GATE password system

OK, now you see some use for GATE , yes it can be used for that, but how about safe box, replace combination lock … ?

We are all logical people, when we look at [ comparing ] different systems, we need to have the following in mind :

[1] What’s the pros and cons for MAJORITY, are we benefiting the most people who are facing/suffering from threat ? [ We can come up with a solution for the minority too so they don’t get left out, in the case of adopting GATE, they can still use the old system if they like ]. At least we can help reduce the 81% of breaches caused be password problems. Calculate that’s how much money saved ? Average data breach costs around $ 3.92 million. The organization might not care too much about a few million dollars, but the damage to its reputation will be long lasting !

Speaking of which I remember a story : The Gatling gun is one of the best-known early rapid-fire spring loaded, hand cranked weapons, and a forerunner of the modern machine gun and rotary cannon. Invented by Richard Gatling, I remember watching a TV show about it, saying when it was first shown to the US army, it was not preferred, because it “wasted too many bullets” ! Later when it was finally adopted, it was famously NOT used at the Battle of the Little Bighorn, also known as “Custer’s Last Stand”, when Gen. George Armstrong Custer chose not to bring Gatlings with his main force. As a result, he was wiped out in that battle. Same thing with GATE, next time there is a data breach because of password problems, ask the question : “What if GATE is used ?!”

[2] We both agree that “No security is going to stop the most determined hacker”. We are doing our best to reduce the lose and reduce the chance of data breach, in that case it’s N [ GATE ] v.s. 0 [ current password system ], but what happens after the breach has occurred ? GATE is like current password system, user can change to a new passcode. How about bio-metrics ? What do you change to ? Isn’t bio-metrics causing more problem than it solves ?

[3] GATE is an improved/revolutionized version of the password system [ what you know ], NO BODY IS PROHIBITING YOU from using GATE with another factor, in fact it will be very nice if GATE is used with a REGISTERED DEVICE [ what you have ]. Why did you say this is a downside ?

[4] If you do a search online for “bio-metrics ban”, you will see a lot of places are starting to reject bio-metrics, why ? Things happen for a reason, right ?

[5] The key of securing GATE passcode is the encryption on the server, you can select which ever encryption you trust the most, and you can also use GATE encryption if you like. But if you INSIST NO ENCRYPTION IS SAFE, then why do we need to do anything at all, including bio-metrics. The advantages of storing GATE passcode are : [a] Defeat phishing, so user can verify the server is authentic, not a phishing site, only GATE server can generate valid tokens from stored user passcode, [b] Enable passcode recovery, instead of forcing user to have a new passcode each time we only need a passcode recovery.

I just read this : https://techxplore.com/news/2020-04-privacy-threat-combines-device-identification.html

Sorry frank I have a lot of work at the moment because of the lockdown (or not actually). So I m a bit late to the party.
But if you hadn’t already ( I didn’t read yet the whole updated thread), and I know I ve already asked the question, did you use a design pattern for your coding or not ?
And why do I ask the question, it’s because if you did, then it will be easier to adapt to any platform whatsoever. Whether it is Lockwise from Firefox or Bitwarden or 1password.
If you did not then at some point, we will need to rework all the code to do that so that you are not screwed when newer platform decides to implement your code.

@boistordu, welcome back , haven’t heard from you for a while. Are we becoming old-friends now ?!

I’m not exactly sure what you referred to when you asked “did you use a design pattern”, but I guess your intention behind the question was for GATE to be easily adaptable, like a black-box approach, so it is encapsulated and has an API for any other software to call it and use it in a packaged way, am I right ?

If that was the case, then my answer is “no”. There are a few reasons for that :

[1] In the past 3 years, what was on my mind was to develop a demo app, to showcase the usability, flexibility and use the demo as a proof-of-concept app. So a person who has never heard of GATE can see how it works, inside out, be able to play with it and GET THE IDEA, so I spent most of my time on the GUI and the concept of the information flow of the core GATE logic. And to that end I have developed 3 versions : [a] desktop Java Swing version [ old and new apps ], [b] Web servlet version to run in the live demo, [c] Android mobile device version, now on Google Play for free download.

