SlideShare una empresa de Scribd logo

Updated: Identity Assurance by Our Own Volition and Memory

Descargar como PPTX, PDF
Hitoshi Kokumai
Hitoshi Kokumai

The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees). This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice. We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters. This is the slide I used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2 *1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia. *2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview <Link to Videos > 80-second video https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be 30-second video https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be

Tecnología
1 de 22
Identity Assurance by Our Own Volition and Memory The safety of our cyber life depends on identity assurance which in turn relies on remembered passwords Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp Enabling Self-Sovereign Identity 30/Oct/2018 Our identity as human being is made of our autobiographic memory
The problem: passwords could work – but they need help Passwords are Hard to manage And yet, absolutely necessary Identity theft and security breaches are proliferating A critical problem requiring urgent practical solutions 30/Oct/2018 2
There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable, relaxing and healing. Easy to manage relations between accounts and corresponding passwords. There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable and even fun. Easy to manage relations between accounts and corresponding passwords. 30/Oct/2018 3
A Fun Way to Enhance Your Passwords A fun first step • Get the images in your password matrix registered. It’s easy. Huge Improvement • Password fatigue alleviated for all • Better security for password-managers and SSO services • Even better security for two/multi-factor authentications • Less vulnerable security for biometric products Backward-Compatible • Nothing lost for users who wish to keep using text passwords. 30/Oct/2018 4
We Need a Broader Choice If only text and # are OK It’s a steep climb … to memorize text/number passwords to lighten the load of text passwords to make use of memorized images 3UVB9KUW 【Text Mode】 【Graphics Mode】 【Original Picture Mode】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Think of all those ladders you have to climb in Donkey Kong ;-) Low memory ceiling Very high memory ceilingHigh memory ceiling + + 30/Oct/2018 5
Volition and Memory (1) Volition of the User – with Self-Determination (2) Practicability of the Means – for Use by Homo sapiens (3) Confidentiality of the Credentials – by ‘Secret’ as against ‘Unique’ 30/Oct/2018 6
What’s New? The idea of using pictures has been around for two decades. New is encouraging people to make use of episodic image memories. 80-second video YouTube Keyword – Smallest Interference of Memory 30/Oct/2018 7
Isn’t Episodic Memory Changeable? We know that episodic memories can change easily. … But that doesn’t matter for authentication. It could even help. 30/Oct/2018 8
What about Entropy? A PASSWORD LIKE ‘CBA123’ IS ABSURDLY WEAK. WHAT IF ‘C’ AS AN IMAGE GETS PRESENTED BY SOMETHING LIKE ‘X4S&EI0W’ ? WHAT IF ‘X4S&EIWDOEX7RVB%9UB3MJVK’ INSTEAD OF ‘CBA123’ GETS HASHED? 30/Oct/2018 9
Relation of Accounts & Passwords Account A Account B Account C Account D Account E, F, G, H, I, J, K, L----------- • Unique matrices of images allocated to different accounts. • At a glance you will immediately realize what images you should pick up as your passwords for this or that account. 30/Oct/2018 10
In the Field Practicable with both hands busy ? In panic? With injuries? Seizure of memos, devices, tokens Seizure of body features With protection gear on? Disaster Recovery Cards and tokens possessed? Biometrics practicable? Even in severe panic, we can quickly recognize unforgettable images of episodic memories. Identity Assurance in Emergencies 30/Oct/2018 11
Competition or Opportunity Biometrics? Passwords required as a backup means: Opportunity. Password-managers, single-sign-on service? Two/multi-factor authentication? Passwords required as one of the factors: Opportunity. Pattern-on-grid, emoji, conventional picture passwords? Deployable on our platform: Opportunity. Passwords required as the master-password: Opportunity. 30/Oct/2018 12
Client Software for Device Login Applications Login Image-to-Code Conversion Server Software for Online-Access 2-Factor Scheme Open ID Compatible Data Encryption Software with on-the-fly key generation Single & Distributed Authority Unlimited Use Cases 30/Oct/2018 13
OASIS Open Projects • Proposition of Expanded Password System at ‘Draft Proposal’ stage • With 56 individual participants • Going to secure some more participants • Corporate members in particular 30/Oct/2018 14
How We Position Our Proposition We make identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System will not go away so long as people want our own volition and memory to remain involved in identity authentication. 30/Oct/2018 15
Some More Topics about Identity • Isn’t Biometrics killing Passwords? • Brain-Machine-Interface • 2-Factor Expanded Password System • No-Cost 2-Factor Authentication 30/Oct/2018 16
Isn’t Biometrics killing Passwords? Fact 1: Biometrics used with a fallback password brings down the security that the password has provided. 30-second Video YouTube Specifically, old iPhones with PINCODE only were safer than newer iPhones featuring TouchID and FaceID. What has improved is convenience, not security. Fact 2: Biometrics dependent on a password as a fallback means cannot kill the password dead. Fact 3: A false acceptance rate does not make sense unless it comes with the corresponding false rejection rate. 30/Oct/2018 17
Brain-Machine-Interface Random numbers or characters allocated to the images. Ask the users to focus their attention on the numbers or characters given to the registered images. A simple brain-monitoring is vulnerable to wiretapping. The monitoring system will then collect the brain-generated onetime signal corresponding to these numbers or characters. 30/Oct/2018 18
30/Oct/2018 19 2-Factor Expanded Password System Conventional 2-factor authentication systems are effective only against abuse of the device/phone. 2-factor Expanded Password System enables the user to produce a onetime identity authentication data, i.e., a real onetime password.
No-Cost 2-Factor Authentication Factor 1 – Password Remembered (what we know/remember) Factor 2 – Password Written Down or Physically Stored (what we have/possess) Effect - A ‘boring legacy password system’ turning into a no-cost light-duty two-factor authentication system made of ‘what we know’ and ‘what we have’. 30/Oct/2018 20
Wrap-Up Expanded Password System that drfastically alleviates the password fatigue is supportive of - Biometrics that require passwords as a fallback means against false rejection - Two/multi-factor authentications that require passwords as one of the factors - ID federations such as password managers and single-sign-on services that require passwords as the master-password -Simple pictorial/emoji-passwords and patterns-on- grid that can all be deployed on our platform * All with the effects that handling memorable images makes us feel pleasant and relaxed 30/Oct/2018 21 Furthermore, - Nothing would be lost for the people who want to keep using textual passwords - It enables us to turn a low-entropy password into a high-entropy authentication data - It is easy to manage the relation between accounts and the corresponding passwords - Lastly but not the least, it is democracy-compatible by way of providing the chances and means to get our own volition confirmed in our identity assurance. * It is the obligation of democratic societies to provide citizens with the choice to adopt a secure and yet stress-free identity authentication means that is practicable in any circumstances, panicky situations in emergencies in particular .
As such, there exists a secure and yet stress- free means of democracy-compatible identity authentication. That is Expanded Password System. Thank You Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp 30/Oct/2018 22

