An active security token includes: a sentry that controls access to token data disposed on the active security token through verification of user authentication data; the token data including: reference authentication data for verification of user authentication data; and a security phantom including a password file, the security phantom being a public key certificate or a biometric template.
The invention describes a novel method for storing a database of usemames and corresponding passwords on software and hardware security modules( such as smart cards and USB security tokens) that do not offer native password database storage capability. External applications can access and use these secure password databases to automatically log on to network services such as web servers. Although the majority of security modules do not explicitly support storage of password databases and also do not typically allow implementers to store arbitrary files onboard, the invention uses existing security objects such as public key certificates as a wrapper for password databases to overcome this limitation. It is therefore possible to implement the invention with no modifications to off-the-shelf security modules and, as an additional benefit, no modifications to web servers' normal usemame/password logon processes are required. Since passwords will continue to be used for the foreseeable future, secure password management will continue to be an issue in the online world.
Benefits include: (1) Adds new capability to existing security tokens (2) Works with existing cryptographic interfaces (3) No functional modifications to security tokens OR web servers and (4) Improves security and portability.