Browse Prior Art Database

A new kind of password mechanism - The dynamic password

IP.com Disclosure Number: IPCOM000234819D
Publication Date: 2014-Feb-10
Document File: 4 page(s) / 222K

Publishing Venue

The IP.com Prior Art Database

Abstract

That is the dynamic password mechanism and each time the user password is different. Users only need to remember the rule how to generate password. And the server also "understands" the rule for password and can generate same password for users to authenticate. This password mechanism is able to protect himself from Trojan and also easy to remember.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 4

A new kind of password mechanism

A new kind of password mechanism

Passwords, it is always facing leak possibility when it was born. With network extending, more and more passwords are applied to daily life. To avoid leak, most useful way is change the password periodically. Since everyone has many password need to be remembered and the password are store in difference server, it hard for user to change them together. Also Trojan Programs always try to steal password.

So we are looking for a new password mechanism to prevent it from Trojan and also easy to remember. That is the dynamic password. Users using dynamic password only need to remember a rule how to generate password. Each time the generated password is different. And the server also "understands" the rule for password and can generate same password as users to verify identity

Traditional logon authorization is using password certification. This password can be stolen by Trojan. By this new method, the user do not need to remember the password, instead, they need to remember the rule.

When user logon, the server provide a random double dimensional array and the user will generate one-off password with this array. And the same time the server which also "understands" user's rule will generate same one-off password and compare it with the one that user sent to it. If these 2 passwords are same, logon process continues, or logon fails.

Let's use an example to explain how to explain this new password mechanism.

When user logon, the website will generate an encrypted JPG which include the double dimensional array which is encrypted, the JPG also include current system time.

1

--- The dynamic password

The dynamic password



Page 02 of 4

For example, the rule of one user is as below, and this rule also be saved in server-side.

This is a six byte password.

The 1st character: Constant letter [q]

The 2nd character: Tens number of system hours [1]

The 3rd character: Character in line 7, column I. [?]
The 4th character: First letter in line 2. (Default A) [a]

The 5th character: Maximum number in line 8. (Default 0) [6]

The 6th character: Counter of letter in line 9. (Default 0) [7]

So we can generate the password for this time is [q1?a67], and also the service will generate the same password to verify identify.

Advantage

Advantage: :


1. This method prevent user password from being stolen by Trojan software by sending encryption JPG. Each logon, the password is different because the random array will be different every time. Hackers can steal current password, but he can


' t login next time with it.


2. The JPG is in a particular picture encrypted on server side before sending to client. After server processing, the picture is able to recognized visually only but not software or program any more. The new method utilizes the encrypted method to encrypt picture and enhances the password r...