SlideShare a Scribd company logo

Expanded password system - Reliable Identity Assurance

Download as PPT, PDF
Hitoshi Kokumai
Hitoshi Kokumai

Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password.

Technology
1 of 23
Expanded Password System - Reliable Identity Assurance - Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System (EPS) which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password. 22nd April , 2015
2 What is EPS? 1/3 Only texts are accepted As it were, we have no choice but to walk up a long steep staircase    Where we want to continue to use textual passwords Where we want to reduce the burden of textual passwords Where we want to make use of episodic image memory 3UVB9KUW 【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Free choices from, as it were, among staircases, escalators and lifts/elevators Low memory ceiling Very high memory ceilingHigh memory ceiling + +
There are several known pictures. I can easily find all of them right away. Only I can select all of them correctly. Practicable even in panic when images of episodic memory are registered Incorporating the function of generating high-entropy online passwords from hard-to-forget images and texts. Security of real/cyber-fused society hinges on online identity assurance Online identity assurance hinges on shared secrets, i.e. what we remember Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc What is EPS? 2/3 Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
4 What is EPS? 3/3 When unique matrices of images are allocated to different accounts with the EPS, those unique matrices of images will be telling you what images you could pick up as your passwords. Being able to recall strong passwords is one thing. Being able to recall the relations between accounts and the corresponding passwords is another. EPS frees us from the burden of managing the relations between accounts and the corresponding passwords. Account A Account B Account C Account D Account E, F, G, H, I, J, K, L-----------
5 Cybercrime & Password Predicament - White House cyber czar's goal: 'Kill the password dead' http://www.federalnewsradio.com/241/3646015/White-House-cyber-czars-goal-Kill-the-password-dead “He cited studies showing as much as 80 percent of cyber intrusions — "some ridiculously high number," he said — are caused by exploiting weak or stolen passwords.” - Cybercrime and espionage costs $445 billion annually http://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/09/8995291c-ecce- 11e3-9f5c-9075d5508f0a_story.html “CSIS used several methods to arrive at a range of estimates, from $375 billion to as much as $575 billion.” - Passwords Still Pose Big Security Risks http://www.paymentssource.com/news/passwords-still-pose-big-security-risks-3018257-1.html “Many “advanced data stealing attacks” happen simply from poor password practices.” - Soon Hackers May Topple Global Economy http://i-hls.com/2014/05/report-soon-hackers-may-topple-global-economy/?utm_source=rss&utm_medium=rss&utm_campaign=report-soon- hackers-may-topple-global-economy&utm_source=Meital&utm_medium=Meital&utm_campaign=RSS “Within the next five to seven years, as much as $21 trillion in global economic-value creation depends on robust cyber security”.
6 Alternatives to The Password? Biometrics? if it stops relying on a self-rescue password in case of false rejection Physical tokens ? if “Chip & PIN” without PIN (numerical password) is accepted PKI ? if we remember the 2048-bit private keys 2-factor/step authentication? if no password is used for any of the factors ID federations (single-sign-on services & password managing tools)? if no password is used as the master-password Patterns & Gestures? if we replay many of the complicated ones with 100% accuracy Passwords expanded to include known pictures as well as characters? This is the theme of this presentation.
7 Pioneer of Expanded Password System Humans can keep remembering only up to 5 passwords on average due to the cognitive limitation caused by “interference of memory”. Episodic image memories are the least subject to the interference of memory, which are the most suitable for the password.
8 What We Do Mnemonic Security, Inc. specializes in uniquely secure, highly user-oriented security verification, authorization and applied solutions based on long-term visual memories (or visualized episode memories), which are portable to an extremely wide platform base. Example of implementation on mobile-phone Pass-Symbols, in this case, are photos of the developer of Mnemonic Guard taken in his babyhood, his wife 30 years ago, dolls and toys that his grown-up daughters used to play 20 years ago. Some pictures have been processed - turned sepia, monochrome or blurred - to confuse the attacker. Our solution, Mnemonic Guard, can be applied on virtually any computing or communications device whether stand-alone or networked.
9 Technology – 1: Photos The screen has unforgettable images, which you feel are special, plus meaningless ones. All you need to do for verification is to find several 'memorable' pictures that you feel are special to you, which will be no effort to remember. The episodic/autobiographic image memories are the least vulnerable to the “interference of memory”. The above example uses old pictures of tens of years ago, including ones of family members such as a nephew and niece, pet you used to have, memorable scenery from holiday. Even if you need to verify for the first time in several years, you will be able to find those photos without any difficulty. You can verify safely, whenever, wherever and without fail Matrix could be 3 x 3 or 8 x 8 depending on what to protect
10 Technology – 2: Graphics If you do not have photo data at hand You need to remember images that you like as Pass- symbols from the screen. The screen itself acts as a reminder, and it is far easier to remember and less easy to forget than character passwords, because the screen contains a large volume of information. For example, you can register symbols making a story based on your own experiences, such as when I was living in 'Kyoto where there are many temples' , I used to take my 'dog' for a walk on my 'bike' , and I enjoyed a cup of 'coffee' afterwards. In this way, you can easily remember your Pass- symbols.
