[go: up one dir, main page]

WO2003049001A2 - Akf_inlog - Google Patents

Akf_inlog Download PDF

Info

Publication number
WO2003049001A2
WO2003049001A2 PCT/SE2002/001975 SE0201975W WO03049001A2 WO 2003049001 A2 WO2003049001 A2 WO 2003049001A2 SE 0201975 W SE0201975 W SE 0201975W WO 03049001 A2 WO03049001 A2 WO 03049001A2
Authority
WO
WIPO (PCT)
Prior art keywords
pictures
password
picture
user
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/SE2002/001975
Other languages
English (en)
Other versions
WO2003049001A3 (fr
Inventor
Thomas Gebel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to AU2002354431A priority Critical patent/AU2002354431A1/en
Publication of WO2003049001A2 publication Critical patent/WO2003049001A2/fr
Publication of WO2003049001A3 publication Critical patent/WO2003049001A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Alphabet finite set of symbols.
  • String consists of zero, one ore more concatenated symbols of some alphabet.
  • An expression can describe a value.
  • a letter such as an 'a' is an abstraction that exists through one or several definitions and is concretised by one ore more real representations for instance by sound or a marked/drawn curlicue.
  • Character table two forms of representations where one representation implies the other and vice versa, is mathematically to be described as a bijective function between the two representations. Whether any value has been defined lack signification.
  • a picture is a limited area containing at least two dots of different colours.
  • the picture is limited by a square frame with the side 'k'.
  • Picture panel On arbitrary chessboard B a picture unlike every other picture in B, is placed in each square.
  • the names of the pictures are integral numbers.
  • a picture panel can contain a picture panel "behind" each picture in it.
  • F is a function of a picture panel, this panel is conducted from a well-arranged state to another.
  • the 'm' transpositions are stored in transposition matrix M.
  • a user is a client of one or several servers.
  • a server has zero or several users.
  • a user logs on to a server by means of user name and, or password.
  • the security of a password is expressed as a quotient of integers indicating the probability that an unauthorized attempt to access will fail.
  • a bad password does not have sufficient length and, or complexity compared to known and, or expected technique.
  • ASCII American Standard Code for Information Interchange
  • ASCII consisted of seven bits.
  • the extended version Extended ASCII which has eight bits consisting of 256 characters in total, is most often put into practice.
  • ASCII means in precise technical language the use of seven bits. In a wide- ranging sense it often refer to eight bits.
  • X, Y are integers greater than zero.
  • G is the owner of all picture panels h n and even the owner of potential sub panels of h n .
  • both pictures that are displayed directly in G, or in the entire hierarchy of picture panels, can be referred to as well. Coherence will determine what is meant by notation of a picture panel.
  • F does not say anything about the way F works. If nothing else is indicated, let F be a pseudo-random-function with a very long period.
  • the security of a password refers to the probability of a successful illegitimate attempt to login before any illegitimate attempts to login has taken place. The probability of illegitimate access is not governed entirely by combinatorics.
  • a password must also contain a certain complexity. Passwords must not contain combinations of symbols that can be found in a dictionary. In general a password must not contain a string that potentially have any meaning in a public context.
  • N the probability that the first illegitimate attempt to login is successful is: l/(s r -N).
  • a password that is considered as secure may be used to protect messages on an answering machine as well as launch codes for ballistic missiles.
  • definition 10 For example a password containing strings that exists in dictionaries, the white pages, names, years, events, mnemonics such as: MOVEA , JSR.
  • a password is not just a string in some alphabet. It must be generated, distributed, used, verified, updated, backed up, and handled in event of exposure and finally destructed.
  • the perspective has to be broadened and also include the system that the password is set to protect, and the organisation using the system.
  • Axiom 6 it is not possible to represent a value in a "good” password without making the password "bad". It is likely that a person with ease remembers a password that represents something in the everyday life, but since one alphabet is used to represent both passwords and information, one cannot syntactical express a value with common letters without the loss of complexity in the password. That is because the alphabet is a representation of a common article of value.
  • a combinatorical advantage when creating passwords is that strings forming meaningful words are just a fraction of the possible numbers of (finite)strings.
  • a drawback is that a "good" password is likely to be hard to remember due to the lack of a meaningful representation. In reality this can lead to shortage in security.