[2] Since I don’t have a cybersecurity background, I don’t know how the process works [ like you described ] in this part of the industry, so I had no idea as to which would be the proper way going forward.

[3] But most importantly, again most importantly [ this is the main reason ], I DON"T EVEN WANT to package GATE up so other software can just call it and use its functionality to authenticate user, because this is not something trivial, this is as big as CYBERSECURITY to the world, I don’t want to do something that I think is correct, and later find there is a flaw that hackers can take advantage of. Therefore what I had in mind was : if an organization likes to adopt GATE, it can buy my demo software [ I’ve spent 3 years full-time without a job developing on my own expense ], and license GATE, then let its internal developers take my demo apart, look at it closely and adapt to their system. So each organization will have a unique version of their own GATE, that way that organization can be sure to have a SOLID GATE application guarding their front door, not some package I encapsulated and give them for use. That way it can also take the legal responsibility away from my shoulder, because I just introduced them a new concept, a new angle of looking at the password problem and offered them a patented solution to this stubborn problem, GATE solves the problem from the root cause. Yet they need to implement it in their own way, I can offer them suggestions, advises and insights as the inventor of GATE, but I don’t want to give them a packaged solution, and I don’t even want to know the details of their customized implementation if they choose not to let me know.

[4] With that said, there is another approach, which I think would be close to what you are thinking. It might go like this : someone who is an expert in this field [ like you ] see the true value GATE can bring to the developer community and also from cybersecurity perspective, to the whole world to secure digital information, this person or groups of experts like this person bring the subject [ GATE for more security ] to a consortium like FIDO, W3C or NIST … or even a large company like Google, Microsoft, IBM … Then experts in this organization take a close look at GATE, and find it is truly much better than what’s in the current system on the market, and it sees an opportunity to profit from this innovative approach [ or even the bragging rights of sponsoring GATE ], and it decides to make a move on the GATE system, it can purchase my demo source code, therefore recognize my 3 years of work, put it in open source, so developers can both benefit and enhance the GATE system, then come up with a package like what you have in mind and adapt it to different vendors’ software, so through this way that version of GATE will become a new standard in this industry for user authentication. I think your suggestion is toward this direction, yes, I agree, this makes sense, but it needs to be looked at and worked at by experts in the field and packaged so that developers can easily call a standard version of GATE [ still customizable according to each organization’s needs with different parameters ], and through an API call each organization’s developers will be able to easily integrate the GATE functionality into their application logic without the need to re-invent the wheel so to speak.

In small scale, #[3] is doable for any organization that wants to use GATE, it will grow gradually as more and more people see the benefits of the GATE system. #[4] will be good for worldwide adoption of this new standard for a more secure interception-resistant user authentication. I prefer #[4], it’s good for everyone, I don’t have to deal with organizations one by one, and I can use the funds to pay for my patents and move on to solve other interesting problems [ like how to build an air plane that will never crash, a ship that will never sink, or how to use sound to levitate a plane … ], GATE will have a life on its own, and the entity that bought the source code and put it into opensource will have it’s reputation of supporting/promoting cutting edge cybersecurity innovation/revolution written in history for future developers to remember. Imagine 20,30 years from now people will read it like this : Passwords had been used for thousands of years, but since we stepped into the digital age, the weakness of traditional password became more and more obvious, which exposes user pins during the login process, many [ 81% ] data breaches were caused by the password problem, hackers were getting more and more sophisticated at intercepting user pins during the authentication process, then because of that users were forced to remember longer and longer passwords combined with rigid requirements of uppercase, lowercase, numbers and special characters, to the point that it became so hard to remember with dozens of accounts for an average user, they have to use password managers to keep track of all the passwords, then when the master password gets stolen, all accounts were compromised. Then came bio-metrics trying to replace passwords, but it had it’s own problems, eroding of privacy, unable to recover after bio-metrics data got stolen, and high costs … eventually the pendulum swung back to knowledge based user authentication with the advent of Graphic Access Tabular Entry ( GATE ) invented in 2015 and supported by Google/IBM/Microsoft, which bought the source code and put it into open source, so developers can now quickly use and improve the GATE authentication system. With billions of device using the GATE system on a daily basis not only for user to machine authenticate, but also for machine to machine authentication, the supporting company ( Google/IBM/Microsoft ) is making $Billions in profit and that doesn’t even count the GATE encryption system, which is another innovation by itself, it’s an revolutionary encryption system that doesn’t use prime numbers to encrypt data, but use GATE authentication to encrypt each piece of info element mixed with filler elements, therefore made the progress of resolving dangers of super-fast quantum computers threatening to break current encryption base on prime numbers. With profits from the GATE encryption, the supporting company ( Google/IBM/Microsoft ) got its return on investment back more than a million times, besides, it ( Google/IBM/Microsoft ) will always be remember by future generations as a leading advocator of cutting edge technology to solve our problems in the digital age. With the elimination of the majority of security weaknesses caused by password problems, cyber security professionals can now concentrate their time and resources on other previously less important issues. How’s that !

