Sciweavers

CSIE
2009
IEEE

Accessing Password-Protected Resources without the Password

14 years 2 months ago
Accessing Password-Protected Resources without the Password
Sometimes it is desirable to access password-protected resources, but undesirable to disclose the password to the machine in use. In such situations, providing the password is a task that can be delegated to a remote proxy server. This server has to engage the user in a challengeresponse mechanism that does not require him to disclose his password to the local machine; if the user responds correctly, then the proxy must recover his password and fetch the protected resource for him. In this paper, we propose three schemes that are suitable for use in this environment and that (a) do not require the proxy server to permanently store a copy of the user's password, and (b) may be implemented without requiring support from the resource provider. We also briefly describe `Keep Your Password Secret' (KYPS), which is a system that uses one of the schemes, and that has been in use for nearly two years..
Andreas Pashalidis
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2009
Where CSIE
Authors Andreas Pashalidis
Comments (0)