  • the security policy prescribes a frequent change of passwords, it may risk that the user generates new passwords that to some extent can be derived from earlier ones. If the system administrator generates the passwords for the user, the user might forget it, or write it down. It is not possible to alter the complexity in a password without actually changing the password. This implies that all users have to change passwords if the all over system security has to be risen.
  • a user that gains access to several resources by passwords on separate systems might be a security hazard for the system owners. If only one password is used on several systems, the representation of the password is more or less identical on the different systems, and different encryption of the password files can help an attempt to crack a multi used password.
  • the difference between the function and the suggested language is that the user has not explicitly made the transformation.
  • the user describes a value with words which are then transformed by the function, the user probably does not even remember the function output, only the input (otherwise the function is not necessary).
  • the user is aware of the value but also masters the representation.
  • AKF_inlog By combining the function and the irregular language, a hybrid called AKF_inlog is defined.
  • the purpose of the irregular language is to enable a user to produce simple passwords in a simple way.
  • the function contributes to the uniqueness in every individuals language.
  • the irregular language is created by letting the ability of association create values. Assume that people to some extent think different, then this plurality further adds up to the uniqueness of the individual languages along with the function.
  • the irregular language uses pictures as representation and the values are created with association while viewing the images. Instead of sequentially selecting letters from an alphabet in order to create a new password, one can sequentially chose pictures from a set. I claim that it is a language when it is possible to select a sequence of pictures(create words) from a finite set of pictures(alphabet) since the pictures are subject for my association and thereby given meaning (value).
  • Figure 3 shows a model of a picture panel (def. 4). To the left, a table containing the Swedish alphabet, punctuation and control characters. To the right, a selection from an arbitrary large alphabet. Each shadowed square symbolizes a unique picture.
  • the first and second passwords are not to short but the third is. All three passwords are bad due to the lack of complexity.
  • pictures in a picture panel are represented as coordinates. By periodically letting F act upon the picture panel, the pictures are exchanging positions with each other periodically. This implies that all picture sequences of a given length with unique pictures has equal complexity. There are no bad passwords, only short or long ones.
  • FIG 4 three sequences of pictures selected from some picture panel.
  • the sequences can be regarded as passwords. All users have different picture panels(since F has acted upon each at least once.)
  • the same pictures in different systems are represented differently physically (bit pattern) and logically (different positions).
  • F The purpose of F is to create different representations for users although the same pictures may be used. Users probably associates different for a given picture which implies that both value and representation can be regarded as unique for each user.
  • F on the picture panels secures that different systems have different representations, all user within a certain system have different representations, the representation for a specific user alters periodically since the pictures exchange position before each attempt to logon.
  • a password p ⁇ 011 based on characters from the ASCII table with the length ⁇ 011 can be made more secure(def 9) by increasing both complexity in p ⁇ 011 and/or the length L ⁇ 011 .
  • a selected sequence of pictures from some picture panel is to be regarded as a password, pPICTURE ⁇ the j ength L PICTURE p PICTURE c an ⁇ be ma ⁇ j e safer by increasing fa complexity since it is constant for any given length of the sequence.
  • An increase of L PICTURE will contribute to an increased security, but also an increase of the picture set in the picture panel(s).
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • AKF_inlog can do this by:
  • the set of pictures can increase arbitrary
  • Figure 6 displays a hierarchy of picture panels, were each grid symbolizes a picture panel.
  • the hierarchy can be extended arbitrary. If the picture panels have a fixed picture size of say 100, a hierarchy of depth three is needed to represent 10 6 pictures.
  • AKF_inlog operates by a common alphabet shared by the server and the client, where the symbols are integers.
  • the pictures shown to the user are placed in a picture panel where each picture corresponds to a number or a position.
  • a user clicks on the pictures that correspond to the password it is merely the picture panels coordinates for the picture that are registered and sent to the server.
