Many computer systems and web sites require their users to be authenticated. Passwords provide the simplest and most widely used form of user authentication. However, the use of conventional passwords raises numerous widely recognized issues. Passwords that are easy to remember are also easy for others to guess, and may be vulnerable to automated attacks, such as dictionary attacks. Passwords that are difficult to remember are often forgotten, particularly if a user has many of them. Where a user chooses identical passwords for multiple systems, a malefactor who obtains the password may be able to compromise the security of multiple systems. In an illustrative example, this drawback may have unfortunate repercussions for a user who chooses to use the same password on a plurality of e-commerce web sites, each of which may store the user's credit card information.
Ordinary passwords are vulnerable to replay attacks; that is, once the password is captured by an attacker, there is no way for a server to tell the difference between the attacker and the legitimate user. One conventional method for enhancing security is to enforce a policy of using a password only once, then discarding it in favor of a new password. In this way, even if the one-time password is intercepted by a third party (for instance, by recording keystrokes or eavesdropping on network connections), it is no longer useful.
Since the early developmental stages of the Internet, a community of computer networking academics and professionals has promulgated proposed standards in numbered Requests for Comments (RFC), These proposed standards include systems for generating one-time passwords, such as OTP (described by Neil Haller et al. in RFC 2289, entitled “A One-Time Password System,” dated February 1998) and its predecessor S/KEY (described by Neil Haller in RFC 1760, entitled “The S/KEY One-Time Password System,” dated February 1995). In both systems, a user creates a password and hashes it a large number of times; for example, 100 times. The result is sent to a server and stored in a table entry for the user. The user then logs on the first time, using the password hashed 99 times. The server can hash it one more time and compare it with the stored result. If it matches, the logon is permitted, and the new value is stored in the table. The next time the user logs in, the user will submit the password hashed 98 times, and so on. While OTP and S/KEY are widely available, they share the disadvantage that a given password can only be used a predetermined number of times. If this count is exceeded, the user cannot log on. Also, the user must remember a separate count for each computer system, or be prepared to have passwords expire for all systems that share the same count, when a shared count exceeds the predetermined limit.
An additional use for authentication is the control of unwanted email, such as unsolicited bulk or commercial email, also known as spam. Spammers may collect email addresses and resell them. They also may track responses from specific email addresses, often using web bugs, to determine which addresses are monitored. They also may perform correlations across mailing lists to identify communities where a given email address may be used. Conventional spam filtering systems may include blacklists for identifying senders known or believed to be spammers, and whitelists for identifying senders known to be desirable sources of email. However, such systems may not be able to authenticate the identity of a sender with sufficient reliability, leading to false positives and false negatives in conventional spam filters.