Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!rutgers!mit-eddie!bbn.com!nic!eclectic!kovar From: kovar@eclectic.COM (David C. Kovar) Newsgroups: comp.sys.mac.programmer Subject: Re: Important Petition/Technology Message-ID: <93@eclectic.COM> Date: 17 Apr 91 14:59:19 GMT References: <14131@ccncsu.ColoState.EDU> <1991Apr11.070636.18158@csusac.csus.edu> <1938@camex.COM> Organization: Eclectic Associates, Inc. Lines: 35 In article <1938@camex.COM> kent@sunfs3.Camex.COM (Kent Borg) writes: >Great security issues, how do I keep people driving by outside from >printing stuff on our Laserwriter? Or checking into our our mail >server? Passwords, you suggest? How do I keep people from simply >listening for what I send as a password? Or listening in on the data >I send? The password problem is fairly simple: Use a security token and two factor authentication. (We are applying this technology commercially, so I am biased.) In this case, the security token we use generates a pseudo-random number every 30 or 60 seconds. The user has also memorized a PIN code, similar to ATM codes. To log into a system, or access some other service, the user inputs a string that looks like XXXYYYYYY where the X's are the PIN and the Y's are the cardcode. Using the cardcode, the system determines if there is any card that it knows about that can be generating that specific number at that point in time. If so, it then checks to see if the PIN for that card matches the PIN entered. Old cardcode values are useless and you can't predict the new ones, so stealing someone's cardcode from the wire isn't terribly useful. You can use this authentication scheme to protect your LaserWriter, mail server, and just about anything else. You could modify your LaserWriter driver and LaserPrep code to support some sort of challenge/response to filter out unauthorized people as well. Lots of neat possibilities. -David -- -David C. Kovar Consultant ARPA: kovar@eclectic.com Eclectic Associates AppleLink: ECLECTIC Ma Bell: 617-643-3373 MacNET: DKovar "It is easier to get forgiveness than permission."