Browse Prior Art Database

Hidden 2nd Factor authentication

IP.com Disclosure Number: IPCOM000248206D
Publication Date: 2016-Nov-09
Document File: 3 page(s) / 46K

Publishing Venue

The IP.com Prior Art Database

Abstract

People need to change their passwords periodically to meet modern requirement. However, we are limited in memory and we need to use many systems (web, windows application), and password should be complicated and different in each system. Some applications allow users to show their password. It may be vulnerable to supporters, technicians, and even hackers. Hidden 2nd Factor means a very short phrase you can remember and never save to any saved-password recommendation. This 2nd factor can be generated from Mobile application with hash function. This is quite useful when you need to change password frequently, as phrase "hello january" can be hashed to ab5 but the phrase "hello may" can be hashed to 2ky. Your login password to a system always is combination of two parts: normal password and H2F password.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 3

Hidden

Hidden

   We often need to remember many passwords, from web-based forms to client-server system, or even a machine. These passwords can be seen or hacked by hackers. Today, two or three factors in authentication is quite familiar.

   The disclosure suggests a system to create Hidden 2nd Factor (H2F) password for authentication. The system uses a hash function to create a shorter phrase from longer phrase.

   Hidden 2nd Factor means a very short phrase you can remember and never save it to any saved-password recommendation. Therefore, your login password to a system always combine of two parts: normal password and H2F password. Normal password can be saved but H2F password is kept in your mind and never typed out anywhere.

   This H2F is quite short, but strong enough, it can be 2-3 characters from normal ASCII. For example, it can be: 1v, 5ty, zN,….

   Moreover, the H2F password is attached to Mobile (smart phone) system, so it is considered as second factor for your authentication.

   User installs H2F Mobile Application (Smart phone application), and use his email as a login ID, and after activating, he gets password; he can use Mobile phone number as Login ID.

   He can login and use application to generate short password from a Long easily-remembered text. For example, he can type a long input as: "My cat is Peng" (that is quite familiar and easy to remember to him), and he chooses option "2 characters" to get "k6" as output. His login password to a system always combines of two parts: normalpassword and H2F password. The normal password can be saved to any systems, but H2F password is kept in his mind only.

   Moreover, the H2F password is attached to Mobile (smart phone) system and kept in his mind only, so it is second factor for authentication.

How it works:


1. User installs H2F Mobile Application (Smart phone application).

2. User registers his name to mobile application (central servers) (for example, use his email as a login ID, and after activation he gets password Or he can use Mobile phone number as Login ID).

3. He can login and use it to generate short password from a Long easily-remembered text. For example, he can type a long input as: "My cat is Peng" (that is quite familiar and easy to remember to him), and he choose option "2 characters" to get "k6" as output. Thanks to complicated digital certificate algorithm or so-called hash

1

222nd Factor authentication

nd Factor authentication



Page 02 of 3

function, this output is really secured and unique to an user. For example, even using the sam...