Browse Prior Art Database

Cryptographic Password Management System

IP.com Disclosure Number: IPCOM000080577D
Original Publication Date: 1974-Jan-01
Included in the Prior Art Database: 2005-Feb-27
Document File: 3 page(s) / 33K

Publishing Venue

IBM

Related People

Cullum, CD: AUTHOR [+3]

Abstract

An important problem in the secure operation of terminal systems is the management of password information. At the present time this vital information is available to the management of the host system. Ideally the password entered by the user should never go beyond the terminal; i.e., should never appear on the transmission link, and the directory of passwords should be inaccessible to the systems management. This password direct key should be the exclusive knowledge of a third party or parties. The subject of this description deals with a cryptographic procedure, which generates and manages passwords in such a fashion as to realize this ideal goal.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 3

Cryptographic Password Management System

An important problem in the secure operation of terminal systems is the management of password information. At the present time this vital information is available to the management of the host system. Ideally the password entered by the user should never go beyond the terminal; i.e., should never appear on the transmission link, and the directory of passwords should be inaccessible to the systems management. This password direct key should be the exclusive knowledge of a third party or parties. The subject of this description deals with a cryptographic procedure, which generates and manages passwords in such a fashion as to realize this ideal goal.

The operation of the described system is based on the notion of a secret password which is realized by a cryptographic key. This cryptographic key consists of a sequence of bytes, which are entered at the terminal by the user through an identification card or through the keyboard from personal memory or both. In logging in, the user enters his password and his identity. Only his identity is transmitted to the control system. The password never leaves the terminal and the directory of user identity versus password is inaccessible to the systems management. In fact, this directory exits in the form of a cryptographic generator, realized totally in hardware, whose key is available only to a third party or parties.

The user first enters his identity A into the terminal. This is transmitted to the system in the clear. At the receiving end A is inserted into crypto box Pi (2), which has been keyed by the superposition of a suitable number of third party keys (this could be one). This crypto box Pi (2) might, in fact, be identical to box Pi (1) which will be discussed below. Box Pi (2) will now manufacture, from A and the third party keys, user A's key K(A). This indeed was the method by which K(A) was ass...