WO2008098710A1

WO2008098710A1 - Method of managing passwords using a master password

Info

Publication number: WO2008098710A1
Application number: PCT/EP2008/000981
Authority: WO
Inventors: Ole NØRGAARD
Original assignee: Zequr Technologies A/S
Priority date: 2007-02-12
Filing date: 2008-02-08
Publication date: 2008-08-21

Abstract

The present invention provides a method of supporting registration of a user operating a user terminal to a password server system in a network comprising the user terminal and the password server system. The method comprises specifying a server user ID being unique to the password server system at the user terminal, and specifying a master password at the user terminal. A first message is generated at the user terminal, where this first message is at least partly based on the specified master password, and the first message and the server user ID is forwarded to the password server system, and a user entry comprising the first message and the server user ID is stored at the password server system. The first message may be a first cryptographic message formed by use of a first cryptographic function, and the first cryptographic function may be downloaded from the password server system to the user terminal. The method may further comprise generating at the password server system a unique lock-up code corresponding to the server user ID, and forwarding the lock-up code to the user terminal. The uniqueness of the server user ID being specified at the user terminal may be validated at the password server system, and the specification of the master password may be followed by a respecification of the master password at the user terminal. The method may also comprise downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator. The re-specification of the master password may be performed using the password pattern indicator, and the first cryptographic function may be downloaded from the password server system to the user terminal together with or as part of the password service application. The present invention also provides a method for authenticating a user operating the user terminal to the password server system. The present invention further provides a method of managing service site passwords and/or service site user ID's of users desiring access to one or more applications or service sites that require passwords and/or user ID.

Description

METHOD OF MANAGING PASSWORDS USING A MASTER PASSWORD

FIELD OF THE INVENTION

The present invention relates generally to managing of passwords and more particularly to methods of supporting registration and authenticating of a user operating a user terminal to a password server system. The present invention also relates to a method and a computer framework for managing passwords and/or user ID'S of users desiring access to applications or service sites requiring passwords and/or user ID'S.

BACKGROUND OF THE INVENTION

Many websites require users to supply a screen name or user name ("user ID") and a user-specific password in order to authenticate the user and provide account security. Similarly, many application programs, such as word processors with password protected filed, financial management software, and e-mail client programs also require a user ID and a password in order to access certain files and accounts.

In many cases, the password is generated by the supplier of the service or the application program itself. In such cases, the user may or may not be able to modify that password to be something easily remembered. This can result in a single user having many different user names and passwords, each of which is associated with a single website or application program.

In situations where the user is provided the capability to define his or her own password, it is unwise to use a common password for all of his or her access points for web sites and applications programs. For example, if an online financial or stock tracking website requires a user to set a password, it would be unwise for that user to use the same password as he may use for his online banking personal identification number (PIN) or other passwords for other programs and websites, as that password is supplied to the operator of the website and would allow the operator of that website to potentially access his or her other accounts. Therefore it remains common for users to have a multitude of passwords, each of which is associated with a different user ID and a different application program or website.

However, it quickly becomes unwieldy for a user to remember all the different user IDs and passwords associated with all the different application programs, accounts, and websites. So, many users keep track of their user Ids and passwords in a written form, such as writing them on a sheet of paper kept in their desk, or entering them in a word processor or data file in their personal digital assistant ("PDA") or personal computer ("PC").

This approach can cause a security problem in that the piece of paper may be found by an unauthorized user, resulting in unauthorized access to the user's programs and online accounts. The piece of paper can be lost causing unnecessary difficulty to the user in getting new passwords assigned to his or her accounts. If a user stores his or her passwords in a computer file on a PDA or PC, he may password- protect that file to provide some security, but may find this file is not available as easily as the paper copy.

Thus, there is need for a system and method, which provides a centralized, secure password storage facility with quick and easy user access of these passwords.

SUMMARY OF THE INVENTION

According to a first aspect of the invention, then in a network comprising a user terminal and a password server system, there is provided a method of supporting registration of a user operating said user terminal to said password server system, said method comprising: specifying a server user ID being unique to the password server system at the user terminal; specifying a master password at the user terminal; generating a first message at the user terminal, said first message being at least partly based on the specified master password; forwarding the first message and the server user ID to the password server system; and storing at the password server system a user entry comprising the first message and the server user ID.

It is preferred that the first message is a first cryptographic message formed by use of a first cryptographic function. The first cryptographic function may preferably be downloaded from the password server system to the user terminal.

It is within an embodiment of the first aspect of the invention that the method further comprises generating at the password server system a unique lock-up code corre- sponding to the server user ID, and forwarding the lock-up code to the user terminal.

It is preferred that the uniqueness of the server user ID being specified at the user terminal is validated at the password server system. It is also preferred that the specification of the master password is followed by a re-specification of the master password at the user terminal.

The method of the first aspect of the invention may further comprise: downloading a password service application from the password server system to the user terminal; displaying a password service user interface corresponding to the password service user application at the user terminal; and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator. It is preferred that the re- specification of the master password is also performed using the password pattern indicator. It is also preferred that the first cryptographic function is downloaded from the password server system to the user terminal together with or as part of the password service application.

According to a second aspect of the invention, then in a network comprising a user terminal and a password server system, there is provided a method of supporting registration of a user operating said user terminal to said password server system, said method comprising: a) downloading a password service application from the password server system to the user terminal and opening a corresponding password service user interface at the user terminal, b) specifying a server user ID at the user terminal at the password service user interface, c) validating the uniqueness of the server user ID at the password server system, and if a positive result of the validation, d) displaying a password pattern indicator at the password service user interface, e) specifying a master password using the password pattern indicator, f) re-specifying the master password using the password pattern indicator, g) generating at the user terminal a first cryptographic message based at least partly on the specified master password, h) forwarding the first cryptographic message and the server user ID to the password server system and storing the first cryptographic message together with the server user ID at the password server system, i) generating at the password server system a unique lock-up code corresponding to the server user ID, and j) forwarding the lock-up code to the user terminal.

For the methods of the first and second aspects of the invention it is preferred that the first message is further based on the server user ID. For the methods of the first and second aspects of the invention it is also preferred that the first message is generated by use of a cryptographic hash function.

The methods of the first and second aspects of the invention including the display of a password user interface may further comprise a display of an indication of the strength of the specified master password pattern at the password service user in- terface.

For methods of the first and second aspect of the invention including downloading of a password server application, then the password service application may comprise information of the internet address (URL) of an address server of the password server system, said address server providing the address of a key file server of the password server system to which key file server the first message and the server user ID is forwarded. For the methods of the first and second aspects of the invention it is preferred that the forwarding of the first message and the server user ID from the user terminal to the password server system is performed using a connection based on SSUTLS.

For methods of the first and second aspect of the invention including the display of a password pattern indicator, then the displayed password pattern indicator may comprise a color card comprising a number of colored fields, and the master password is specified at or typed into part of the colored fields. Here, the color card may be a matrix of rows and columns of colored fields, and a part of or all of the colored fields of the color card may comprise a letter or a numeral.

According to a third aspect of the invention, then in a network comprising a user terminal and a password server system, there is provided a method for authenticating a user operating the user terminal to said password server system, said method comprising: storing one or more user entries corresponding to one or more users registered at said password server system, each said user entry comprising a server user ID corresponding to the registered user and being unique to the password server system, and each said user entry further comprising a first cryptographic message formed by use of a first cryptographic function and based on said server user ID and a master password of the registered user; establishing a data communication channel between the password server system and the user terminal being operated by the user; specifying the users server user ID at the user terminal and forwarding said server user ID to the password server system; forwarding a login random value or random challenge from the password server system to the user terminal; specifying the users master password at the user terminal; generating a second cryptographic message at the user terminal, said second cryptographic message being formed by use of a second cryptographic function and based on the received login random value or challenge and a generated cryptographic message formed by use of the first cryptographic function and based on the specified server user ID and master password; forwarding the second cryptographic message to the password server system; generating a third cryptographic message at the password server system, said third cryptographic message being formed by use of the second cryptographic function and based on the login random value or challenge and the stored first cryptographic message; and comparing, at the password server system, the received second cryptographic message and the third cryptographic message to thereby authenticate the user.

For the method of the third aspect of the invention it is preferred that the server user ID being specified at the user terminal is validated at the password server system before the login random value or challenge is forwarded to the user terminal.

It is preferred that the method of the third aspect of the invention further comprises downloading a password service application from the password server system to the user terminal and displaying a corresponding password service user interface at the user terminal, said specification of the server user ID being performed by use of the displayed password service user interface. Here, the method may further comprise displaying a password pattern indicator at the password service user interface, where the specification of the master password may be performed by use of the password pattern indicator.

