Abstract
We introduce an authentication framework called Query-Directed Passwords (QDP) that incorporates the convenience of authentication by long-term knowledge questions and offers stronger security than from traditional types of personal questions. Security is strengthened for this scheme by imposing several restrictions on the questions and answers, and specifying how QDP is implemented in conjunction with other factors. Four QDP implementations are examined for call center applications. We examine the security and convenience of one of these implementations in detail. This implementation involves client-end storage of questions in a computer file or a wallet card, and follows a basic challenge-response authentication protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Morris, R., Thompson, K.: Password security: A case history. Comm. ACM 22(11), 594–597 (1979)
Feldmeier, D.C., Karn, P.R.: UNIX password security – ten years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44–63. Springer, Heidelberg (1990)
Furnell, S.M., Dowland, P.S., Illingworth, H.M., Reynolds, P.L.: Authentication and supervision: A survey of user attitudes. Computers and Security 19(6), 529–539 (2000)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: The memorability and security of passwords – some empirical results. TR 500, University of Cambridge, Computer Laboratory (September 2000), http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-500.pdf
O’Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. Proc. IEEE 91(12), 2019–2040 (2003)
O’Gorman, L.: Seven issues with human authentication technologies. In: IEEE Workshop on Automatic Identification Advanced Technologies, New York, March 2002, pp. 185–186 (2002)
Dorai, C., Ratha, N.K., Bolle, R.: Dynamic behavior analysis in compressed fingerprint videos. In: IEEE Trans. Circuits and Systems for Video Technology, Special Issue on Video- Based Biometrics (October 2003)
Bahrick, H.P.: Semantic memory content in permastore: Fifty years of memory for Spanish learned in school. J. of Exp. Psychology: General 113(1), 1–29 (1984)
Ellison, C., Hall, C., Milbert, R., Schneier, B.: Protecting secret keys with personal entropy. J. of Future Generation Computer Systems 16(4), 311–318 (2000)
Shamir: How to share a secret. Comm. of the ACM 22(11), 612–613 (1979)
Frykholm, N., Juels, A.: Error-tolerant password recovery. In: Samarati, P. (ed.) Eighth ACM Conference on Computer and Communications Security, pp. 1–8. ACM Press, New York (2001)
Juels, M.W.: A fuzzy commitment scheme. In: Tsudik, G. (ed.) Sixth ACM Conf. Computer and Communications Security, pp. 28–36. ACM Press, New York (1999)
Fiscus, J., Fisher, W.M., Martin, A., Przybocki, M., Pallett, D.S.: NIST Evaluation of Conversational Speech Recognition over the Telephone. In: Speech Transcription Workshop, Maryland (May 2000), http://www.nist.gov/speech/publications/
Bishop, M., Klein, D.V.: Improving system security via proactive password checking. Computers and Security 14(3), 233–249 (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
O’Gorman, L., Bagga, A., Bentley, J. (2004). Call Center Customer Verification by Query-Directed Passwords. In: Juels, A. (eds) Financial Cryptography. FC 2004. Lecture Notes in Computer Science, vol 3110. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27809-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-27809-2_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22420-4
Online ISBN: 978-3-540-27809-2
eBook Packages: Springer Book Archive