So it’s a win-win-win [ and lose for the hackers ] situation for every body. What is needed right now is to decide which direction to go ?

I’m an outsider to cybersecurity, and I still prefer to be an outsider, GATE happened like an accident, if I wasn’t watching TV during that evening in 2015, I would have never invented it, but the good thing is [ like a lot of times in history ] outsiders don’t have a fixed mindset the insiders have, so outsiders can bring fresh perspective to a seemingly old problem to the insiders, and therefore solve it in an unexpected way. I hope now I can move on to other things, and #[4] is the best way forward if I can find a supporting organization [ any help is welcome ].

I still don’t know your name, but thanks for your support ! If it all works out, some day there will be a Wiki page for GATE, and in it, I hope to see you mentioned as an initial promoter of the GATE system, I think anyone who can see the potential in GATE deserves to be recognized, especially in early stage.

Frank

You are discussing in the void here people.
It’s like the discussion in a pub. It’s’ totally marginal and inefficient.

Why ? Because this thing hasn’t been tested in the while and there is no technical data.

I can totally understand your problem Frank about patents, money, etc.

I’m sorry I m going to be a bit blunt here.
I think you are all wrong.
You are wrong with your idea of freedom and being outside of the beaten paths.
You are the amount of knowledge you acquired over the years. This knowledge comes from other works and that how advances in science are made. You deny that, you think you’ve reinvented the wheel, good for you. I don’t know you but I think you are mistaken your idea of freedom and actual reality and your impossibility of following rules or your insider fights against the system.
And actually you don’t understand the concept of rules because you seem to stay with the teenager idea of what a rule is. Which is fine, it’s not a reproach or anything, just a statement of what I can see from here and maybe I m mistaken.

So following the rules is not bad and does not impeach you to invent. I can demonstrate that over and over with countless example, podcasts, testimonies of actual researches who have made actual things you are using every day like the chip of your bank card etc. Chips for history reminders, came from for a 2/3 part of Belgian researcher by the way.

The problem now it’s that you need to make your system known. It’s not here that you are going to be known.

IBM and others don’t buy to lonely human being patents in general. You need to create a startup for that, this startup needs to have actual contract already with other companies etc. IBM Google etc have already their researchers in this specific area, they don’t need you for that. And they won’t recognize your work just like that just because they don’t have people scrolling all day long on customers forum to see what’s new.

So unless you create your startup, employ people who will actually work to refine your system, nothing is going to happen.
I can’t understand why you still entertain this idea even, but it’s your right.

And your actual freedom is relative. Because I’m sure you don’t know exactly what open source is, so you didn’t read the GNU license or mit or FreeBSD license. And as I previously stated, you would know that if they want to integrate your system they would need to pay you royalties.
And freedom, or being at the same time range than your contemporary citizens would actually make you release your code in open source.
I’m still not sure you are very young and have wrong ideas about all this or very old. Because you are still thinking like 35 years ago when companies would indeed buy patent to random people. You didn’t seem to have acknowledge all the doc I ve presented to you about the fact that open source project now are the norm especially in security.
Security by obscurancy is obsolete as has been demonstrated to the DOD in the US and in all universities and companies around the world.