It is within an embodiment of the third aspect of the invention that the first and second cryptographic functions are downloaded from the password server system to the user terminal. Here, the first and second cryptographic functions may be downloaded from the password server system to the user terminal together with or as part of the password service application.

For the methods of the third aspect of the invention it is preferred that the registration of a user operating a user terminal to said password server system is performed by a registration method comprising: specifying the server user ID being unique to the password server system at the user terminal, specifying the master password of the user to be registered at the user terminal, generating the first cryptographic message at the user terminal, forwarding the first cryptographic message and the server user ID to the password server system, and storing at the password server system a user entry comprising the first message and the server user ID. Here, the first cryptographic function used for generat- ing the first cryptographic message at the user terminal may be downloaded from the password server system to the user terminal.

For the methods of the third aspect of the invention, the registration method may further comprise: generating at the password server system a unique lock-up code corresponding to the server user ID, and forwarding the lock-up code to the user terminal.

For methods of the third aspect of the invention including the registration of a user to the password server system, then the uniqueness of the server user ID being specified at the user terminal during said registration method may preferably be validated at the password server system.

For methods of the third aspect of the invention including the registration of a user to the password server system, then the specification of the master password during said registration method may be followed by a re-specification of the master password at the user terminal.

For methods of the third aspect of the invention including the registration of a user to the password server system, then it is preferred that the registration method further comprises: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator. Here, the first cryptographic function may be downloaded from the password server system to the user terminal together with or as part of the pass- word service application. It is within an embodiment of the methods of the third aspect of the invention that the first and second cryptographic functions are cryptographic hash functions. Here, it is preferred that the first and second cryptographic functions are the same crypto- graphic hash function.

For methods of the third aspect of the invention including downloading of a password server application, then the password service application may comprise information of the internet address (URL) of an address server of the password server system, said address server providing the address of a key file server of the password server system, which key file server is in communicative connection with the user terminal during said method of authentication.

For the methods of the third aspect of the invention it is preferred that the forwarding of cryptographic messages and the server user ID from the user terminal to the password server system and the forwarding of the random value or challenge from the password server system to the user terminal is performed using a connection based on SSUTLS.

For methods of the third aspect of the invention including displaying of a password pattern indicator it is preferred that the displayed password pattern indicator comprises a color card comprising a number of colored fields, and that the master password is specified at or typed into part of the colored fields. Here, the color card may be a matrix of rows and columns of colored fields, and part of or all of the colored fields of the color card may comprise a letter or a numeral.

According to a fourth aspect of the invention, then in a network including a user terminal and a password server system, there is provided a method of managing service site passwords and/or service site user ID's of users desiring access to one or more applications or service sites that require passwords and/or user ID₁ said method comprising: storing at said password server system, for a number of users being registered at the password server system, one or more key file entries corresponding to one or more applications or service sites, each said key file entry comprising data representing the service site ID of the application or service site and an encrypted key file message based at least partly on the service site password and/or service site user ID required to access the respective application or service site, said encrypted key file message being encrypted by use of a first key based at least partly on a master password corresponding to the user.

For the method of the fourth aspect of the invention it is preferred that a key file entry is generated by a key file generation method comprising: login the user to the password server system; specifying the users master password at the user terminal; receiving, at the user terminal, input specifying the service site ID of the application or service site for which the key file entry is to be generated; specifying or generating, at the user terminal, the service site password and/or service site user ID required to get access to the application or service site for which the key file entry is to be generated; generating, at the user terminal, said first key based at least partly on the specified master password; encrypting, at the user terminal, the required service site password and/or service site user ID by use of the first key to thereby obtain the encrypted key file message; forwarding data representing the application or service site ID and the encrypted key file message to the password server system; and storing at the password server system a key file entry comprising data representing the application or service site ID and the encrypted key file message.

It is within an embodiment of the methods of the fourth aspect of the invention that for each key file entry a key file random value is generated and stored as part of the key file entry at the password server system, and that the first key used for encrypting the key file message is further based on said key file random value.

For methods of the fourth aspect of the invention including a key file generation method, it is preferred that said key file generation method further comprises: generating a key file random value at the user terminal, wherein said first key being generated at the user terminal is generated by use of a cryptographic function based on the users master password and the key file random value, and the generated key file random value is forwarded to the password server system and stored as part of the key file entry.

For methods of the fourth aspect of the invention including a key file generation method, it is preferred that said key file generation method comprises: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator. Here, the functions for generating the first key and the encrypted key file message may be downloaded from the password server system to the user terminal together with or as part of the password service application. Preferably, the function(s) for generating the key file random value is/are downloaded from the password server system to the user terminal together with or as part of the password service application.

It is within an embodiment of the method of the fourth aspect of the invention that when the user is logged out from the password server system, said method further includes a key file message re-generation method comprising: login the user to the password server system; downloading a key file entry, which corresponds to an application or service site selected by the user, from the password server system to the user terminal; specifying the users master password at the user terminal; re-generating the first key corresponding to the downloaded key file entry at the user terminal; decrypting the encrypted key file message of the downloaded key file entry at the user terminal by use of said re-generated first key to thereby obtain the service site password and/or service site user ID required to access the selected application or service site; and using the obtained service site password and/or service site user ID to get access to the selected application or service site from the user terminal. It is preferred that the key file random value being stored as part of the downloaded key file entry is retrieved at the user terminal, and that the first key corresponding to the downloaded key file entry is re-generated based on the specified master password and the retrieved key file random value.

For the method of the fourth aspect of the invention it is preferred that the key file message re-generation method further comprises: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator. Preferably, the functions for generating the first key and the encrypted key file message are downloaded from the password server system to the user terminal together with or as part of the password service application. It is also preferred that the first key is generated by use of a cryptographic hash function.

For methods of the fourth aspect of the invention including downloading of a password server application, then the password service application may comprise information of the internet address (URL) of an address server of the password server system, said address server providing the address of a key file server of the password server system, which key file server is in communicative connection with the user terminal during said generation and storage of a key file entry.

For the methods of the fourth aspect of the invention it is preferred that the commu- nication between the user terminal and the password server system is performed using a connection based on SSL/TLS.

For methods of the fourth aspect of the invention including displaying of a password pattern indicator, the displayed password pattern indicator may comprise a color card comprising a number of colored fields, and the master password may be specified at or typed in the colored fields. Here, the colour card may be a matrix of rows and columns of colored fields, and part of or all of the colored fields of the color card may comprise a letter or a numeral. For the methods of the fourth aspect of the invention it is preferred that the login of the user to the password server system comprises a user authentication, which includes a specification of the users master password at the user terminal. Here, the user authentication comprises a method selected from any of the methods of the third aspect of the invention.

According to a fifth aspect of the invention there is provided a computer program product in a computer readable media for use in a network comprising one or more user terminals and a password server system, said computer program product being a password service application program for supporting registration of a user operating a user terminal to said password server system and comprising: means for displaying, at a user terminal having a display device and having said password service application program installed, a password service user interface with a password pattern indicator, means for generating a first cryptographic message by use of a first cryptographic function and based at least partly on a master password specified at or typed into the displayed password pattern indicator, and means for forwarding the first cryptographic message from the user terminal to the password server system.

For the computer program product according to the fifth aspect of the invention it is preferred that the means for generating the first cryptographic message is further adapted for generating the first cryptographic message based at least partly on a server user ID for the password server system, which server user ID is specified at or typed into the displayed password service user interface, and on the master password specified at or typed into the displayed password pattern indicator. Preferably, the means for forwarding the first cryptographic message from the user terminal to the password server system is further adapted for forwarding the server user ID from the user terminal to the password server system.

For the computer program product according to the fifth aspect of the invention it is preferred that the means for generating the first cryptographic message is adapted for generating the first cryptographic message by use of a cryptographic hash function. It is also preferred that the computer program product according to the fifth aspect of the invention further comprises means for displaying at the password service user interface an indication of the strength of the specified master password.

According to an embodiment of the fifth aspect of the invention the computer program product may further comprise: means for generating a second cryptographic message by use of a second cryptographic function and based on a received login value or challenge and a generated cryptographic message formed by use of the first cryptographic function and based on the specified server user ID and master password, and means for forwarding the second cryptographic message from the user terminal to the password server system. Here, the login value or challenge may be a random value or challenge received from the password server system.

