摘要 |
<p>A user inputs (S31) a password at a user device (110) whose processor (111) receives (S31) the password, retrieves (S33) a stored derived value resulting from a derivation function, preferably a cryptographic one-way function, applied to a reference password, scrambles (S35) the received password using a function taking the derived value as a variable to obtain a scrambled password, and sends (S36) the scrambled password to an authentication server (120). In case the stored derived value cannot be retrieved, the processor (111) uses (S33) the derivation function to generate a derived value from the received password. In case the password is received during generation of a new password, the processor (111) generates (S22) and stores (S24) a derived value from the new password. In an embodiment, the apparatus comprises the authentication server (120).</p> |