When, why and how Expanded Password System was developed

Hitoshi Kokumai

5年前 · 4 分の読書時間 · ~10 ·

Here is what we wish to emphasize as to the development of Expanded Password System (composed in the format of Santander Digital Trust Hackathon).

Main Theme: Identity Assurance by Our Own Volition and Memory

- Problem: Password Predicament

- Solution: Non-Text Secret Credentials

- Theory: Science of Human Memory

Summarized in this 90-second video

Inspiration in 2000

Secret credentials are indispensable for identity assurance, whereas text-only passwords are hard to manage.

Why not consider Non-Text secret credentials?

What it does

Our identity authentication solution named Expanded Password System enables people to make use of their episodic image memory

Secret Credenti

Memories

Episodic Memory

How we built it

The system is built to enable the user to register a set of any numbers of images of their choice either by permutation or combination as credentials and embed them onto a matrix of images made of meaningless decoy images

Our solution turned out to work with Open ID without friction.

Challenges we ran into

However solid the theory is, the solution would be vulnerable to attacks when it is poorly implemented. A key was the appropriate use of a hash module of SHA family.

Identity Assurance in Emergencies

Disaster Recovery

Card and tokens
possessed?

Biometrics
practicable?

Frenin ic. we can quickly
recognize unforgettable images of
epriodic memones

In the Field

Practicable with both
hands busy ?

In panic? With injuries?

With protection gear on?

It was also a challenge to get technology people to listen to us about the merit of making use of our own autobiographic/episodic memory. These people are generally not familiar with such psychological concepts.

Accomplishments that we're proud of

Adoption by demanding clients such as Japan's Ground Self-Defense Force (Army) besides the use cases in consumer and corporation areas.

If only textand # are OK |3UV B99 KUW

to memorize 10 lighten the load of to make use of
text/number passwords text passwords memorized images

{Text Mode] {Graphics Mode] (Original Picture Mode]
Recall the remembered Recognize the pictures Recognize the unforgettable
password remembered in stories pictures of episodic memories |
012345 @ 0% 8 sROaw
crreas YE
CDEFGH 8 4 &

nr HER

OPQRST

UvwXxYz ICR WA
Low memory ceiling High memory ceiling Very high memory ceiling

Think of all those ladders you have to cmb in Donkey Kong ;-)

Also, selection as a finalist by Financial Data and Technology Association for ‘Summit and Awards 2019’ and adoption by AFCEA for ‘2020 Solution Review Problem Sets’.

What we learned

Our solution can and must be made available to global citizens.

We also learned that, for global citizens to enjoy a safer identity assurance, we need to debunk wide-spread misperceptions such as “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics”

What's next for Digital Identity for Global Citizens

Global operations

Key References

Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Relation of Accounts & Passwords

° 1 as
7 ae
coErom
aK LM
oranrsT
UVvwxyz

* Unique matrices of images allocated to different accounts.

* Ata glance you will immediately realize what images you should pick
up as your passwords for this or that account.

Additional Statements

The aim of our enterprise is to make Expanded Password System (EPS) solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disasters.

We expect EPS to stay with us over many generations until humans discover something other than the 'digital identity' for our safe and orderly societal life. We look for the people who share such a long-term view and support us as such.

Expanded Password System invented in 2000, we launched the business operations in 2001 under the name of Mnemonic Security, Inc, which was the world’s first company to provide the software products that offer ‘Hard-to-Forget’, ‘Hard-to-Break’ and ‘Panic-Proof’ digital identity authentication. The business progressed successfully with US$1m commercial adoptions over the first several years.

We started, however, to feel the painful headwind from around 2008 because people got carried away by the hype of wrongly-used biometrics, particularly overwhelming in Japan, even though the versatile practicability of our software was demonstrated by the 5-year use by 140, 000 online shoppers. After struggling in vain for several years, we chose to get out of Japan.

We have successfully made a tangible progress since then. The solid theory of our EPS proposition is made clear by OASIS recognition as a standard candidate, publishing by Taylor & Francis, selection as a finalist by Financial Data and Technology Association for ‘Summit and Awards 2019’ in Edinburgh and adoption by AFCEA for ‘2020 Solution Review Problem Sets’. We are steadily getting recognized as Pioneer and Thought Leader in this domain.

As for the use cases, we are now able to also refer to the 6-year use by 1,200 employees for a corporate network and the trouble-free defense use by army soldiers in the field from 2013 till now with the users increasing 10-fold and set to increase further, which were both achieved in very adverse circumstances of biometrics-dominated Japan.

We came to set up a company in UK as our global headquarters in August 2020. We named it 'Mnemonic Identity Solutions Limited' with the mission of globally promoting 'identity assurance by our own volition and memory' for 'secure digital identity in post-pandemic cyberspace'.

In view of the ever rampant Covid-19, we would like to refer to the theme of Digital Identity in Post-Pandemic Era; Very probably, global populations will be far more dependent on Digital Identity in the Post-Covid19 era that our life will be far less dependent on geographical move of people - fewer face-to-face meetings, less commute, fewer travels and far more dependent on telemedicine, telework and many other tele-something, while threats of Big Brothers by rogue governments, greedy corporations and crime syndicates will be yet greater than ever.

The likes of Self-Sovereign Identity, expected to play a critical role in the highly complex situations, would require not just the distributed ledger technology but the most reliable identity authentication if it is to be truly valid and sustainable.

Our responsibility of providing ‘hard-to-forget’, ‘hard-to-break’ and ‘stress-proof’ authentication will be really heavy.

Lastly, we wish to mention a bit more about “wide-spread misperceptions” referred to in “What we learned”. Below are my latest writings as for “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics”.

Bizarre Theory of Password-less Authentication

Why are we so persistent in the efforts to bust the falsehood of biometrics?

Our project submitted to Santander Digital Trust Hackathon titled 'Digital Identity for Global Citizens' is among the 31 winners out of 268 submissions.