This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2009 WRI World Congress on Computer Science and Information Engineering
Accessing Password-Protected Resources without the Password
Los Angeles, California USA
March 31-April 02
ISBN: 978-0-7695-3507-4
Sometimes it is desirable to access password-protected resources, but undesirable to disclose the password to the machine in use. In such situations, providing the password is a task that can be delegated to a remote proxy server. This server has to engage the user in a challenge-response mechanism that does not require him to disclose his password to the local machine; if the user responds correctly, then the proxy must recover his password and fetch the protected resource for him. In this paper, we propose three schemes that are suitable for use in this environment and that do not require the proxy server to permanently store a copy of the user's password. We also briefly describe `Keep Your Password Secret' (KYPS), which is a system that implements one of the schemes, and that has been in use for almost two years.
Index Terms:
one-time passwords, spyware, keyloggers, password, authentication
Citation:
Andreas Pashalidis, "Accessing Password-Protected Resources without the Password," csie, vol. 4, pp.66-70, 2009 WRI World Congress on Computer Science and Information Engineering, 2009
Usage of this product signifies your acceptance of the Terms of Use.