Recomendados

Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
IRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET- Passmatrix Authentication to Overcome Shouldersurfing AttacksIRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET- Passmatrix Authentication to Overcome Shouldersurfing AttacksIRJET Journal
 

Recomendados

Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Presentation with Scripts at CIWEU2018
Presentation with Scripts at CIWEU2018Hitoshi Kokumai
 
Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Updated: Presentation with Scripts at CIW2018
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
 
More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)More Issues on Digital Identity (24Feb2023)
More Issues on Digital Identity (24Feb2023)Hitoshi Kokumai
 
Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Fend Off Cyberattack with Episodic Memory (24Feb2023)
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
 
Fend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryFend Off Cybercrime with Episodic Memory
Fend Off Cybercrime with Episodic MemoryHitoshi Kokumai
 
Expanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceExpanded password system - Reliable Identity Assurance
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
 
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
 
IRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET- Passmatrix Authentication to Overcome Shouldersurfing AttacksIRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET- Passmatrix Authentication to Overcome Shouldersurfing AttacksIRJET Journal
 
Persuasive Cued Click Point Password with OTP
Persuasive Cued Click Point Password with OTPPersuasive Cued Click Point Password with OTP
Persuasive Cued Click Point Password with OTPIJCSIS Research Publications
 
C045016020
C045016020C045016020
C045016020researchinventy
 
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTIONONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTIONJournal For Research
 
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONGENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONcscpconf
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDAmrit Sharma
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
IRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoTIRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoTIRJET Journal
 
A novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityA novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityijsptm
 
A Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsA Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsIJMER
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationIRJET Journal
 
Project Proposal.pdf
Project Proposal.pdfProject Proposal.pdf
Project Proposal.pdfGirmaGudina
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureGiuliano Latini
 
C0361419
C0361419C0361419
C0361419iosrjournals
 
Smart Password
Smart PasswordSmart Password
Smart Passwordpaperpublications3
 
Secure Internet Voting System
Secure Internet Voting SystemSecure Internet Voting System
Secure Internet Voting Systemtheijes
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaIOSR Journals
 
An Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click PointsAn Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click PointsIRJET Journal
 
Three types of Authentications
Three types of AuthenticationsThree types of Authentications
Three types of Authenticationsdeorwine infotech
 
3D password
3D password 3D password
3D password Muniba Bukhari
 
Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password systemHitoshi Kokumai
 

Más contenido relacionado

Similar a Updated: Identity Assurance by Our Own Volition and Memory

ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTIONONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTIONJournal For Research
 
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONGENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONcscpconf
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password SystemHitoshi Kokumai
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
 
IRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoTIRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoTIRJET Journal
 
A novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityA novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityijsptm
 
A Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsA Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsIJMER
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationIRJET Journal
 
Project Proposal.pdf
Project Proposal.pdfProject Proposal.pdf
Project Proposal.pdfGirmaGudina
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureGiuliano Latini
 
Secure Internet Voting System
Secure Internet Voting SystemSecure Internet Voting System
Secure Internet Voting Systemtheijes
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaIOSR Journals
 
An Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click PointsAn Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click PointsIRJET Journal
 
Three types of Authentications
Three types of AuthenticationsThree types of Authentications
Three types of Authenticationsdeorwine infotech
 

Similar a Updated: Identity Assurance by Our Own Volition and Memory (20)

Persuasive Cued Click Point Password with OTP
Persuasive Cued Click Point Password with OTPPersuasive Cued Click Point Password with OTP
Persuasive Cued Click Point Password with OTP
 
C045016020
C045016020C045016020
C045016020
 
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTIONONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
ONLINE PAYMENT SYSTEM WITH PHISHING AND DDOS DETECTION AND PREVENTION
 
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATIONGENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
GENERATION OF SECURE ONE-TIME PASSWORD BASED ON IMAGE AUTHENTICATION
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORD
 
Business Dimension of Expanded Password System
Business Dimension of Expanded Password SystemBusiness Dimension of Expanded Password System
Business Dimension of Expanded Password System
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 
IRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoTIRJET - Face Recognition Door Lock using IoT
IRJET - Face Recognition Door Lock using IoT
 
A novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityA novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and security
 
A Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click PointsA Graphical Password Scheme using Persuasive Cued Click Points
A Graphical Password Scheme using Persuasive Cued Click Points
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image Segmentation
 
Project Proposal.pdf
Project Proposal.pdfProject Proposal.pdf
Project Proposal.pdf
 
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft AzureUno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
Uno, nessuno o 10.000, la gestione dell'identità ai tempi di Microsoft Azure
 
C0361419
C0361419C0361419
C0361419
 
Smart Password
Smart PasswordSmart Password
Smart Password
 
Secure Internet Voting System
Secure Internet Voting SystemSecure Internet Voting System
Secure Internet Voting System
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schema
 
An Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click PointsAn Effective Authentication Method using Improved Persuasive Cued Click Points
An Effective Authentication Method using Improved Persuasive Cued Click Points
 
Three types of Authentications
Three types of AuthenticationsThree types of Authentications
Three types of Authentications
 
3D password
3D password 3D password
3D password
 

Más de Hitoshi Kokumai

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxHitoshi Kokumai
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password systemHitoshi Kokumai
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneHitoshi Kokumai
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
 

Más de Hitoshi Kokumai (6)

Image-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptxImage-to-Code Converter 31July2023.pptx
Image-to-Code Converter 31July2023.pptx
 
Bring healthy second life to legacy password system
Bring healthy second life to legacy password systemBring healthy second life to legacy password system
Bring healthy second life to legacy password system
 
Intriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to OneIntriguing Evlolution from One to Two and Back to One
Intriguing Evlolution from One to Two and Back to One
 
Deployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63BDeployment of Biometrics & Password - NIST63B
Deployment of Biometrics & Password - NIST63B
 
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...
 
