Showing papers on "Password strength published in 1994"

Hard disk password security system

Abstract: A hard drive which prevents data access operations on the hard drive upon power up until the user enters a password. When the computer system is powered up, the hard drive spins up and is tested, responding only to a limited set of commands that do not permit data storage or retrieval operations. The password is located on the hard disk itself to prevent bypassing the hard drive's security using a new computer environment. When the user enters the correct password, the hard drive unlocks and operates as a conventional hard drive. If the user chooses, the hard drive may be unlocked by either of two passwords, one defined by the user and the other by the manufacturer. To obtain access to data areas during a locked state, a wipe data command is provided which overwrites all user data on the drive and unlocks the drive.

Method and system for variable password access

Abstract: A method and system are provided for controlling access to a data processing system through the use of a variable password. In one embodiment, the invention substitutes the value of a variable into an expression contained in a predefined password, evaluates the expression and password, and compares the result of the valuation of the password to a character string input to the data processing system, granting access if they are identical. A range of values of certain characters of the password may be permitted. The password may require that certain characters be entered within a defined time interval measured from the entry of other characters. The values of environment variables, which are referenced by the variable password, may change from time to time, as a function, for example, of the current time or temperature or system utilization.

Computer security apparatus with password hints

Abstract: The computer security apparatus is appended to existing computer data file protection apparatus and operates as an adjunct thereto. The user invokes the password and/or data file encryption processes in the usual manner. If the user cannot remember the password used, the computer security apparatus presents a prerecorded password hint to the user in an attempt to jog the user's memory to recall the password. If the initial password hint does not accomplish this goal, a succession of additional, more specific password hints, can be provided to ultimately induce the user to recall the password.

Personal identification systems

Abstract: In personal identification systems which compare passwords in a verification computer to identify a user, successive passwords are generated, or retrieved from a stored list in the verification computer in response to each entry of a public username into the verification computer. A user device carried by the user retrieves the next successive password from a stored list in response to a command from the user and displays the password. The user then reads this password and offers it to the verification computer via a keyboard entry to be compared with the password already generated or retrieved in response to the username (the expected password).

Password updating system to vary the password updating intervals according to access frequency

Abstract: A password updating system sets the available period and the updating period of the password for each individual user according to the frequency of his accesses to the computer system, and manages password updating by urging the user in advance to change his password on the basis of these periods. There is a chronometric unit; and a password hysteresis memory unit for memorizing and managing passwords and their available periods. An update processing unit checks the input password, requests reentry if the same password exists or updates it if no same password exists, invalidates the current password if the updating period of the password has expired, and also validates invalidated passwords. There is a comparator unit for comparing the available periods of passwords and notifying the update processing unit of a request to update the password. Also provided is a period setting unit for prescribing, upon setting of each password, the available period and the update set period of that password on the basis of the analysis of the frequency of accesses, and conveying that information to the password hysteresis memory unit. A display unit displays various messages; and an input unit inputs various information.

Method for hibernation file creation

Abstract: Hibernation and wake-up of multiple environments are performed while password security is maintained. When the hibernation mode is entered, a hibernation file is determined in which hibernation data is to be saved, based on an identifier assigned to the current operating environment (step 902). After save operation is finished, the validity information of the hibernation file is updated, and in some cases, a hibernation signature is set (step 908). For wake-up operation, a list of hibernation files being saved, and the user is prompted to select an operating environment to be regenerated (step 913). When a corresponding password has been specified, the user is requested to input the password for the corresponding operating environment (step 915).

***WITHDRAWN PATENT AS PER THE LATEST USPTO WITHDRAWN LIST***System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens

Abstract: An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.

Method for preventing inadvertent betrayal of stored digital secrets by a trustee

Abstract: The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user's encryption password) and is then encrypted under the control of the trustee's public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee's public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee's public key and is stored, for example, in the user's computer as an escrow security record. The password is then used to encrypt all data on the user's disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant's invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner's interest.

Improved method and system for proactive password validation

Abstract: An improved method for password validation comprising the steps of identifying bad passwords having one or more characters; computing a frequency of occurrence of bad password characters; computing a probability of occurrence T of the bad password characters within the bad passwords based upon the computed frequency of occurrence; identifying a proposed password having one or more characters; and comparing the proposed password characters with the probability of occurrence T of the bad password characters. The method further comprises the steps of establishing a validation threshold and validating the proposed password based upon the correspondence between (i) a value, BAp, reflecting the relationship between the probability of occurrence T of bad password characters within bad passwords and the proposed password characters and (ii) an established validation threshold. A Markov model is used to compute the probability of occurrence. The present invention also includes an improved password validation system.