A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource or service. For example an access code is a type of password. The password should be kept secret from those not allowed access.
User names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online.
Passwords or passcodes can consist of words, numbers, different characters or they can be combinations of those or they can e.g. be formed from multiple words. Purely numeric passcodes, such as the Personal Identification Numbers (PINs) are commonly used for ATM access.
Passwords and PINs are also used for e.g. credit cards, Bank account, mobile's pin, Facebook, Twitter, LinkedIn. Additional authentication technologies, which are typically used along with a password or PIN are e.g. biometrics, smart cards and tokens.
Passwords have significant disadvantages. They may be stolen, spoofed, forgotten, a hacker or other third party can get access to them etc. Passwords are generally short enough to be easily memorized and typed or they are otherwise easy to remember. The most common passwords are forenames and other easy to remember passwords. This fact increases the risk of becoming attacked by a third party.
Many users have solved the “how to remember” issue simply using the same password everywhere. The password itself may be strong enough but using the same password everywhere makes a third party easy to break into a service if one password is revealed. This is one of the most common methods to solve the password issue today.
It is also very common that users simply save their passwords in clear text everywhere, such as on Post-it stickers on their desk.
The easier a password is for the owner to remember, the easier it will generally be for a hacker to guess. Passwords which are difficult to remember (such as passwords with a requirement to have a mix of uppercase and lowercase letters and digits or the requirement to change it monthly) will again reduce the security of a system because users might need to write them down or electronically store the password.
Some computer systems store user passwords as cleartext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised.
More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible.
A common approach stores only a “hashed” form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access.
Thus, users have too many passwords to be able to manage them securely. Each password may expire on a different schedule, and be subject to different rules about password composition and reuse.
Some systems are able to force users to select hard-to-guess passwords, while others are not. Some systems require that users change their passwords periodically, while others cannot enforce expiration.
Users have trouble remembering passwords, because they are too complicated to remember, they have too many of them or because they chose a new password at the end of the day or week, and did not use it of the enough to be able to remember it.
These problems drive users to choose trivial passwords, to avoid changing their passwords and to write down their passwords. All of these behaviors can compromise network security.
When users do comply with policy and regularly change their passwords to new, hard-to-guess values, they tend to forget their passwords and must call the help desk. Password and login problems are the top incident type at most IT help desks.
Since passwords can not be avoided for the time being, they remain difficult for users to manage and thus solutions are needed to help users more effectively manage their passwords.
There are attempts to solve this problem. Some of those known prior art systems for managing passwords are now described.
One solution is to save the password in a browser that supports “save your password” or “Remember me” functionality. This is an easy solution for a user but not safe since a hacker can easily find out the password from a browser. Whenever a password is saved into a browser (ultimately into the device's hard disk/memory) or in a separate document/file/device, the user takes a security risk. One may lose the document or the device or one may have formatted the computer (for example while updating the Operating System) and loose all content at that moment, including the passwords. Saving the password into the browser is all but safe. Passwords saved into the browser are not encrypted and even if they were, a third party getting hands on your computer (or by using remote virus programs) has all the passwords in use and therefore an access to all services of the user. Even if passwords are encrypted into the device/file, it is risky because the encryption may be reversed especially if the encryption is not strong enough. Having the passwords encrypted is problematic in the sense that not all devices support the encryption functionality used and even if they do, the encrypted password file may be corrupted and becomes not accessible.
Another major issue for the user using the “save your password” functionality is the fact that sooner or later the user changes to a new device. Once that happens, all passwords saved into the device need to be copied into the new device. As long as the user still has access to the old device, the transfer of passwords is manageable though annoying. But if the device gets broken or the file where passwords are saved gets corrupted, one may not be able to transfer the passwords at all.
Still one problem is that most if not all services require an email address when registering into the service. The email address is used for many purposes but as well for the purpose when the user forgets its password. If so, the administrator can send the password or a new one to the users email account and then the user may access the service again. A problem arise when the user has changed his email address and has no longer access to the old e-mail account. In that case the administrator cannot send the password (or the new password) to the user and the user has to contact the administrator by other means, which is time consuming and cumbersome.