11 Technology – 3: Characters You can keep using characters on the same kind of matrix. If you select only 4 digits of [0123], for example, the data that are sent to the authentication server are not [0123] but the long sequence of identification codes allocated to each character/symbol. These long sequence of data are resilient against various threats of ID Theft on the Internet. If you like to continue to use characters With Mnemonic Guard, you can use photos, graphics and characters, say, all the visual objects as Pass-Symbols,
12 Technology – 4: Various types of memories There are three objects of memory A. Characters B. Patterns (Gesture included) C. Photos and Graphics There are two ways to use memories 1. Endeavor to memorize something afresh 2. Use something that was memorized many years ago and stills reside in our memory There are 6 combinations of the above. Features of them are as follows: 1A. Difficult to manage 1B. Difficult to manage 1C. Still difficult to manage though relatively easier than 1A and 1B. 2A. Vulnerable against guessing and dictionary-attacks 2B. Very weak in mathematical strength 2C. Strong and easy to manage Mnemonic Guard belongs to the category of 2C. It does not mean, however, that Mnemonic Guard rejects 1A/1B/1C/2A/2B. All of them can be freely practiced on the platform of Mnemonic Guard.
13 Technology – 5 : Against Shoulder Surfing As shown below, we mitigate the shoulder surfing problem by 1. enabling the user to shrink the picture size 2. enabling the user to type the alphabets allocated to each picture. The alphabets are randomly allocated on each access. 3. Anti-peeping films available on the market are also useful. The sequence of alphabets is different on each access, with onetime effect. Just after recognizing PassSymbols, we have no difficulty in clicking the pictures which are shrunk at the same locations.
14 Mnemonic Guard is revolutionary in that it exploits the nature of long-term visual memory or visualized episode memory. Those visual memories that were acquired in our youth and still reside in our brains are unlikely to evaporate over additional time. Mnemonic Guard is based on the mind’s ability to use long-term visual memories and it can easily be used by anyone in any environment. It is even practicable in panicky situations where character-based passwords might easily be forgotten. The Pitch - 1 For being easy for children to use, Mnemonic Guard was given Kids Design Award 2008 in Japan. At the other extreme, Mnemonic Guard is being recognized by information security professionals of the Japan’s military because locating pictures of pleasant old memories as against meaningless decoys can be performed by anyone even in a badly panicky environment. Easy-to-integrate security modules which prevent plagiarism, unauthorized access and data leakage from protected devices, including servers, desktops and cellular- devices. Authorized user access is simple and intuitive. Unauthorized access is greeted with a complete lockdown and deactivation of all the device’s functions.
15 The Pitch - 2 On the other hand, complicated passwords, which others have more difficulty guessing or cracking, are harder to remember, and are typically written down to keep at hand. Neither kind of character password can offer viably assured security. Password protection of devices and data has long been used as access verification for authorized users. Increasingly it is recognized that the conventional character password is not nearly safe enough. Passwords that anyone can remember are also easily guessed by other people or by cracking techniques. We provide exceptional ease-of-use coupled with virtually uncrackable security by using ‘Sequenced Pass-Symbols’ for a security solution that users should never forget and that crackers should never defeat. The principal innovation of Mnemonic Guard is that it fully utilizes the persistent nature of long-term memory that had been acquired many years ago. Once stored in the user’s memory as the symbolic sequenced pass-symbols, they are burned in by neurological means creating a security code that will not easily be forgotten, even after considerable passage of time.
16 Take up Windows NT/XP, which is particularly vulnerable as the result of LM Hash value storage. It is of little use to register up to 14 password digits unless the LM Hash storage is deactivated. And password-cracking software that can break the LM Hash is freely downloadable from the Internet. Our solution defends against this vulnerability allowing Windows to register passwords in excess of 15 digits using Mnemonic Guard to manage the long password internally while users need only to remember a simple visual sequence. The Pitch - 3 Mnemonic Guard is also unique in that it will allow repeated mistakes that authorized users are likely to make, and provide the user multiple opportunities to enter the proper sequence. Significantly, our product has functionality to positively identify non-authorized users based on the nature of their entry errors. It detects mistakes that an authorized user is unlikely to make, such as selecting only wrong images, and shuts out impersonators expertly. Mnemonic Guard also features an ‘Emergency Button’ function allowing for a specific secret image, when entered, to silently alert the program and thus the proper authorities to the presence of intimidators which may require immediate action.
17 Current Product Lineup   Mnemonic Guard Library for general purpose   MG for online-access       MG for onetime password generation     MG for single sign on password-manager   MG for PC logon       MG for smart devices logon              CryptoMnemo : MG-based encryption solutions Authority-distributed CryptoMnemo: prevention of insiders’ crime   Remark: 4 million dollars have been invested into development of the above product lineup.
