Browse Prior Art Database

System and Method for preventing password leakage

IP.com Disclosure Number: IPCOM000244392D
Publication Date: 2015-Dec-09

Publishing Venue

The IP.com Prior Art Database

Abstract

The idea is to protect the password by notifying the user before submitting the wrong password for the different target service. The core idea for our password leakage prevention system is described as following two parts: 1. Store ID/Password a. Use browser extensions to save the password of the frequently visited websites that you want to protect. This fulfils the purpose of using our system across the browsers. b. The password are saved by hash function with encryption on cloud for multiple devices. 2. Prevent password leakage a. Use distance algorithm to calculate the correlation strength of the password while typing in order to receive the real time feedback. b. Use visual presentation for the relationship between the password you are typing and the saved password for other web sites.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 47% of the total text.

Page 01 of 13

System and Method for preventing password leakage

Nowadays, there are many different services and online applications which need ID/password for authentication, among them, some services will ask for your email address as registered IDs. For example, a shopping website might ask you to use mail account as ID, for security concern, most of users might register

with mail account but using another password as the website might not be so secure.

However, you might type the password for mail inadvertently instead of the original weak password when you log in next time. If it is a malicious website which aim to phishing your credentials, it might record the password you typed, send back wrong password notification to trap user into providing all the other passwords.

So here comes up a idea which can protect the strong passwords from leaking to weak authentication chain.

The idea is to protect the password by notifying the user before submitting the wrong password for the different target service.

The core idea for our password leakage prevention system is described as following two parts: 1. Store ID/Password
a. Use browser extensions to save the password of the frequently visited websites that you want to protect. This fulfils the purpose of using our system across the browsers.

b. The password are saved by hash function with encryption on cloud for multiple devices.

2. Prevent password leakage
a. Use distance algorithm to calculate the correlation strength of the password while typing in order to receive the real time feedback.
b. Use visual presentation for the relationship between the password you are typing and the saved password for other web sites.

1



Page 02 of 13

Our claim is as following:

2



Page 03 of 13


1. Password transformation to convert plain text password to different hash values based on the transformation policies. The stored information is the hash values instead of the original password to preserve the confidentiality.

2. A mechanism to trigger the calculation of the similarities between passwords when user types the password.

3. An instant presentation to visualise the correlation strength of the password while typing.

[Advantages]

1. Provide a cross browsers, cross devices system to prevent password leakage.


2. Prevent important passwords leaking to other less secured web sites in order to secure other accounts from being hacked.


3. Visualise the correlation strength of the password while typing by using the distance algorithm.


4. Alert users that you are typing the password which is the same for other web sites.

According to Figure 1, there are two major components in our system. The first one is ID/Password Stored Engine and the second one is Similarity Computation Engine. Figure 2 illustrates the block diagram of our system.

The detail of each component will be described in the following section.

3



Page 04 of 13

Figure 2 System Block Diagram

[Store the ID/Password]

4



Page 05 of 13

5



Page 06 of 13

Figure 4 Store ID...