TY  - JOUR
AU  - Hussain, Shakir M. 
AU  - Al-Bahadili, Hussein 
PY  - 2008
TI  - A Non-Exchanged Password Scheme for Password-Based Authentication in Client-Server Systems 
JF  - American Journal of Applied Sciences
VL  - 5
IS  - 12
DO  - 10.3844/ajassp.2008.1630.1634
UR  - https://thescipub.com/abstract/ajassp.2008.1630.1634
AB  - The password-based authentication is widely used in client-server systems. This research presents a non-exchanged password scheme for password-based authentication. This scheme constructs a Digital Signature (DS) that is derived from the user password. The digital signature is then exchanged instead of the password itself for the purpose of authentication. Therefore, we refer to it as a Password-Based Digital Signature (PBDS) scheme. It consists of three phases, in the first phase a password-based Permutation (P) is computed using the Key-Based Random Permutation (KBRP) method. The second phase utilizes P to derive a Key (K) using the Password-Based Key Derivation (PBKD) algorithm. The third phase uses P and K to generate the exchanged DS. The scheme has a number of features that shows its advantages over other password authentication approaches.