It is within the fifth aspect of the invention that, the password server system may be adapted for managing service site passwords and/or service site user ID'S of users desiring access to one or more applications or service sites that require passwords and/or user ID's. Thus, it is within an embodiment of the fifth aspect of the invention that the computer program product further comprises: means for receiving input specifying the service site ID of an application or service site for which the user desires to get access, means for generating a first encryption/decryption key based at least partly on the master password specified at or typed into the displayed password pattern indicator, means for generating an encrypted key file message by use of the first encryption/decryption key and based on a service site password and/or service site user ID being specified for the application or service site for which the user desires to get access, and means for forwarding the application or service site ID and the encrypted key file message from the user terminal to the password server system, whereby a key file entry comprising the specified service site ID and the encrypted key file message can be stored at the password server system. Here, the service site password and/or service site user ID may be specified at the displayed password user interface. The computer program product may also or further comprise means for gener- ating upon a user request said service site password and/or service site user ID. Furthermore, the computer program product may comprise means for generating a key file random value, with said means for generating the first encryption/decryption key being adapted to generate said first key by use of a cryptographic function, which may be a cryptographic hash function, and based on the specified master password and the key file random value. The computer program may also further comprise means for forwarding the key file random value from the user terminal to the password server system to thereby form part of the key file entry. It is within a preferred embodiment that the computer program product further comprises: means for downloading a key file entry, which corresponds to an application or service site specified by the user at the password service user interface, from the password server system to the user terminal, means for retrieving the key file random value and the service site ID from the downloaded key file entry at the user terminal, means for re-generating the first encryption/decryption key based on the retrieved key file random value and on the master password specified at the password service interface, and means for decrypting the encrypted key file message of the downloaded key file entry by use of the re-generated first encryption/decryption key to thereby obtain, at the password service user interface, the service site password and/or service site user ID required to access the specified application or service site.

For the computer program product according to the fifth aspect of the invention it is preferred that the displayed password pattern indicator comprises a color card com- prising a number of colored fields. Here, the color card may be a matrix of rows and columns of colored fields, and part of or all of the colored fields of the color card may comprise a letter or a numeral.

It is also within an embodiment of the fifth aspect of the invention that the computer program product further comprises means for establishing a secure connection between the user terminal and the password server system, said secure connection being based on SSTVTLS.

According to a sixth aspect of the invention there is provided a computer framework for managing service site passwords and/or service site user ID's of users desiring access to one or more applications or service sites that require passwords and/or user ID's, said framework comprising: a password server system for storing one or more key file entries corresponding to one or more applications or service sites, and a user terminal with a first program executed thereon for generating a key file entry or data for a key file entry, said first program comprising means for receiving input specifying the service site ID of an application or service site for which the user desires to get access, means for generating a first encryption/decryption key based at least partly on a users master password specified at the user terminal, means for generating an encrypted key file message by use of the first encryption/decryption key and based on a service site password and/or service site user ID being specified for the application or service site for which the user desires to get access, and means for forwarding key file entry data representing the service site ID and the encrypted key file message from the user terminal to the password server system for storing as a key file entry at said password server system.

It is preferred that the first program of the computer framework further comprises means for generating a key file random value, and that said means for generating the first encryption/decryption key is adapted to generate said first key by use of a cryptographic function and based on the specified master password and the key file random value, with said means for forwarding key file entry data further being adapted for forwarding data representing the key file random value from the user terminal to the password server system to thereby form part of the key file entry.

It is also preferred that for the first program of the computer framework, the first encryption/decryption key is generated by use of a cryptographic hash function.

Preferably, the first program of the computer framework further comprises: means for downloading a key file entry, which corresponds to an application or service site specified at the user terminal, from the password server system to the user terminal, means for retrieving the key file random value and the service site ID from the downloaded key file entry at the user terminal, means for re-generating the first encryption/decryption key based on the retrieved key file random value and on the users master password specified at the user terminal, and means for decrypting the encrypted key file message of the downloaded key file entry by use of the re-generated first encryption/decryption key to thereby obtain, at the user terminal, the service site password and/or service site user ID required to access the specified application or service site.

It is also within an embodiment of the computer framework of the sixth aspect of the invention that the first program comprises means for displaying, at a display of the user terminal, a password service user interface with a password pattern indicator for specification or entering of the user's master password. Here, the displayed password pattern indicator may comprise a color card comprising a number of colored fields. The color card may be a matrix of rows and columns of colored fields, and part of or all of the colored fields of the color card may comprise a letter or a numeral.

GLOSSARY AND DEFINITIONS

Throughout this application a number of terms are used in the description of the components of the system of the present invention. These terms are described in the following.

Zeqr

Zeqr is the presently used name for the overall solution and system of the present invention. The Zeqr solution aims at making it easy for a user to handle a multitude of login information (user ID, password) that is required nowadays. It allows the user to use really strong passwords if he wishes, of a type that he normally would not be able to remember. Those passwords may be stored in encrypted form on an internet server, allowing the user to access the login information anywhere, anytime, as long as he has internet access.

When using the Zeqr solution it is possible to start from a current status quo (either weak passwords or identical passwords for many services), and to improve this to a level where the user only has to remember one single master password, also called pattern. This pattern should therefore be chosen as strong as possible. In order to facilitate strong patterns, the Zeqr solution may give the user a number of mnemonic helps that make it easier for him to remember long and complex patterns.

System components

The user is the person that legitimately wants to log into a site. A service site is the service that the user wants to log into. It could be a web site, but also an automatic teller machine, his mobile phone, or a computer program. The Zeqr application is the program that runs on the user's computational device or terminal and that helps him with remembering passwords.

A key file server (KFS) stores and protects the key files of the users. These files contain the user's login information in encrypted form.

Key File Server

All communication between the user and the key file server may be protected by SSL/TLS. In order to reduce workload for the server, resuming of SSUTLS sessions should be enabled. Note that the SSL/TLS protocol allows the user to verify the identity of the server, but not vice versa. Thus, the user may have to authenticate himself to the server (otherwise, everyone could download the user's key file). The key file server should be a trustworthy entity that is run by a reliable party (such as a bank, the organization you work with, Zeqr, or some kind of official authorities). It is assumed that the key file server is protected in an appropriate way against all standard attacks that do not target peculiarities of the Zeqr protocol (i.e., it runs firewall and virus scanner, has been penetration tested etc.). It is also assumed that there is always a server available. This can be achieved e.g. by server replication.

Color cards

In order to access his login information, the user may have to identify himself to the KFS. This may be done by use of a color card.

A color card is an NxM matrix of colored fields that is displayed on the user's screen. In addition to the colors, the fields can also contain other mnemonic helps, such as characters or symbols. It may be a 6x6 matrix with the letters 'A'-'Z' and '0'- '9'.

The pattern is what the user may enter into the color card by clicking on a succession of fields (or pressing the equivalent buttons on the keyboard). The pat- tern is used to authorize the user to the Zeqr application, and is used as a master password.

A KFS user ID may be the name the user has given himself for use with the key file server.

Service login

We assume that in order to log into a given service, the user needs an ID and a password.

The service site ID may be the mnemonic name used by the user for a login site. Examples for site IDs could be "Amazon", "Netbank" or "gmail". The site ID may be chosen by the user and does not have to match the name that the site would use for itself.

The sen/ice user ID may be the name that the user is known under at a given site. It could be something like "jesper.hansen", "jh@mymail.dk" or "klodshans". When chosen by the user, the user ID will typically be mnemonic and easy to guess.

The password may be what the user uses as input to the "password" field of a login site. The password may be chosen by the user or by the Zeqr application. In particular, the definition of a password may also cover PIN numbers.

Internal elements

Internally, a number of additional data elements may be used:

A key file entry (KFE) is a single set of data that may contain the log-in data for one user and one log-in purpose only (e.g., for allowing the user "jesper52" to log into the "Amazon UK" website).

A key file is a collection of all key file entries for a given user. In addition, we sometimes use the notion of a key, which is denoted like this for traditional reasons and has nothing to do with the key file:

A key may be any internal secret used by the Zeqr application. The user may not be aware of the existence of such a key. Examples for keys could be values derived from the pattern and other inputs, or they could be internal serial numbers that are different for each copy of the application or for each password file (see below).

Cryptographic algorithms

In order to achieve the protection goals, a number of cryptographic algorithms may be used.

An encryption algorithm uses a key to transform an input string (plaintext) into an encrypted output string (ciphertext). For those who do not know the key, the ci- phertext cannot be distinguished from a random string.

For each encryption algorithm, there exists a corresponding decryption algorithm, which uses the same key to inverse the effect of the encryption algorithm (i.e., to transform a ciphertext back into a meaningful plaintext).

A cryptographic hash function is an algorithm that transforms an input string of arbitrary length into an output string of fixed length. For those who do not know the input string, the output cannot be distinguished from a random string. Note that this is not the same as a general-purpose hash function as it is taught in elementary computer-science education.

A random number generator (RNG) is an algorithm that generates random- looking output strings from a root value. Note that this generator has to be a cryptographic RNG, and that it has to be properly initialized before the first use.