18 Phish Fighting: Mnemonic Guard shows the same effect as the RSA Security’s SiteKey when users have registered their own unique images on-line. And this phisher-repellent effect is inherently built into the user verification function of Mnemonic Guard. Furthermore, when the verification images are displayed randomly, at different positions on each access, the phishing cost of capturing such ever-changing verification screens for each user would become astronomical. Applies Solutions -1 In addition to the base product for enhancing the user’s Security Experience, Mnemonic Guard can also serve as the foundation for complex applied solutions such as follows: Neutralizing Trojan Horses: Current "Onetime-password" systems available on the market verify only the identity of the tokens and/or cellular-devices that generate and/or receive the random numbers. A password or PIN that must be fed to PCs for verification of token/phone ownership would be exposed to Trojan horses. The onetime-password system that is built with Mnemonic Guard can prove the identity of the cellular-phone which receives verification pictures with random characters along with the identity of the person who must be able to recognize the characters allocated to the correct pictures. The whole verification data stream that a Trojan horse might capture is a onetime event. Thus, the data stream can be stolen but is entirely useless as it cannot be used.
19 Hardening Protection of Classified Data: An encryption key, which had been destroyed at the end of the previous run, will be reproduced from the verification data of Mnemonic Guard when (only when) 3 out of up to 10 registered operators work together. In this situation, it would be of no use to steal the verification data of a single operator. The attacker would have to steal from three operators at a time. This effectively discourages attackers who might otherwise attempt to intimidate the manager of classified data into surrender. Making ID federations the least vulnerable: ID federations should only be recommended with caveats that it provides a single point of failure that is not unlike the reuse of one password across many accounts. By making the master-password the strongest possible, Mnemonic Guard will help make ID federations the least vulnerable. With all the possible forms of products in scope and considering the broad range of applicable platforms, the business of Mnemonic Guard and its applied solutions could not be insignificant at the end of the day. Applies Solutions -2
20 Competitive Landscape 3. Those who offer simple graphical passwords: Graphical passwords are comparatively easier to manage than character-based passwords, but only comparatively. Our solutions, are explicitly based on long-term visual memories, and the innate abilities of the human mind are different, and we believe much better. 1. Those who still recommend character-based passwords: Computers become ever more powerful, subsequently it is ever more difficult to manage passwords which have to become ever longer and complex. Conversely, powerful computers, however, also bring down the cost of handling digital images, which indicates that our solutions will increase in benefit and decrease in processing costs in years to come. 2. Those who offer onetime-password-generating/receiving tokens/phones : Such onetime-passwords prove only the identity of the token/phone, not the person. Our solutions directly verifies the identity of a person. 4. Those who recommend identification technologies: Tokens and biometrics, which could be practiced by somebody else while the user is unconscious, are not the appropriate user authentication means on their own, but they could be good auxiliary means to memory-based user authentication.
21 Intellectual Property Rights Two patents are established in Japan and one in USA that are related to making use of visualized episodic memory for computerized user authentication, algorithm of differentiating the sort of mistakes the legitimate user can easily make from the sort of mistakes the legitimate user is unlikely to make, registering an emergency symbol to silently tell the presence of the intimidator. Another patent in USA is about mutually verifying the visual memories in the user’s brain and in the memory device of the authentication system. We own the copyrights of all the software products and applied solutions sold under the trademarks of “Mnemonic Guard”, “CryptoMnemo” and “Anonymity Guard”. (Those trademarks are registered in Japan.)
22 Videos & Documents VIDEOS * The standard operation of Mnemonic Guard is shown at http://www.youtube.com/watch?v=UO_1fEp2jFo * The simplified version on a smart phone at http://www.youtube.com/watch?v=Q8kGNeIS2Lc * The operation of Password Reminder Kit Smart Use of PIN & Password) at http://youtu.be/cXTYffGHNS4 DOCUMENTS The merits of Expanded Password System are closely discussed at http://mneme.blog.eonet.jp/default/files/proposition_of_expanded_password_system.pdf The outline of 2-factor Onetime Mnemonic Guard is available at http://mneme.blog.eonet.jp/default/files/onetimemnemonicguard_benefits.pdf The outlines of CryptoMnemo and Authority-distributed CrytoMnemo are posted at http://mneme.blog.eonet.jp/default/files/Cryptmnemo.pdf http://mneme.blog.eonet.jp/default/files/authoritydistributed_cryptomnemo.pdf
23 Endorsement,Alliance & Contact Endorsement JIPDEC: http://www.jipdec.or.jp/eng/index.html JSSM: http://www.jssm.net/jssm/globe.htm Prof. Hideki Imai (Chairman of CRYPTREC) http://www.cryptrec.go.jp/english/index.html Prof. Osamu Sudo (Tokyo University) http://www.iii.u-tokyo.ac.jp/en/professor.php?id=884 Alliance CRESCO, NEC, FUJITSU, AXSEED, etc. Contact Hitoshi-Jin Kokumai, president of Mnemonic Security, Inc. and the architect of Mnemonic Guard, is available for direct contact in English at kokumai@mneme.co.jp +81-90-5460-7350 (mobile) Skype: kokumaiskype For Further Information English website:   http://www.mneme.co.jp/english/index.html English blogiste: http://mnemonicguard.blogspot.com/ (not yet as comprehensive as Japanese pages, though)