Accessing a service from a public device (such as a library computer or similar) is especially difficult if not impossible if the user does not remember the password. It is either not safe for the user to bring the passwords with him/her.
Another issue is the access itself. It happens often that a user saves the password into the device (involuntarily) while being in a public network/device. In those cases the next user may access the service due to the fact that the previous user of the device saved the password. If the user has different passwords to all services it is very difficult to remember those secret passwords while accessing services from a public device.
There is an increasing number of different devices per user. Today many people have at least a laptop computer and a smart phone with them all the time especially when travelling. It is relatively easy to lose a smart phone or laptop in an airport or a café. A lost device causes a lot of problems for the user. The password issue is one of the most serious one since the user may have saved the passwords in the device and a third party that founds the device may access the services. And if the passwords are saved only in the device the user has to use “Forgot your password” functionality and recover all passwords to the new device.
The increasing number of devices per user brings another issue. If the user is using the “Save your password” functionality of the browser, the password is saved into that particular device. The user has to copy that password into the other device in order to access the same services with the other device. Later on, when the password of a service is changed, the new password has to be copied into the other device as well. This administration of the passwords becomes more difficult the more there are devices and services.
Some well known password systems require external devices (for example tokens) to be used when generating the password. And if the external device is lost or gets broken, the user may not have an access to the service at all before getting a new device.
Bank accounts are obviously one of the most secured services. Password systems vary from country to country a bit, but most of the password systems used by banks require a password and separate one-time-keys in order to access. These one-time-keys are typically four to eight (4-8) digit numbers that the bank provides the user in a separate file (typically a small wallet-size leaflet). These one-time-keys are not as convenient as password only systems due to the fact that the user has to bring the one-time-keys with him/her. One-time-keys may be lost too and some users even write the password into the same one-time-key leaflet in order to remember it.
Banks tend to think that these one-time-keys together with the password is safer than the password only system. The password used together with the one-time-key is a number sequence. The one-time-keys may be used in a numbered order marked by the user (and controlled by the bank when accessing) or controlled by the bank only (bank suggesting the next number key to be used while accessing).
The issue for a user is that the user has to bring the one-time-keys with him/her in order to access. When the user brings printed one-time-keys with him/her that is a security risk especially when the password (used with the one-time-keys) is marked into the same leaflet.
The solution presented on the web site, pwsafe.org, is mentioned as prior art. It allows creating of a secured and encrypted user name/password list. The list is accessible with a single “Master Password” of the in order to unlock and access the entire user name/password list. The solution provides access to a structured password list stored in a database in the user's computer.
Another solution is presented on the web site www.xmarks.com. In this solution, a user can synchronize their bookmarks and passwords they are using on different machines. The passwords are stored in encrypted file that is stored on the service provider's computer. The service provider can, however, not access the passwords. Two passwords are needed, one to the service itself and then an additional one (a PIN) so that the service provider would know what encrypted file to give the user. In this xmarks service, the password file in the xmarks server can be mapped to a single user by the system administrator, whereby the service provider knows which data entries belong to a certain user. The xmarks service stores the passwords in plain text on the user's machine (and it uses browsers password cache) including the pin used to encrypt the passwords. This is problematic if the user's machine (being e.g. a laptop/PDA) is stolen or lost.
A third solution is presented on the web site en.wikipedia.org. The Single Sign-On (SSO) solutions allow users to access all services participating in SSO so that the user authentication (e.g. a password request) is only done once. These solutions require that there is an authentication server that provides security tokens for a client that should be passed to the service provider when the service is accessed. From the security token the service can verify that the client has been successfully authenticated. The database does not know who is using the service or cannot identify entries for a certain user of the database. The services must be integrated to the system and there is a single entity doing the authentication, which is always done locally on the client machine.
WO publication 2008/098710 discloses method for managing passwords and particularly of supporting registration and authentication of user operating a user terminal to a password server system. A service site ID (and/or a service site password) and a master password are specified at the user terminal. A message comprising at least the ID and the master password and an encrypted key file message is sent to the password server system. A key file entry is then stored at the password server system comprising the first message and the server user ID. In this solution the password server system has no direct access to the key files by the users since they are encrypted by the user but the access process is controlled by the password server system, which makes the user dependent on relying on it.