Si i m not going to be able to help you if I can’t see the source code of this thing.
That’s fine by me but you will hit a wall my dear friend.
The simple fact that you mentioned IBM or actors like that in place of the actual actors of the businesses (because the first ones are clearly not interested in those systems and the latter won’t take you seriously since they are all coming from the researchers society and are in the norm of what I’ve presented to you already but you don’t listen) is clearly not in the norm of actual time.
Again if you still want to believe to it that’s your right but I don’t know why are you losing time here then. Because nothing good is going to come from this.

And again you are all wrong about how the world works about being outsider which could bring new ideas. It’s like you never open an history book in class. Whether it’s Tesla, Edison or Curie, and many others it has never been about being an outsider or not.
The real meaning of being an outsider whether it’s now or in history books, it’s acknowledge the science who has been demonstrated and base your increments of technology on that knowledge and maybe open a new path. But first you always need to acknowledge what has been done.
I can give you tons of example. Galileo has been an heretic because he discover that the actual facts they were thinking to be true were false. But first he acknowledge the actual science. Einstein when he reworked the gravitational pull equation, again he acknowledges first the science. And there are plenty more example in physics and other branches where there are things that are being re-evaluated over time but first by acknowledge what we know.
So there are no outsiders and insiders. That’s a narcissistic problem there you have which is never good.
Sure there are scientists who doesn’t like other scientists for an infinite amount of reason. Because of power, because of narcissistic problem, because of popularity, etc. So there are fights between them like in any fields there are. Like in the example of Lavoisier. But the concept of being outsider and insider is outrageously wrong.

I don’t know where you come from or maybe I forgot. But if it’s from the US then i can totally understand where this whole misconception is coming from because you have a big problem in the US to accept words from professors or scientists. Which has been demonstrated many times whether it’s the trump decision to remove every references to scientific facts in the documentation of executive order. Whether it’s the scandal about buying out your way of college with this false degree scandal. Etc etc plus the fact that the words of the scientific world is never ever given in tv shows or really rarely.
In the EU we don’t have those kind of problems for the most part. Only in the eastern block.
For every tv show about any social or society problem you always will have a scientific or a recognized specialist of that field.

And to finish my, maybe, brutal explanation of why you are thinking wrong or at least without knowing, is that it’a typical in the coding ecosystem. Each and everyone of coders are thinking that they are reinventing the wheel while in fact their ideas have been used already multiple times under other forms.
In place of again, acknowledge what has been done already and improve based on that or rework the same code. It is like those inventors of the 80’s where they were always thinking about the fact they designed a revolutionary product and present it on tele.

With that being said,

So now you should rework your code according to a design pattern since you clearly don’t know what it is. You can look it up on Wikipedia.
Even if you think that you’ve designed correctly your thing, I’m pretty sure it’s not the case otherwise it should’nt be a problem to portage this on another language etc. An API system is not enough. There is everything wrong with an API of a wrongly designed system. Any good black or white hat can demonstrate that pretty easily.
There are an enormous quantity of design patterns, so since you don’t want to open your source code, you choose one that fits the best and this time by thinking how much difficult it will be for someone else to read your code and to incorporate it to their system.

So unless you want to be one of those inventors who just bankrupt themselves or became angry at the world to not acknowledge how revolutionary they were, I would suggest 3 things:

• not talking about you project on this forum or any other forums or reddit. There is no point. Do you actually think that you will meet an investor or what ? Seriously!
• meet people that matters. If you think that your product is ready then go ask for meetings with people who actually runs company in this specific field. So pick up your f*** phone and phone their building and ask for an appointment even if it’s an online one. I really don’t expect to accept your product as it is especially if you don’t want to release your code. But we never know.
• again if you think that your product is ready, build a startup around it and began to hire people to actually build something useful around this product. Because again, this is just an addon. Not a product, not a piece of software. Just a small addon.

