What is a Negative Authentication System?
By D. Dasgupta, Director, Center for Information Assurance.
Password authentication is very critical for secure access to company servers as it verifies the identity of computer users and processes. Most authentication systems use some form Positive Identification (PI) to identify legitimate users. Specifically, these systems use a password profile containing all the user passwords that are authorized to access the system (or the server). The negative counterpart (non-self/anti-password space) represents all strings that are not in the password file (which can possibly be exploited by hackers using password guessing or cracking tools). The purpose is to keep the Anti- Password checking as the first line of Authentication (invisible to users) and be kept in a separate machine (probably outside the secure perimeter), while the positive authentication system should be inside the highly secure region).
A demo illustrating the concept is available at Password immunizer (patent pending).
See Archive of Comments/Queries.
Send your comments/queries to; firstname.lastname@example.org.