When, why and how Expanded Password System was developed
Here is what we wish to emphasize as to the development of Expanded Password System (composed in the format of Santander Digital Trust Hackathon).
Main Theme: Identity Assurance by Our Own Volition and Memory
- Problem: Password Predicament
- Solution: Non-Text Secret Credentials
- Theory: Science of Human Memory
Inspiration in 2000
Secret credentials are indispensable for identity assurance, whereas text-only passwords are hard to manage.
Why not consider Non-Text secret credentials?
What it does
Our identity authentication solution named Expanded Password System enables people to make use of their episodic image memory
How we built it
The system is built to enable the user to register a set of any numbers of images of their choice either by permutation or combination as credentials and embed them onto a matrix of images made of meaningless decoy images
Our solution turned out to work with Open ID without friction.
Challenges we ran into
However solid the theory is, the solution would be vulnerable to attacks when it is poorly implemented. A key was the appropriate use of a hash module of SHA family.
It was also a challenge to get technology people to listen to us about the merit of making use of our own autobiographic/episodic memory. These people are generally not familiar with such psychological concepts.
Accomplishments that we’re proud of
Adoption by demanding clients such as Japan’s Ground Self-Defense Force (Army) besides the use cases in consumer and corporation areas.
Also, selection as a finalist by Financial Data and Technology Association for ‘Summit and Awards 2019’ and adoption by AFCEA for ‘2020 Solution Review Problem Sets’.
What we learned
Our solution can and must be made available to global citizens.
We also learned that, for global citizens to enjoy a safer identity assurance, we need to debunk wide-spread misperceptions such as “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics”
What’s next for Digital Identity for Global Citizens
The aim of our enterprise is to make Expanded Password System (EPS) solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disasters.
We expect EPS to stay with us over many generations until humans discover something other than the ‘digital identity’ for our safe and orderly societal life. We look for the people who share such a long-term view and support us as such.
Expanded Password System invented in 2000, we launched the business operations in 2001 under the name of Mnemonic Security, Inc, which was the world’s first company to provide the software products that offer ‘Hard-to-Forget’, ‘Hard-to-Break’ and ‘Panic-Proof’ digital identity authentication. The business progressed successfully with US$1m commercial adoptions over the first several years.
We started, however, to feel the painful headwind from around 2008 because people got carried away by the hype of wrongly-used biometrics, particularly overwhelming in Japan, even though the versatile practicability of our software was demonstrated by the 5-year use by 140, 000 online shoppers. After struggling in vain for several years, we chose to get out of Japan.
We have successfully made a tangible progress since then. The solid theory of our EPS proposition is made clear by OASIS recognition as a standard candidate, publishing by Taylor & Francis, selection as a finalist by Financial Data and Technology Association for ‘Summit and Awards 2019’ in Edinburgh and adoption by AFCEA for ‘2020 Solution Review Problem Sets’. We are steadily getting recognized as Pioneer and Thought Leader in this domain.
As for the use cases, we are now able to also refer to the 6-year use by 1,200 employees for a corporate network and the trouble-free defense use by army soldiers in the field from 2013 till now with the users increasing 10-fold and set to increase further, which were both achieved in very adverse circumstances of biometrics-dominated Japan.
We came to set up a company in UK as our global headquarters in August 2020. We named it ‘Mnemonic Identity Solutions Limited’ with the mission of globally promoting ‘identity assurance by our own volition and memory’ for ‘secure digital identity in post-pandemic cyberspace’.
In view of the ever rampant Covid-19, we would like to refer to the theme of Digital Identity in Post-Pandemic Era; Very probably, global populations will be far more dependent on Digital Identity in the Post-Covid19 era that our life will be far less dependent on geographical move of people — fewer face-to-face meetings, less commute, fewer travels and far more dependent on telemedicine, telework and many other tele-something, while threats of Big Brothers by rogue governments, greedy corporations and crime syndicates will be yet greater than ever.
The likes of Self-Sovereign Identity, expected to play a critical role in the highly complex situations, would require not just the distributed ledger technology but the most reliable identity authentication if it is to be truly valid and sustainable.
Our responsibility of providing ‘hard-to-forget’, ‘hard-to-break’ and ‘stress-proof’ authentication will be really heavy.
Lastly, we wish to mention a bit more about “wide-spread misperceptions” referred to in “What we learned”. Below are my latest writings as for “indispensable passwords be removed altogether” and “passwords be displaced by password-dependent biometrics”.
Our project submitted to Santander Digital Trust Hackathon titled ‘Digital Identity for Global Citizens’ is among the 31 winners out of 268 submissions.
< Videos on YouTube>
< Latest Media Articles Published in 2020 Spring>
Digital Identity — Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/
‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/