CA2574983A1 - A method and device for password pattern randomization - Google Patents
A method and device for password pattern randomization Download PDFInfo
- Publication number
- CA2574983A1 CA2574983A1 CA 2574983 CA2574983A CA2574983A1 CA 2574983 A1 CA2574983 A1 CA 2574983A1 CA 2574983 CA2574983 CA 2574983 CA 2574983 A CA2574983 A CA 2574983A CA 2574983 A1 CA2574983 A1 CA 2574983A1
- Authority
- CA
- Canada
- Prior art keywords
- data array
- values
- processor
- keys
- input keys
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
Abstract
An embodiment of the present invention is a method of password pattern randomization comprised of providing a predetermined number of input keys and a data array of a predetermined number of values, the number of data array values equalling the number of input keys. Each data array value is assigned to each input key, correspondingly mapped and then correspondingly displayed in operative connection with each of said key. On operation of any key, its corresponding value is transmitted to a processor. The assignment of each value to each key is random. Another embodiment of the present invention is a keyboard device employing this method of password pattern randomization.
Description
Title [0001] A Method And Device For Password Pattern Randomization Field of Invention
[0002] This invention relates to a method and device for identity validation and more specifically identity validation using passwords or pass codes such as personal identification numbers (PINs), whereby the password or pass codes are entered using input keys having a randomized configuration.
Back rg ound
Back rg ound
[0003] PINs are often used in conjunction with data media such as credit or company identity cards that are swiped or inserted into a transaction processing device as an initiation of a request for a desired service.
Examples include the use of automated teller machines ("ATM") for monetary withdrawal;
point of sale (POS) integrated chip card transactions ("Smart Card technology"
or "Chip and Pin") for commercial purchases; and username and password entry on computers or terminals for secure data access.
Examples include the use of automated teller machines ("ATM") for monetary withdrawal;
point of sale (POS) integrated chip card transactions ("Smart Card technology"
or "Chip and Pin") for commercial purchases; and username and password entry on computers or terminals for secure data access.
[0004] Validating an identity using a PIN reduces the risk that a lost, stolen or cloned medium (card or device) can be used fraudulently by an unauthorized user.
[0005] Many transaction locations (or entry points) where PINs are used are located in publicly accessible and are permanently situated where there is an opportunity for eavesdropping or "shoulder surfing". Most entry points or transaction locations provide a processor device having a fixed input keyboard configuration, for password or PIN entry.
[0006] For any particular medium, the secret password or PIN is also often fixed. Even where the PIN is not fixed, movement of fingers across a fixed configuration keyboard (to enter a PIN into an entry point processing device) or observation of the general movement pattern (of fingers) of an individual while entering a PIN may cause inadvertent disclosure of the PIN to a second party, increasing the risk of fraudulent use.
[00007] US patent 5,239,583 discloses an improvement in structure and credit account access security employing method and means for ensuring that repeating an exact access code which was successful in accessing the account will be unsuccessful at the next or subsequent tries. This method is flawed because it requires the user to memorize multiple passwords, which is difficult. There is a high probability a user will forget some of those passwords.
[0008] US patent 5,428,349 discloses a password access method/ algorithm by generating a pseudorandom array of each letter of the alphabet and the numerals 0 through 9 such that the password entry can be monitored without disclosing the letters or numerals contained in the password. This method is flawed because relatively short passwords can still be easily cracked without knowledge of the actual password.
Summary
Summary
[0009] A preferred embodiment of the present invention provides a method of password pattern randomization for an individual transaction comprised of providing a predetermined number of input keys and a data array of a predetermined number of values, the number of data array values equalling the number of input keys. Each of said data array values are assigned to each of said input keys, correspondingly mapped and then correspondingly displayed in operative connection with each of said keys. On operation of any key, its corresponding value is transmitted to a processor. The assignment of each of said values to each of said keys is random.
[0010] Another preferred embodiment of the present invention provides a device for password pattern randomization in an individual transaction comprised of a processor, a pre-determined number of input keys operatively connected to said processor, a display operatively connected to said input keys, and a data array of a predetermined number of values. The number of data array values equals the number of input keys. The data array is resident in (or operatively connected to) said processor, and the data array values are randomly assigned and correspondingly mapped and displayed in operative connection with said pre-determined number of input keys. On operation of any key, its corresponding value is transmitted to the processor.
Description of the drawings
Description of the drawings
[0011] Figure 1 is a perspective drawing of a processor device providing an input keyboard.
[0012] Figure 2 is a representative mapping of a conventional device processor input keyboard.
[0013] Figure 3 is a representative conventional device processor input keyboard.
