Showing papers on "Password strength published in 1998"

The Secure Remote Password Protocol.

Abstract: This paper presents a new password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network. The new protocol resists dictionary attacks mounted by either passive or active network intruders, allowing, in principle, even weak passphrases to be used safely. It also o ers perfect forward secrecy, which protects past sessions and passwords against future compromises. Finally, user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the host. This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and o ers signi cantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.

Secure and dynamic biometrics-based token generation for access control and authentication

Abstract: A computer network includes at least one client computer coupled to a server computer that dynamically changes a user's password each time the user logs on to the computer network. By changing the password during the log on process, network security is increased. The server computer includes a users databases that contains a password, a username (if desired) and a biometrics template value associated with each user registered to access the computer network. A biometrics sensing device, such as a fingerprint sensor, is connected to each client computer. The user attempts to log on the server by entering a username which is optional and activating the biometrics sensing device. Appropriate software and/or hardware in the client and server computers capture a sample from the biometrics sensing device and create a template value from the captured sample. The template value thus is representative of a bodily characteristic of the user who activated the biometrics sensing device in an attempt to log on to the server computer. The client computer then transmits the template value to the server which compares the template value received from the client computer with template values previously stored in the users database. If a match is found, the log on process completes. At some point during or after the log on process, the biometrics account manager changes the current password associated with the user to a new password and overwrites the previous password with the new password.

Computer access via a single-use password

Abstract: A computer system according to the present invention implements a self-modifying “fail-safe” password system that allows a manufacturer or site administrator to securely supply a single-use password to users who lose a power-up password. The fail-safe password system utilizes at least one fail-safe counter, an encryption/decryption algorithm, a public key, and a secure non-volatile memory space. The fail-safe password is derived by generating a hash code using SHA, MD5,or a similar algorithm and encrypting the result. The fail-safe password is then communicated to the user. After the user enters the fail-safe password, the computer system generates an internal hash value and compares it with the hash code of the decrypted fail-safe password. When the decrypted fail-safe password matches the internal hash value, the user is allowed access to the computer system.

Method of securing a cryptographic key

Abstract: A method is disclosed for improving portability of secure encryption key data files. The method provides for re-securing key data files according to different security processes for mobility. For porting an encryption key secured using a fingerprint authentication process to a system having only a password authentication process, a user selects password authentication process, provides a fingerprint and is authorised, provides a new password and then the encryption key is accessed according to the fingerprint authentication process and secured according to the password authentication process. This allows the use of specialised security hardware at one location while retaining an ability to transport encryption keys in a secure fashion to other locations, which do not have similar security hardware.

Network access authentication system

Abstract: A network access authentication system including a directory service containing a remote access password and a standard access password for each user of the network, using an authentication protocol that provides information on whether a user is accessing the network locally of remotely, and including a front-end between the directory service and the authentication protocol. The front-end executes the steps of: receiving a user identifier and a user password entered by a user through said authentication protocol; retrieving from the directory service the remote access password and the standard access password corresponding to the user identifier; if the authentication protocol indicates a remote access, comparing the user password to the remote access password, else comparing the user password to the standard access password; and granting access to the network if the comparing step is successful.

Unified password prompt of a computer system

Abstract: A computer system provides a unified password prompt for accepting a user power-on password or an administrator password. A password string entered by the system administrator at the unified password prompt is compared with a stored power-on password. If the user password string matches the stored power-on password, then access to system resources is granted. If the user password string does not match the stored power-on password, then the user password string is compared to a stored administrator password. If the user password string matches the stored administrative password, then access to system resources is granted. If the user password string does not match the stored administrative password, then the system administrator is given a predetermined number of times to enter a password string matching either the stored power-on password or the stored administrator password. If a password string matching either the stored power-on password or the stored administrator password is not provided in the predetermined number of times, access to system resources is denied. The unified password prompt does not require a system administrator to know a user's power-on password in order to access system resources. The unified password prompt also permits a system administrator to configure a plurality of computer systems by providing a single administrative password rather than a plurality of user power-on passwords.

Password generation method and system

Abstract: A system and method employs a password rule data provider that provides password generation rule data to a notification device, such as visual display device or audible output device. A password data evaluator, such as a per character password data evaluator, continuously evaluates password character data as its being entered and compares each character to the password generation rule data. A dynamic status data generator dynamically generates password rule status data, such as visual indication of which rule has been met or which rule has not been met as password data is being entered.