  • the server or the network knows even of the existence of any pictures. (The server might know about registered control images).
  • a user has established a new user account on some server and wishes to use AKF_inlog to authenticate.
  • the technique will be explained in six steps.
  • the user needs a AKF_inlog client application (AKA) which can be required from a CD- ROM or downloaded from some network.
  • AKA AKF_inlog client application
  • the basic version of the AKA includes 400 gif pictures with a varying quality and resolution. If the user wishes to other pictures, these can be chosen now or later.
  • the standard pictures are named: O.gif, l.gif ... 399.gif The names are randomly selected why w.gif on one system is very unlikely to correspond to w.gif on another system.
  • the user selects the alternative "Mount new server" in the AKA installation menu, (the paradigm centres the user), and the AKA establish a connection with the desired server.
  • the server creates a square matrix with X*Y elements (def. 1).
  • the default size is 400.
  • Each element is unique and is a integer in the range [0..399] i.e. [0..X*Y -1].
  • a function F acts upon the matrix by exchanging positions of the elements in a way that the contents does not correspond to the index. A copy of the matrix is returned to the client. See figure 7.
  • the matrix returned from the server can on the AKA act as a picture panel, and will from now on in this example be referred to as the picture panel "BP".
  • BP picture panel
  • a suitable partition will be made to fit in the "BP”.
  • a main picture panel consisting 100 pictures is created and then three sub picture panels also with 100 elements each. The sub panels are activated by right clicking on the three upper leftmost pictures in the main picture panel. (This is merely a suggestion, the AKA can at any time be reconfigured by the user).
  • the BP is now interpreted as four picture panels on the AKA.
  • the correspondence to BP on the server is actually a one dimensional vector where each index addresses a integer element that can be mapped to the AKA in bijective way. In order to make understanding easier the notation of matrixes will be used.
  • the 400 default pictures included with the AKA are stored in a catalogue on the clients hard drive as the files: O.gif, l.gif, ...399.gif BP2 are displayed on the clients screen as a grid containing the said pictures.
  • the initially empty grid is filled up from the upper left corner, to the right, and down, as shown in figure 9. To the right in figure 9, the upper left corner of the active picture panel.
  • the grid displayed on the screen is indexed by an incremental series. When the user clicks on an image, it is the index or position "q" that is registered.
  • a picture sequence of length L used as a password is stored as the positions of the pictures, that is ⁇ q0,ql..q(L-l) ⁇ .
  • the AKA sends the vector passwd[], and the transposition matrix M to the server.
  • the server recreates BP2 from BP and M, and verify the password.
  • the server can either approve access or perform additional security controls by requiring verification of control images.
  • AKF_inlog let the user register any number of pictures for cross checking.
  • the registration process can be done in numerous ways. The simplest is to click on some pictures, which are sent to the server along with the coordinates. Each time the client tries to logon, AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected pictures to AKA in a special window. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
  • the second method of registering pictures asks the client to describe some selected pictures in words.
  • the comments together with coordinates for the corresponding pictures are sent to the server.
  • AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected text strings describing pictures. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
  • the second method is by far the safest and most efficient method for cross checking since semantics is the only reference to the pictures, whilst even a chimpanzee can match pairs of identical pictures.
  • the cross checking is not an additional password since the user does not have to memorize or produce the output.
  • the purpose is to verify the validity of the transposition.
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • This language can either be learned by heart by the user, or created and maintained with
  • AKF inlog can do this by:
  • the set of pictures can increase arbitrary
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • This language can either be learned by heart by the user, or created and maintained with
  • AKF_inlog can do this by:
  • Every user has access to a unique language with a unique representation for every value (Axiom 6), also the representation of every value changes periodically.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Document Processing Apparatus (AREA)
  • User Interface Of Digital Computer (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Electrically Operated Instructional Devices (AREA)