We recommend using AES-256 in counter mode for encryption and decryption and SHA-256 for hashing. The security of the system could be improved by choosing a slow hash function, but this would place a high workload on the server. Thus, a normal (fast) hash function is used for the current version. The algorithms are described in: [NIST01] Federal Information Processing Standards Publication 197: Advanced Encryption Standard (AES). November 26, 2001 ,

[NISTOIa] NIST Special Publication 800-39a: Recommendation for Block Cipher Modes of Operation. July, 2001 , and [NIST02] Federal Information Processing Standards Publication 180-2: Secure Hash Standard. August 01 , 2002, respectively. Implementations in C and C++ are available from a number of libraries, such as those described at http://www.homeport.org/~adam/crypto/table.html. The most well-known libraries here are OpenSSL, CryptLib (requires a license) and Crypto++ (powerful, but difficult to use).

As RNG, the generator provided with the cryptographic library should be used (do not use generators that are provided with a normal software library).

Notation

In the following, cryptographic algorithms are sometimes abbreviated with Enc(), Dec(), Hash(), or RNG(), respectively. For each algorithm, the input values are given in parenthesis. For Enc() and Dec(), the first parameter denotes the key, while the second one denotes the text input. For RNG(), the input is the (integer) range of possible output values.

The concatenation of two strings of characters is denoted by II. As an example, a Il b means that you first write string a, and then string b.

The Color Card

The color card can be seen as the keyboard that is used to log into a protected part of the Zeqr application. Behind the scenes, the pattern typed into the color card may be used for different purposes, e.g. as authentication key and for decryption purposes, but the user may not be aware of this. For him, typing the pattern into the color card may be like locking up a box containing all his passwords.

The color card may be identical for all users, i.e., all color cards may have the same layout with respect to colors and characters. No matter where the user starts the

Zeqr application, he may be presented with the same color card. This card may contain 6x6 fields, each of which may have one of five possible colors. In addition, each field may also be marked with a character (letter or number), where the characters are ordered alphabetically. Enhancing the Pattern Quality

The pattern represents a master password. Its quality is thus of paramount importance. The main threat here may be dictionary attacks, where the attacker simply guesses the pattern, starting with the most likely ones. The following techniques can be used to make life harder for the attacker:

1. Ensure that the pattern is sufficiently long.

2. Ensure that the pattern is sufficiently complex (not just pressing the first field eight times in a row). 3. Ensure that one dictionary test takes a long time, thus guaranteeing that doing many dictionary tests quickly becomes unfeasible.

Pattern quality meter

When choosing the pattern or master password for the first time, the user may be given a feedback of his pattern quality. This may be implemented as a status bar describing the level of protection against brute-force attacks. In one embodiment, the status bar may be increased by one step for each additional click. The maximum security could be reached for a pattern length that corresponds to 280 brute-force guesses, a security of 50% could be reached for an equivalent of 240 brute-force guesses. If the recommended color card size of 6x6 is used, then this corresponds to 8 clicks for "medium" security and 16 clicks for "high" security. Future versions of the Zeqr application may also test for patterns that are too simple. Clicking sixteen times on the same field obviously should not give a security rating of "high".

Pattern update reminder

If the pattern or master password quality (as measured by the pattern quality meter) is not optimal, then the program may encourage the user to improve the pattern over time. The idea behind this is that the user could start to learn, e.g., a 6-click pattern. Once he got used to this pattern, he might be able to memorize one or two additional clicks, thus significantly improving the quality of his pattern. The pattern update reminder may be displayed after a given period of time (e.g., every second month), or after the pattern was entered a given number of times (e.g., 50 times).

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a network comprising a user terminal and a password server according to an embodiment of the invention,

FIG. 2 shows a password service user interface according to an embodiment of the invention,

FIG. 3 shows a password service user interface with a password pattern indicator according to an embodiment of the invention,

FIG. 4 illustrates a tool bar being part of a password service user interface according to an embodiment of the invention,

FIG. 5 shows a login dropdown menu being opened in a password service user in- terface according to an embodiment of the invention,

FIG. 6 shows a main menu being opened in a password service user interface according to an embodiment of the invention,

FIG. 7 shows an example of a print out of user data according to an embodiment of the invention,

FIG. 8 shows a password service user interface including an advertisement service according to an embodiment of the invention,

FIG. 9 shows a display of last displayed advertisements according to an embodiment of the invention,

FIG. 10 shows a password service user interface on a mobile handset according to an embodiment of the invention, FIG. 11 is a flowchart illustrating the process of registration of a user to set up a user account at a password server system according to an embodiment of the invention,

FIG. 12 is a flowchart illustrating the process of authenticating a user to be logged in to a password server system according to an embodiment of the invention,

FIG. 13 is a flowchart illustrating a user logout from a password server system according to an embodiment of the invention,

FIG. 14 is a flowchart illustrating the process of locking down a user account and re- enabling the user account according to an embodiment of the invention,

FIG.15 is a flowchart illustrating the process of generating and uploading to a pass- word server system a key file entry comprising user login information relating to an application or service site in accordance with an embodiment of the invention,

FIG. 16 is a flowchart illustrating a process of downloading the key file entry generated and uploaded as illustrated in FIG. 15,

FIG. 17 is a flowchart illustrating a process of deleting the key file entry generated and uploaded as illustrated in FIG. 15,

FIG. 18 is a flowchart illustrating a process of updating the key file entry generated and uploaded as illustrated in FIG. 15, and

FIG. 19 is a flowchart illustrating the process of changing a master password or pattern for a user being registered at a password server system in accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

In the following is given a detailed description of the invention in conjunction with the presented figures. Fig. 1 illustrates a network comprising a user terminal and a password server according to an embodiment of the invention. In Fig.1 is schematically shown how the Zeqr system can be used to assist logging into a service site. A user 11 will log into the key file server, KFS 12, and download the data required. The data is then de- crypted by the Zeqr application 13 and set into the service site's login field 14.

All communication between the user and the key file server is preferably protected by SSL/TLS. In order to reduce workload for the server, resuming of SSL/TLS sessions should be enabled. Note that the SSL/TLS protocol allows the user to verify the identity of the server, but not vice versa. Thus, the user has to authenticate himself to the server; otherwise everyone could download the user's key file.

The key file server has to be a trustworthy entity that is run by a reliable party. It is assumed that the key file server is protected in an appropriate way against all stan- dard attacks that do not target peculiarities of the Zeqr protocol, i.e. it runs firewall and virus scanner, has been penetration tested etc. It is also assumed that there is always a server available. This can be achieved e.g. by server replication.

Fig. 2 shows a password service user interface according to an embodiment of the invention. In Fig. 2 the user interface is provided by the Zeqr application 21 , which is a browser plug-in. It has a color card 22, which is only displayed when needed in order to make the application as user friendly as possible. The application also features a text field 23 where information of relevance for the user will be displayed. The application has a field for user names 24 where one or several user names can be entered if several users share the same application. The application also has a "Next" link 25.

In Fig. 3 is shown a password service user interface with a password pattern indicator according to an embodiment of the invention. Here the password pattern indica- tor is a color card 31 in the forma of a virtual keyboard, where the user can enter his master password for his Zeqr account. As default it is a 6x6 matrix with characters and numbers so it is easy to use as a virtual keyboard. The fields of the color card have 5 different colors by default, black, red, green, blue, yellow, arranged randomly making it a mnemo technical tool for the user, who can choose a pattern he finds easy to remember, and use the pattern as his Zeqr master password. When the user enters his pattern, dots will appear in the field 32 and if the user wants to reset he clicks on the "Reset" link 33. A meter 34 may automatically compute the strength of the pattern entered by the user, and a warning message may be shown if the user chooses a pattern that is weak.

In Fig. 4 is shown a tool bar being part of a password service user interface according to an embodiment of the invention. When the Zeqr application has been installed, a Zeqr tool bar will be integrated in the browsers tool bar 41. The appearance of the tool bar be will different according to whether the user is logged in to his Zeqr account or not. If the user is logged in, the tool bar will display a "Zeqr login to" dropdown menu 42.

In Fig. 5 is shown a login dropdown menu being opened in a password service user interface according to an embodiment of the invention. If the user clicks on the login dropdown menu 51 a list will be displayed with names of all the service sites 52 where the user has created an account using the Zeqr application.

Fig. 6 shows a main menu being opened in a password service user interface according to an embodiment of the invention. If the user clicks on the Zeqr icon 61 in the tool bar, a main menu 62 will be opened with all the options offered by the application.

The Zeqr application may also feature a print out option so the user can print out his Zeqr data including the unlock code. This is illustrated in Fig. 7, where the print out shows one color card 71 for each character of the users pattern, and it may also have a text field 72 with the users KFS User ID, his password as text and the unlock code. It is recommended that the user keeps the print out in a safe place as a back up in case he forgets his login data.

