Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!GSWD-VMS.ARPA!srb%mycroft
From: srb%mycroft@GSWD-VMS.ARPA.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re: secure replacements for password
Message-ID: <8701161623.AA13948@gswd-vms.ARPA>
Date: Fri, 16-Jan-87 11:22:11 EST
Article-I.D.: gswd-vms.8701161623.AA13948
Posted: Fri Jan 16 11:22:11 1987
Date-Received: Sat, 17-Jan-87 01:23:26 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 20
Approved: tcp-ip@sri-nic.arpa

>An interesting authentication scheme uses a special calculator
>issued to each user. The calculator has a crypto chip and is
>keyed before being given to the user. To determine whether a
>user is valid, the system presents a challenge in the form of
>an integer (probably 5-6 digits long) which the user keys into
>his calculator. The calculator applies the encryption algorithm
>and key to the input and produces an integer output which the user
>then keys into his terminal/PC.
>...

Authentication is normally based on "something you know" or
"something you have".  A small weakness of the scheme as described
is that you could lose the calculator and then someone else would
have it...

I'd suggest that the calculator itself have a "password", under the
control of its owner, which enters into the cryptographic algorithm.
(Since the calculator is not networked, monitoring of the password
entry is unlikely.)  At this point, something you know AND something
you have are necessary to gain entry.