Help unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guidelineHelp unravel the conundrum over NIST authentication guideline
Help unravel the conundrum over NIST authentication guideline
 

Último

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Último (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

Updated: Identity Assurance by Our Own Volition and Memory

  • 1. Identity Assurance by Our Own Volition and Memory The safety of our cyber life depends on identity assurance which in turn relies on remembered passwords Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp Enabling Self-Sovereign Identity 30/Oct/2018 Our identity as human being is made of our autobiographic memory
  • 2. The problem: passwords could work – but they need help Passwords are Hard to manage And yet, absolutely necessary Identity theft and security breaches are proliferating A critical problem requiring urgent practical solutions 30/Oct/2018 2
  • 3. There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable, relaxing and healing. Easy to manage relations between accounts and corresponding passwords. There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable and even fun. Easy to manage relations between accounts and corresponding passwords. 30/Oct/2018 3
  • 4. A Fun Way to Enhance Your Passwords A fun first step • Get the images in your password matrix registered. It’s easy. Huge Improvement • Password fatigue alleviated for all • Better security for password-managers and SSO services • Even better security for two/multi-factor authentications • Less vulnerable security for biometric products Backward-Compatible • Nothing lost for users who wish to keep using text passwords. 30/Oct/2018 4
  • 5. We Need a Broader Choice If only text and # are OK It’s a steep climb … to memorize text/number passwords to lighten the load of text passwords to make use of memorized images 3UVB9KUW 【Text Mode】 【Graphics Mode】 【Original Picture Mode】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Think of all those ladders you have to climb in Donkey Kong ;-) Low memory ceiling Very high memory ceilingHigh memory ceiling + + 30/Oct/2018 5
  • 6. Volition and Memory (1) Volition of the User – with Self-Determination (2) Practicability of the Means – for Use by Homo sapiens (3) Confidentiality of the Credentials – by ‘Secret’ as against ‘Unique’ 30/Oct/2018 6
  • 7. What’s New? The idea of using pictures has been around for two decades. New is encouraging people to make use of episodic image memories. 80-second video YouTube Keyword – Smallest Interference of Memory 30/Oct/2018 7
  • 8. Isn’t Episodic Memory Changeable? We know that episodic memories can change easily. … But that doesn’t matter for authentication. It could even help. 30/Oct/2018 8
  • 9. What about Entropy? A PASSWORD LIKE ‘CBA123’ IS ABSURDLY WEAK. WHAT IF ‘C’ AS AN IMAGE GETS PRESENTED BY SOMETHING LIKE ‘X4S&EI0W’ ? WHAT IF ‘X4S&EIWDOEX7RVB%9UB3MJVK’ INSTEAD OF ‘CBA123’ GETS HASHED? 30/Oct/2018 9
  • 10. Relation of Accounts & Passwords Account A Account B Account C Account D Account E, F, G, H, I, J, K, L----------- • Unique matrices of images allocated to different accounts. • At a glance you will immediately realize what images you should pick up as your passwords for this or that account. 30/Oct/2018 10
  • 11. In the Field Practicable with both hands busy ? In panic? With injuries? Seizure of memos, devices, tokens Seizure of body features With protection gear on? Disaster Recovery Cards and tokens possessed? Biometrics practicable? Even in severe panic, we can quickly recognize unforgettable images of episodic memories. Identity Assurance in Emergencies 30/Oct/2018 11
  • 12. Competition or Opportunity Biometrics? Passwords required as a backup means: Opportunity. Password-managers, single-sign-on service? Two/multi-factor authentication? Passwords required as one of the factors: Opportunity. Pattern-on-grid, emoji, conventional picture passwords? Deployable on our platform: Opportunity. Passwords required as the master-password: Opportunity. 30/Oct/2018 12
  • 13. Client Software for Device Login Applications Login Image-to-Code Conversion Server Software for Online-Access 2-Factor Scheme Open ID Compatible Data Encryption Software with on-the-fly key generation Single & Distributed Authority Unlimited Use Cases 30/Oct/2018 13
  • 14. OASIS Open Projects • Proposition of Expanded Password System at ‘Draft Proposal’ stage • With 56 individual participants • Going to secure some more participants • Corporate members in particular 30/Oct/2018 14
  • 15. How We Position Our Proposition We make identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System will not go away so long as people want our own volition and memory to remain involved in identity authentication. 30/Oct/2018 15
  • 16. Some More Topics about Identity • Isn’t Biometrics killing Passwords? • Brain-Machine-Interface • 2-Factor Expanded Password System • No-Cost 2-Factor Authentication 30/Oct/2018 16
  • 17. Isn’t Biometrics killing Passwords? Fact 1: Biometrics used with a fallback password brings down the security that the password has provided. 30-second Video YouTube Specifically, old iPhones with PINCODE only were safer than newer iPhones featuring TouchID and FaceID. What has improved is convenience, not security. Fact 2: Biometrics dependent on a password as a fallback means cannot kill the password dead. Fact 3: A false acceptance rate does not make sense unless it comes with the corresponding false rejection rate. 30/Oct/2018 17
  • 18. Brain-Machine-Interface Random numbers or characters allocated to the images. Ask the users to focus their attention on the numbers or characters given to the registered images. A simple brain-monitoring is vulnerable to wiretapping. The monitoring system will then collect the brain-generated onetime signal corresponding to these numbers or characters. 30/Oct/2018 18
  • 19. 30/Oct/2018 19 2-Factor Expanded Password System Conventional 2-factor authentication systems are effective only against abuse of the device/phone. 2-factor Expanded Password System enables the user to produce a onetime identity authentication data, i.e., a real onetime password.
  • 20. No-Cost 2-Factor Authentication Factor 1 – Password Remembered (what we know/remember) Factor 2 – Password Written Down or Physically Stored (what we have/possess) Effect - A ‘boring legacy password system’ turning into a no-cost light-duty two-factor authentication system made of ‘what we know’ and ‘what we have’. 30/Oct/2018 20
  • 21. Wrap-Up Expanded Password System that drfastically alleviates the password fatigue is supportive of - Biometrics that require passwords as a fallback means against false rejection - Two/multi-factor authentications that require passwords as one of the factors - ID federations such as password managers and single-sign-on services that require passwords as the master-password -Simple pictorial/emoji-passwords and patterns-on- grid that can all be deployed on our platform * All with the effects that handling memorable images makes us feel pleasant and relaxed 30/Oct/2018 21 Furthermore, - Nothing would be lost for the people who want to keep using textual passwords - It enables us to turn a low-entropy password into a high-entropy authentication data - It is easy to manage the relation between accounts and the corresponding passwords - Lastly but not the least, it is democracy-compatible by way of providing the chances and means to get our own volition confirmed in our identity assurance. * It is the obligation of democratic societies to provide citizens with the choice to adopt a secure and yet stress-free identity authentication means that is practicable in any circumstances, panicky situations in emergencies in particular .
  • 22. As such, there exists a secure and yet stress- free means of democracy-compatible identity authentication. That is Expanded Password System. Thank You Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp 30/Oct/2018 22

