Details

Written by: SMAIT

Category: smart password

Hits: 565

• SMART PASSWORD (patented technology)

What is SMART PASSWORD ?
[SMART PASSWORD] is an abbreviation for the technology represented by the following invention patents:
China Invention Patent ZL202111471341.3  A method of implementing smart cryptography, equipment, electronic equipment and computer-readable media 
Japan  Invention patent JP7569119B Method for realizing smart cryptography, equipment, electronic equipment,
US12401637 SMART PASSWORD IMPLEMENTATION METHOD, APPARATUS, ELECTRONIC DEVICE AND COMPUTER-READABLE MEDIUM
European Invention Patent EP4191975 SMART PASSWORD IMPLEMENTATION METHOD AND APPARATUS, ELECTRONIC DEVICE AND COMPUTER-READABLE MEDIUM
See more https://patentscope.wipo.int/search/en/detail.jsf?docId=PCT/CN2021/138583

What are the features of SMART PASSWORD compared to Traditional Password?

The original password template in SMART PASSWORD integrates time and frequency to achieve password lifecycle management such as contactless automatic changes, association changes, and cascading changes, and for sensitive contexts as well, but a "traditional password" is once set, it will not be changed again unless the owner changes it, not to mention multiple devices and associate/cascade changes without scripting.
Smart Password as first user-driven compliant password management solution puts an end to "weak passwords" and says goodbye to "forgotten passwords," allowing users to retrieve passwords independently and autonomously without service man or administrator of facilities. Traditional password  is easier to be weak password  due to human weaknesses and is difficult to guarantee being changed  regularly and once forgotten usually requires resetting through customer service or administrators, or other complex methods.
With the help of a password center server of SMART PASSWORD, you can manage all your passwords in an integrated manner without having to remember them like traditional passwords that are easy to lose.

When is the "SMART PASSWORD" used?
SMART PASSWORD can be used in parallel wherever traditional passwords are used, such as system equipment and facility, system software, application software/service, network equipment, embedded equipment, security equipment and facilities, storage equipment, industrial control intelligent equipment, etc., Whether you need to log in to a server or authenticate locally, this technology can also be used in application contexts, digital assets, and more.

How to use the patented "SMART PASSWORD" technology?
In the existing environment, in addition to their native password management, it is common for equipment and facility owners to implement SMART PASSWORD functions according to the method of the  patent, and the specific process includes evaluating, planning, implementing of functional modules, debugging, public testing, etc. The feature module should at least include password management request response (including instant messaging, etc.), password template polling, password record update and push password update request, or directly perform password update for the target account and perform the required password update notification.

What are the password templates for SMART PASSWORD and how often do they change?
Password templates are similar to the format %x of the output command in a programming language, but the format here can also define functions and other commands that are defined by the implementer and interpreted and executed by the user response program and password generator. Users can also include this format directly in their password management requests, as a shortcut provided by the implementer, or use the default format using natural language (e.g., "Choose to change password every 10 weeks" in %y%w (shortcut format yw), "3 in %y%m (shortcut format ym) Choose to change your password every month," etc., represented by the numbers W10 and M3, respectively. At the same time, the format is closely related to the length of the password and the encoding space, and the corresponding encoding space is defined according to the needs of the application, such as %y uses one character, and the length is determined, and its encoding space numbers 10 + characters 26 + symbols 24 = 60 (year), etc. A complete password template can be randomly extracted more than 4 digits of numbers and characters in password template format from an account, as well as additional symbols (based on the total number of digits), to form the determined password template in a random order, and record it in the password record of the specified account, Based on this and the frequency of changes, the password center server can generate the final password by the password generator. The password management request is in the form of frequency, password template. The so-called time trimming means password change falls within the expected time, such as changed at 8 a.m so that allows the owner to calmly change the password of the corresponding client.