Recommended

Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
Hitoshi Kokumai
 
Graphical Password by Watermarking for security
Graphical Password by Watermarking for securityGraphical Password by Watermarking for security
Graphical Password by Watermarking for security
IJERA Editor
 
A Survey of User Authentication Schemes for Mobile Device
A Survey of User Authentication Schemes for Mobile DeviceA Survey of User Authentication Schemes for Mobile Device
A Survey of User Authentication Schemes for Mobile Device
IJMER
 
J0704055058
J0704055058J0704055058
J0704055058IJERD Editor
 
Pass byo bring your own picture for securing graphical passwords
Pass byo bring your own picture for securing graphical passwordsPass byo bring your own picture for securing graphical passwords
Pass byo bring your own picture for securing graphical passwords
LeMeniz Infotech
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
A Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsA Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click Points
IJMER
 
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMA SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
Nexgen Technology
 

Recommended

Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018
Hitoshi Kokumai
 
Graphical Password by Watermarking for security
Graphical Password by Watermarking for securityGraphical Password by Watermarking for security
Graphical Password by Watermarking for security
IJERA Editor
 
A Survey of User Authentication Schemes for Mobile Device
A Survey of User Authentication Schemes for Mobile DeviceA Survey of User Authentication Schemes for Mobile Device
A Survey of User Authentication Schemes for Mobile Device
IJMER
 
J0704055058
J0704055058J0704055058
J0704055058IJERD Editor
 
Pass byo bring your own picture for securing graphical passwords
Pass byo bring your own picture for securing graphical passwordsPass byo bring your own picture for securing graphical passwords
Pass byo bring your own picture for securing graphical passwords
LeMeniz Infotech
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
A Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsA Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click Points
IJMER
 
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMA SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEM
Nexgen Technology
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authenticationAsim Kumar Pathak
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
Abha nandan
 
Rorschach Based Security for Smartphones
Rorschach Based Security for SmartphonesRorschach Based Security for Smartphones
Rorschach Based Security for Smartphones
ijsrd.com
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authenticationAkhil Kumar
 
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyGraphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
IJSRD
 
Graphical password authentication using Pass faces
Graphical password authentication using Pass facesGraphical password authentication using Pass faces
Graphical password authentication using Pass faces
IJERA Editor
 
Graphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signatureGraphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signature
eSAT Journals
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
IOSR Journals
 
A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1Shaibi Varkey
 
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET Journal
 
Folder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication SchemeFolder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication Scheme
paperpublications3
 
Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...
Alexander Decker
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
shalini singh
 
Graphical password minor report
Graphical password minor reportGraphical password minor report
Graphical password minor report
Love Kothari
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
IOSR Journals
 
3D password
3D password3D password
3D password
anuradha srivastava
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1Swagato Dey
 
Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...
ijtsrd
 
Graphical password
Graphical passwordGraphical password
Graphical passwordvitam,berhampur
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
Hitoshi Kokumai
 
SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016
Rick Van Rousselt
 
Portfolio
PortfolioPortfolio
Portfolioscot scollon
 

More Related Content

What's hot

Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authenticationAsim Kumar Pathak
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
Abha nandan
 
Rorschach Based Security for Smartphones
Rorschach Based Security for SmartphonesRorschach Based Security for Smartphones
Rorschach Based Security for Smartphones
ijsrd.com
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authenticationAkhil Kumar
 
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyGraphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
IJSRD
 
Graphical password authentication using Pass faces
Graphical password authentication using Pass facesGraphical password authentication using Pass faces
Graphical password authentication using Pass faces
IJERA Editor
 
Graphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signatureGraphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signature
eSAT Journals
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
IOSR Journals
 
A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1Shaibi Varkey
 
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET Journal
 
Folder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication SchemeFolder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication Scheme
paperpublications3
 
Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...
Alexander Decker
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
shalini singh
 
Graphical password minor report
Graphical password minor reportGraphical password minor report
Graphical password minor report
Love Kothari
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
IOSR Journals
 
3D password
3D password3D password
3D password
anuradha srivastava
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1Swagato Dey
 
Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...
ijtsrd
 

What's hot (19)

Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
 
Rorschach Based Security for Smartphones
Rorschach Based Security for SmartphonesRorschach Based Security for Smartphones
Rorschach Based Security for Smartphones
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
 
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyGraphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
 
Graphical password authentication using Pass faces
Graphical password authentication using Pass facesGraphical password authentication using Pass faces
Graphical password authentication using Pass faces
 
Graphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signatureGraphical password authentication using pccp with sound signature
Graphical password authentication using pccp with sound signature
 
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...Implementation of Knowledge Based Authentication System Using Persuasive Cued...
Implementation of Knowledge Based Authentication System Using Persuasive Cued...
 
A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1
 
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
IRJET- Multi-Factor Authentication based on Game Mode for Android Applica...
 
Folder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication SchemeFolder Security Using Graphical Password Authentication Scheme
Folder Security Using Graphical Password Authentication Scheme
 
Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...Graphical password based hybrid authentication system for smart hand held dev...
Graphical password based hybrid authentication system for smart hand held dev...
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
 
Graphical password minor report
Graphical password minor reportGraphical password minor report
Graphical password minor report
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
 
3D password
3D password3D password
3D password
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1
 
Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...Graphical Password Authentication using image Segmentation for Web Based Appl...
Graphical Password Authentication using image Segmentation for Web Based Appl...
 
Graphical password
Graphical passwordGraphical password
Graphical password
 

Viewers also liked

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
Hitoshi Kokumai
 
SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016
Rick Van Rousselt
 
Homoparentalidade: que familias que experiencias?
Homoparentalidade: que familias que experiencias?Homoparentalidade: que familias que experiencias?
Homoparentalidade: que familias que experiencias?
Pedro Alexandre Costa
 
Filhos Por AdoçãO Congresso Psicossocial JuríDico
Filhos Por AdoçãO Congresso Psicossocial JuríDicoFilhos Por AdoçãO Congresso Psicossocial JuríDico
Filhos Por AdoçãO Congresso Psicossocial JuríDico
FAdotivos
 
Parentalidade edicao
Parentalidade edicaoParentalidade edicao
Parentalidade edicaoSilvia Dias
 
