Browse Prior Art Database

Encrypted authentication method to protect password from I/O hacking and from phishing web sites

IP.com Disclosure Number: IPCOM000172804D
Original Publication Date: 2008-Jul-16
Included in the Prior Art Database: 2008-Jul-16
Document File: 3 page(s) / 111K

Publishing Venue

IBM

Abstract

Disclosed is a system to protect potential password data from I/O hacking and also from phishing web sites. To achieve this, an encryption method is proposed. The user can enter encrypted password rather than plain password that the user has in mind. This method requires a password, a key and an encryption table. And the encryption table will differ for each login. Since the password entered will be differ at each login even by knowing the password with I/O hacking won’t help the hacker. And even the phishing sites will not able to anything with the encrypted password.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 56% of the total text.

Page 1 of 3

Encrypted authentication method to protect password from I /O hacking and from phishing web sites

Author - Lakshmanan Velusamy

The encryption method consists of three major elements. They are password, a key and an encryption table. Password is chosen from a character set of length N characters. Key is a number which has N - 1 digits. Encryption table is a square matrix which has all characters in the character set considered for password with each character present only once in a column/row. SUDOKU table is an encryption table when the password is a number. To make the key more

powerful, 0 should be avoided in the key and also multiple occurrences of a single character.

At User/customer side:

     The customer/user is a person who is going to login and is assumed to know password & key. When the user enters login page he is provided with encryption table. A typical encryption table with alphabets is shown in Fig.1.

Take first character pair from the password. A password can have N-1 character pairs {(C

1, C2), (C2.C3), (C3, C4) … (C

                            )}. Different character pairing methods can be decided be followed. Based on the pairing method the length of the key will differ. Then choose any of the 'L' shape given in Fig.2. The L shape can be randomly chosen by user. It can be different at different logins. But for a single authentication the chosen 'L' is common for all the character pairs.

-2, CN-1), (C

Encryption table

     Choose a direction for the first character pair. For all other character pairs the direction is clockwise next direction of previous character pair. (If the login provider wishes either anti clockwise direction also can be used). The possible directions are shown in the Fig.3. There are two steps in encrypting character for a pair. The first one is finding the intersecting character. The intersecting character is = Char at ['L' shape's Vertical side (|) character's row] ['L' shape's Horizontal side (-) character's column].

     The next step is to find the encrypted character at a distance of the shift length from the intersecting character in the current direction. Ith digit in the key is used as Ith

pair's shifting

-1, C

N

N

N

Fig.1. Sample

1

[This page contains 1 picture or other non-text object]

Page 2 of 3

distance. This is done at modular fashion. i.e., if the end of table is reached before the shifting length the remaining no of characters are shifted from the opposite direction in the same row/column. The encrypted character will be e...