Active Security Token with Security Phantom for Porting a Password File

Patent Description

The invention describes a novel method for storing a database of usemames and corresponding passwords on software and hardware security modules( such as smart cards and USB security tokens) that do not offer native password database storage capability.  External applications can access and use these secure password databases to automatically log on to network services such as web servers. Although the majority of security modules do not explicitly support storage of password databases and also do not typically allow implementers to store arbitrary files onboard, the invention uses existing security objects such as public key certificates as a wrapper for password databases to overcome this limitation. It is therefore possible to implement the invention with no modifications to off-the-shelf security modules and, as an additional benefit, no modifications to web servers' normal usemame/password logon processes are required. Since passwords will continue to be used for the foreseeable future, secure password management will continue to be an issue in the online world.