Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password.
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees.
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added.
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Graphical Password by Watermarking for securityIJERA Editor
The most common authentication method is to use alphanumerical usernames and passwords. This method has
been shown to have considerable disadvantage. For example, users tend to pick passwords that can be easily
guessed. On the other hand, if a password is very difficult to guess, then it is often difficult to remember. To
address this problem, some researchers have developed authentication methods that use pictures as passwords.
Graphical Password based on the fact that humans tend to remember images better. In this paper, we will
propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and
using the random character set generation for each image for resistance to shoulder surfing attack to provide
better system security. All the information images in registration phase will be process by copy right protection
of watermarking where the login page will check this information for security purposes.
A Survey of User Authentication Schemes for Mobile DeviceIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Why is password protection a fallacy a point of viewYury Chemerkin
MAKE your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
http://hakin9.org/hakin9-extra-12011-exploiting-software/
A Graphical Password Scheme using Persuasive Cued Click PointsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMNexgen Technology
TO GET THIS PROJECT COMPLETE SOURCE ON SUPPORT WITH EXECUTION PLEASE CALL BELOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM,WWW.FINALYEAR-IEEEPROJECTS.COM, EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees.
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added.
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Graphical Password by Watermarking for securityIJERA Editor
The most common authentication method is to use alphanumerical usernames and passwords. This method has
been shown to have considerable disadvantage. For example, users tend to pick passwords that can be easily
guessed. On the other hand, if a password is very difficult to guess, then it is often difficult to remember. To
address this problem, some researchers have developed authentication methods that use pictures as passwords.
Graphical Password based on the fact that humans tend to remember images better. In this paper, we will
propose a new algorithm that using watermarking technique as the solution to solving image gallery attacks and
using the random character set generation for each image for resistance to shoulder surfing attack to provide
better system security. All the information images in registration phase will be process by copy right protection
of watermarking where the login page will check this information for security purposes.
A Survey of User Authentication Schemes for Mobile DeviceIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Why is password protection a fallacy a point of viewYury Chemerkin
MAKE your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
http://hakin9.org/hakin9-extra-12011-exploiting-software/
A Graphical Password Scheme using Persuasive Cued Click PointsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
A SHOULDER SURFING RESISTANT GRAPHICAL AUTHENTICATION SYSTEMNexgen Technology
TO GET THIS PROJECT COMPLETE SOURCE ON SUPPORT WITH EXECUTION PLEASE CALL BELOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM,WWW.FINALYEAR-IEEEPROJECTS.COM, EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
note: A slide for any presentation should not contain more than 4-5 sentences but this presentation has more than the requirement.So, i suggest you to edit as per your requirement and to make it more effective, you can add animations as well.
As the market and demand of smartphones is growing exponentially day by day. The need for security of personal and business data increases as well. Today smart phones are amongst the biggest target by individuals with malicious intent to gain access to data. The need arises for new security methods to come up for the protection of information. The paper presents intuitive and perception based security using Rorschach inkblot like images. These are used to authenticate a user to access their personal data in their android smart phones.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
Graphical password authentication using pccp with sound signatureeSAT Journals
Abstract
Persuasive Cued-Click Point is an advanced method of cued click point of graphical password technique which includes usability and security evaluations. It also useful for reduces hotspot problem and hence it helps the user in selecting password of higher security. This paper includes the persuasion to influence user choice in click based graphical passwords, so that users select more desultory and more difficult to guess the passwords. In this paper includes sound signature for recover the password if user forgot password or click point ,then playing the sound signature which is selected at registration time then it set new password and access the account. This paper include dead zone new concept to avoiding Shoulder surfing attack in graphical password authentication.
Keywords: Graphical Password, Authentication, Password Images, and PCCP etc…
Folder Security Using Graphical Password Authentication Schemepaperpublications3
Abstract: Now a day most of the user are facing problem for providing the security to the folder, so that it will not be accesses by the unauthorized user. Taking in action all these problems I have designed a model which will provide a best security to your folders using graphical password authentication model. Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called Pass Points, and evaluated it with human users. Beginning around 1999, a multitude of graphical based password scheme which have been proposed as alternative to text based password scheme, motivated by the promise of improved password memorability and thus usability. This paper presents a detailed evaluation of the Pass Points and pattern matching password scheme which provides high level of security and provides security to your folder.
a study on various techniques on graphical password authentication.
A key area in security research is authentication. Access to system is mostly based on the use of alpha numeric passwords. User felt difficult in remembering the password as that is long and randomly selected and how many passwords will user remember?, it made a complex procedure.
It presents comparison between Persuasive Cued Click Point Graphical Password scheme and Improved Persuasive Cued Click Points. One such category is click-based graphical passwords where a password is composed of a series of clicks on one or more pixel-based images .To log in, user re-select their click-points in the correct order. Click-points that fall within some acceptable tolerance of the original points should be accepted by the system since it is unrealistic to expect users to accurately target individual pixels.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
Business Dimension of Expanded Password SystemHitoshi Kokumai
We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
With billions of people suffering the same big headache, the problem to be addressed by our solution is huge, Substantial revenues will be expected for the business of providing the most practicable solution.
Please join us and support us for this nice exciting enterprise.
note: A slide for any presentation should not contain more than 4-5 sentences but this presentation has more than the requirement.So, i suggest you to edit as per your requirement and to make it more effective, you can add animations as well.
As the market and demand of smartphones is growing exponentially day by day. The need for security of personal and business data increases as well. Today smart phones are amongst the biggest target by individuals with malicious intent to gain access to data. The need arises for new security methods to come up for the protection of information. The paper presents intuitive and perception based security using Rorschach inkblot like images. These are used to authenticate a user to access their personal data in their android smart phones.
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Graphical password authentication using Pass facesIJERA Editor
Authentication is one of the most important security primitive. Alphanumeric password authentication is most widely used authentication mechanism. This mechanism has been shown to have several drawbacks and is prone to various attacks such as brute force attack, shoulder surfing attack, dictionary attack. Thus to overcome the drawbacks of alphanumeric passwords, we propose Graphical passwords as an alternative to alphanumeric passwords. This is because humans tend to remember visuals better than text. This paper attempts to highlight the existing graphical Passface system, its usability features and then develop a new graphical password system that combines both graphic and texts passwords to fortify the authentication process on desktop systems.
Graphical password authentication using pccp with sound signatureeSAT Journals
Abstract
Persuasive Cued-Click Point is an advanced method of cued click point of graphical password technique which includes usability and security evaluations. It also useful for reduces hotspot problem and hence it helps the user in selecting password of higher security. This paper includes the persuasion to influence user choice in click based graphical passwords, so that users select more desultory and more difficult to guess the passwords. In this paper includes sound signature for recover the password if user forgot password or click point ,then playing the sound signature which is selected at registration time then it set new password and access the account. This paper include dead zone new concept to avoiding Shoulder surfing attack in graphical password authentication.
Keywords: Graphical Password, Authentication, Password Images, and PCCP etc…
Folder Security Using Graphical Password Authentication Schemepaperpublications3
Abstract: Now a day most of the user are facing problem for providing the security to the folder, so that it will not be accesses by the unauthorized user. Taking in action all these problems I have designed a model which will provide a best security to your folders using graphical password authentication model. Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called Pass Points, and evaluated it with human users. Beginning around 1999, a multitude of graphical based password scheme which have been proposed as alternative to text based password scheme, motivated by the promise of improved password memorability and thus usability. This paper presents a detailed evaluation of the Pass Points and pattern matching password scheme which provides high level of security and provides security to your folder.
a study on various techniques on graphical password authentication.
A key area in security research is authentication. Access to system is mostly based on the use of alpha numeric passwords. User felt difficult in remembering the password as that is long and randomly selected and how many passwords will user remember?, it made a complex procedure.
It presents comparison between Persuasive Cued Click Point Graphical Password scheme and Improved Persuasive Cued Click Points. One such category is click-based graphical passwords where a password is composed of a series of clicks on one or more pixel-based images .To log in, user re-select their click-points in the correct order. Click-points that fall within some acceptable tolerance of the original points should be accepted by the system since it is unrealistic to expect users to accurately target individual pixels.
Graphical Password Authentication using image Segmentation for Web Based Appl...ijtsrd
One of the most important topics in information security today is user authentication. User authentication is a fundamental component in most computer security contexts. It provides the basis for access control and user accountability. While there are various types of user authentication systems, alphanumeric passwords are the most common type of user authentication. They are versatile and easy to implement and use. However, it can either be long and secure or short and hard to remember. A graphical based password is one promising alternatives of textual passwords. According to human psychology, humans are able to remember pictures easily. In this paper, graphical passwords have been designed to try to make password more memorable and easier for people to use, and it is less vulnerable to brute force attacks than a text based password. The aim of the system is to implement a strong security. The proposed system segments the image like a grid, which has a maximum four fragments. Then, each segment of the image is dragged in a particular sequence onto an empty grid of size 6x6 and placed on a particular segment of the empty grid, to form the user' password. When the user logs into the system, the user needs to drag each segment of the image onto the same empty grid of size 6x6 in the correct sequence and position of the segments that user had specified during registration. Maw Maw Naing | Ohnmar Win ""Graphical Password Authentication using image Segmentation for Web Based Applications"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd25184.pdf
Paper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/25184/graphical-password-authentication-using-image-segmentation-for-web-based-applications/maw-maw-naing
Business Dimension of Expanded Password SystemHitoshi Kokumai
We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
With billions of people suffering the same big headache, the problem to be addressed by our solution is huge, Substantial revenues will be expected for the business of providing the most practicable solution.
Please join us and support us for this nice exciting enterprise.
A Framework of Purpose and Consent for Data Security and Consumer PrivacyAurélie Pols
Introducing a basic Privacy framework of purpose and consent, this presentation continues with exploring data minimization opportunities and related internal procedures to assure this framework is respected and aligned with global regulation.
Arguing that in light of increased data collection, the very notion of PII or personal information is more than a blurry concept and that de-identification of data is not as easy as it is suggested to be, the conversation should evolve towards the particular context within which data is being used.
The question to ask then becomes “what risk does an individual face if her data is used in a particular way?”
Borrowing from Spanish information security best practices and in the light of increasing data breach regulations, the presentation examines how data flows should ideally be defined and secured in order to assure accountability through an entire data lifecycle.
Such a lifecycles must also include evolving legislative minimal and maximum data retention periods after which action needs to be taken, either through anonymization of collected and used data or through its thorough deletion.
Last but not least, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud based solutions. Each actor of this data chain has a role to play and responsibility to abide by in order to assure compliance and mitigate risk.
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyAurélie Pols
Defining the SAM Pro’s Role in Data Privacy
As software and IT asset managers gather increasing amounts of data about employee use of company systems, concerns arise over employee privacy. How can the need to monitor access to software and systems be balanced with local legislation designed to protect employees' privacy rights in the work place?
This is the concern attendees at the 2014 SAM Summit London will discuss in a keynote session with European privacy and digital analytics specialist Aurélie Pols, co-founder and chief visionary officer at Mind Your Privacy.
"As more employers let workers bring their own devices to the office or access company data in the cloud from home, software asset managers are faced with a new task," says Pols. "They have to ensure that the measurements and controls put in place to secure data and license compliance, are not violating employee privacy."
An employee's right to privacy is defined in local law, posing a challenge for companies that operate throughout Europe. Spain has one of the strictest data protection laws in Europe, notes Pols, who is based in Madrid. "When it comes to fines issued by data protection authorities in Europe, Spain accounts for 80 percent of them," she says. This has turned Spain into a country where corporate lawyers, and IT managers, make sure they have the right processes in place to avoid the legal risks surrounding improper data collection and use.
The Spanish model has become the ideal to apply to client environments throughout Europe, notes Pols. " We try to find the best and most homogenous set of data governance practices that will work worldwide to ensure minimal risk—and maximum compliance."
Best practices of data use
The first data governance challenge for software and IT asset management professionals is to define what kind of data they are collecting from their workforce and how it will be used.
"Of course the software asset manager wants to track employee usage to ensure that data is not leaked or improperly accessed, but a subset of this activity is that suddenly you have data about what employees are doing," notes Pols. "This can run afoul of privacy laws unless there's close collaboration with the HR department."
Companies are now faced with the question: Do we want to use this data on employee activity, and if so, for what purpose? Do we want to use it within certain teams to assess whether certain employees are productive? Do we want to use this to assure that they are using the right processes?
"Before you measure, you need to know what and why you’re measuring," says Pols. "Although the software asset manager isn’t going to be looking at this employee data, they do need to ensure that any data collected is done in accordance with local laws."
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
This is a slide with script presented at Conference On Cyber Security In Financial Institutions by Banking Association of Central and East Europe on 24th February 2023 - https://baceeconference.com/cyber-security-conference/
The issues mentioned on P19 are discussed here - "More Issues on Digital Identity"
https://www.slideshare.net/HitoshiKokumai/more-issues-on-digital-identity-24feb2023
Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory"
https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This slide was used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in United Kingdom for global operations, is a Start-Up as a corporation but it’s more than a Start-Up as a business entity. We set it up in order to globally expand what its predecessor named Mnemonic Security, Inc. started in Japan in late 2001.
We have a 20 years long pre-history of technology development, product making and commercial implementations with some US$1 million sales. Our champion use case is Japanese Army deploying our product on field vehicles since 2013 and still using it.
At MIS we are now going to help global citizens fend off cybercrime by their non-volatile episodic memory, with the values of democracy.
< Video Link >
Fend Off Cybercrime by Episodic Memory (90 seconds) https://youtu.be/T1nrAlmytWE
MnemonicGateways (90 seconds)
https://youtu.be/0nNIU4uYl94
High-Security Operation on PC for managers (4m28s)
https://www.youtube.com/watch?v=UO_1fEp2jFo
< Document Link >
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
An updated version is available from 30/Aug/2022 at https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022
..................................................
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
<Reference URL>
- Video
90-second introductory video; Fend Off Cybercrime by Episodic Memory (4/Feb/2022) https://youtu.be/T1nrAlmytWE
90-second demonstration video: Mnemonic Gateways (10/Feb/2022)
https://youtu.be/0nNIU4uYl94
- Blog collections
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Biometrics Unravelled | password-dependent password-killer
https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
- Hitoshi Kokumai's profile
https://www.linkedin.com/in/hitoshikokumai/
Bring healthy second life to legacy password systemHitoshi Kokumai
Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are.
More information at https://www.mnemonicidentitysolutions.com/
Graphical Based Password for Android Phones using Keystroke Dynamics - A SurveyIJSRD
Technology has elevated to grab an important position in humans life, the best example is smartphones. They offer access to network as well as online banking transactions, where simplification of human labour affects security and user authentication, and passwords are first line of defense, it’s crucial to pick a strong password. Online banking applications currently use alphanumerical usernames and passwords for authentication, which are exposed to eves dropping, attacks, and shoulder surfing. Users often choose either easy to remember passwords, which can be easily guessed or difficult ones, which tend to be forgotten. The paper revolves around the views, limitation of current system and offers a dynamic biometrics, as it can be easily integrated into the existing computer security systems with minimal alteration and user intervention. The main objective is to secure using cued click point (CCP), which is one click based graphical password scheme for sequence of images and measuring, assessing humans typing rhythm, it’s based upon the human tendency to memorize graphical passwords more comfortably.
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
The current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters. But we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet.
This presentation is in English; the announcement (beneath) & talk were in Dutch (NL)
OpenTechTalks | Ethisch hacken met Kali
Overheden, bedrijven en particulieren worden steeds kwetsbaarder voor aanvallen van black hat hackers, criminelen die de lekken in computers uitbuiten voor geldgewin of louter om schade te veroorzaken. Daartegenover staan de white hat hackers: zij testen computersystemen op fouten en dichten de lekken voordat malafide hackers inbreken. Tijl Deneut (UGent/Howest) geeft een overzicht van welke vormen van cybercriminalteit er bestaan en hoe je je ertegen kunt wapenen. De focus ligt op Kali Linux, een besturingssysteem dat honderden beveiligings- en testprogramma's bundelt. Volgende vragen komen aan bod: hoe installeer je Kali Linux? Hoe kun je in een veilige omgeving testen? Is ethisch hacken eigenlijk wel legaal? Algemene IT-kennis is aangewezen. Achteraf drinken we een glas in het café van Vooruit.
Image data of a picture that the user picks up will be hashed by the likes of Sha256
Sha-hashed data of the selected several pictures will be put together and hashed by the likes of Argon2id
The Argon2id-hashed data will be outputted as the code to be used as a password, a crypto key, a master-password or something else depending on use cases.
With unique salts added, a number of derivative codes can be automatically generated from the first code in a single process
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password
System that accepts images as well as texts/characters.
This is the slide I used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
When 'a physical authenticator PLUS password' is less complicated, less costly and more secure than 'a physical authenticator PLUS <password OR biometrics>', I wonder where there is a merit of involving the problem-ridden biometrics.
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
So long as the biometrics is backed up by a fallback password, irrespective of which are more accurate than the others, its security is lower than that of a password-only authentication. Then, we have to wonder why and how the biometrics has been touted as a security-enhancing tool for so long, with so many security professionals being silent about the fact.
It appears that we may have got some clues to this conundrum.
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
It appears that NIST is of the view that a house with two entrances placed in parallel, not in tandem, is less vulnerable to burglars than a one-entrance house. We are unable to understand their logic behind such observations. We wonder if some of you can help unravel this conundrum.
You might also be interested in these short videos::
- Biometrics in Cyber Space - "below-one" factor authentication
https://youtu.be/wuhB5vxKYlg
- Six Reasons to Believe Biometrics Don't Ruin Cyber Security
https://youtu.be/lODTiO2k8ws
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Expanded password system - Reliable Identity Assurance
1. Expanded Password System
- Reliable Identity Assurance -
Security of the real/cyber-fused society hinges on “Assured
Identity”, which hinges on “Shared Secrets” in cyberspace.
The text password has been the shared secrets for many
decades. We now need a successor to the text password.
There exists a promising candidate, an Expanded
Password System (EPS) which accepts images as well as
characters and which generates a high-entropy password
from a hard-to-forget password.
22nd April , 2015
2. 2
What is EPS? 1/3
Only texts are accepted As it were, we have no choice but
to walk up a long steep staircase
Where we want to
continue to use
textual passwords
Where we want to
reduce the burden of
textual passwords
Where we want to
make use of
episodic image memory
3UVB9KUW
【 Text Mode 】 【 Graphics Mode 】 【 Original Picture Mode 】
Recall the remembered
password
Recognize the pictures
remembered in stories
Recognize the unforgettable
pictures of episodic memories
Free choices from, as it were, among staircases, escalators and lifts/elevators
Low memory ceiling Very high memory ceilingHigh memory ceiling
+ +
3. There are several known pictures.
I can easily find all of them right away.
Only I can select all of them correctly.
Practicable even in panic when images of episodic memory are registered
Incorporating the function of generating high-entropy online passwords from
hard-to-forget images and texts.
Security of real/cyber-fused society hinges on online identity assurance
Online identity assurance hinges on shared secrets, i.e. what we remember
Video: http://www.youtube.com/watch?v=Q8kGNeIS2Lc
What is EPS? 2/3
Technical details available at http://www.slideshare.net/HitoshiKokumai/expanded-password-system
4. 4
What is EPS? 3/3
When unique matrices of images are allocated to different accounts
with the EPS, those unique matrices of images will be telling you what
images you could pick up as your passwords.
Being able to recall strong passwords is one thing. Being able to
recall the relations between accounts and the corresponding
passwords is another.
EPS frees us from the burden of managing the relations between
accounts and the corresponding passwords.
Account A Account B Account C Account D
Account E,
F, G, H, I, J,
K, L-----------
5. 5
Cybercrime & Password Predicament
- White House cyber czar's goal: 'Kill the password dead'
http://www.federalnewsradio.com/241/3646015/White-House-cyber-czars-goal-Kill-the-password-dead
“He cited studies showing as much as 80 percent of cyber intrusions — "some ridiculously
high number," he said — are caused by exploiting weak or stolen passwords.”
- Cybercrime and espionage costs $445 billion annually
http://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/09/8995291c-ecce-
11e3-9f5c-9075d5508f0a_story.html
“CSIS used several methods to arrive at a range of estimates, from $375 billion to as
much as $575 billion.”
- Passwords Still Pose Big Security Risks
http://www.paymentssource.com/news/passwords-still-pose-big-security-risks-3018257-1.html
“Many “advanced data stealing attacks” happen simply from poor password practices.”
- Soon Hackers May Topple Global Economy
http://i-hls.com/2014/05/report-soon-hackers-may-topple-global-economy/?utm_source=rss&utm_medium=rss&utm_campaign=report-soon-
hackers-may-topple-global-economy&utm_source=Meital&utm_medium=Meital&utm_campaign=RSS
“Within the next five to seven years, as much as $21 trillion in global economic-value
creation depends on robust cyber security”.
6. 6
Alternatives to The Password?
Biometrics?
if it stops relying on a self-rescue password in case of false rejection
Physical tokens ?
if “Chip & PIN” without PIN (numerical password) is accepted
PKI ?
if we remember the 2048-bit private keys
2-factor/step authentication?
if no password is used for any of the factors
ID federations (single-sign-on services & password managing tools)?
if no password is used as the master-password
Patterns & Gestures?
if we replay many of the complicated ones with 100% accuracy
Passwords expanded to include known pictures as well as characters?
This is the theme of this presentation.
7. 7
Pioneer of Expanded Password System
Humans can keep remembering only up to 5 passwords on average due to
the cognitive limitation caused by “interference of memory”. Episodic
image memories are the least subject to the interference of memory, which
are the most suitable for the password.
8. 8
What We Do
Mnemonic Security, Inc. specializes in uniquely secure, highly user-oriented
security verification, authorization and applied solutions based on
long-term visual memories (or visualized episode memories),
which are portable to an extremely wide platform base.
Example of implementation on mobile-phone
Pass-Symbols, in this case, are photos of the developer of Mnemonic Guard taken in his
babyhood, his wife 30 years ago, dolls and toys that his grown-up daughters used to play
20 years ago. Some pictures have been processed - turned sepia, monochrome or
blurred - to confuse the attacker.
Our solution, Mnemonic Guard, can be applied on virtually any computing or
communications device whether stand-alone or networked.
9. 9
Technology – 1: Photos
The screen has unforgettable images, which
you feel are special, plus meaningless ones.
All you need to do for verification is to find
several 'memorable' pictures that you feel
are special to you, which will be no effort to
remember.
The episodic/autobiographic image
memories are the least vulnerable to the
“interference of memory”.
The above example uses old pictures of tens of years ago, including ones of
family members such as a nephew and niece, pet you used to have,
memorable scenery from holiday. Even if you need to verify for the first time
in several years, you will be able to find those photos without any difficulty.
You can verify safely, whenever, wherever and without fail
Matrix could be 3 x 3 or 8 x 8
depending on what to protect
10. 10
Technology – 2: Graphics
If you do not have photo data at hand
You need to remember images that you like as Pass-
symbols from the screen. The screen itself acts as a
reminder, and it is far easier to remember and less
easy to forget than character passwords, because the
screen contains a large volume of information.
For example, you can register
symbols making a story based
on your own experiences, such
as when I was living in 'Kyoto
where there are many
temples' , I used to take my
'dog' for a walk on my 'bike' ,
and I enjoyed a cup of 'coffee'
afterwards. In this way, you can
easily remember your Pass-
symbols.
11. 11
Technology – 3: Characters
You can keep using characters on
the same kind of matrix.
If you select only 4 digits of [0123],
for example, the data that are sent
to the authentication server are not
[0123] but the long sequence of
identification codes allocated to
each character/symbol.
These long sequence of data are
resilient against various threats of
ID Theft on the Internet.
If you like to continue to
use characters
With Mnemonic Guard, you can use photos, graphics and characters,
say, all the visual objects as Pass-Symbols,
12. 12
Technology – 4: Various types of memories
There are three objects of memory
A. Characters B. Patterns (Gesture included) C. Photos and Graphics
There are two ways to use memories
1. Endeavor to memorize something afresh
2. Use something that was memorized many years ago and stills reside
in our memory
There are 6 combinations of the above. Features of them are as follows:
1A. Difficult to manage
1B. Difficult to manage
1C. Still difficult to manage though relatively easier than 1A and 1B.
2A. Vulnerable against guessing and dictionary-attacks
2B. Very weak in mathematical strength
2C. Strong and easy to manage
Mnemonic Guard belongs to the category of 2C. It does not mean, however, that
Mnemonic Guard rejects 1A/1B/1C/2A/2B. All of them can be freely practiced on
the platform of Mnemonic Guard.
13. 13
Technology – 5 : Against Shoulder Surfing
As shown below, we mitigate the shoulder surfing problem by
1. enabling the user to shrink the picture size
2. enabling the user to type
the alphabets allocated to
each picture. The alphabets
are randomly allocated on
each access.
3. Anti-peeping films available
on the market are also useful.
The sequence of
alphabets is different
on each access, with
onetime effect.
Just after recognizing
PassSymbols, we
have no difficulty in
clicking the pictures
which are shrunk at
the same locations.
14. 14
Mnemonic Guard is revolutionary in that it exploits the nature of
long-term visual memory or visualized episode memory. Those
visual memories that were acquired in our youth and still reside in
our brains are unlikely to evaporate over additional time. Mnemonic
Guard is based on the mind’s ability to use long-term visual
memories and it can easily be used by anyone in any environment. It
is even practicable in panicky situations where character-based
passwords might easily be forgotten.
The Pitch - 1
For being easy for children to use, Mnemonic Guard was given Kids Design Award 2008 in
Japan. At the other extreme, Mnemonic Guard is being recognized by information security
professionals of the Japan’s military because locating pictures of pleasant old memories as
against meaningless decoys can be performed by anyone even in a badly panicky
environment.
Easy-to-integrate security modules which prevent plagiarism, unauthorized access
and data leakage from protected devices, including servers, desktops and cellular-
devices. Authorized user access is simple and intuitive. Unauthorized access is
greeted with a complete lockdown and deactivation of all the device’s functions.
15. 15
The Pitch - 2
On the other hand, complicated passwords, which others have more difficulty
guessing or cracking, are harder to remember, and are typically written down to
keep at hand. Neither kind of character password can offer viably assured
security.
Password protection of devices and data has long been
used as access verification for authorized users.
Increasingly it is recognized that the conventional character
password is not nearly safe enough. Passwords that
anyone can remember are also easily guessed by other
people or by cracking techniques.
We provide exceptional ease-of-use coupled with virtually uncrackable security
by using ‘Sequenced Pass-Symbols’ for a security solution that users should
never forget and that crackers should never defeat. The principal innovation of
Mnemonic Guard is that it fully utilizes the persistent nature of long-term
memory that had been acquired many years ago. Once stored in the user’s
memory as the symbolic sequenced pass-symbols, they are burned in by
neurological means creating a security code that will not easily be forgotten,
even after considerable passage of time.
16. 16
Take up Windows NT/XP, which is particularly vulnerable as the
result of LM Hash value storage. It is of little use to register up to
14 password digits unless the LM Hash storage is deactivated.
And password-cracking software that can break the LM Hash is
freely downloadable from the Internet. Our solution defends
against this vulnerability allowing Windows to register passwords
in excess of 15 digits using Mnemonic Guard to manage the long
password internally while users need only to remember a simple
visual sequence.
The Pitch - 3
Mnemonic Guard is also unique in that it will allow repeated mistakes that
authorized users are likely to make, and provide the user multiple opportunities to
enter the proper sequence. Significantly, our product has functionality to positively
identify non-authorized users based on the nature of their entry errors. It detects
mistakes that an authorized user is unlikely to make, such as selecting only wrong
images, and shuts out impersonators expertly.
Mnemonic Guard also features an ‘Emergency Button’ function allowing for a
specific secret image, when entered, to silently alert the program and thus the proper
authorities to the presence of intimidators which may require immediate action.
17. 17
Current Product Lineup
Mnemonic Guard Library for general purpose
MG for online-access
MG for onetime password generation
MG for single sign on password-manager
MG for PC logon
MG for smart devices logon
CryptoMnemo : MG-based encryption solutions
Authority-distributed CryptoMnemo: prevention of insiders’ crime
Remark: 4 million dollars have been invested into development of the above product lineup.
18. 18
Phish Fighting: Mnemonic Guard shows the same effect as the RSA Security’s
SiteKey when users have registered their own unique images on-line. And this
phisher-repellent effect is inherently built into the user verification function of
Mnemonic Guard. Furthermore, when the verification images are displayed
randomly, at different positions on each access, the phishing cost of capturing such
ever-changing verification screens for each user would become astronomical.
Applies Solutions -1
In addition to the base product for enhancing the user’s Security Experience, Mnemonic
Guard can also serve as the foundation for complex applied solutions such as follows:
Neutralizing Trojan Horses: Current "Onetime-password" systems available on the
market verify only the identity of the tokens and/or cellular-devices that generate
and/or receive the random numbers. A password or PIN that must be fed to PCs for
verification of token/phone ownership would be exposed to Trojan horses.
The onetime-password system that is built with Mnemonic Guard can prove the
identity of the cellular-phone which receives verification pictures with random
characters along with the identity of the person who must be able to recognize the
characters allocated to the correct pictures. The whole verification data stream that a
Trojan horse might capture is a onetime event. Thus, the data stream can be stolen
but is entirely useless as it cannot be used.