High dictionary compression for proactive password checking

Abstract: The important problem of user password selection is addressed and a new proactive password-checking technique is presented. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to a very high dictionary compression (up to 1000 to 1) with low error rates (of the order of 1%). A prototype implementation, called ProCheck, is made available online. We survey previous approaches to proactive password checking, and provide an in-depth comparison.

Method of authentication based on intersection of password sets

Abstract: There is disclosed a method of authenticating the identity of a first party involved in communicating over a computer network system. The method comprises the steps of: providing the first party with a first password set; providing a second party with a second password set; transmitting an authentication message based on the first password set from the first party to the second party; and authenticating the identity of the first party by the second party for further communications over the computer network if it is demonstrated, based on an analysis of the authentication message, that the first and second password sets contain at least one common password.

Single-use passwords for smart paper interfaces

Abstract: A security control system for remote computers includes a first local input/output device for entering a user name and regular password. A password generator ( 10 ) returns a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information. A second local input device is used for entering the single-use password. A remote computer ( 50 ) receives the single-use password. The remote computer ( 50 ) has a cache ( 76 ) of previously received single-use passwords. The remote computer ( 50 ) compares the single-use password to the cache ( 76 ) of previously received single-use passwords. If there is a match further access is denied. Also included is a decryption key ( 78 ) which is used to regenerate the user name, the representation of the regular password, and the date and time information. If the date and time is older than a predetermined date and time threshold further access is denied. The remote computer ( 50 ) also compares the user name and the representation of the regular password to a stored list ( 86 ). If there is no match further access is again denied.

Computer architecture with password-checking bus bridge

Abstract: A computer password security method employing a south bridge circuitry where the user password is compared to a secured password stored in secured memory which is directly accessible to the south bridge circuitry, removing any threat of data bus and/or unprotected memory snooping.

Authenticated key exchange protocols resistant to password guessing attacks

Abstract: A user-chosen password is not appropriate for a shared secret by which an authenticated key exchange protocol is operated. This is because users choose their passwords so that they can be easily memorised and can be typed using an alphabetic keyboard or a numeric keypad. Therefore, the password becomes a weak secret which is vulnerable to guessing attacks. However, users prefer to utilise the short easily memorised passwords. Several protocols, which are resistant to guessing attacks, have been developed to overcome this problem. However, they are inefficient in terms of the computation and communication costs. As a more practical solution, the authors propose new authenticated key exchange protocols by reducing the number of random numbers, cipher operations, and protocol steps. To achieve this goal, they deliberately use a one-time pad and a strong one-way hash function in their protocols.

Method for establishing a key using over-the-air communication and password protocol and password protocol

Abstract: In the password protocol, the communicating parties exchange calculation results, which each include an exponential, to generate a key. In generating the calculation results, each party adds the password to their respective exponential. If the authorizing information previously sent by one party is acceptable to the other party, then this other party uses the key established according to the password protocol. The channel authorizing information is sent over a secure communication channel. The secure communication channel is also used in other embodiments to verify a hash on at least one calculation result sent between the parties. If the hash is verified, then a key is established using the calculation results sent between the parties.

Password management and recovery system

Abstract: PROBLEM TO BE SOLVED: To enable a user to safely set a password again without danger by transmitting an inquiry code to a server and producing a key for password setting when the user forgets the password. SOLUTION: When a client user forgets his password, a password for resetting is inputted to a password resetting part 4 on a client device 1, an inquiry code is produced and it is sent together with a user identifier to an authentication server 8. When the part 4 sends the inquiry code to the server 8 and when an automatic person himself/herself confirming part 14 recognizes that input information is legal from user information and confirmation items 10 at the time of resetting a password, a resetting key generating part 15 produces a resetting key from the inquiry code and returns it to the device 1. The part 4 which receives the resetting key authenticates the validity from the combination of an encipher password 5 and the resetting key and allows the user to set the password.

Authenticated communication procedure for network computers

Abstract: Authentication of a request by a computer for access to a resource is accomplished by means of a randomly generated password that can only be used a limited number of times. In a disclosed embodiment of the invention, a network computer sends a boot request to a network server. In response, the network server generates a random password, and sets a use counter to a value which indicates the number of times that the password can be used for access to network resources. This password is transmitted to the network computer, which uses it to initiate a session with a network file server, and access network resources. The network server then invalidates the password, by decrementing the use counter to zero. As a result, even if the password becomes known to an unauthorized user as it is being transmitted from the network server to the network computer, it cannot be improperly employed to gain access to any network resources.

