Language design for token server authentication policies

by Busch, Rebecca Lynn.

LANGUAGE DESIGN FOR TOKEN SERVER AUTHENTICATION POLICIES by Rebecca Lynn Busch There exist computer networks in which multiple services forward the credentials of their users to a central server for authentication. Though the communication lines between the services and the central server may be encrypted, each service has plaintext access to the username/password pairs and can easily store copies. A solution to this security problem is the use of a temporary token in place of the password. Substituting short-lived tokens for the real passwords solves the problem of compromised passwords since only the token may be stolen; however, the tokens may become compromised as well. For this reason, restrictions must be placed on the creation and validation of tokens to reduce the likelihood of their compromise. In this work, I present an authentication policy language developed to express the rules necessary to govern the token creation and validation processes.