1. Home
  2. Embedded Programming
  3. Password protection, time limited validity

Password protection, time limited validity

Does anyone here know of e.g. asymmeric coding algorithms that support this use case:

- A control system has parameters to tune the process, protected with password.

- The only communication link we can be sure to have is voice or e-mail.

We would like a system where a time limited password could be given.

One idea is, that the password could change over time, and that a password could be obtained from a server at our headquarters.

It should not be possible to deduce the algorithm by knowing some valid passwords.

Since this is an embedded system, passwords on a plant- or unit level would require a lot of administration.

--
mdc at manbw dk  -  MAN B&W Diesel A/S, Copenhagen
www.manbw.com    -  Electronics & software dept.
      -  Speaking for myself only. -
Reply to
Mogens Dybæk Christensen
Loading thread data ...

Can you use two-way communication for the passwords?

I'm thinking about a challenge-handshake algorithm like that used by the PPP autenthication, PAP (and many others).

Build a long enough random number generator into the system, step it with each password use, and encrypt the real password with the random number.

This means that the customer needs to read the random number (the challenge) from the embedded system and get from you an encrypted password which is useful with that challenge only, so you do not need to show the real secret at all.

--

Tauno Voipio
tauno voipio (at) iki fi
Reply to
Tauno Voipio

Give all units an initial decryption key. Encrypt the terminating date and a new decryption key, send this to all units to update them. Encrypt the date alone to be the password.

--
#include 
 _
Kevin D Quitt  USA 91387-4454         96.37% of all statistics are made up
  Per the FCA, this address may not be added to any commercial mail list
Reply to
Kevin D. Quitt

Sounds interesting! And yes, it would be possible to ask for such a key from the system, and then give them a password. This feature will be used only when authorized persons from our company are involved, either on site or by phone or mail.

- Somehing like that came up in our brainstorm too.

--
  Mogens Dybæk Christensen
  e-mail mdc at mail dot tele dot dk
Reply to
Mogens Dybaek Christensen

As stated earlier, this is an embedded system with no links to the outside world. So "update all units" is not an option.

The only contact is through the eys and hands of a person standing in front of it. He is assumed to have access to e-mail or phone.

But your idea may be tweaked a bit, so we could give a unit a time limited password. ;-)

--
  Mogens Dybæk Christensen
  e-mail mdc at mail dot tele dot dk
Reply to
Mogens Dybaek Christensen

Assuming that the units have a clock onboard and a unit_unique_key;

Store unit id's and unit_unique_keys on a server. Calculate hash of day+month+ year+unit_unique_key and convert to password (decimal, hex, alphanumeric) . Hand date + password + unit-id to operator.

At the unit; do the same calculation and compare entered password and calculated password.

This way the password is valid for one day. Of course you can use the week, or day/3 etc

For hash algorithms see MD5, SHA1, RIPEMD160, all free of patents.

Wim.

Reply to
Wim Ton

My fees are reasonable. 8o)

-- _ Kevin D. Quitt snipped-for-privacy@Quitt.net 96.37% of all statistics are made up

Reply to
Kevin D. Quitt

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.