[0014] Figure 4 is a sample populated data array with ten randomized data array values.
[0015] Figure 5 is a sample populated data array with twelve randomized data array values.
[0016] Figure 6 is an example input keyboard mapped with ten randomized data array values.
[0017] Figure 7 is a second example input keyboard mapped with twelve randomized data array values.
[0018] Figure 8 is an example input keyboard having a remote display.
[0019] Figure 9 is an example traditional 104-key input keyboard configuration having a remote display and blank keys.
[0020] Figure 10 is an example traditional 104-key input keyboard configuration having a remote display displaying randomized keys by light emission.
Detailed description of the drawings
Detailed description of the drawings
[0021] In a preferred embodiment of the present invention, the transaction method herein can be practised on any processor device (10) including the type shown in figure 1. The processor device (10) is typically housed in a casing (34), has an input keyboard (14) comprised of a pre-determined number of input keys (26) operatively connected to the processor (10), an optional transmitter (22) (to transmit data to a selected source outside the processor (10)) and an optional data reader (18) (for reading, for example, magnetic data strips found on credit cards) operatively connected (meaning able to transmit and possibly receive data) to the processor (10). A separate data reader (18) is not mandatory since transactions using the method herein can allow for key (26) based input as an alternate method of receiving magnetic strip data or the like.
[0022] The input keys (26) are pre-determined in number, have an assigned value selected from a populated data array of values (for example figures 4 and 5) in accordance with the method herein, and each value is displayed on its corresponding key face (38) (digitally in figure 1 as an example).
The value of each key (26) can be shown locally on its face (38) or on a remote display (30) operatively connected (meaning able to receive and possibly send data) to the keyboard (figure 8), according to preference. The keys (26) are operatively connected to the processor (10) meaning that on operation (typically, pressing) of any key (26) during a transaction, the processor (10) is able to determine which key (26) is being operated, and the corresponding value transmitted.
The value of each key (26) can be shown locally on its face (38) or on a remote display (30) operatively connected (meaning able to receive and possibly send data) to the keyboard (figure 8), according to preference. The keys (26) are operatively connected to the processor (10) meaning that on operation (typically, pressing) of any key (26) during a transaction, the processor (10) is able to determine which key (26) is being operated, and the corresponding value transmitted.
[0023] A transaction can be defined as a single event like operating an individual key (26) (i.e. one keystroke), or as a series of events like the pressing or operating of a number of keys (26) in series to establish a password like "1X3Q". Especially where a transaction is defined as a single event, the method herein improves security further when it is repeated after each individual transaction (i.e. after each single key press, a new random assignment is formed (figure 4), and correspondingly mapped (figure 2) and displayed (figures 6 and 7)).
[0024] Resident in (or operatively connected to (generally in a software sense)) the processor (10) is a populated data array (figures 4 and 5) of a pre-determined number of values (for example iconic, alphanumeric, cryptographic, or Braille values). The number of data array values matches the number of input keys (26). The data array values are randomly assigned (figure 4 showing an algorithm for random assignment of ten values to ten keys, and assignment of two values to two keys where the probability of those assignments being made is certain; figure 5 showing an algorithm for random assignment of twelve values to twelve keys), and correspondingly mapped (figure 2 showing a basic keyboard (14) map) and displayed (figures 3, 6 and 7) in operative connection (meaning each key (26) is connected to a specific data array value which the processor (10) can determine on operation of said key (26)) with the input keys (26). Each of the data array values is transmittable to the processor (10) on operation of each of the corresponding keys (26). In one embodiment of this invention, it may be preferable to not randomly assign certain keys (26).
Figures 4 and 6 show an example of where it may be desirable to keep the values "Cancel" (figure 6 "Can") and "Enter" (figure 6 "Ent") in a pre- specified location, for convention and convenience. Where that is not required, all values can be randomized (figure 5) to generate a different result (figure 7 "C" and "E"
respectively).
Figures 4 and 6 show an example of where it may be desirable to keep the values "Cancel" (figure 6 "Can") and "Enter" (figure 6 "Ent") in a pre- specified location, for convention and convenience. Where that is not required, all values can be randomized (figure 5) to generate a different result (figure 7 "C" and "E"
respectively).
[0025] In any embodiment of this invention, it is possible to populate the data array either with unique or repeating values, depending on preference and need.
[0026] In operation, this method of password pattern randomization for an individual transaction provides to a user (not shown) a pre-determined number of input keys (26) available on any keyboard (14). A populated data array (figures 3, 4, and 5) comprised of a number of values equal in number to the number of input keys is provided, and the values within the array are randomly assigned to the available keys (26). Each value assignment is then mapped (figures 2 through 7 inclusive) to its corresponding key (26). A user-friendly keyboard (14) map (figures 6 and 7) is then displayed for a user either locally (figure 1) or remotely (figure 8), depending on preference.