The object of this invention is to provide a solution with which a user can manage his data easily and safe by avoiding the prior art problems described above.
The invention is concerned with a system for managing data in a communications network comprising one or more user terminals, a client acting in said user terminal(s) by providing access for said user terminal(s) to data entries stored in a database and, a database holding information consisting of one or more data entries and data identifications connected to the data entries. The client has means for forming a data identification for a certain data entry to be stored in the database from a unique user name and a master password, storing a pair of the data identification and the data entry, and for providing access for said user terminal(s) to a data entry stored in a database by using the master password, and the unique user name.
The invention is also concerned with a client program having the means mentioned.
Furthermore, the invention is concerned with a method for managing data in such a communications network. The method comprises the steps in which the user enters via a user terminal a unique user name, a master password and a data entry to be stored in the data base, the client forms a data identification of the unique user name and the master password and stores the pair of the data identification and the data entry in the database. The client provides access for said user terminal to the data entry stored in the database by using the master password and the unique user name.
In a further embodiment data identification for the data entry is in addition is formed from reference information to a data entry, whereby the means for providing the access use the master password, the unique user name and the reference information to the data entry.
The client can furthermore has means for forming an identification for password validation related to the unique user name, the master password and reference information to the master password, with which master password data entries can be stored and fetched from the database, and means for storing a pair of the identification for password validation and a password code, and means for fetching the master password code from the database by means of the identification for password validation in order to validate the master password.
The system is preferably in a public communication network, e.g. the internet, and the database is held by a public server in the public communication network.
The unique user name is usually an e-mail address of the user.
When there is only one data entry stored in the database, the data entry can easily be found from the database by means of such a data identification for the data entry that is formed only from the unique user name and the master password. But when there are more than one data entry, the data identification has to be unique for each data entry. This is solved by forming the data identification for the data entry not only from the unique user name and the master password but also from some reference information to the data entry in question. Of course, reference information to the data entry can be used to form the data identification even if there would be only one data entry stored.
When the user uses the client for the first time, a master password is entered with which master password data entries can be stored in the data base and fetched from the data base. In practice, each time the user opens the client, the master password has to be entered once so that the user would have the right to use the services offered by the client. The client forms an identification for password validation, the data identification being related to at least the unique user name, the master password and reference information to the master password and then stores a pair of the identification for password validation and the master password or a master password code. The code can e.g. be a hash of the master password or something else that the password can be derived from. In this text, the term master password code is intended to cover the password in clear text as well. Each time the user opens the client, the master password entered is validated by the client by fetching the master password code from the database by means of the data identification for password validation. If the data entry contains the master password in clear text, then the entered master password is validated upon match with the master password in the data entry that is related to data identification for password validation. If the data entry instead of being the master password in clear text is some code to the master password, for example a hash of the master password, then the client first has to form a hash of the master password entered by the user, and thereafter check if they match.
An important feature in the invention is also that the client encrypts the data entries before storing them in the database and decrypts the data entries after having fetched them from the database. Encryption and decryption can also be done for the master password or master password code stored. A symmetric encryption method is suitable for this purpose, such as AES 256. In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The AES ciphers are used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).
The invention provides several advantages and improvements in view of the prior art solutions. First, by means of the invention, the user can manage all his passwords and other secret data with a very user-friendly interface, since the user needs only one password to get access to all data needed. Secondly, the passwords and secret data can be accessed and stored in a secure way since the data is not stored in the user terminal, which can be stolen, and neither is the database, wherein the data is stored, administered by anyone else than the user. Only the user terminal has, thanks to the client therein, access to the data in the database. In the prior art solutions, the data is either stored in the user terminal or then the user terminal has to give its master password or other password to an external server. Moreover, only the user knows that, he has stored anything at all and what data is stored.
A further advantage is that, the client program can be downloaded for use to any terminal, which can be even a public computer, since the client can be downloaded per session and thereafter be removed from the computer.
The invention will now be described by means of some implementation examples by referring to figures to the details of which the invention is not restricted.