Expanded Password System – Theory and Implementation
Expanded Password System, however solid the theory is, would be vulnerable to attacks when it is poorly implemented.
Very fortunately, our first client in Japan who adopted Expanded Password System for 140,000 shoppers (designed for one million users) was extremely demanding about the implementation. We had to satisfy them and actually satisfied them with the solid implementation. Another major client is Japanese army. We naturally had to be very confident about the good implementation.
For both theory and implementation, we owe a lot to Emeritus Prof. Hideki Imai, who was the chairperson of Japan’s CRYPTREC and also a cryptography advisor to the defense forces when we first met in 2001. He pushed my back to move ahead confidently with promotion of Expanded Password System, and helped me a lot with several joint research programs until he retired from Tokyo University. It is from him that I came to know about the likes of Elliptic Curve Cryptography.
Expanded Password System has thus been strongly disciplined and hardened in both theory and implementation.
‘Easy-to-Remember’ is one thing. ‘Hard-to-Forget’ is another - The observation that Images are easy to remember has been known for many decades; it is not our theme.
What we discuss is that ‘images of our emotion-coloured episodic memory’ is ‘Hard to Forget’ to the extent that it is ‘Panic-Proof’; images of toys, dolls, dogs and cats, for example, that our children used to love for years would jump into our eye even when we are placed in heavy pressure and caught in severe panic.
Expanded Password System (EPS), which accepts images, especially the unforgettable images of our own emotion-coloured episodic memory, as well as conventional characters and numbers, is intended to be a legitimate successor to the time-honored seals, autographs and text-only password systems for safe digital identity over many generations to come, In the present-day world, safely protected teleworking, telemedicine and many other tele-something in the stressful pandemic situations as well as many natural and manmade disasters is among the imminent objectives.
Hitoshi Kokumai, inventor of EPS, is not a technology man, graduated from Economics Faculty of Kyoto University and having worked in international business, assisting a UK company to achieve some ￡100 million worth exports to Japanese clients over the two decades of service, before getting suddenly hit by an inspiration of the core concept of EPS in 2000.
Joined by Ryuhei Masuno, graduated from Law Faculty of the same university, Hitoshi has since progressed the development and theorization of EPS from the view point that identity assurance or secured digital identity is the issue of philosophy, psychology, sociology, economics and history as well as technology.
We launched the business operations in 2001 under the name of Mnemonic Security, Inc, which was the world’s first company to provide the software products that offer ‘Hard-to-Forget’, ‘Hard-to-Break’ and ‘Panic-Proof’ digital identity authentication. The business progressed successfully with US$1m commercial adoptions over the first several years.
We started, however, to feel the painful headwind from around 2008 because people got carried away by the hype of wrongly-used biometrics, particularly overwhelming in Japan, even though the versatile practicability of our software was demonstrated by the 5-year use by 140, 000 online shoppers. After struggling in vain for several years, we chose to get out of Japan.
We have successfully made a tangible progress since then. The solid theory of our EPS proposition is made clear by OASIS recognition as a standard candidate, publishing by Taylor & Francis, selection as a finalist by Financial Data and Technology Association for ‘Summit and Awards 2019’ in Edinburgh and adoption by AFCEA for ‘2020 Solution Review Problem Sets’. We are steadily getting recognized as Pioneer and Thought Leader in this domain.
As for the use cases, we are now able to also refer to the 6-year use by 1,200 employees for a corporate network and the trouble-free defense use by army soldiers in the field from 2013 till now with the users increasing 10-fold and set to increase further, which were both achieved in very adverse circumstances of biometrics-dominated Japan.
Now we have come to setting up a company in UK as our global headquarters. We plan to name it 'Mnemonic Identity Solution Limited' with the mission of globally promoting 'identity assurance by our own volition and memory' for 'secure digital identity in post-pandemic cyberspace'.
The aim of our enterprise is to make EPS solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disasters.