19. 19
Hardening Protection of Classified Data: An encryption key, which had been
destroyed at the end of the previous run, will be reproduced from the verification
data of Mnemonic Guard when (only when) 3 out of up to 10 registered operators
work together.
In this situation, it would be of no use to steal the verification data of a single
operator. The attacker would have to steal from three operators at a time. This
effectively discourages attackers who might otherwise attempt to intimidate the
manager of classified data into surrender.
Making ID federations the least vulnerable: ID federations should only be
recommended with caveats that it provides a single point of failure that is not unlike
the reuse of one password across many accounts. By making the master-password
the strongest possible, Mnemonic Guard will help make ID federations the least
vulnerable.
With all the possible forms of products in scope and considering the
broad range of applicable platforms, the business of Mnemonic Guard
and its applied solutions could not be insignificant at the end of the day.
Applies Solutions -2
20. 20
Competitive Landscape
3. Those who offer simple graphical passwords: Graphical passwords are
comparatively easier to manage than character-based passwords, but only
comparatively. Our solutions, are explicitly based on long-term visual memories,
and the innate abilities of the human mind are different, and we believe much
better.
1. Those who still recommend character-based passwords: Computers
become ever more powerful, subsequently it is ever more difficult to manage
passwords which have to become ever longer and complex. Conversely, powerful
computers, however, also bring down the cost of handling digital images, which
indicates that our solutions will increase in benefit and decrease in processing costs
in years to come.
2. Those who offer onetime-password-generating/receiving tokens/phones :
Such onetime-passwords prove only the identity of the token/phone, not the person.
Our solutions directly verifies the identity of a person.
4. Those who recommend identification technologies: Tokens and biometrics,
which could be practiced by somebody else while the user is unconscious, are not the
appropriate user authentication means on their own, but they could be good auxiliary
means to memory-based user authentication.
21. 21
Intellectual Property Rights
Two patents are established in Japan and one in USA that are related to making use of
visualized episodic memory for computerized user authentication, algorithm of
differentiating the sort of mistakes the legitimate user can easily make from the sort of
mistakes the legitimate user is unlikely to make, registering an emergency symbol to
silently tell the presence of the intimidator. Another patent in USA is about mutually
verifying the visual memories in the user’s brain and in the memory device of the
authentication system.
We own the copyrights of all the software products and applied solutions sold under the
trademarks of “Mnemonic Guard”, “CryptoMnemo” and “Anonymity Guard”.
(Those trademarks are registered in Japan.)
22. 22
Videos & Documents
VIDEOS
* The standard operation of Mnemonic Guard is shown at
http://www.youtube.com/watch?v=UO_1fEp2jFo
* The simplified version on a smart phone at
http://www.youtube.com/watch?v=Q8kGNeIS2Lc
* The operation of Password Reminder Kit Smart Use of PIN & Password) at
http://youtu.be/cXTYffGHNS4
DOCUMENTS
The merits of Expanded Password System are closely discussed at
http://mneme.blog.eonet.jp/default/files/proposition_of_expanded_password_system.pdf
The outline of 2-factor Onetime Mnemonic Guard is available at
http://mneme.blog.eonet.jp/default/files/onetimemnemonicguard_benefits.pdf
The outlines of CryptoMnemo and Authority-distributed CrytoMnemo are posted at
http://mneme.blog.eonet.jp/default/files/Cryptmnemo.pdf
http://mneme.blog.eonet.jp/default/files/authoritydistributed_cryptomnemo.pdf
23. 23
Endorsement,Alliance & Contact
Endorsement
JIPDEC: http://www.jipdec.or.jp/eng/index.html
JSSM: http://www.jssm.net/jssm/globe.htm
Prof. Hideki Imai (Chairman of CRYPTREC)
http://www.cryptrec.go.jp/english/index.html
Prof. Osamu Sudo (Tokyo University)
http://www.iii.u-tokyo.ac.jp/en/professor.php?id=884
Alliance
CRESCO, NEC, FUJITSU, AXSEED, etc.
Contact
Hitoshi-Jin Kokumai, president of Mnemonic Security, Inc. and the
architect of Mnemonic Guard, is available for direct contact in English at
kokumai@mneme.co.jp
+81-90-5460-7350 (mobile)
Skype: kokumaiskype
For Further Information
English website: http://www.mneme.co.jp/english/index.html
English blogiste: http://mnemonicguard.blogspot.com/
(not yet as comprehensive as Japanese pages, though)