark an original acquired image in a non-destructive manner to form modified image data and add the indicium to an image header. The camera also creates image authentication data for comparison with corresponding data of a questionable second image to determine if the second image is the same as or different from the original image. This process of marking and creating authentication data all occur during acquisition and prior to any image data storage in a medium from which a person could subsequently access data. The camera takes the authentication data and stores it along with the marked image data in memory for subsequent transmission to the host computer. The preferred embodiment of the authentication involves the creation of checksum data, involving the addition of pixel values from each image row and each image column. These sums are then stored in a lookup table for future use in comparing with the result of the same checksum calculation done on questionable image data at a future time. The original image can be viewed only through presentation of the password.

Method for changing passwords on a remote computer

Abstract: A method for changing an account password stored at a physically remote location is provided. After initiating a password change sequence, a user submits both an old and a new password to its client machine. Thereafter, the client computes two message values to be transmitted to the server. The first message is computed by encrypting at least the new password using a one-way hash of the old password as an encryption key. The second message is computed by encrypting the one-way hash of the old password using a one-way hash of the new clear text password as the encryption key. The server receives both messages and computes a first decrypted value by decrypting the first message using the one-way hash of the old password, previously stored at the server, as the decryption key. The server computes a second decrypted value by decrypting the second message using a one-way hash of the first decrypted value as the decryption key. The server compares the decrypted one-way hashed value, transmitted in encrypted form in the second message, to the pre-stored hashed old password. If the two values are equal, then the server replaces the old password by the new password.

System for controlling access to a function, using a plurality of dynamic encryption variables

Abstract: The system includes a first card-like unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user. Access to the function is granted when the passwords generated in the units have a predetermined relationship (such as identity) with each other.

Authentication, access control, and audit

Abstract: —Authentication establishes the identity of one party to another. Most commonly authentication establishes the identity of a user to some part of the system, typically by means of a password. More generally, authentication can be computer-to-computer or process-toprocess and mutual in both directions. —Access control determines what one party will allow another to do with respect to resources and objects mediated by the former. Access control usually requires authentication as a prerequisite. —The audit process gathers data about activity in the system and analyzes it to discover security violations or diagnose their cause. Analysis can occur offline after the fact or online in real time. In the latter case, the process is usually called intrusion detection.

Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password

Abstract: A method for permitting access to secured computer resources based upon a two-piece user verification process. In the disclosed embodiment, the user verification process is carried out during a secure power-up procedure. At some point during the secure power-up procedure, the computer user is required to provide an external token or smart card to the computer system. The token or smart card is used to store an authentication value(s) required to enable secured resources. The computer user is then required to enter a plain text user password. Separate passwords can be used to enable various portions of the computer system. Once entered, a one-way hash function is performed on the user password. The resulting hash value is compared to an authentication value (token value) downloaded from the token. If the two values match, the power-on sequence is completed and access to the computer system and/or secured computer resources is permitted. If the two values do not match, power to the entire computer system and/or secured computer resources are disabled. The two-piece nature of the authorization process requires the presence of both the user password and the external token in order to access protected computer resources.

System and method for controlling access to subject data using location data associated with the subject data and a requesting device

Abstract: Upon data access, an attribute-data extraction unit extracts location data and a password from attribute data which is added in advance to subject data to be accessed. At the time of requesting for an access to the data, the extracted password is compared with a password which is inputted from an input unit, and the extracted location data is compared with current location data detected by a location-data detection unit. An access permission unit permits access to the data in accordance with the comparison results obtained by the password comparison unit and the location-data comparison unit. By virtue of the process, it is possible to more strictly protect confidential information in a data processing apparatus.

Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm

Abstract: A method for permitting access to secured computer resources based upon a two-piece user verification process. In one embodiment of the invention, the user verification process is carried out during a secure power-up procedure. At some point during the secure power-up procedure, the computer user is required to provide an external token or smart card that is coupled to the computer through specialized hardware. The token or smart card is used to store an encryption algorithm furnished with an encryption key that is unique or of limited production. The computer user is then required to enter a plain text user password. Once entered, the user password is encrypted using the encryption algorithm contained in the external token to create a peripheral password. The peripheral password is compared to a value stored in either secure system memory or in memory contained within a secured resource itself. If the two values match, access to the secured resource is permitted. In an alternate embodiment of the invention, the two-piece authentication process is conducted during normal computer operation outside of the secure power-on sequence. In this embodiment of the invention, the user password is entered by means of a secure keyboard communications channel. In either embodiment, the two-piece nature of the authorization process requires the presence of both the user password and the external token in order to generate the peripheral password.

System and method for managing multiple users with different privileges in an open metering system

Abstract: A system and method of managing multiple users of an open metering system, wherein the users have different access privileges, includes the steps of providing a user password system for vault access; programming the vault with a plurality of transition states operatively relating to the user password system; assigning vault functional access to each user password first entered into the user password system; and performing a requested vault function when an entered user password under which the request is made has been assigned vault functional access for the requested vault function. The vault is manufactured in a first state in which the user password system is not activated and the activates the user password system upon entry of an initial user password which changes the vault to a second state that accepts requests for vault functions. The vault is changed to a third state from the second state wherein the user password system remains activated but another user password must be entered before a further request for a vault function is accepted. The requested vault function is rejected when the entered user password under which the request is made has not been assigned vault functional access for the requested vault function.

Method and system for changing an authorization password or key in a distributed communication network

Abstract: A robust and secure password (or key) change method between a user and an authentication server in a distributed communication network is disclosed. The protocol requires the exchange of only two messages between the user desiring the key change and the server, the user's request including, at least partly encrypted, an identification of the sending user, old and new keys, and two nonces, at least one including a time indication. The authentication server's response includes a possibly encrypted accept/reject indication and the regularly encrypted request from the user.

Apparatus and method for preventing theft of computer devices

Abstract: Apparatus and method for discouraging computer theft The apparatus and method requires that a password or other unique information be supplied to the computer before the computer BIOS routines can be completely executed A BIOS memory storing the BIOS routines includes a security routine which will determine whether or not the required password entered by the user, or a known quantity read from an externally connected memory device is present The security function stored within the BIOS memory also includes an administration function which permits the computer to be either placed in a locked state, thereby requiring password or the known quantity read from an externally connected memory device to be present each time the computer is booted up The administration function also permits an unlock state which permits the computer boot up process to complete without entering any password or externally supplied quantity The external memory location is consulted during each boot up sequence, to determine whether the computer has been placed in the locked or in the unlocked state If the security depends upon the supply of the known quantity from an externally connected memory device, the computer will be inoperable to anyone not in possession of the external memory device In the event that the external memory location bearing the locked or unlocked code is removed, the security function assumes the computer to be in the locked state, thus frustrating avoidance of the locked state by tampering with the external memory

Confining root programs with domain and type enforcement (DTE)

Abstract: The pervasive use of the root privilege is a central problem for UNIX security because an attacker who subverts a single root program gains complete control over a computing system Domain and type enforcement (DTE) is a strong, configurable operating system access control technology that can minimize the damage root programs can cause if subverted DTE does this by preventing groups of root programs from accessing critical files in inappropriate access modes This paper illustrates how a DTE-enhanced UNIX prototype, driven by simple, machine-interpretable DTE policies, can provide strong protection against specific classes of attacks by malicious programs that gain root privilege We present a sequence of policy components that protect system binaries against Rootkit, a widely-used hacker toolkit, and protect password, system log, user, and device special files against other root-based attacks Tradeoffs among DTE policy complexity, scope of protection, and other factors are discussed

Method and apparatus for controlling access to encrypted data files in a computer system

Abstract: In a system in which encrypted information can be protected and maintained by multiple users using passwords in concert, a file with secure data contains both an unencrypted header and an encrypted data portion. The data portion contains both the secured data and a list of hashed passwords and is encrypted with a single file key. The unencrypted file header contains two tables. The first table is a list of passwords, where each password is cryptographically hashed using a second, different hashing technique than the hashed passwords in the data portion of the file. The second table is a list of cryptographically hashed combinations of cryptographically hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data portion of the file. Each hashed combination on the list is also used as a password key to encrypt the file key. During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then passwords of the users in the quorum are hashed with the first hashing technique, combined and hashed again to form a password key. The file key can be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists.

Method of mutual authentication for secure wireless service provision

Abstract: A mutual authentication process assures that a subscriber does not provide sensitive activation information to an imposter network and a network does not provide sensitive activation information to an imposter subscriber. The mutual authentication is facilitated by a pair of passwords that are communicated between the activation center of the network and the subscriber via a secure channel.

