Passcode based authentication protocol: Part I — Solution evaluation and software design

Usually, any communication begins by establishing the identity of partners (one over the other, or to a system that grants access to certain resources), the general settings for an identification protocol assuming the existence of a prover or claimant (referred to as USER) and a verifier in whose terms the outcome of an entity authentication protocol being either acceptance of the claimant\´s identity as authentic (completion with acceptance), or termination without acceptance (rejection). Although individually widely used, all vulnerabilities outlined in service, for each authentication scheme in hand (based on something known, owned by USER or inherent to him), advanced the idea of combining them in order to increase the "strength" of resulted protocol. This article aims at presenting a method for implementing an authentication protocol, which combines the two basic schemes (something known to the user or something owned by him), efforts were focused on highlighting the elements of software design and the basic procedures of the proposed authentication system. Also, an assessment is made on strength of passcode by quantifying the average time scrolling passcodes space to reach a specific combination. Taking into account that the criteria are “worst case scenario” type (for this kind of evaluation) in the following are proposed and evaluated two methods for enhancing / increasing the average time scrolling the space, one of them being implemented in the case of the presented authentication scheme. If in this first part of the paper software implementation, performance and security issues are discussed, in second part (which will be published in next issue of the journal) will be dealt topics related to hardware implementation.