A protecção social dos trabalhadores, Isabel Viseu
A protecção social dos trabalhadores, Isabel ViseuA protecção social dos trabalhadores, Isabel Viseu
A protecção social dos trabalhadores, Isabel Viseucomunidades@ina
 
Novembro jardim
Novembro jardimNovembro jardim
Novembro jardim
patronatobonanca
 
Novembro creche
Novembro crecheNovembro creche
Novembro creche
patronatobonanca
 
A Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyA Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer Privacy
Aurélie Pols
 
Dimensionamento bt
Dimensionamento btDimensionamento bt
Dimensionamento bt
Daniel Santos
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Aurélie Pols
 
Fevereiro creche
Fevereiro crecheFevereiro creche
Fevereiro creche
patronatobonanca
 
¿Directivos en su torre de marfil?
¿Directivos en su torre de marfil?¿Directivos en su torre de marfil?
¿Directivos en su torre de marfil?
Santiago Garcia
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 

Viewers also liked (17)

Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016SharePoint Saturday Barcelona 2016
SharePoint Saturday Barcelona 2016
 
Portfolio
PortfolioPortfolio
Portfolio
 
Homoparentalidade: que familias que experiencias?
Homoparentalidade: que familias que experiencias?Homoparentalidade: que familias que experiencias?
Homoparentalidade: que familias que experiencias?
 
Filhos Por AdoçãO Congresso Psicossocial JuríDico
Filhos Por AdoçãO Congresso Psicossocial JuríDicoFilhos Por AdoçãO Congresso Psicossocial JuríDico
Filhos Por AdoçãO Congresso Psicossocial JuríDico
 
Parentalidade edicao
Parentalidade edicaoParentalidade edicao
Parentalidade edicao
 
Drorlandacruz
DrorlandacruzDrorlandacruz
Drorlandacruz
 
A protecção social dos trabalhadores, Isabel Viseu
A protecção social dos trabalhadores, Isabel ViseuA protecção social dos trabalhadores, Isabel Viseu
A protecção social dos trabalhadores, Isabel Viseu
 
Novembro jardim
Novembro jardimNovembro jardim
Novembro jardim
 
Novembro creche
Novembro crecheNovembro creche
Novembro creche
 
A Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer PrivacyA Framework of Purpose and Consent for Data Security and Consumer Privacy
A Framework of Purpose and Consent for Data Security and Consumer Privacy
 
Parentalidade
ParentalidadeParentalidade
Parentalidade
 
Dimensionamento bt
Dimensionamento btDimensionamento bt
Dimensionamento bt
 
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyStorm on the Horizon: Data Governance & Security vs. Employee Privacy
Storm on the Horizon: Data Governance & Security vs. Employee Privacy
 
Fevereiro creche
Fevereiro crecheFevereiro creche
Fevereiro creche
 
¿Directivos en su torre de marfil?
¿Directivos en su torre de marfil?¿Directivos en su torre de marfil?
¿Directivos en su torre de marfil?
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse final
 

Similar to Expanded password system - Reliable Identity Assurance

Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Hitoshi Kokumai
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
Hitoshi Kokumai
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
Hitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
Hitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
Hitoshi Kokumai
 
Synopsis
SynopsisSynopsis
Synopsis
Love Kothari
 
Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak 3 dpassword (2)
Deepak 3 dpassword (2)
Deepak Choudhary
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyGraphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
IJSRD
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
Hitoshi Kokumai
 
Intro to web 2.0 Security
Intro to web 2.0 SecurityIntro to web 2.0 Security
Intro to web 2.0 Security
JP Bourget
 
3D - password
3D - password3D - password
3D - password
BhavikParmar24
 
Pptforpicturepasswordauthentication 130125073736-phpapp02
Pptforpicturepasswordauthentication 130125073736-phpapp02Pptforpicturepasswordauthentication 130125073736-phpapp02
Pptforpicturepasswordauthentication 130125073736-phpapp02
Umesh Kumar
 
Graphical authintication
Graphical authinticationGraphical authintication
Graphical authintication
Tapesh Chalisgaonkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Cyber security for journalists
Cyber security for journalistsCyber security for journalists
Cyber security for journalists
Shanmugavel Sankaran
 
3d passwords
3d passwords 3d passwords
3d passwords
Sunanda Bansal
 
Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Kailas Patil
 

Similar to Expanded password system - Reliable Identity Assurance (20)

Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)
 
Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic Memory
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
Synopsis
SynopsisSynopsis
Synopsis
 
Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak 3 dpassword (2)
Deepak 3 dpassword (2)
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyGraphical Based Password for Android Phones using Keystroke Dynamics - A Survey
Graphical Based Password for Android Phones using Keystroke Dynamics - A Survey
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 
Intro to web 2.0 Security
Intro to web 2.0 SecurityIntro to web 2.0 Security
Intro to web 2.0 Security
 
3D - password
3D - password3D - password
3D - password
 
Pptforpicturepasswordauthentication 130125073736-phpapp02
Pptforpicturepasswordauthentication 130125073736-phpapp02Pptforpicturepasswordauthentication 130125073736-phpapp02
Pptforpicturepasswordauthentication 130125073736-phpapp02
 
Graphical authintication
Graphical authinticationGraphical authintication
Graphical authintication
 
Ce36484489
Ce36484489Ce36484489
Ce36484489
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Cyber security for journalists
Cyber security for journalistsCyber security for journalists
Cyber security for journalists
 
3d passwords
3d passwords 3d passwords
3d passwords
 
Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222Volume 1 number-2pp-216-222
Volume 1 number-2pp-216-222
 

More from Hitoshi Kokumai

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
Hitoshi Kokumai
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
Hitoshi Kokumai
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and Memory
Hitoshi Kokumai
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
Hitoshi Kokumai
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Hitoshi Kokumai
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
Hitoshi Kokumai
 

More from Hitoshi Kokumai (6)

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
 
Updated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and MemoryUpdated: Identity Assurance by Our Own Volition and Memory
Updated: Identity Assurance by Our Own Volition and Memory
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 

Expanded password system - Reliable Identity Assurance

  • 1. Expanded Password System - Reliable Identity Assurance - Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System (EPS) which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password. 22nd April , 2015
  • 2. 2 What is EPS? 1/3 Only texts are accepted As it were, we have no choice but to walk up a long steep staircase    Where we want to continue to use textual passwords Where we want to reduce the burden of textual passwords Where we want to make use of episodic image memory 3UVB9KUW 【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Free choices from, as it were, among staircases, escalators and lifts/elevators Low memory ceiling Very high memory ceilingHigh memory ceiling + +
  • 3. There are several known pictures. I can easily find all of them right away. Only I can select all of them correctly. Practicable even in panic when images of episodic memory are registered Incorporating the function of generating high-entropy online passwords from hard-to-forget images and texts. Security of real/cyber-fused society hinges on online identity assurance Online identity assurance hinges on shared secrets, i.e. what we remember Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc What is EPS? 2/3 Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
  • 4. 4 What is EPS? 3/3 When unique matrices of images are allocated to different accounts with the EPS, those unique matrices of images will be telling you what images you could pick up as your passwords. Being able to recall strong passwords is one thing. Being able to recall the relations between accounts and the corresponding passwords is another. EPS frees us from the burden of managing the relations between accounts and the corresponding passwords. Account A Account B Account C Account D Account E, F, G, H, I, J, K, L-----------
  • 5. 5 Cybercrime & Password Predicament - White House cyber czar's goal: 'Kill the password dead' http://www.federalnewsradio.com/241/3646015/White-House-cyber-czars-goal-Kill-the-password-dead “He cited studies showing as much as 80 percent of cyber intrusions — "some ridiculously high number," he said — are caused by exploiting weak or stolen passwords.” - Cybercrime and espionage costs $445 billion annually http://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/09/8995291c-ecce- 11e3-9f5c-9075d5508f0a_story.html “CSIS used several methods to arrive at a range of estimates, from $375 billion to as much as $575 billion.” - Passwords Still Pose Big Security Risks http://www.paymentssource.com/news/passwords-still-pose-big-security-risks-3018257-1.html “Many “advanced data stealing attacks” happen simply from poor password practices.” - Soon Hackers May Topple Global Economy http://i-hls.com/2014/05/report-soon-hackers-may-topple-global-economy/?utm_source=rss&utm_medium=rss&utm_campaign=report-soon- hackers-may-topple-global-economy&utm_source=Meital&utm_medium=Meital&utm_campaign=RSS “Within the next five to seven years, as much as $21 trillion in global economic-value creation depends on robust cyber security”.
  • 6. 6 Alternatives to The Password? Biometrics? if it stops relying on a self-rescue password in case of false rejection Physical tokens ? if “Chip & PIN” without PIN (numerical password) is accepted PKI ? if we remember the 2048-bit private keys 2-factor/step authentication? if no password is used for any of the factors ID federations (single-sign-on services & password managing tools)? if no password is used as the master-password Patterns & Gestures? if we replay many of the complicated ones with 100% accuracy Passwords expanded to include known pictures as well as characters? This is the theme of this presentation.
  • 7. 7 Pioneer of Expanded Password System Humans can keep remembering only up to 5 passwords on average due to the cognitive limitation caused by “interference of memory”. Episodic image memories are the least subject to the interference of memory, which are the most suitable for the password.
  • 8. 8 What We Do Mnemonic Security, Inc. specializes in uniquely secure, highly user-oriented security verification, authorization and applied solutions based on long-term visual memories (or visualized episode memories), which are portable to an extremely wide platform base. Example of implementation on mobile-phone Pass-Symbols, in this case, are photos of the developer of Mnemonic Guard taken in his babyhood, his wife 30 years ago, dolls and toys that his grown-up daughters used to play 20 years ago. Some pictures have been processed - turned sepia, monochrome or blurred - to confuse the attacker. Our solution, Mnemonic Guard, can be applied on virtually any computing or communications device whether stand-alone or networked.
  • 9. 9 Technology – 1: Photos The screen has unforgettable images, which you feel are special, plus meaningless ones. All you need to do for verification is to find several 'memorable' pictures that you feel are special to you, which will be no effort to remember. The episodic/autobiographic image memories are the least vulnerable to the “interference of memory”. The above example uses old pictures of tens of years ago, including ones of family members such as a nephew and niece, pet you used to have, memorable scenery from holiday. Even if you need to verify for the first time in several years, you will be able to find those photos without any difficulty. You can verify safely, whenever, wherever and without fail Matrix could be 3 x 3 or 8 x 8 depending on what to protect
  • 10. 10 Technology – 2: Graphics If you do not have photo data at hand You need to remember images that you like as Pass- symbols from the screen. The screen itself acts as a reminder, and it is far easier to remember and less easy to forget than character passwords, because the screen contains a large volume of information. For example, you can register symbols making a story based on your own experiences, such as when I was living in 'Kyoto where there are many temples' , I used to take my 'dog' for a walk on my 'bike' , and I enjoyed a cup of 'coffee' afterwards. In this way, you can easily remember your Pass- symbols.
  • 11. 11 Technology – 3: Characters You can keep using characters on the same kind of matrix. If you select only 4 digits of [0123], for example, the data that are sent to the authentication server are not [0123] but the long sequence of identification codes allocated to each character/symbol. These long sequence of data are resilient against various threats of ID Theft on the Internet. If you like to continue to use characters With Mnemonic Guard, you can use photos, graphics and characters, say, all the visual objects as Pass-Symbols,
  • 12. 12 Technology – 4: Various types of memories There are three objects of memory A. Characters B. Patterns (Gesture included) C. Photos and Graphics There are two ways to use memories 1. Endeavor to memorize something afresh 2. Use something that was memorized many years ago and stills reside in our memory There are 6 combinations of the above. Features of them are as follows: 1A. Difficult to manage 1B. Difficult to manage 1C. Still difficult to manage though relatively easier than 1A and 1B. 2A. Vulnerable against guessing and dictionary-attacks 2B. Very weak in mathematical strength 2C. Strong and easy to manage Mnemonic Guard belongs to the category of 2C. It does not mean, however, that Mnemonic Guard rejects 1A/1B/1C/2A/2B. All of them can be freely practiced on the platform of Mnemonic Guard.
  • 13. 13 Technology – 5 : Against Shoulder Surfing As shown below, we mitigate the shoulder surfing problem by 1. enabling the user to shrink the picture size 2. enabling the user to type the alphabets allocated to each picture. The alphabets are randomly allocated on each access. 3. Anti-peeping films available on the market are also useful. The sequence of alphabets is different on each access, with onetime effect. Just after recognizing PassSymbols, we have no difficulty in clicking the pictures which are shrunk at the same locations.
  • 14. 14 Mnemonic Guard is revolutionary in that it exploits the nature of long-term visual memory or visualized episode memory. Those visual memories that were acquired in our youth and still reside in our brains are unlikely to evaporate over additional time. Mnemonic Guard is based on the mind’s ability to use long-term visual memories and it can easily be used by anyone in any environment. It is even practicable in panicky situations where character-based passwords might easily be forgotten. The Pitch - 1 For being easy for children to use, Mnemonic Guard was given Kids Design Award 2008 in Japan. At the other extreme, Mnemonic Guard is being recognized by information security professionals of the Japan’s military because locating pictures of pleasant old memories as against meaningless decoys can be performed by anyone even in a badly panicky environment. Easy-to-integrate security modules which prevent plagiarism, unauthorized access and data leakage from protected devices, including servers, desktops and cellular- devices. Authorized user access is simple and intuitive. Unauthorized access is greeted with a complete lockdown and deactivation of all the device’s functions.
  • 15. 15 The Pitch - 2 On the other hand, complicated passwords, which others have more difficulty guessing or cracking, are harder to remember, and are typically written down to keep at hand. Neither kind of character password can offer viably assured security. Password protection of devices and data has long been used as access verification for authorized users. Increasingly it is recognized that the conventional character password is not nearly safe enough. Passwords that anyone can remember are also easily guessed by other people or by cracking techniques. We provide exceptional ease-of-use coupled with virtually uncrackable security by using ‘Sequenced Pass-Symbols’ for a security solution that users should never forget and that crackers should never defeat. The principal innovation of Mnemonic Guard is that it fully utilizes the persistent nature of long-term memory that had been acquired many years ago. Once stored in the user’s memory as the symbolic sequenced pass-symbols, they are burned in by neurological means creating a security code that will not easily be forgotten, even after considerable passage of time.
  • 16. 16 Take up Windows NT/XP, which is particularly vulnerable as the result of LM Hash value storage. It is of little use to register up to 14 password digits unless the LM Hash storage is deactivated. And password-cracking software that can break the LM Hash is freely downloadable from the Internet. Our solution defends against this vulnerability allowing Windows to register passwords in excess of 15 digits using Mnemonic Guard to manage the long password internally while users need only to remember a simple visual sequence. The Pitch - 3 Mnemonic Guard is also unique in that it will allow repeated mistakes that authorized users are likely to make, and provide the user multiple opportunities to enter the proper sequence. Significantly, our product has functionality to positively identify non-authorized users based on the nature of their entry errors. It detects mistakes that an authorized user is unlikely to make, such as selecting only wrong images, and shuts out impersonators expertly. Mnemonic Guard also features an ‘Emergency Button’ function allowing for a specific secret image, when entered, to silently alert the program and thus the proper authorities to the presence of intimidators which may require immediate action.
