Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Password Verification

IP.com Disclosure Number: IPCOM000078159D
Original Publication Date: 1972-Nov-01
Included in the Prior Art Database: 2005-Feb-25
Document File: 1 page(s) / 12K

Publishing Venue

IBM

Related People

Perry, OR: AUTHOR

Abstract

This is a computing system method for determining whether a user knows a password, without requiring the user to disclose that password. Background Information.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 57% of the total text.

Page 1 of 1

Password Verification

This is a computing system method for determining whether a user knows a password, without requiring the user to disclose that password. Background Information.

Passwords as currently used in operating systems have the drawback that use of a password requires its disclosure. The password is usually printed and so is subject to compromise by inspection of the printed page, inspection of the carbon ribbon, line tapping, or electronic surveillance. Current techniques for overcoming these problems use sets of passwords in rotation, or passwords that are changed by the system after each use. These techniques are of marginal value because the changing passwords are difficult to remember, they restrict use of a file to one user and they do not attack the basic disclosure problem. Description.

Rather than requiring the user to furnish a password, a computing system can furnish a character string that is related to the password and require the user to respond with enough information to demonstrate that he knows the password, but not enough information to disclose the password.

There are many variations of this basic mechanism that could be devised. One possible design is as follows; * The user requests access to a particular file * The system responds by printing a pattern of characters like this:

PASSWORD IS xxxx xxxx xxxx xxxx * The x's are characters from the password with other random characters intermixed in an unpredicatable pattern. The

blank...