Browse Prior Art Database

A method for protecting passwords

IP.com Disclosure Number: IPCOM000109155D
Original Publication Date: 2005-Mar-23
Included in the Prior Art Database: 2005-Mar-23
Document File: 1 page(s) / 31K

Publishing Venue

IBM

Abstract

Internet users often log on to various websites that require passwords, and they do so not only from their own machines but also from machines located in public areas, workplaces, and homes of friends. Many computer systems can be set to store the passwords that are being used for logging on to various sites. Unless a security mechanism is used, passwords are transmitted through the Internet, and can be seen and recorded while on route. This exposure harms the businesses that own such websites, because customers may be reluctant to log on from any machine that they do not own.Thus, there is a need for a method that allows Internet users to use passwords without the fear that someone else could discover and later use said passwords. The invention is a method that can be adopted by web servers that require passwords. The basic idea is that at any time, the server may store more than one admissible password for each user. In addition to the usual password that can be used for unlimited number of times, the server stores a set of "disposable" passwords for the user, where a single disposable password expires as soon as it is utilized. The number of disposable passwords may depend on the user and would depend on the frequency of usage and the availability of space. The ideas is that the user could use either the usual password which s/he probably memorizes, or one of the disposable ones (that may need to looked up) when circumstances suggest it would be safer to do so.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

THIS COPY WAS MADE FROM AN INTERNAL IBM DOCUMENT AND NOT FROM THE PUBLISHED BOOK

ARC820010094 Marc D McSwain/Almaden/IBM

Nimrod Megiddo

A method for protecting passwords

Internet users often log on to various websites that require passwords, and they do so not only from their own machines but also from machines located in public areas, workplaces, and homes of friends. Many computer systems can be set to store the passwords that are being used for logging on to various sites. The latter feature is presumed to make it easier for the primary user of the machine to log on. However, it creates an exposure for other users because their passwords can be easily retrieved or re-used by subsequent users of the same machine. Similarly, unless a security mechanism is used, passwords are transmitted through the Internet, and can be seen and recorded while on route. This exposure harms the businesses that own such websites, because customers may be reluctant to log on from any machine that they do not own.Thus, there is a need for a method that allows Internet users to use passwords without the fear that someone else could discover and later use said passwords.

The invention is a method that can be adopted by web servers that require passwords. The basic idea is that at any time, the server may store more than one admissible password for each user. In addition to the usual password that can be used for unlimited number of times, the server stores a set of "disposable" passwords for the user, where a single disposable password expires as soon as it is utilized. The nu...