[0027] Every time a key (26) is operated it will transmit its corresponding assigned value to the processor (10). Depending on password requirements and the definition of the transaction, the steps of random assignment and correspondingly mapping, displaying and transmitting on key operation, may be repeated. For a higher level of security, after every key operation, a reassigrunent (and subsequent necessary operations) can occur. For a lower level of security, it may be suitable to run this method once, and accept a multi-value (multi-character) password based on a single keyboard (14) configuration. Once the user has entered his password, the processor (10) either validates the password, or if it is not so equipped, the processor (10) transmits the password to a selected destination for validation via the optional transmitter (22).
[0028] The present invention can be practised on any type of keyboard (14) including in a traditional 104-key input keyboard configuration (Figures and 10).
[0029] Where a reassignment, etc. occurs after every key (26) operation, the probability of correctly breaking a three character (value) password using a three by three matrix keypad populated with nine unique values and absolutely no knowledge of the existing password (i.e. a pure guess), is 1 in 729. In contrast, the preexisting art (for example US patent 5,428,349) in the same situation would yield a probability of 1 in 27.
[0030] In a matrix of thirty-six keys (26) arranged six rows by six columns, the probability of a four or six character password being (purely) guessed correctly is 1 in 1,296 and 1 in 46,656 respectively using the U.S. patent no.
5,428,349 solution. In the present invention the same arrangement would yield probabilities of 1 in 1,679,616 and 1 in 2,176,782,336 respectively. The invention herein is 1,296 times and 46,656 times respectively more secure.
5,428,349 solution. In the present invention the same arrangement would yield probabilities of 1 in 1,679,616 and 1 in 2,176,782,336 respectively. The invention herein is 1,296 times and 46,656 times respectively more secure.
Claims (7)
1. A method of password pattern randomization for an individual transaction comprising:
a) providing a predetermined number of input keys;
b) providing a data array of a predetermined number of values, the number of data array values equalling the number of input keys;
c) assigning each of said data array values to each of said input keys;
d) correspondingly mapping each of said data array values to each of said input keys;
e) correspondingly displaying each of said values in operative connection with each of said keys;
f) correspondingly transmitting each of said values on operation of each of said keys to a processor; and g) the assignment of each of said values to each of said keys being random.
a) providing a predetermined number of input keys;
b) providing a data array of a predetermined number of values, the number of data array values equalling the number of input keys;
c) assigning each of said data array values to each of said input keys;
d) correspondingly mapping each of said data array values to each of said input keys;
e) correspondingly displaying each of said values in operative connection with each of said keys;
f) correspondingly transmitting each of said values on operation of each of said keys to a processor; and g) the assignment of each of said values to each of said keys being random.
2. The method as defined in claim 1 wherein each data array value is unique within the data array.
3. The method as defined in claim 1 wherein the random assignment and corresponding mapping, displaying and transmitting is repeated for each new individual transaction.
4. A device for password pattern randomization in an individual transaction comprising:
a) a processor;
b) a pre-determined number of input keys operatively connected to said processor;
c) a display operatively connected to said input keys; and d) a data array of a predetermined number of values, the number of data array values equalling the number of input keys, the data array being resident in said processor, the data array values being randomly assigned and correspondingly mapped and displayed in operative connection with said input keys, each of said data array values being transmittable to the processor on operation of each of said corresponding keys.
a) a processor;
b) a pre-determined number of input keys operatively connected to said processor;
c) a display operatively connected to said input keys; and d) a data array of a predetermined number of values, the number of data array values equalling the number of input keys, the data array being resident in said processor, the data array values being randomly assigned and correspondingly mapped and displayed in operative connection with said input keys, each of said data array values being transmittable to the processor on operation of each of said corresponding keys.