What is the configuration of the "SMART PASSWORD" central server?
You can also centralize related programs/services on a single server, including databases, password management response services, password generation scheduling tasks, password change and push services, password notification services (including instant messaging servers, SMS servers, voice servers, mail servers, etc.), They can also be distributed across different servers and can be planned according to your needs. Fault tolerance is highly recommended for production environments. Depending on the size of the application, server resource requirements are determined, the smallest server can be deployed on routers, NAS, and even mobile devices such as mobile phones and tablets, password center servers in the same borough require a unique identification code, and different servers can synchronize data based on the record/account level and push it across servers. The password center server used for disaster recovery performs database data synchronization to implement standard disaster recovery capabilities and ensure data security. Who builds the Password Center server? It is recommended to be a trusted third party, such as the owner of the facility or a bank, and of course users will build it for internal use. In addition, the operation of the password center server consists of a construction operation and maintenance server, and special personnel must be assigned to ensure the normal operation of all services and solve abnormal situations in a timely manner.

Who can use the patented technology of "SMART PASSWORD"?
People with basic programming skills and knowledge of IT technologies (networks, databases, messaging systems) can try the technology and experience its benefits, and the public facility/service/application need provider to implement "SMART PASSWORD" and provide related functions. Smart device needs manufacturers to implement "SMART PASSWORD" inside firmware of the device. Various operating systems can use native "SMART PASSWORD" integrated or standalone functions. 

What is the difference between a "SMART PASSWORD" password notification and a one-time token?
The design purpose is different: One-time tokens are designed for one-time convenience, featuring completely random generation, simple pure numbers, short validity time, and are typically sent through a single channel such as mobile phone text messages, instant messaging, or email. SMART PASSWORD are designed for master passwords, so they have a lot of security considerations, can achieve contactless changes and password requests, and of course, they also have the ability to implement one-time tokens, and the shortest validity period is only 1 minute. More extensively, it uses password templates and change frequency to generate master passwords, automatically change them, there are many notification methods, depending on the application occasion and the design of the software developer, the notification methods can be mixed in different ways, and partial notifications can be used, that is, only the changed part of the password can be notified. Notification messages can also be encrypted/graphicalized. Therefore, it is flexible and convenient. Of course, the two do not conflict and can be used simultaneously, and one-time tokens then can be used as two-factor authentication to achieve authentication.

What is the difference between a "SMART PASSWORD" password template and a randomly generated password template?
Password template helps to simplify and secure applications by providing a limited derivation of the password generated next time, making it easier to remember the passwords often used, and also providing the possibility of partial notification when passwords change. Random generation does not have these possibilities.

Other benefits of "SMART PASSWORD" 1
The implementation of SMART PASSWORD allows facility/application users to control the availability of their accounts, but biometrics are widely used, and the owner does not know if there is theft, let alone easily stop using them. The implementation of SMART PASSWORD can realize account login notifications with various login methods, and temporarily close some login methods if necessary, which is unimaginable at the moment, so in view of its unique advantages, it is specifically listed as a claim in the SMART PASSWORD patent as "the management request information includes a control instruction configured to manage a password center server, manage a target device/facility, or authorize other people to manage a target device/facility; and the manner of managing the target device/facility comprises immediately shutting down, disabling or allowing login, forcing logout, and starting or stopping a service or an application.".

Further advantages of "SMART PASSWORD" 2
SMART PASSWORD are not only an upgrade to traditional passwords, but also applicable to digital assets, password Q&A, application context, community strings,SSH ports, etc. those sensitive information can be now under centralized management , and unified management helps reduce security vulnerabilities and facilitate searches and reminder/query when needed. In particular, application contexts, community strings, SSH ports, etc. can change automatically now, those easier forming security risks before due to ignorance or factual difficulty to be managed and/or changed.

Further additional benefits of "SMART PASSWORD"
Looking forward to your discovery, SMART PASSWORD provides a universal way to update and upgrade traditional passwords, practical applications need to be developed by people, Combined with today's AI applications and complex application needs,  more benefits will be reflected, and  those who understand, develop, and promote SMART PASSWORD patents can get the rewards they deserve.