ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
The use of passwords for controlling access to remote computer systems and services
Full text PdfPdf (920 KB)
Source AFIPS Joint Computer Conferences archive
Proceedings of the June 13-16, 1977, national computer conference table of contents
Dallas, Texas
SESSION: Computer security techniques table of contents
Pages 27-33  
Year of Publication: 1977
Author
Helen M. Wood  National Bureau of Standards, Washington, DC
Sponsor
AFIPS : American Federation of Information Processing Societies
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 23,   Citation Count: 0
Additional Information:

abstract   references   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1499402.1499410
What is a DOI?

ABSTRACT

The widespread use of remote computer resources has made the problem of personal authentication most urgent. This paper examines the use of passwords for controlled access to these resources. Password techniques, ways of protecting passwords, and attendant cost considerations are discussed. Similarities between passwords and data encryption keys are noted and general recommendations for the use of passwords are presented.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Donn B. Parker, Computer abuse perpetrators and vulnerabilities of computer systems, Proceedings of the June 7-10, 1976, national computer conference and exposition, June 07-10, 1976, New York, New York  [doi>10.1145/1499799.1499810]
 
2
Cotton, Ira W. and Paul Meissner, "Approaches to Controlling Personal Access to Computer Terminals", Proceedings of the 1975 Symposium Computer Networks: Trends and Applications, IEEE Computer Society, 1975, p. 32--39, 19 refs.
3
Peter S. Browne, Computer security: a survey, Proceedings of the June 7-10, 1976, national computer conference and exposition, June 07-10, 1976, New York, New York  [doi>10.1145/1499799.1499809]
 
4
Meissner, Paul, Guideline on Evaluation of Techniques for Automated Personal Identification, National Bureau of Standards, Washington, D.C., 1977 {in press}.
5
H. E. Petersen , R. Turn, System implications of information privacy, Proceedings of the April 18-20, 1967, spring joint computer conference, April 18-20, 1967, Atlantic City, New Jersey  [doi>10.1145/1465482.1465526]
 
6
Beardsley, Charles W., "Is Your Computer Insecure?" IEEE Spectrum, January 1972, p. 67--78, 16 refs.
 
7
Winkler, Stanley, and Lee Danner, "Data Security in the Computer Communication Environment", Computer, February 1974, p. 23--31, 7 refs.
 
8
Johnson, S. M., Certain Number Theoretic Questions in Access Control, Rand Corporation, Report R-1494-NSF, January 1974.
 
9
Gasser, M., A Random Word Generator for Pronounceable Passwords, The MITRE Corporation, Bedford, Mass., AD-A017 676, November 1975, 183p., 3 refs.
 
10
Bushkin, Arthur A., A Framework for Computer Security, System Development Corporation, McLean, Va., AD-A025 356, June 1975, 158p.
 
11
Held, Gilbert, "Locking Intruders Out of a Network", Executive Guide to Data Communications, McGraw-Hill Publications Co., New York, 1976.
12
C. Weissman, Security controls in the ADEPT-50 time-sharing system, Proceedings of the November 18-20, 1969, fall joint computer conference, November 18-20, 1969, Las Vegas, Nevada  [doi>10.1145/1478559.1478574]
 
13
Anderson, James P., "Information Security in a Multi-user Computer Environment", Advances in Computers, Vol. 12, 1972, Academic Press, Inc., New York, p. 1--36.
14
Bernard Peters, Security considerations in a multi-programmed computer system, Proceedings of the April 18-20, 1967, spring joint computer conference, April 18-20, 1967, Atlantic City, New Jersey  [doi>10.1145/1465482.1465524]
 
15
Baran, Paul, On Distributed Communications: IX. Security, Secrecy, and Tamper-free Considerations, Rand Corporation, August 1964, AD-444 839, 39p.
 
16
Anderson, James P., On Centralized Distribution of One-time Passwords in Resource Sharing Systems, James P. Anderson and Co., Fort Washington, Pa., August 1971, 8p.
 
17
Richardson, Mark H. and James V. Potter, Design of a Magnetic Card Modifiable Credential System Demonstration, Electronic Systems Division (AFSC), Hanscom Field, Mass., MCI-73-3, December 1973, 65p.
18
John M. Carroll , Robert Martin , Lorine McHardy , Hans Moravec, Multi-dimensional security program for a generalized information retrieval system, Proceedings of the May 16-18, 1972, spring joint computer conference, May 16-18, 1972, Atlantic City, New Jersey  [doi>10.1145/1479064.1479166]
 
19
Taylor, Alan, "Darmstadt System Eliminates Check-Digit Loopholds", Computerworld, September 17, 1975, p. 13.
 
20
Taylor, Alan, "Deeds Check-Digit Method Possibly Valuable DP Tool", Computerworld, October 22, 1975, p. 11.
 
21
Taylor, Alan, "Statistics Improving State of Art in 'Check-Digitry'", Computerworld, February 23, 1976, p. 17.
22
D. Kaufman , K. Auerbach, A secure, national system for electronic funds transfer, Proceedings of the June 7-10, 1976, national computer conference and exposition, June 07-10, 1976, New York, New York  [doi>10.1145/1499799.1499818]
 
23
Campaigne, Howard and Lance J. Hoffman, "Computer Privacy and Security", Computers and Automation, 22:7, July 1973, p. 12--17, 6 refs.
 