5. The device as defined in claim 4 further comprising a data reader operatively connected to said processor.
6. The device as defined in claim 4 wherein each data array value is unique within the data array.
7. The device as defined in claim 4 wherein the random assignment and corresponding mapping and displaying is repeated for each new individual transaction.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA 2574983 CA2574983A1 (en) | 2007-01-05 | 2007-01-05 | A method and device for password pattern randomization |
PCT/CA2007/002378 WO2008080228A1 (en) | 2007-01-05 | 2007-12-31 | A method and device for password pattern randomization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA 2574983 CA2574983A1 (en) | 2007-01-05 | 2007-01-05 | A method and device for password pattern randomization |
Publications (1)
Publication Number | Publication Date |
---|---|
CA2574983A1 true CA2574983A1 (en) | 2008-07-05 |
Family
ID=39580538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA 2574983 Abandoned CA2574983A1 (en) | 2007-01-05 | 2007-01-05 | A method and device for password pattern randomization |
Country Status (2)
Country | Link |
---|---|
CA (1) | CA2574983A1 (en) |
WO (1) | WO2008080228A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011091535A1 (en) * | 2010-01-29 | 2011-08-04 | Goertzen Norman F | Secure access by a user to a resource |
US10552599B2 (en) | 2015-09-10 | 2020-02-04 | Tata Consultancy Services Limited | Authentication system and method |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100109920A1 (en) * | 2008-11-05 | 2010-05-06 | Michael Dennis Spradling | Security - input key shuffle |
US10223857B2 (en) * | 2009-10-20 | 2019-03-05 | Methode Electronics, Inc. | Keyless entry with visual rolling code display |
US9030293B1 (en) | 2012-05-04 | 2015-05-12 | Google Inc. | Secure passcode entry |
GB2502773B (en) | 2012-05-28 | 2015-03-11 | Swivel Secure Ltd | Method and system for secure user identification |
CN103106734A (en) * | 2012-12-17 | 2013-05-15 | 张家港市鸿钻贸易有限公司 | Automatic teller machine (ATM) keyboard |
US11757865B2 (en) | 2020-10-23 | 2023-09-12 | International Business Machines Corporations | Rule-based filtering for securing password login |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4630201A (en) * | 1984-02-14 | 1986-12-16 | International Security Note & Computer Corporation | On-line and off-line transaction security system using a code generated from a transaction parameter and a random number |
US5428349A (en) * | 1992-10-01 | 1995-06-27 | Baker; Daniel G. | Nondisclosing password entry system |
US7089214B2 (en) * | 1998-04-27 | 2006-08-08 | Esignx Corporation | Method for utilizing a portable electronic authorization device to approve transactions between a user and an electronic transaction system |
US20040044739A1 (en) * | 2002-09-04 | 2004-03-04 | Robert Ziegler | System and methods for processing PIN-authenticated transactions |
-
2007
- 2007-01-05 CA CA 2574983 patent/CA2574983A1/en not_active Abandoned
- 2007-12-31 WO PCT/CA2007/002378 patent/WO2008080228A1/en active Application Filing
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011091535A1 (en) * | 2010-01-29 | 2011-08-04 | Goertzen Norman F | Secure access by a user to a resource |
US10552599B2 (en) | 2015-09-10 | 2020-02-04 | Tata Consultancy Services Limited | Authentication system and method |
Also Published As
Publication number | Publication date |
---|---|
WO2008080228A1 (en) | 2008-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008080228A1 (en) | A method and device for password pattern randomization | |
ES2276279T3 (en) | VIRTUAL KEYBOARD. | |
US8947197B2 (en) | Method and apparatus for verifying a person's identity or entitlement using one-time transaction codes | |
RU2711351C2 (en) | Device and method of password checking | |
ES2230897T3 (en) | TERMINAL WITH BIOMETRIC IDENTITY CONTROL. | |
AU2013323018B2 (en) | Method and system for securely entering identification data in order to authenticate a transaction carried out by means of a self-service terminal | |
US20060037067A1 (en) | Method of secure data communication | |
US20110101093A1 (en) | Device and method for generating dynamic credit card data | |
JP5142195B2 (en) | Personal authentication method, personal authentication system, personal authentication program for causing a computer to execute the personal authentication method, and a personal authentication program storage medium storing the program | |
KR20080058317A (en) | An encryption key inputting device and method | |
US20050067485A1 (en) | Apparatus and method of identifying the user thereof by means of a variable identification code | |
JP2010506245A (en) | Computer-based credit card | |
GB2433147A (en) | A method for verifying a person's identity or entitlement using one-time transaction codes | |
JP5198950B2 (en) | Identification system | |
JP2007087313A (en) | Automatic transaction device | |
EP1966928B1 (en) | Deriving cryptographic keys | |
JP3790996B1 (en) | PIN code input device and program | |
GB2454459A (en) | Personal identification code entry device | |
WO2002008974A2 (en) | Improvements relating to the security of authentication systems | |
Kale et al. | Design of Embedded Based Dual Identification ATM Card Security System | |
WO2005106691A1 (en) | Multi-functional pinpad | |
JP2008140009A (en) | Id number input device | |
CN112352237A (en) | System and method for authentication code entry | |
KR101155532B1 (en) | Method for processing security number and system using the same | |
JP2006277334A (en) | Automatic teller machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
FZDE | Dead |