Notas del editor

  1. Hello, I am Hitoshi Kokumai, advocate of ‘Identity Assurance by Our Own Volition and Memory’. I’ve been promoting this principle for 17 years now. And, this principle now makes the foundation for the emerging concept of Self-Sovereign Identity. However, this principle would be a pipe dream if it is not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun.
  2. We have a big headache. Passwords are hard to manage, and yet, the passwords are absolutely necessary. Why? That’s because democracy would be lost where the password was lost and we were deprived of the chances and means of getting our own volition confirmed in having our identity authenticated. When authentication happens without our knowledge or against our will, it is a 1984-like Dystopia. It seems that the word ‘password’ is poly-semantic and context-dependent. Sometimes it’s narrowly interpreted as ‘remembered text password’ and sometimes it’s taken broadly as ‘whatever we remember for authentication’. Please interpret this word ‘password’ from the context in my presentation as well. Identity theft and security breaches are proliferating. This critical problem requires urgent practical solutions.  
  3. Our proposition is Expanded Password System. In the matrix, there are several KNOWN images. I can easily find all of them right away. Or, rather, the KNOWN images jump into my eye. And, only I can select all of them correctly. We can use both images and characters. It’s easy to manage the relation between accounts and the corresponding passwords. Torturous login is history. It’s now comfortable and even fun. I’ll talk more about these points later.
  4. Indispensable though unloved. Passwords could be both secure and stress-free. It’s a fun way to enhance your passwords. Get the images in your matrix registered. It’s easy. People who enjoy handling images will gain both better security and better convenience. The only extra effort required is to get these images registered; but people already do that across social media platforms and seem to love it.  Then, huge improvement. Password fatigue would be alleviated for all. Better security for password mangers and single-sign-on services. Even better security for multi-factor authentications. Less vulnerable security for biometrics. And, It’s backward-compatible. Nothing would be lost for the people who wish to keep using text passwords.
  5. Shall we have a bit closer look at what it offers? So far, only texts have been accepted. It was, as it were, we have no choice but to walk up a long steep staircase. With Expanded Password System, we could imagine a situation that escalators and elevators are provided along with the staircase. Or, some of us could think of all those ladders we have for climbing in Donkey Kong. Where we want to continue to use textual passwords, we could opt to recall the remembered passwords, although the memory ceiling is very low,. Most of us can manage only up to several of them. We could opt to recognize the pictures remembered in stories where we want to reduce the burden of textual passwords. The memory ceiling is high, say, we would be able to manage more and more of them. Where we choose to make use of episodic image memory, we would only need to recognize the unforgettable images, say, KNOWN images. There is virtually no memory ceiling, that is, we would be able to manage as many passwords as we like, without any extra efforts.
  6. We are of the belief that there must be three prerequisites for identity assurance. First of all, identity assurance with NO confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. Democracy would be dead where our volition was not involved in our identity assurance. We must be against any attempts to do without what we remember, recall , recognize and feed to login volitionally. Secondly, mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s edible. Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be displaced by the likes of ‘User ID’. I mean, we should be very careful when using biometrics for the purpose of identity authentication, although we don’t see so big a problem when using biometrics for the purpose of personal identification. Identification is to give an answer to the question of “Who are they?”, whereas authentication is to give the answer to the question of “Are they the persons who claim to be?” Authentication and identification belong to totally different domains.    
  7. The idea of using pictures for passwords is not new. It’s been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected. UNKNOWN pictures we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters. Expanded Password System is new in that it offers a choice to make use of KNOWN images that are associated with our autobiographic/ episodic memories. Please have a look at this 80-second video? Since these images are the least subject to the INTERFERENCE of MEMORY, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it. And, handling memorable images makes us feel comfortable, relaxed and even healed.
  8. It’s known that episodic memories are easily changeable. What we remember as our experience may have been transformed and not objectively factual. But it would not matter for Expanded Password System. What we subjectively remember as our episodic memory could suffice. From confidentiality’s point of view,  it could be even better than objectively factual memories since no clues are given to attackers.
  9. Generally speaking, hard-to-break passwords are hard-to-remember. But it’s not the fate of what we remember. It would be easily possible to safely manage many of high-entropy passwords with Expanded Password System that handles characters as images. Each image or character is presented by the image identifier data which can be of any length. Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s& eI0w, and so on. When you input CBA123, the authentication data that the server receives is not the easy-to-break “CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk”, which could be automatically altered periodically or at each access where desired.
  10. Being able to recall strong passwords is one thing. Being able to recall the relation between accounts and the corresponding passwords is another. When unique matrices of images are allocated to different accounts, those unique image matrices will be telling you what images you should pick up as your password for this or that account. When using images of our episodic memories, the Expanded Password System will thus free us from the burden of managing the relation between accounts and the corresponding passwords.
  11. How can we login reliably in a panicky situation? Do we assume that people never forget to possess cards and tokens? Do we assume that biometrics is practicable for injured or panicked people? Do we assume that panicked people can recall strong text passwords right away? It’s the obligation of the democratic societies to provide the citizens with identity authentication measures that are practicable in these emergencies. Using unforgettable images WILL help.
  12. What can be thought of as competition to Expanded Password System? Biometrics requires passwords as a fallback means. Password-managers and single-sign-on services require passwords as the master-password. Multi-factor authentications require passwords as one of the factors. Pattern-on-grid, conventional picture passwords and emoji-passwords can all be deployed on our platform. So, competition could be thinkable only among the different products of Expanded Password System. By the way, some people claim that PIN can eliminate passwords, but logic dictates that it can never happen since PIN is no more than the weakest form of numbers-only password. Neither can Passphrase, which is no more than a long password. There are also some people who talk about the likes of PKI and onetime passwords as an alternative to passwords. But it is like talking about a weak door and proposing to enhance the door panel as an alternative to enhancing the lock and key.
  13. Applications of Expanded Password System will be found Wherever people have been using the text passwords and numerical PINS, Wherever people need a means of identity authentication even if we still do not know what it will be.
  14. The proposition of Expanded Password System that drastically alleviates the password fatigue is now acknowledged as a ‘Draft Proposal’ for OASIS Open Projects that OASIS has recently launched as a new standardization program. We have publicized a draft specification of Expanded Password System there. We are going to secure some more participants, corporate members in particular, who are looking for blue-ocean business opportunities in the expanding domain of identity assurance in cyberspace.
  15. Starting with the perception that our continuous identity as human being is made of our autobiographic memory, we are making identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System shall not go away so long as people want our own volition and memory to remain involved in identity assurance.
  16. Well, let me talk about some more topics related to digital identity. They are Biometrics supposed to kill passwords Two-factor authentication built on 2 kinds of passwords And, the concept of Expanded Password System applied to BMI.
  17. Every time I speak about Expanded Password System, I am flooded with this question. My answer is. Biometrics used with a fallback password brings down the security that the password has so far provided as outlined in this 30-second video. Specifically, old iPhones with PINCODE only were safer than newer iPhones featuring TouchID and FaceID. What has improved is convenience obtained at the sacrifice of security. In any case, biometrics that is dependent on a password as a fallback measures can by NO means kill the password. It’s logically obvious. By the way, a false acceptance rate makes sense only when it comes with the corresponding false rejection rate. I don’t understand why biometrics vendors don’t publicize both of the two simultaneously.
  18. A simple brain-monitoring has a problem in terms of security. The data, if wiretapped by criminals, can be replayed for impersonation straight away.  Therefore the data should be randomized as the onetime disposable ones. An idea is that the authentication system allocates random numbers or characters to the images shown to the users. The users focus their attention on the numbers or characters given to the images they had registered. The monitoring system will collect the brain-generated onetime signals corresponding to the registered images. Incidentally, the channel for showing the pictures is supposed to be separate from the channel for brain-monitoring. If intercepting successfully, criminals would be unable to impersonate the users because the intercepted data are onetime and disposable.
  19. Some people say that using physical tokens is more secure than using phones for receiving onetime code by SMS. If it is the case, the use of physical tokens brings its own headache. What shall we do if we have dozens of accounts that require the protection by two/multi-factor schemes? Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens across dozens of accounts? The former would be too cumbersome and too easily attract attention of bad guys, while the latter would be very convenient but brings the likes of a single point of failure. We have a third proposition. A matrix of the images, to which random onetime numbers or characters are allocated , are shown to the users through a mobile device, as in the use case of BMI mentioned a minute ago. Users who recognize the registered images will feed the numbers or characters given to those images on a main device. From those onetime data, the authentication server will tell the images that user had registered. What is needed at the users’ end is only a browser soft. Then, we do not depend on the vulnerable onetime code sent through SMS and a single phone can readily cope with dozens of accounts.
  20. A very strong password supposed to not be remembered and written down on a memo should be viewed as 'what we have', definitely not 'what we remember', so it could be used as one of the two factors along with a remembered password. We could then turn a boring legacy password system into a two factor authentication system at no cost, just by verifying two passwords at a time, one volitionally recalled and the other one physically possessed. When those two different passwords are used as two factors, we could rely on the strength of a remembered password against physical theft and the strength of a physically possessed long password against brute force attack, although it is not as strong against wiretapping as token-based solutions armed with PKI or Onetime Password. This could be viewed just as a thought experiment or could actually be considered for practical application in between a single factor authentication and a costly heavily-armored 2-factor scheme, or, as a transition from the former to the latter. It goes without saying that Expanded Password System could be brought in for a good remembered password.
  21. As such, there exists a secure and yet stress free means of democracy-compatible identity authentication. That is Expanded Password System I would be happy if you will keep this in mind as one of the takeaways from this conference. ----------------------- If you have questions, feel free to catch me whenever you find me. Thank you very much for your time.