Abstract

La partie technique de l'application de l'invention comprend une partie théorique comprenant des axiomes et des définitions. Une partie commune décrit des principes généraux. Une partie spécifique contient un axiome, des théories et des principes qui sont appliqués pour résoudre des problèmes. Les problèmes principaux résolus permettent de réduire la complexité de mots de passe, et d'obtenir une manière sure pour utiliser un mot de passe unique dans plusieurs systèmes. Pour comprendre les définitions et les discussions de l'invention, il est nécessaire d'avoir des connaissances de base sur la théorie des ensembles et dans le domaine des sciences informatiques.
PCT/SE2002/001975 2001-10-30 2002-10-30 Akf_inlog Ceased WO2003049001A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002354431A AU2002354431A1 (en) 2001-10-30 2002-10-30 Method for graphical authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0103598A SE0103598D0 (sv) 2001-10-30 2001-10-30 AKF_inlog
SE0103598-9 2001-10-30

Publications (2)

Publication Number Publication Date
WO2003049001A2 true WO2003049001A2 (fr) 2003-06-12
WO2003049001A3 WO2003049001A3 (fr) 2003-10-30

Family

ID=20285806

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2002/001975 Ceased WO2003049001A2 (fr) 2001-10-30 2002-10-30 Akf_inlog

Country Status (3)

Country Link
AU (1) AU2002354431A1 (fr)
SE (1) SE0103598D0 (fr)
WO (1) WO2003049001A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359726A1 (en) * 2013-06-04 2014-12-04 Mark Rodney Anson Login Process for Mobile Phones, Tablets and Other Types of Touch Screen Devices or Computers
WO2015088364A1 (fr) * 2013-12-09 2015-06-18 NORD-SYSTEMS Sp.z o.o. Procédé de génération de mots de passe d'accès graphique

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW299410B (fr) * 1994-04-04 1997-03-01 At & T Corp
JP3764961B2 (ja) * 1995-11-30 2006-04-12 カシオ計算機株式会社 シークレットデータ記憶装置及びシークレットデータの読み出し方法
DE19620346A1 (de) * 1996-05-21 1997-11-27 Bosch Gmbh Robert Grafische Paßworteingabe
US6209104B1 (en) * 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US7219368B2 (en) * 1999-02-11 2007-05-15 Rsa Security Inc. Robust visual passwords

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359726A1 (en) * 2013-06-04 2014-12-04 Mark Rodney Anson Login Process for Mobile Phones, Tablets and Other Types of Touch Screen Devices or Computers
US10120989B2 (en) * 2013-06-04 2018-11-06 NOWWW.US Pty. Ltd. Login process for mobile phones, tablets and other types of touch screen devices or computers
WO2015088364A1 (fr) * 2013-12-09 2015-06-18 NORD-SYSTEMS Sp.z o.o. Procédé de génération de mots de passe d'accès graphique

Also Published As

Publication number Publication date
WO2003049001A3 (fr) 2003-10-30
AU2002354431A1 (en) 2003-06-17
SE0103598D0 (sv) 2001-10-30
AU2002354431A8 (en) 2003-06-17

Similar Documents

Publication Publication Date Title
US8918849B2 (en) Secure user credential control
JP4421892B2 (ja) ランダム部分的パターン認識に基づく認証システム及びその方法
JP5133248B2 (ja) クライアント/サーバー認証システムにおけるオフライン認証方法
US9100194B2 (en) Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
EP1803251B1 (fr) Procede et appareil apportant une authentification mutuelle entre une unite d'envoi et un destinataire
US20250150267A1 (en) Method of semantic transposition of text into an unrelated semantic domain for secure, deniable, stealth encryption
US20110142230A1 (en) Real-time data encryption
US20060206919A1 (en) System and method of secure login on insecure systems
US20090150991A1 (en) Password generation
US20120006899A1 (en) Transaction card for providing electronic message authentication
US20030191947A1 (en) System and method of inkblot authentication
Thabit et al. CSNTSteg: Color spacing normalization text steganography model to improve capacity and invisibility of hidden data
Thorsteinson et al. NET security and cryptography
EP2569725B1 (fr) Procédés, dispositifs et supports de programme informatique permettant la génération et la vérification de mot de passe
EP2966552A1 (fr) Appareil et procédé de fourniture de commentaire après une saisie de données
US20100024018A1 (en) Keyboard Display Posing An Identification Challenge For An Automated Agent
Still Cybersecurity needs you!
Gabor et al. Security issues related to e-learning education
US20080250505A1 (en) Methods And Systems For Generating A Symbol Identification Challenge
CN101064602A (zh) 一种密码输入方法及系统
WO2003049001A2 (fr) Akf_inlog
More et al. Secure transaction system using collective approach of steganography and visual cryptography
CN101064601A (zh) 文字图形化的认证方法
Hanif et al. A new shoulder surfing and mobile key-logging resistant graphical password scheme for smart-held devices
Rajavat et al. Textual and graphical password authentication scheme resistant to shoulder surfing

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP