Can you securely prove your identity to a host computer by using no dedicated software at your terminal and no dedicated token at your hands? Conventional password checking schemes do not need such a software and hardware but have a disadvantage that an attacker who has correctly observed an input password by peeping or wiretapping can perfectly impersonate the corresponding user. Conventional dynamic (one-time) password schemes or zero-knowledge identification schemes can be securely implemented but require special software or hardware or memorandums. This paper develops human-friendly identification schemes such that a human prover knowing a secret key in her or his brain is asked a visual question by a machine verifier, who then checks if an answer sent from the prover matches the question with respect to the key. The novelty of these schemes lies in their ways of displaying questions. This paper also examines an application of the human identification schemes to human-computer cryptographic communication protocols.
[1]
Amos Fiat,et al.
How to Prove Yourself: Practical Solutions to Identification and Signature Problems
,
1986,
CRYPTO.
[2]
Hideki Imai,et al.
Human Identification Through Insecure Channel
,
1991,
EUROCRYPT.
[3]
Tzonelih Hwang,et al.
On the Matsumoto and Imai's Human Identification Scheme
,
1995,
EUROCRYPT.
[4]
Leslie Lamport,et al.
Password authentication with insecure communication
,
1981,
CACM.
[5]
Jeffrey I. Schiller,et al.
An Authentication Service for Open Network Systems. In
,
1998
.