SSSDR [16 Slides]. Alternative to Passwords and PINs. Contents The Problem to be Addressed Elevator Points Proposed Solution: SSSDR SSSDR Logic & Client-Side Walk-Through Overview of Server-Side and Process Flow Business Modeling Online Demo of Prototype Information (site and login info).
Alternative to Passwords and PINs
The Problem to be Addressed
Proposed Solution: SSSDR
SSSDR Logic & Client-Side Walk-Through
Overview of Server-Side and Process Flow
Online Demo of Prototype Information (site and login info)
There are 3Main components...
The 8 Jewels:
The 4 Jewel Attributes:
The Account ID.
In most practices it is pre-populated and hidden, such as from:
With Each Mouse Click, the SSSDR Assembles Each of the 8 jewels with RANDOM attributes. Each Ring, therefore, has 8 Randomly assembled jewels making each instance of the ring very unique.
For this Demo, only 4 clicks are used. The SSSDR can be set to use 2 – 8 Clicks, based on the Application and Context needs. For example, to open a document not classified on a validated previous login, perhaps only 2 or 3 clicks. For a Credit Card transaction, perhaps 6 or 8 clicks. It can be set by applications at runtime.
Where a User Fails at an attempt to validate, an extra click is added to the retry. After the second attempt at the 8-click level, the session is denied. That means that the lower the intended click-strength, the more tries a user may get (customizable); the higher the intended strength, the fewer tries.
As a User clicks (or touches, presses keypad numbers, or even speaks the jewel number), onlookers may see (or hear) which jewel was selected, but not know why it was selected (The number? The shape? The Letter? The Color?)
Since each ring is randomly assembled at each load and click, a given “Ring Face” might not be reproduced for thousands of draws.
Users’ Passkeys are assigned (or chosen) as 8-click Sequences based on any attribute, plus a few that can change:
In addition to these, there are “Wild Card” Clicks.
(Optional, but only one may be used in a Pass Key)
Sample Pass Keys:
ATM, Credit Card, Digital Signature, Web Site, Desktop Computer, Cell Phone, Tablet, etc.
Encrypted Digital Snapshot of what an onlooker would see
Information does not leave Server Side
Identity Validated Internally
Merchant & Terminal Validated
Terminal “Green Light” Code Algorithm (Specific for that terminal, at that time) determined.
1. License the Technology and allow others to brand it
Companies own the license to do as they please with it, end-to-end including the back-end server process, and pay royalties for use
Change Click Strength Here.
An interesting Demo is to enter the pass key while others are watching, and see how long it takes them to crack just a 2-click Pass Key. Two Clicks are not terribly difficult to crack, but compare to cracking a 2-digit PIN when entered in plain view...
Click “Show Notes” to reveal the password