Fig. 8 shows a password service user interface including an advertisement service according to an embodiment of the invention. The application may have a field 81 where information or advertisements can be displayed according to preset rules. The application may also have an option for the user to open a website 91 with the last 20 advertisements displayed by the application. This is shown in Fig. 9. Fig. 10 shows a password service user interface on a mobile handset according to an embodiment of the invention,

A special edition of the application can be installed on mobile handsets 101 as illus- trated in Fig. 10 and a special user interface 102 may adapt the application to the mobile operative system, be it Windows Mobile, Symbian or any other platform.

In Fig. 11 is shown a flowchart illustrating the process of registration of a user to set up a user account at a password server system according to an embodiment of the invention. In order to set up a Zeqr user account, the user starts by going to a web site where he can download the Zeqr application 111. He then installs the application following standard procedures. In the course of the installation process the user is asked to choose a KFS User ID 112. This could be his own name, his e-mail address or any other unique but memorizable string. The key file server system checks if the KFS User ID is free 113 and if it is already being used an error message will be displayed.

If the KFS User ID is accepted, a color card is displayed 114 and the user is asked to enter his pattern or master password. He types his pattern into the card (client- sided). The status bar on the application may give him an indication of the pattern strength. He is then asked to re-enter the pattern 115. After the user has re-entered his pattern, a Zeqr account has to be set up at the KFS. To this end, the Zeqr application sends 116 the KFS user ID and the following value H1 to the KFS:

H1 := Hash (1 || KFS User ID || Pattern)

The KFS stores these values 117 for later use as authenticator.

A lock-up code, a randomly generated 80-bit value, may be generated at the KFS

118 and transmitted to the Zeqr application, where it is displayed to the user. The KFS saves the lock-up code together with the other account data for later use. The code may be displayed to the user in Base32 format (16 characters long) in the style known from program codes: xxxx-xxxx-xxxx-xxxx. The lock-up code is required to unlock an account that has been locked after to many wrong login attempts, either by the user or by an attacker. The system may recommend printing the pattern 119, and if the user chooses to print, the printing job is executed by the application 1110. The warning message may clearly state that the Zeqr system cannot reconstruct the pattern and that the user is solely responsible for remembering it. The user now has a working Zeqr ac- count 1111.

FIG. 12 is a flowchart illustrating the process of authenticating a user to be logged in to a password server system according to an embodiment of the invention. When the user initiates any security-related activities from a user terminal, the Zeqr appli- cation establishes a secure connection from the user terminal to the KFS using

SSL/TLS 121. The Zeqr application may contain the internet address (URL, not IP address) of a server where the KFS address can be obtained. In this way, whenever the Zeqr application wants to establish a contact to the KFS, the server will choose 122 a suitable KFS for the user. This choice can be based on criteria like physical proximity, availability, customer class, etc. In theory, we could allow the user to choose the KFS by himself. This should be an advanced option, since most users will be confused by such a choice. Typically, the KFS will keep their records synchronized in order to guarantee that there is always at least one server available for the user. Note that since contacting the server is security-critical, this connection should be based on SSL/TLS, too.

After the contact to the KFS is established 123, the user has to be authenticated to log into his KFS account. In order to do this, he types in his KFS User ID 124 at the Zeqr application user interface, and the KFS User ID is then sent to the KFS. The KFS checks if the KFS User ID is valid 125 and if it is not valid an error message is displayed. If the KFS User ID is valid the KFS sends 126 a random value N, a so- called challenge, to the Zeqr application at the user terminal. The user enters his pattern or master password into the color card 127 and the Zeqr application computes 128 the hash value H2:

H2 := Hash (2 || N || Hash (1 || KFS User ID || Pattern) ) and sends H2 to the KFS.

The KFS also computes a similar hash value 2 comprising N and the stored hash value 1 , see flowchart in Fig. 11 , and compares 129 whether H2 = Hash (2 || N || H1 ) and verifies if the authentication process is positive. If "no", the KFS rejects the request 1210. If "yes", the KFS accepts that the user knows the same secret as the person who set up the account, and accepts the login 1211. While the user is logged in, the Zeqr application may store the user's pattern or master password for use in encryption or decryption processes.

Logging out from a Zeqr account, as illustrated in Fig. 13, does not require any special cryptographic method. The server automatically terminates the session when the operation has been finished 131 , e.g., a requested key file entry, KFE₁ has been sent, a new KFE has been installed, or the pattern has been changed.

After the user has logged out 132 and the application has completed the computations related to the request, e.g., decrypted the KFE, the user's pattern or master password that was stored by the Zeqr application is deleted 133. Here, "deleting" means more than just removing the pointer to an object in memory; the pattern should be overwritten with zeroes. The same holds for the list of available service site IDs.

Fig. 14 is a flowchart illustrating the process of locking down a user account and re- enabling the user account according to an embodiment of the invention. Here, the user only gets a limited number of login attempts to protect the user account against guessing attacks. After a set number of wrong attempts 141 , the KFS locks down the account 142. If the account has been locked after too many failed lock-in attempts, the user has to enter his lock-up code 143 in order to re-enable the account. This lock-up code was displayed when he set up the account. When the lock-up code is entered correctly, the KFS re-enables the account 144.

In Fig.15 is shown a flowchart illustrating the process of generating and uploading to a password server system a key file entry comprising user login information relating to an application or service site in accordance with an embodiment of the invention. The main activity of the user who has logged in to the KFS is to store or retrieve passwords, i.e. key file entries. One key file entry should contain all the login information that relates to one service site. A key file entry (KFE) should contain information of the service site ID, the service user ID, and the password. However, here the service user ID and the password are encrypted. The KFE must not be stored on the user's computer longer than absolutely necessary for the task at hand. Typically, it is downloaded, used, and deleted again, long before the browser is closed or the user is logged out of his computer.

When the user wants to add login data for a new service site, he starts by having his browser open at the user terminal to the service site in question 151. Then he opens his Zeqr application 152 and logs in to the KFS by entering his KFS User ID and his pattern or master password. The user chooses the application option "Register at new website" 153. The user selects a name for the service 154, the service site ID. The KFS checks if the name is free 155; if it is not free an error message is displayed. The root name of the service site is automatically picked up 156 by the Zeqr application if possible.

The user can now choose 157 whether he wants to select username, service user ID, and password for the service site himself, or if he wants the Zeqr application to generate them. The service user ID can either be a string that the user chooses himself (such as "Henry"), or a string that is randomly generated by the Zeqr application. The password can also be a string that the user selects himself, in fact, manually entering the password might be necessary in certain scenarios, for in- stance where the user has no right to choose the username and/or password, or if the user for some reason wants to use a specific username and/or password. If the user chooses to select username and password himself 158, he enters the data in the dedicated fields on the application at the user terminal 159, and by clicking on a link the Zeqr application will automatically encrypt the username and pass- word 1510 before being sent to the key file server. This is done as follows:

Rand := RNG(O to 2¹²⁸-1)

CipherKey := Hash (3 | | Pattern | | Rand)

EncData := Enc (CipherKey, (Service User ID | | Password) )

Here, the encryption key is generated by hashing the pattern/master password and a random value, thus generating a seemingly random distribution of the key bits.

Then the data is encrypted under that key. The main purpose of the random value is to guarantee that even if the user uses the same User ID and password for two different log-in sites, the EncData values will nonetheless be different. If the user asks the Zeqr application to generate the username and/or password 1511 he may be able to select the character set and the length 1512 from dropdown menus. Then the Zeqr application will generate these values 1513 following this procedure:

Let L denote the length of the service user ID or password, let S denote the number of elements in the character set, e.g., S=26 if the character set is {a,b z}, and

S= 10 if the character set is {0,1 9}, and let charSet[S] be the array of dimension S containing the character set. Then the following algorithm is used for generation of a service user ID or password:

For i := 0 to L-I

temp := RNG(O to S-I)

output [i] := charSet [temp]

return output []

Username and password are encrypted by the Zeqr application 1514 before being sent to the key file server. This is done as follows: Rand : = RNG ( O to 2128 - 1 )

CipherKey := Hash(3 I I Pattern || Rand)

EncData := Enc (CipherKey, (Service User ID | | Password) )

The encryption key is generated by hashing the pattern/master password and a random value, thus generating a seemingly random distribution of the key bits. Then the data is encrypted under that key. The main purpose of the random value is to guarantee that even if the user uses the same User ID and password for two different log-in sites, the EncData values will nonetheless be different.

The key file entry is generated 1515 with the following components: • The service site ID.

• The value Rand.

• The value EncData.

The KFS now uploads the key file entry 1516 from the user terminal to the KFS. The server checks 1517 whether a file with the same service site ID already exists. If the result of this check is "yes", the user is warned 1518 that he is about to overwrite the old file. If he insists, the old file is overwritten. The key file entry has now been generated, uploaded and stored at the KFS.

However, in most cases when a user has generated a key file entry, he wants to open an account at the website or service site for which the key file entry has been generated. Thus, the user wants to enter the password and/or User ID for the service site account in question being opened at the user terminal, which is illustrated by steps 1519 to 1522. The application looks for at match 1519 to the service site ID in a template library on a Zeqr server. If there is no match the user will have to enter usemame and password in fields manually 1520. If there is a match the Zeqr application will automatically 1521 insert usemame and password in the fields of the service site according to the format of the template. The user has now created an account at the service site 1522.

Fig. 16 is a flowchart illustrating a process of downloading the key file entry generated and uploaded as illustrated in Fig. 15. Before downloading a key file entry the user must login 161 to the KFS by entering his KFS User ID and his pattern or master password. If it is the first time that the user logs in to the KFS from a given computer or user terminal 162, an identification token, e.g. a cookie, may be stored both on the computer and on the KFS 163. This token is at least 16 bytes long; it is randomly generated by the KFS and then transmitted to the user's computer. If such a token is present when the Zeqr application is started at a later point in time, the Zeqr application may automatically fetch the list of all service site IDs for the user from the KFEs. This can be done without further cryptographic support, since the user is logged in and the connection between server and Zeqr application on user terminal is protected by SSL/TLS. If no token is present e.g., because the user works for the first time on a given computer, or because the token was deleted, then the user has to log into the KFS first in order to obtain the list of service site IDs.

By clicking on a particular service site ID 164, the user can download the corresponding KFE from the KFS 165. Again, no additional cryptographic support is necessary, since the user is logged in and the connection between server and Zeqr application is protected by SSUTLS.

The KFE that was downloaded is in encrypted form; it has to be decrypted using the user's pattern or master password. As the Zeqr application may have stored the user's pattern, the user may not have to type it in again. The Zeqr application automatically decrypts 166 the password by inverting the encryption as follows:

CipherKey := Hash (3 I I Pattern | | Rand )

Service User ID I I Password := Dec ( CipherKey ; EncData )

If a domain name is available for this service site ID, then the Zeqr application compares 167 the current domain name in the browser with that of the service site ID. If they do not match, a warning 168 is given to the user. This may protect against a number of phishing attacks, but not against all. For example, if the correct site has the address www.hostingpartner.com/toyshop, then the attacker might register a site under www.hostingpartner.com/fashionshop. A Zeqr version may only compare the root address (www.hostingpartner.com), and then it would not notice the attack.

The application looks for a match to the service site ID in a template library stored on a Zeqr server 169. If a match is not found, the user has to enter username and password manually 1610. If a match is found the application may automatically insert 1611 the username and password in the service site fields according to the format of the template. Then the user is logged in to the service site 1612.

In Fig. 17 is shown a flowchart illustrating a process of deleting the key file entry generated and uploaded as illustrated in Fig. 15. If a user wants to delete a KFE, he opens the application and logs in to the KFS by entering his KFS User ID and pattern 171. The user chooses the item from his list of server site IDs 172 that he wishes to delete. The user chooses the application option "Delete service" 173, and then the Zeqr application sends an appropriate command to the KFS 174, which deletes the corresponding KFE 175. In this process, no additional cryptographic protection is required. The service site ID is also deleted from the user's list of available sites.

Fig. 18 is a flowchart illustrating a process of updating the key file entry generated and uploaded as illustrated in Fig. 15. Updating a KFE could be the modification of any of the three components service site ID, service user ID, and password. The modification process consists in downloading the existing KFE as described above, modifying the desired contents as described in the section on generating a KFE, and sending the updated entry back to the KFS. Note in particular that a new random value Rand is also used. Also note that if the service site ID was changed, the list on the user's Zeqr application has to be updated, too.

If the user wants to update the login data for a service site, he opens his Zeqr application 181 and logs in to the KFS by entering his KFS User ID and his pattern. The user chooses the application option "Edit username/password" 182. The user selects a service site from the list 183 and keeps the old name or chooses a new name 184 for the service site. If the user chooses a new name the KFS checks if the name is free 185, if it is not free an error message is displayed. The user can now choose 186 whether he wants to select username and password for the service site himself, or if he wants the Zeqr application to generate them. The service user ID can either be a string that the user chooses himself (such as "Henry"), or a string that is randomly generated by the Zeqr application. The password can also be a string that the user selects himself, in fact, manually entering the password might be necessary in certain scenarios, for instance where the user has no right to choose the username and/or password, or if the user for some reason wants to use a specific username and/or password.

If the user chooses to select username and password himself 187, he enters the data in fields on the application 188 and by clicking on a link the Zeqr application will automatically encrypt the username and password 189 before being sent to the key file server. This is done as follows:

Rand := RNG(O to 2¹²⁸-1) CipherKey := Hash (3 I I Pattern || Rand)

EncData := Enc (CipherKey, (Service User ID || Password) )

The encryption key is generated by hashing the pattern and a random value, thus generating a seemingly random distribution of the key bits. Then the data is encrypted under that key. The main purpose of the random value is to guarantee that even if the user uses the same User ID and password for two different login sites, the EncData values will nonetheless be different.

If the user asks the Zeqr application to generate the username and/or password 1810 he may select the character set and the length 1811 from dropdown menus. Then the Zeqr application will generate these values 1812 following this procedure: Let L denote the length of the service user ID or password, let S denote the number of elements in the character set, e.g., S=26 if the character set is {a,b z}, and

S=10 if the character set is {0,1 9}, and let charSet[S] be the array of dimension S containing the character set. Then the following algorithm is used for generation of a service user ID or password:

For i : = 0 to L-I

temp := RNG(O to S-I)

output [i] := charSet [temp]

return output [] Username and password are encrypted by the Zeqr application 1813 before being sent to the key file server. This is done as follows:

Rand : = RNG ( O to 2¹²⁸-1 )

CipherKey := Hash (3 || Pattern || Rand)

EncData := Enc (CipherKey, (Service User ID || Password) ) The encryption key is generated by hashing the pattern and a random value, thus generating a seemingly random distribution of the key bits. Then the data is encrypted under that key. The main purpose of the random value is to guarantee that even if the user uses the same User ID and password for two different log-in sites, the EncData values will nonetheless be different.

The key file entry is generated 1814 with the following components:

• The service site ID.

• The value Rand.

• The value EncData. The KFS can now upload the key file entry 1815. The server checks 1816 whether a file with the same service site ID already exists. If the result of this check is "yes", the user is warned 1817 that he is about to overwrite the old file. If he insists, the old file is overwritten. The application looks for a match 1818 to the service site ID in a template library on a Zeqr server. If there is no match the user will have to enter username and password in fields manually 1819. If there is a match the Zeqr appli- cation will automatically 1820 insert username and password in the dedicated fields of the service site according to the format of the template. The user has now updated the Key File Entry 1821.

If the user wants to change his pattern or master password e.g. by adding additional clicks or by replacing it completely, the whole key file has to be re-encrypted. This is illustrated in Fig. 19. Obviously, the user first has to use the old pattern to identify himself to the key file server. After that, all key file entries have to be downloaded. They are decrypted and re-encrypted using new Rand values and the new pattern or master password. Then the new key file entries are uploaded again. Finally, a new value H1 has to be provided, as described under "setting up the account". It is not before this final step is completed, that the changes become valid.

The step-by-step procedure for changing a Zeqr pattern is: The user opens his Zeqr application and logs in to the KFS by entering his KFS

User ID and pattern or master password 191. Then the user chooses the application option "Change pattern" 192. The user authenticates himself 193 by entering his existing pattern. Then the KFS downloads all the Key File Entries 194 to the application. The application decrypts 195 all KFE using the existing pattern and following the procedure described earlier. The user enters a new pattern or master password 196 and re-enters the new pattern 197. Then the application encrypts all the KFE using the new pattern 198 and following the procedure described earlier and generates a new hash value 1 199 which is uploaded to the KFS 1910. The encrypted KFE and the new hash value 1 are stored on the KFS together with the user's KFS User ID 1911.

Claims

CLAIMS:

1. In a network comprising a user terminal and a password server system, a method of supporting registration of a user operating said user terminal to said pass- word server system, said method comprising: specifying a server user ID being unique to the password server system at the user terminal, specifying a master password at the user terminal, generating a first message at the user terminal, said first message being at least partly based on the specified master password, forwarding the first message and the server user ID to the password server system, and storing at the password server system a user entry comprising the first message and the server user ID.

2. A method according to claim 1 , wherein the first message is a first cryptographic message formed by use of a first cryptographic function.

3. A method according to claim 2, wherein the first cryptographic function is downloaded from the password server system to the user terminal.

4. A method according to any one of the claims 1-3, said method further comprising: generating at the password server system a unique lock-up code correspond- ing to the server user ID, and forwarding the lock-up code to the user terminal.

5. A method according to any one of the claims 1-4, wherein the uniqueness of the server user ID being specified at the user terminal is validated at the password server system.

6. A method according to any one of the claims 1-5, wherein said specification of the master password is followed by a re-specification of the master password at the user terminal.

7. A method according to any one of the claims 1-6, further comprising: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator.

8. A method according to claims 6 and 7, wherein said re-specification of the master password is performed using the password pattern indicator.

9. A method according to claim 3 and claim 7 or 8, wherein the first cryptographic function is downloaded from the password server system to the user terminal to- gether with or as part of the password service application.

10. In a network comprising a user terminal and a password server system, a method of supporting registration of a user operating said user terminal to said password server system, said method comprising: a) downloading a password service application from the password server system to the user terminal and opening a corresponding password service user interface at the user terminal, b) specifying a server user ID at the user terminal at the password service user interface, c) validating the uniqueness of the server user ID at the password server system, and if a positive result of the validation, d) displaying a password pattern indicator at the password service user interface, e) specifying a master password using the password pattern indicator, f) re-specifying the master password using the password pattern indicator, g) generating at the user terminal a first cryptographic message based at least partly on the specified master password, h) forwarding the first cryptographic message and the server user ID to the password server system and storing the first cryptographic message together with the server user ID at the password server system, i) generating at the password server system a unique lock-up code corresponding to the server user ID, and j) forwarding the lock-up code to the user terminal.

11. A method according to any one of the claims 1-10, wherein the first message is further based on the server user ID.

12. A method according to any one of the claims 1-11 , wherein the first message is generated by use of a cryptographic hash function.

13. A method according to any one of the claims 7-12, further comprising displaying an indication of the strength of the specified master password pattern at the password service user interface.

14. A method according to any one of the claims 7-13, wherein the password service application comprises information of the internet address (URL) of an address server of the password server system, said address server providing the address of a key file server of the password server system to which key file server the first message and the server user ID is forwarded.

15. A method according to any one of the claims 1-14, wherein the forwarding of the first message and the server user ID from the user terminal to the password server system is performed using a connection based on SSL/TLS.

16. A method according to any one of the claims 7-15, wherein the displayed password pattern indicator comprises a color card comprising a number of colored fields, and the master password is specified at or typed into part of the colored fields.

17. A method according to claim 16, wherein the color card is a matrix of rows and columns of colored fields.

18. A method according to claim 16 or 17, wherein part of or all of the colored fields of the color card comprises a letter or a numeral.

19. In a network comprising a user terminal and a password server system, a method for authenticating a user operating the user terminal to said password server system, said method comprising: storing one or more user entries corresponding to one or more users regis- tered at said password server system, each said user entry comprising a server user ID corresponding to the registered user and being unique to the password server system, and each said user entry further comprising a first cryptographic message formed by use of a first cryptographic function and based on said server user ID and a master password of the registered user; establishing a data communication channel between the password server system and the user terminal being operated by the user; specifying the users server user ID at the user terminal and forwarding said server user ID to the password server system; forwarding a login random value or random challenge from the password server system to the user terminal; specifying the users master password at the user terminal; generating a second cryptographic message at the user terminal, said second cryptographic message being formed by use of a second cryptographic function and based on the received login random value or challenge and a generated crypto- graphic message formed by use of the first cryptographic function and based on the specified server user ID and master password; forwarding the second cryptographic message to the password server system; generating a third cryptographic message at the password server system, said third cryptographic message being formed by use of the second cryptographic func- tion and based on the login random value or challenge and the stored first cryptographic message; and comparing, at the password server system, the received second cryptographic message and the third cryptographic message to thereby authenticate the user.

20. A method according to claim 19, wherein the server user ID being specified at the user terminal is validated at the password server system before the login random value or challenge is forwarded to the user terminal.

21. A method according to claim 19 or 20, said method further comprising downloading a password service application from the password server system to the user terminal and displaying a corresponding password service user interface at the user terminal, said specification of the server user ID being performed by use of the displayed password service user interface.

22. A method according to claim 21 , said method further comprising displaying a password pattern indicator at the password service user interface, said specification of the master password being performed by use of the password pattern indicator.

23. A method according to any one of the claims 19-22, wherein the first and sec- ond cryptographic functions are downloaded from the password server system to the user terminal.

24. A method according to any one of the claims 21-23, wherein the first and second cryptographic functions are downloaded from the password server system to the user terminal together with or as part of the password service application.

25. A method according to any one of the claims 19-24, wherein the registration of a user operating a user terminal at said password server system is performed by a registration method comprising: specifying the server user ID being unique to the password server system at the user terminal, specifying the master password of the user to be registered at the user terminal, generating the first cryptographic message at the user terminal, forwarding the first cryptographic message and the server user ID to the password server system, and storing at the password server system a user entry comprising the first message and the server user ID.

26. A method according to claim 25, wherein the first cryptographic function used for generating the first cryptographic message at the user terminal is downloaded from the password server system to the user terminal.

27. A method according to claim 25 or 26, said registration method further com- prising: generating at the password server system a unique lock-up code corresponding to the server user ID, and forwarding the lock-up code to the user terminal.

28. A method according to any one of the claims 25-27, wherein the uniqueness of the server user ID being specified at the user terminal during said registration method is validated at the password server system.

29. A method according to any one of the claims 25-28, wherein said specification of the master password during said registration method is followed by a re- specification of the master password at the user terminal.

30. A method according to any one of the claims 25-29, said registration method further comprising: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator.

31. A method according to claims 26 and 30, wherein the first cryptographic function is downloaded from the password server system to the user terminal together with or as part of the password service application.

32. A method according to any one of the claims 19-31, wherein the first and second cryptographic functions are cryptographic hash functions.

33. A method according to claim 32, wherein the first and second cryptographic functions are the same cryptographic hash function.

34. A method according to any one of the claims 21-33, wherein the password service application comprises information of the internet address (URL) of an ad- dress server of the password server system, said address server providing the ad- dress of a key file server of the password server system, which key file server is in communicative connection with the user terminal during said method of authentication.

35. A method according to any one of the claims 19-34, wherein the forwarding of cryptographic messages and the server user ID from the user terminal to the password server system and the forwarding of the random value or challenge from the password server system to the user terminal is performed using a connection based on SSL/TLS.

36. A method according to any one of the claims 22-35, wherein the displayed password pattern indicator comprises a color card comprising a number of colored fields, and the master password is specified at or typed into part of the colored fields.

37. A method according to claim 36, wherein the color card is a matrix of rows and columns of colored fields.

38. A method according to claim 36 or 37, wherein part of or all of the colored fields of the color card comprises a letter or a numeral.

39. In a network including a user terminal and a password server system, a method of managing service site passwords and/or service site user ID's of users desiring access to one or more applications or service sites that require passwords and/or user ID, said method comprising: storing at said password server system, for a number of users being registered at the password server system, one or more key file entries corresponding to one or more applications or service sites, each said key file entry comprising data representing the service site ID of the application or service site and an encrypted key file message based at least partly on the service site password and/or service site user ID required to access the respective application or service site, said encrypted key file message being encrypted by use of a first key based at least partly on a master password corresponding to the user.

40. A method according to claim 39, wherein a key file entry is generated by a key file generation method comprising: login the user to the password server system; specifying the users master password at the user terminal; receiving, at the user terminal, input specifying the service site ID of the application or service site for which the key file entry is to be generated; specifying or generating, at the user terminal, the service site password and/or service site user ID required to get access to the application or service site for which the key file entry is to be generated; generating, at the user terminal, said first key based at least partly on the specified master password; encrypting, at the user terminal, the required service site password and/or service site user ID by use of the first key to thereby obtain the encrypted key file message; forwarding data representing the application or service site ID and the encrypted key file message to the password server system; and storing at the password server system a key file entry comprising data representing the application or service site ID and the encrypted key file message.

41. A method according to claim 39 or 40, wherein for each key file entry a key file random value is generated and stored as part of the key file entry at the password server system, and wherein the first key used for encrypting the key file message is further based on said key file random value.

42. A method according to claim 40 or 41 , wherein said key file generation method further comprises: generating a key file random value at the user terminal, wherein said first key being generated at the user terminal is generated by use of a cryptographic function based on the users master password and the key file random value, and the generated key file random value is forwarded to the password server system and stored as part of the key file entry.

43. A method according to any one of the claims 40-42, wherein said key file gen- eration method further comprises: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator.

44. A method according to claim 43, wherein functions for generating the first key and the encrypted key file message are downloaded from the password server system to the user terminal together with or as part of the password service application.