System for controlling access to a function having clock synchronization

Abstract: The system includes a first card-like unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the number of formulated authentication requests. The encryption may be performed using a dynamic key. In order to synchronize the values of the variables generated in concert but independently in the units, only some of the least significant digits of the variables are transferred from the card-like unit to the other unit, with the transfer being performed by adding the digits to the password. This synchronization information is combined with corresponding variables in the second unit and used to calculate therein a value which has to match with the password calculated in the second unit in order to gain access to the function or service.

Method for seeding a pseudo-random number generator with a cryptographic hash of a digitization of a chaotic system

Abstract: A method for generating a pseudo-random numbers Initially, the state of a chaotic system is digitized to form a binary string. This binary string is then hashed to produce a second binary string. It is this second binary string which is used to seed a pseudo-random number generator. The output from the pseudo-random number generator may be used in forming a password or cryptographic key for use in a security system.

Flash reprogramming security for vehicle computer

Abstract: A system and method for providing secured programming for reprogramming on-board vehicle computer systems. The system includes an interface tool which communicates with a selected on-board computer system. The communication tool also communicates with an authorized database via a modem. The vehicle computer has a serial identification number and designated passwords stored in memory and external access to the designated passwords is denied. Upon request, the vehicle computer transmits the serial identification number to the database which looks up a designated password A that corresponds to the vehicle computer and transmits password A to the computer. If the password A received by the computer matches the password in memory, the authorized database provides encrypted data in accordance with an encryption function, password B and data values. The computer deciphers the encrypted data in accordance with a stored password B to generate data values. Reprogramming of the control software is allowed only when the encrypted data value match the data values stored in the vehicle computer.

Garage door opener and wireless keypad transmitter with temporary password feature

Abstract: A garage door opener system includes providing temporary access permission for some user or users while maintaining near permanent access permission for other users. The temporary access permission may be controlled by number of uses or a predetermined amount of time.

Auditing login activity in a distributed computing environment

Abstract: A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server. The pre-authentication data includes information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt. The method is effected as a background process during the login, and is initiated after the ticket has been returned to the workstation from the authentication server to avoid RPC deadlock. To audit the login, information from the pre-authentication data is used to obtain a simple name of the user. The simple name is then converted into a global format and evaluated. If the name is recognized, it is passed along with the workstation address to an audit API. If the name is invalid, the audit is suspended. After the information is recorded or the audit suspended, as the case may be, process control is returned to the login routine. Preferably, the routine is implemented within the security service of the distributed computing environment.

Re-initialization of an iterated hash function secure password system over an insecure network connection

Abstract: Methods and apparatus are disclosed for re-initializing a secure password series based on an iterated hash function. User login information is communicated over an insecure network connection or other transmission medium between a client and a server. The server provides an indication that a first login series based on a first password has reached a predetermined minimum number of remaining hash function iterations. This indication could also be generated by the client. In either case, the client responds to the indication by generating an initialization signal which relates the first login series based on the first password to a second login series based on a second password. The initialization signal may be generated as the exclusive-or of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password. The client transmits the initialization signal to the server, which stores it along with an encrypted password transmitted in a previous valid first series login by the same user. The server then compares a function of the stored initialization signal and an initial second series login to the previously-stored first series login to determine if the initial second series login is valid. The second password may be generated by the client using a pass phrase portion of the first password and a new seed portion which does not require additional user input. The password re-initialization process can thus be performed automatically without any need to notify the user.

Human-computer cryptography: an attempt

Abstract: Can you securely prove your identity to a host computer by using no dedicated software at your terminal and no dedicated token at your hands? Conventional password checking schemes do not need such a software and hardware but have a disadvantage that an attacker who has correctly observed an input password by peeping or wiretapping can perfectly impersonate the corresponding user. Conventional dynamic (one-time) password schemes or zero-knowledge identification schemes can be securely implemented but require special software or hardware or memorandums. This paper develops human-friendly identification schemes such that a human prover knowing a secret key in her or his brain is asked a visual question by a machine verifier, who then checks if an answer sent from the prover matches the question with respect to the key. The novelty of these schemes lies in their ways of displaying questions. This paper also examines an application of the human identification schemes to human-computer cryptographic communication protocols.