Browse Prior Art Database

Authentication system using combinable passphrase

IP.com Disclosure Number: IPCOM000129729D
Original Publication Date: 2005-Oct-07
Included in the Prior Art Database: 2005-Oct-07
Document File: 4 page(s) / 32K

Publishing Venue

IBM

Abstract

A program is disclosed to make a user safely using the pass-phrase input in addition to a personal identification number. The purpose of this program is to protect the user from peeping key inputs, for example, a login password for the online banking service, with a spy wear running on the user's client PC.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 4

Authentication system using combinable passphrase

A program is disclosed to make a user safely using the pass-phrase input in addition to a personal identification number. The purpose of this program is to protect the user from peeping key inputs, for example, a login password for the online banking service, with a spy wear running on the user's client PC.

The overview of this program is as follows;

The unique pass-phrase for this program is a phrase, in Japanese, shown in the attached figure (See Figure 1).

At the time of the pass-phrase registration, the user firstly inputs several words, which are suitable for blank (1) and (2).  Next, as a continuation of the registration procedure, this program generates automatically the sentence in which the words of (1) and (2) are combined, and displays it to the user. Lastly, the user inputs the words, which comes to
(3) suitable for the sentence, and then completes the registration of the pass-phrase.

At the time of his/her login, the program displays the above-mentioned sentence which is a blank at (1), (2), or (3) other than a personal identification number, and requests the user to input the words which is suitable at a blank.  The program compares whether the inputted words correspond with registered words, and judges whether the person is a correct user or not according to the result of comparison.

1

Page 2 of 4

Red characters are inputs by a user.

Black characters are generated and displayed by the program.

Registration procedure #a-2:

Regsistrationprocedure #a-3,4

Q & A on authentication page 1st time

Based on those inputs, the program generates more sentences withrecombining the inputted words.

Using any registered sentences

Pass-phrase registration

 Pass-phrase authentication

2ndtime

3rdtime

Figure 1: Example of registration and authentication

The details of procedure are as follows:
a) Registration: A correct user registers some words into (1), (2), and (3) beforehand as the pass-phrase registration.

a-1) The transceiver module of Web server transmits an initial input Web page to a Web client. On the initial input Web page, the Web client displays the sentence on the client's window. Two or more lines are repeatedly displayed on the window, using the sentence as one line.

a-2) As the beginning of pass-phrase registration, the user does the key input of two or more suitable words for (1) and (2) respectively. (See example of the upper three lines of Fig. 1.) The user fills in the blank (1) and (2) of each line, and then submits them to the Web server. The Web server stores the received words to a pass-phrase memory module.

Here, when three sentences for pass-phrase are displayed in three lines, the user input...