Browse Prior Art Database

A Method and System for Creating a Composite Password

IP.com Disclosure Number: IPCOM000237425D
Publication Date: 2014-Jun-18
Document File: 2 page(s) / 35K

Publishing Venue

The IP.com Prior Art Database

Related People

Robbie Kirk: INVENTOR [+3]

Abstract

A method and system is disclosed for creating a composite password. The method and system enables a user to create the composite password by utilizing a set of stand-alone passwords.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 52% of the total text.

A Method and System for Creating a Composite Password

Abstract

A method and system is disclosed for creating a composite password.  The method and system enables a user to create the composite password by utilizing a set of stand-alone passwords.

Description

Disclosed is a method and system for creating a composite password.  The method and system enables a user to create the composite password, consisting of a set of passwords.  Here, strength of the composite password is similar to the strength of a randomly generated password.  The composite password is easy to remember as the composite password consists of multiple small passwords.  For example, it is easier to remember five English words than a string of nine characters consisting of at least one number, a symbol, and an upper and a lower case letter.  For creating the composite password, the user enters multiple passwords.  As each password is added, the method and system calculates bit strength of the composite password.  Once the bit strength reaches a specified threshold, the user is not required to add more passwords.  Thereafter, the passwords added by the user are saved.

During an authentication phase, the method and system enables the user to enter a set of passwords and then determines if the set of passwords validate against the saved passwords.  Here, an order of the set of passwords is not important for authentication of the user.  The user is authenticated if each stand-alone password from the composite password is entered correctly.

Each stand-alone password belongs to a domain, that is a collection of character types and number of characters, wherein, the domain is represented by a format such as, ({[character set]}, [length of password]).  For example, the domain of password123 is ({lowercase, number}, 11).  The domain is important as multiple passwords in the same domain reduce a probability of guessing the passwords.  The domain is utilized to determine the bit strength of a single password.  Here, the bit strength is determined from the domain of the password by performing a calculation, that is, bit strength = (Sum of each character set’s size) Length of password

Each composite password belongs to a composite domain that is the collection of domains of each stand-alone password.  Here, repetition of the domain is acceptable and the order of the domains is not important.  In order to simplify the repetition, each stand-alone domain is paired to number of occurrences.  The method and system determines the bit strength of the composite password, based on a formula, that is, bit strength = C(Sum of each unique stand-alone domain’s bit strength, Number of stand-alone passwords).  Here, C() denotes a choose function in combinatorics.

In an exemplary scenario, the bit strength of 5 separate words is compared to the...