1 / 8

What the $#*! IS my password?

What the $#*! IS my password?. Secure Online Password Storage Lon Smith Aaron Gremmert. Who Has a Password?. Who has 10? 50? 100? Must be changed every 3 months? Can’t use previous 3 passwords? And must be: at least 8 chars long include A-Z and a-z and 0-9 and !@#$%^&*...

tausiq
Download Presentation

What the $#*! IS my password?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What the $#*! IS my password? Secure Online Password Storage Lon Smith Aaron Gremmert

  2. Who Has a Password? • Who has 10? 50? 100? • Must be changed every 3 months? • Can’t use previous 3 passwords? • And must be: • at least 8 chars long • include A-Z and a-z and 0-9 and !@#$%^&*... • can’t be any part of your username • ....

  3. Concept Requirements • The Big Idea • To create an online secure resource for storing and accessing sensitive data. • Essential Concept Requirements • Secure : durable encryption and user identification schemes. • Accessible : from any internet connection. • User Friendly : intuitive forms for finding and modifying data, and a friendly sign in process.

  4. System Architecture : Overview The database stores encrypted information and fulfills web service requests. Server DB Server The web service works with the DB to provide a uniform secure interface for client applications. Web Service Client applications allow the user to securely view / modify their account, through the common web service interface. Web Site Desktop App WEP / Palm Client

  5. System Architecture : The Server • The Database • Could be one of many available technologies (e.g. mySQL) • Adhere to a strict XML schema for modeling the data and relations. • Play nice with its friend, the web service, communication through a number of stored procedures. • The Web Service • Could be developed with Java/.net platforms. • Works with the db to process validated requests from the client, and to encrypt/decrypt data as needed.

  6. System Architecture : The Client • The Web Application • Could be developed with the Java/.net platform. • Provide user friendly web forms for creating a new account, signing in, viewing and editing data. • Sign in would include a typical user name / password form, and a second “image based password”, to validate the users identity. • Desktop and Mobile Apps • Likely to be beyond the scope of the quarter. But… • is certainly within range once the web service / db are in place. Both Java/.net have tools to play with.

  7. Picture Password Demo

  8. Feasibility Rationale • Two key assumptions: • Feasibility of encrypted communication between server and client. • Technology platform that will support database server and web client interaction. • Both address the core functionality of the system • Without these, the system isn’t useful.

More Related