  • 17. 17 Current Product Lineup   Mnemonic Guard Library for general purpose   MG for online-access       MG for onetime password generation     MG for single sign on password-manager   MG for PC logon       MG for smart devices logon              CryptoMnemo : MG-based encryption solutions Authority-distributed CryptoMnemo: prevention of insiders’ crime   Remark: 4 million dollars have been invested into development of the above product lineup.
  • 18. 18 Phish Fighting: Mnemonic Guard shows the same effect as the RSA Security’s SiteKey when users have registered their own unique images on-line. And this phisher-repellent effect is inherently built into the user verification function of Mnemonic Guard. Furthermore, when the verification images are displayed randomly, at different positions on each access, the phishing cost of capturing such ever-changing verification screens for each user would become astronomical. Applies Solutions -1 In addition to the base product for enhancing the user’s Security Experience, Mnemonic Guard can also serve as the foundation for complex applied solutions such as follows: Neutralizing Trojan Horses: Current "Onetime-password" systems available on the market verify only the identity of the tokens and/or cellular-devices that generate and/or receive the random numbers. A password or PIN that must be fed to PCs for verification of token/phone ownership would be exposed to Trojan horses. The onetime-password system that is built with Mnemonic Guard can prove the identity of the cellular-phone which receives verification pictures with random characters along with the identity of the person who must be able to recognize the characters allocated to the correct pictures. The whole verification data stream that a Trojan horse might capture is a onetime event. Thus, the data stream can be stolen but is entirely useless as it cannot be used.
  • 19. 19 Hardening Protection of Classified Data: An encryption key, which had been destroyed at the end of the previous run, will be reproduced from the verification data of Mnemonic Guard when (only when) 3 out of up to 10 registered operators work together. In this situation, it would be of no use to steal the verification data of a single operator. The attacker would have to steal from three operators at a time. This effectively discourages attackers who might otherwise attempt to intimidate the manager of classified data into surrender. Making ID federations the least vulnerable: ID federations should only be recommended with caveats that it provides a single point of failure that is not unlike the reuse of one password across many accounts. By making the master-password the strongest possible, Mnemonic Guard will help make ID federations the least vulnerable. With all the possible forms of products in scope and considering the broad range of applicable platforms, the business of Mnemonic Guard and its applied solutions could not be insignificant at the end of the day. Applies Solutions -2
  • 20. 20 Competitive Landscape 3. Those who offer simple graphical passwords: Graphical passwords are comparatively easier to manage than character-based passwords, but only comparatively. Our solutions, are explicitly based on long-term visual memories, and the innate abilities of the human mind are different, and we believe much better. 1. Those who still recommend character-based passwords: Computers become ever more powerful, subsequently it is ever more difficult to manage passwords which have to become ever longer and complex. Conversely, powerful computers, however, also bring down the cost of handling digital images, which indicates that our solutions will increase in benefit and decrease in processing costs in years to come. 2. Those who offer onetime-password-generating/receiving tokens/phones : Such onetime-passwords prove only the identity of the token/phone, not the person. Our solutions directly verifies the identity of a person. 4. Those who recommend identification technologies: Tokens and biometrics, which could be practiced by somebody else while the user is unconscious, are not the appropriate user authentication means on their own, but they could be good auxiliary means to memory-based user authentication.
  • 21. 21 Intellectual Property Rights Two patents are established in Japan and one in USA that are related to making use of visualized episodic memory for computerized user authentication, algorithm of differentiating the sort of mistakes the legitimate user can easily make from the sort of mistakes the legitimate user is unlikely to make, registering an emergency symbol to silently tell the presence of the intimidator. Another patent in USA is about mutually verifying the visual memories in the user’s brain and in the memory device of the authentication system. We own the copyrights of all the software products and applied solutions sold under the trademarks of “Mnemonic Guard”, “CryptoMnemo” and “Anonymity Guard”. (Those trademarks are registered in Japan.)
  • 22. 22 Videos & Documents VIDEOS * The standard operation of Mnemonic Guard is shown at http://www.youtube.com/watch?v=UO_1fEp2jFo * The simplified version on a smart phone at http://www.youtube.com/watch?v=Q8kGNeIS2Lc * The operation of Password Reminder Kit Smart Use of PIN & Password) at http://youtu.be/cXTYffGHNS4 DOCUMENTS The merits of Expanded Password System are closely discussed at http://mneme.blog.eonet.jp/default/files/proposition_of_expanded_password_system.pdf The outline of 2-factor Onetime Mnemonic Guard is available at http://mneme.blog.eonet.jp/default/files/onetimemnemonicguard_benefits.pdf The outlines of CryptoMnemo and Authority-distributed CrytoMnemo are posted at http://mneme.blog.eonet.jp/default/files/Cryptmnemo.pdf http://mneme.blog.eonet.jp/default/files/authoritydistributed_cryptomnemo.pdf
  • 23. 23 Endorsement,Alliance & Contact Endorsement JIPDEC: http://www.jipdec.or.jp/eng/index.html JSSM: http://www.jssm.net/jssm/globe.htm Prof. Hideki Imai (Chairman of CRYPTREC) http://www.cryptrec.go.jp/english/index.html Prof. Osamu Sudo (Tokyo University) http://www.iii.u-tokyo.ac.jp/en/professor.php?id=884 Alliance CRESCO, NEC, FUJITSU, AXSEED, etc. Contact Hitoshi-Jin Kokumai, president of Mnemonic Security, Inc. and the architect of Mnemonic Guard, is available for direct contact in English at kokumai@mneme.co.jp +81-90-5460-7350 (mobile) Skype: kokumaiskype For Further Information English website:   http://www.mneme.co.jp/english/index.html English blogiste: http://mnemonicguard.blogspot.com/ (not yet as comprehensive as Japanese pages, though)