Browse Prior Art Database

Define And Store Customized Encrypt Arithmetic To Realize Dynamic Password

IP.com Disclosure Number: IPCOM000177242D
Original Publication Date: 2008-Dec-07
Included in the Prior Art Database: 2008-Dec-07
Document File: 9 page(s) / 224K

Publishing Venue

IBM

Abstract

Storing user-defined encrypt arithmetic in database instead of single static password to realize a dynamic password, in order to enhance security and dependability. When users set their password, the application can provide two ways as below: 1. Static password 2. Dynamic password If user wants a high security classification, they should use dynamic password. Using dynamic password allow user to set an encrypt arithmetic in particular qualification, meanwhile it will store this encrypt arithmetic into database instead of static password. When user login, application will response user some random information, then user can use those random information and the encrypt arithmetic they set before to work out password this time. In other words, the password stored in database ceases to be immovable characters and numbers, but will be some operational formula instead. In such case, as states and random number or other factors are different each time user login, the password will different too. Thereby we can have a dynamic password.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 28% of the total text.

Page 1 of 9

Define And Store Customized Encrypt Arithmetic To Realize Dynamic Password

The issue we met using current encrypt way:

Mostly people use a static password in protecting their personal information. In order to verify users' identity, users should have their own ID and password to access. For example: electronic banking account, online games account, commercial services on the net, email account and so on, most of them should be protected by a high security classification. But static password can not provide high security classification. It will cause some issues as below:
1. The static password can be easily decrypted because of the static password can not be changed when login everytime;
2. Some hacker software using keyboard data recorder, memory scan and catch password, net fishing attack, screen snapshot and so on methods to steal users' static password very simply.

Core idea:

Storing user-defined encrypt arithmetic in database instead of single static password to realize a dynamic password, in order to enhance security and dependability.

When users set their password, the application can provide two ways as below:
1. Static password
2. Dynamic password
If user wants a high security classification, they should use dynamic password. Using dynamic password allow user to set an encrypt arithmetic in particular qualification, meanwhile it will store this encrypt arithmetic into database instead of static password. When user login, application will response user some random information, then user can use those random information and the encrypt arithmetic they set before to work out password this time. In other words, the password stored in database ceases to be immovable characters and numbers, but will be some operational formula instead. In such case, as states and random number or other factors are different each time user login, the password will different too. Thereby we can have a dynamic password.

Comparing with known solutions: Solutions

Dynamic password(This disclosure)

Static password(Old)

PIN code or USB-key

anti-virus software

Middling

Operating cost Low Low High Middling Different

Every time login, the password is different, so it is hard to be stolen.
Using dynamic password can prevent password be stolen in ways

Every time login, the password is same. So it is not safe in protecting users' personal information.

Security classification:

High

Low

High

This solution has a high security classification but is not popular because of the high operating cost. Currently most electronic

Using anti-virus software is very popular. But anti-virus software can only prevent the known virus. For new and unknown virus,

1

Page 2 of 9

such as: keyboard data recorder, memory scan and catch password, net fishing attack, screen snapshot and so on.

On the other hand, it is easy to deploy in application.

banking account can sup...