24
Lupton, William Lloyd, A Study of Computer Based Data Security Techniques, Naval Postgraduate School, Monterey, California, AD-765 677, 1973, 77p., 141 refs.
25
Lance J. Hoffman, Computers and Privacy: A Survey, ACM Computing Surveys (CSUR), v.1 n.2, p.85-103, June 1969  [doi>10.1145/356546.356548]
 
26
M. V. Wilkes, Time Sharing Computer Systems, Elsevier Science Inc., New York, NY, 1975
27
Arthur Evans, Jr. , William Kantrowitz , Edwin Weiss, A user authentication scheme not requiring secrecy in the computer, Communications of the ACM, v.17 n.8, p.437-442, Aug. 1974  [doi>10.1145/361082.361087]
28
George B. Purdy, A high security log-in procedure, Communications of the ACM, v.17 n.8, p.442-445, Aug. 1974  [doi>10.1145/361082.361089]
 
29
Fletcher, J. G., Software Security in Networks, Lawrence Livermore Laboratory, University of California, 1975, 17p.
 
30
Karger, Paul A. and Roger R. Schell, Multics Security Evaluation: Vulnerability Analysis, Electronic Systems Division (AFSC), Hanscom AFB, Mass., ESD-TR-74-193, Vol. II, June 1974, 156p., 33 refs.
 
31
Downey, Peter J., Multics Security Evaluation: Password and File Encryption Techniques, Electronic Systems Division (AFSC), Hanscom AFB, Mass., ESD-TR-74-193, Vol. III, in preparation.
 
32
Northup, Ernest H., "Bank Cards Vs. the Underworld", Banking, 67:9, September 1975, p. 66, 68, 70, 73.
 
33
Carroll, John M. and P. M. McLelland, "The Data Security Environment of Canadian Resource-sharing Systems", INFOR, Canadian Journal of Operational Research and Information Processing, 9:1, March 1971, p. 58--67, 17 refs.
 
34
Carroll, John M. and Paul Reeves, "Security of Data Communications: A Realization of Piggyback Infiltration", INFOR, Canadian Journal of Operational Research and Information Processing, 11:3, (October 1973), p. 226--231, 2 refs.
35
J. M. Carroll , P. M. McLelland, Fast "infinite-key" privacy transformation for resource-sharing systems, Proceedings of the November 17-19, 1970, fall joint computer conference, November 17-19, 1970, Houston, Texas  [doi>10.1145/1478462.1478493]
 
36
Branstad, Dennis K., "Encryption Protection in Computer Data Communications", Proceedings of the Fourth Data Communications Symposium, IEEE Computer Society, October 1975, p. 8-1--8-7, 2 refs.
 
37
National Bureau of Standards, "Proposed Standard Encryption Algorithm for Computer Data Protection", Federal Register, 40:52, August 75, 12134--12140.
 
38
Branstad, Dennis K., "Security Aspects of Computer Networks", Proceedings of AIAA Computer Network Systems Conference, American Institute of Aeronautics and Astronautics, New York, N.Y., April 1973, 8p.
 
39
Kent, Stephen T., "Encryption-Based Protection Protocols for Interactive User-Computer Communication", (Master's Thesis), Massachusetts Institute of Technology, Cambridge, Mass., AD-A026 911, May 1976, 122 p., 42 refs.
40
Rein Turn , Norman Z. Shapiro, Privacy and security in databank systems: measures of effectiveness, costs, and protector-intruder interactions, Proceedings of the December 5-7, 1972, fall joint computer conference, part I, December 05-07, 1972, Anaheim, California  [doi>10.1145/1479992.1480052]
 
41
Turn, Rein, Privacy Protection in Databanks: Principles and Costs, The Rand Corporation, Santa Monica, California, AD-A023 406, September 1974, 21 p., 19 refs.
 
42
Lientz, Bennet P. and Ira R. Weiss, On the Evaluation of Reliability and Security Measures in a Computer Network, Office of Naval Research, Arlington, Va., AD-A002 996, December 1974, 28p., 19 refs.
 
43
Meissner, Paul, Report of the 1976 Workshop on Estimation of Significant Advances in Computer Technology, National Bureau of Standards, NBS-IR 76--1189, August 30--31, 1976, 70p., {in press}.
Collaborative Colleagues:
Helen M. Wood: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player