Again I am certain that you won’t listen to one shred of a word I’ve said like those many times I asked you about design patterns and you just answered it now. Or also the example about the gnu, MIT, or BSD licenses that I’ve mentioned may times already. And again I m pretty sure this project is designed to fail because you are so far away of actual reality of the coding environment these days that I’m pretty sure that no one will buy it under your conditions. Yeah sure it could be something great, but you are taking all that in the worst way possible that it becomes just unbearable.

Wish you all the best with your project and if by a miracle there will be a shred of enlightenment on your part by releasing your code under gnu license or any other license that can protects you and the people using your code and giving you money at the same time, you know where to find me to redesigned your addon properly and make it available to actual people and companies who will immediately want to give you royalties of your code because they will sell it in their product.

Best regards

@boistordu, woo, that’s a lot to take in, even though it’s HARD to swallow [ you know with my current mind set ], I appreciate your frankness [ that’s why my English name is Frank ], I may not agree with all you said, but I’ll think about them … as far as source code goes, I have something to say to you, could we take this conversation off line, email me and let’s talk in detail.

@Frank_Ni

I think you should work hard to promote your software to others. If people find it useful then they will spread the word and you can keep working on your software and improving it.

If you find nobody is using the software after a long time spent promoting it then you can consider going back to the drawing board.

I personally don’t understand the concept very well so I have no comment on your software one way or the other, but I wish you good luck!

Thanks for the support, I will ! You can also help by sharing the info !

We can discuss through a lot of different platforms of course.
Whether it’s on status app, session app, xmpp server, and mails. That will be my 4 ways as first step step to communicate with you if you like. You can MP me your preferences.

And… frank… just to be clear. I don’t have anything against you and everything I said is not against you personally. As you can see I can give materials to my ideas. And we have a big gap between what we think each other. You are entitled to your opinion but so do I . That doesn’t mean that my argument were towards your person as a human being but towards your ideas.

Yes, for that point, I agree with you 100%, we are discussing ideals here, and also the best way forward regarding the GATE system, even though I can not accept all of what you said, you [ like you said ] are entitled to your opinion, and I’m entitled to mine, like the saying goes, “we can agree to disagree”, I believe things happen for a reason, you came up with your thoughts because of the experience you had, so do I, but to that end, I’d agree that you might know more than I do regarding how open source works and why it is a better approach, I’m saying this because I’m gradually seeing the bright side of it.

Email me and let’s discuss the next step, you can get in touch through LinkedIn [ through it you can send email ].

I m sending you a pm here since I m used regarding my line of work and my beliefs to only use fake accounts on social media especially bad ones like LinkedIn and Facebook.

As of July 2020, there are 15 Billion Credentials Currently Up for Grabs on Hacker Forums. World population is now 7.8 Billion, if you take out half of it from the poor countries that don’t have a lot of computers, there will be around 4 Billion left in developed countries with computers and online accounts, so that means averagely speaking, we all have 3 or 4 accounts breached !

GATE_For_PM : Now there is a FREE tool to protect the master passwords of password managers

Password managers only solve part of the password problem [ too many passwords to remember ], but leave the other important part unsolved [ user pin exposure during login : peek over the shoulder / keylogger / video camera ], if you rely on password managers for first part of the problem, they might come back and bite you big time for the 2nd part of the problem, because once your master password is exposed [ by keylogger / hidden camera ], all your passwords will be stolen. Hackers will enjoy the benefits password managers bring them, instead of having to hack dozens of your accounts, with the help of password managers, they now only need to hack just ONE ACCOUNT to get the master password and all your other accounts will be compromised.

A solution to the above problem is GATE_For_PM which is designed to protect passwords from exposure, especially the master passwords of password managers. With GATE_For_PM, user’s GATE passcode is interception-resistant, which means even if someone is watching / keylogging / video recording the user log into the GATE system, user passcode will not be exposed.

Free download : https://gatecybertech.com/gateforpm.html