45. A method according to claim 43 or 44, wherein function(s) for generating the key file random value is/are downloaded from the password server system to the user terminal together with or as part of the password service application.

46. A method according to any one of the claims 39-45, wherein the user is logged out from the password server system, said method further comprising: login the user to the password server system; downloading a key file entry, which corresponds to an application or service site selected by the user, from the password server system to the user terminal; specifying the users master password at the user terminal; re-generating the first key corresponding to the downloaded key file entry at the user terminal; decrypting the encrypted key file message of the downloaded key file entry at the user terminal by use of said re-generated first key to thereby obtain the service site password and/or service site user ID required to access the selected application or service site; and using the obtained service site password and/or service site user ID to get access to the selected application or service site from the user terminal.

47. A method according to claim 41 or 42 and claim 46, wherein the key file random value stored as part of the downloaded key file entry is retrieved at the user terminal, and the first key corresponding to the downloaded key file entry is re- generated based on the specified master password and the retrieved key file random value.

48. A method according to claim 46 or 47, wherein said method further comprises: downloading a password service application from the password server system to the user terminal, displaying a password service user interface corresponding to the password service user application at the user terminal, and displaying a password pattern indicator at the password service user interface, wherein said specification of the master password is performed using the password pattern indicator.

49. A method according to claim 48, wherein functions for generating the first key and the encrypted key file message are downloaded from the password server sys- tern to the user terminal together with or as part of the password service application.

50. A method according to any one of the claims 40-49, wherein the first key is generated by use of a cryptographic hash function.

51. A method according to any one of the claims 43-50, wherein the password service application comprises information of the internet address (URL) of an address server of the password server system, said address server providing the address of a key file server of the password server system, which key file server is in communicative connection with the user terminal during said generation and storage of a key file entry.

52. A method according to any one of the claims 40-51 , wherein communication between the user terminal and the password server system is performed using a connection based on SSL/TLS.

53. A method according to any one of the claims 43-52, wherein the displayed password pattern indicator comprises a color card comprising a number of colored fields, and the master password is specified at or typed in the colored fields.

54. A method according to claim 53, wherein the color card is a matrix of rows and columns of colored fields.

55. A method according to claim 53 or 54, wherein part of or all of the colored fields of the color card comprises a letter or a numeral.

56. A method according to any one of the claims 40-55, wherein login of the user to the password server system comprises a user authentication, which includes a specification of the user's master password at the user terminal.

57. A method according to claim 56, where the user authentication comprises a method selected from claims 19-38.

58. A computer program product in a computer readable media for use in a net- work comprising one or more user terminals and a password server system, said computer program product being a password service application program for supporting registration of a user operating a user terminal to said password server system and comprising: means for displaying, at a user terminal having a display device and having said password service application program installed, a password service user interface with a password pattern indicator, means for generating a first cryptographic message by use of a first cryptographic function and based at least partly on a master password specified at or typed into the displayed password pattern indicator, and means for forwarding the first cryptographic message from the user terminal to the password server system.

59. A computer program product according to claim 58, wherein the means for generating the first cryptographic message is further adapted for generating the first cryptographic message based at least partly on a server user ID for the password server system, which server user ID is specified at or typed into the displayed password service user interface, and on the master password specified at or typed into the displayed password pattern indicator.

60. A computer program product according to claim 59, wherein the means for forwarding the first cryptographic message from the user terminal to the password server system is further adapted for forwarding the server user ID from the user terminal to the password server system.

61. A computer program product according to any one of the claims 58-60, wherein the means for generating the first cryptographic message is adapted for generating the first cryptographic message by use of a cryptographic hash function.

62. A computer program product according to any one of the claims 58-61 , further comprising means for displaying at the password service user interface an indication of the strength of the specified master password.

63. A computer program product according to any one of the claims 59-62, further comprising: means for generating a second cryptographic message by use of a second cryptographic function and based on a received login value or challenge and a generated cryptographic message formed by use of the first cryptographic function and based on the specified server user ID and master password, and means for forwarding the second cryptographic message from the user terminal to the password server system.

64. A computer program product according to claim 63, wherein the login value or challenge is a random value or challenge received from the password server sys- tern.

65. A computer program product according to any one of the claims 58-64, further comprising: means for receiving input specifying the service site ID of an application or service site for which the user desires to get access, means for generating a first encryption/decryption key based at least partly on the master password specified at or typed into the displayed password pattern indicator, means for generating an encrypted key file message by use of the first encryp- tion/decryption key and based on a service site password and/or service site user ID being specified for the application or service site for which the user desires to get access, and means for forwarding the application or service site ID and the encrypted key file message from the user terminal to the password server system, whereby a key file entry comprising the specified service site ID and the encrypted key file message can be stored at the password server system.

66. A computer program product according to claim 65, wherein the service site password and/or service site user ID is specified at the displayed password user interface.

67. A computer program product according to claim 65 or 66, further comprising means for generating upon a user request said service site password and/or service site user ID.

68. A computer program product according to any one of the claims 65-67, further comprising means for generating a key file random value, and wherein said means for generating the first encryption/decryption key is adapted to generate said first key by use of a cryptographic function and based on the specified master password and the key file random value.

69. A computer program product according to claim 68, further comprising means for forwarding the key file random value from the user terminal to the password server system to thereby form part of the key file entry.

70. A computer program product according to any one of the claims 65-69, wherein the first encryption/decryption key is generated by use of a cryptographic hash function.

71. A computer program product according to any one of the claims 68-70, further comprising: means for downloading a key file entry, which corresponds to an application or service site specified by the user at the password service user interface, from the password server system to the user terminal, means for retrieving the key file random value and the service site ID from the downloaded key file entry at the user terminal, means for re-generating the first encryption/decryption key based on the retrieved key file random value and on the master password specified at the password service interface, and means for decrypting the encrypted key file message of the downloaded key file entry by use of the re-generated first encryption/decryption key to thereby obtain, at the password service user interface, the service site password and/or service site user ID required to access the specified application or service site.

72. A computer program product according to any one of the claims 58-71 , wherein the displayed password pattern indicator comprises a color card comprising a number of colored fields.

73. A computer program product according to claim 72, wherein the color card is a matrix of rows and columns of colored fields.

74. A computer program product according to claim 72 or 73, wherein part of or all of the colored fields of the color card comprises a letter or a numeral.

75. A computer program product according to any one of the claims 58-74, further comprising means for establishing a secure connection between the user terminal and the password server system, said secure connection being based on SSTVTLS.

76. A computer framework for managing service site passwords and/or service site user ID's of users desiring access to one or more applications or service sites that require passwords and/or user ID's, said framework comprising: a password server system for storing one or more key file entries corresponding to one or more applications or service sites, and a user terminal with a first program executed thereon for generating a key file entry or data for a key file entry, said first program comprising means for receiving input specifying the service site ID of an application or service site for which the user desires to get access, means for generating a first encryption/decryption key based at least partly on a users master password specified at the user terminal, means for generating an encrypted key file message by use of the first encryption/decryption key and based on a service site password and/or service site user ID being specified for the application or service site for which the user desires to get access, and means for forwarding key file entry data representing the service site ID and the encrypted key file message from the user terminal to the password server system for storing as a key file entry at said password server system.

77. A computer framework according to claim 76, wherein the first program further comprises means for generating a key file random value, and wherein said means for generating the first encryption/decryption key is adapted to generate said first key by use of a cryptographic function and based on the specified master password and the key file random value, said means for forwarding key file entry data further being adapted for forwarding data representing the key file random value from the user terminal to the password server system to thereby form part of the key file entry.

78. A computer framework according to claims 76 or 77, wherein the first encryption/decryption key is generated by use of a cryptographic hash function.

79. A computer framework according to any one of the claims 76-78, wherein the first program further comprises: means for downloading a key file entry, which corresponds to an application or service site specified at the user terminal, from the password server system to the user terminal, means for retrieving the key file random value and the service site ID from the downloaded key file entry at the user terminal, means for re-generating the first encryption/decryption key based on the retrieved key file random value and on the users master password specified at the user terminal, and means for decrypting the encrypted key file message of the downloaded key file entry by use of the re-generated first encryption/decryption key to thereby obtain, at the user terminal, the service site password and/or service site user ID required to access the specified application or service site.

80. A computer framework according to any one of the claims 76-79, wherein the first program comprises means for displaying, at a display of the user terminal, a password service user interface with a password pattern indicator for specification or entering of the users master password.

81. A computer framework according to claim 80, wherein the displayed password pattern indicator comprises a color card comprising a number of colored fields.

82. A computer framework according to claim 81 , wherein the color card is a ma- trix of rows and columns of colored fields.

83. A computer framework according to claim 81 or 82, wherein part of or all of the colored fields of the color card comprises a letter or a numeral.