One-time password authentication system

Abstract: PROBLEM TO BE SOLVED: To improve a system such that a password is likely to be stolen by an illegal person in authentication by a time synchronous system and the number of the key input operation times of a user increases in a challenge and response system and it takes a lot of time and labor for log-in SOLUTION: In a time synchronous system, a user-side transmits a password obtained by adding 'second' unit data for ciphering the time An authentication server-side estimates the time of more than ciphered minutes from the part of 'second' (S2) When the time is ciphered (S3), time matched with the ciphered time of the minutes exists (S4) and ciphering time becomes subsequent to time for update/registration at the time of previous log-in, a user is authenticated as a regular user (S5) and the time of this time is updated/registered (S6) That a counter value is set to the number of password generation times instead of 'second' is contained

Password generation by hashing site and time data

Abstract: A password is generated by hashing a site-specific identifier data such as selected bytes of a MAC address with site-specific temporal data such as selected bytes of a run-time measured from the start of an operating session. The keyword may be encrypted by means of a private key and an encryption algorithm to provide a password. The generation of the password may be performed both remotely from a network device and within it to provide a mechanism for controlled access to the device.

Design and implementation of an authentication protocol for home automation systems

Abstract: This paper presents an authentication protocol using the SPEKE strong password method to address current information-security deficiencies found in most smart home automation systems. The protocol emphasizes analyzing the operation and security performances limited by practical low-cost micro-controller implementations (e.g. 8051 or 68HC11) of consumer electronic equipment and appliances.

Password update device and recording medium

Abstract: PROBLEM TO BE SOLVED: To prevent a damage by a theft, of a password on a network by automatically updating the password without giving a user an extra labor. SOLUTION: A user inputs the only and an absolute password that is the only, absolute one and stores the in an absolute password storage part 21. If it is an update period of time which an update monitoring part 23a monitors when there is a connection demand from a connection demand part 27 to a Web server, a password operation part 23b is stored in a randomization parameter storage part 22, a new password is generated from the absolute password stored in the absolute password storage part 21 by using a randomization parameter selected by a parameter selection part 23c and a new password storage part 25 is made to store it. Then, an update demand part 26 transmits the current password stored in a password history file 24 and a new password stored in a new password storage part 25 is transmitted to the Web server and update of the password is demanded.

Password processing apparatus and method

Abstract: A password processing apparatus and method is provided in which a generic password or master password, in addition to an actual password, is written and verified by using an external memory device. The password processing apparatus includes an internal memory for storing an input password and a condition to read or record a generic password, a detachable storing medium, and an adaptor for writing data to and reading data from the detachable storage medium. A controller stores the password and the condition to read or record the generic password in the memory, stores the generic password in the storage medium according to the condition if the storage medium is connected to the adaptor, and compares the generic password stored in the storage medium with an input password if the input password is different from the password stored in the memory. As a result, by writing and reading an generic password to and from an external memory device using a computer or a program, utility and security of the password can be improved.

Password content protecting device

Abstract: PROBLEM TO BE SOLVED: To make it difficult to operate password break without deteriorating any inconvenience of a legal user by permitting re-try when an inputted password is different from an original password, and limiting the number of times of re-try according to the result of comparison. SOLUTION: A power is turned on (S201), and the number of times of password try of a normal user is initialized into the variable of the number of times of try (S202). For example, the variable of the number of times of try is initialized into 5, and 5 times of try is permitted. A message for promoting password input is displayed on a display device (S203), and a user inputs a password (S204). When the password is correct (S205), a personal computer is activated (S206). When the password is not correct, the level of the error is judged (S207), and when it is judged that the totally incorrect password is inputted, retry is not permitted, and the power is cut (S208). When the level of the error is not serious (S207), transition to the inputting processing of a password is permitted (S209 and 210).

Electronic mail-capable communication terminal device and password changing method

Abstract: An electronic mail-capable facsimile machine (20) which simplifies a password changing operation and ensures that a password registered with a network and a password newly entered in the facsimile machine (20) do not differ from each other. After the user changes the password in the facsimile machine (20), the CPU (1) automatically logs into the network and changes the password registered with the network to the newly entered password.

The Lowly Password

Abstract: The password has long served as the traditional authenticator for system access. As the least expensive authentication method — one usually provided by vendors as a standard “feature” of their system — the much used password remains little understood in terms of its effectiveness. Here I describe a methodical approach to understanding passwords and their effectiveness. At some point in the future, perhaps biometric authentication will become the norm and we will no longer rely on passwords. Until that time, security administrators and computer auditors need to understand and properly implement password-based security schemes.