GB2444285A - Keypad with random key layout - Google Patents

Keypad with random key layout Download PDF

Info

Publication number
GB2444285A
GB2444285A GB0623944A GB0623944A GB2444285A GB 2444285 A GB2444285 A GB 2444285A GB 0623944 A GB0623944 A GB 0623944A GB 0623944 A GB0623944 A GB 0623944A GB 2444285 A GB2444285 A GB 2444285A
Authority
GB
United Kingdom
Prior art keywords
keypad
key
legends
keys
legend
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0623944A
Other versions
GB0623944D0 (en
Inventor
Tim Watson
Vicky Harris
Gavin Harper
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0623944A priority Critical patent/GB2444285A/en
Publication of GB0623944D0 publication Critical patent/GB0623944D0/en
Publication of GB2444285A publication Critical patent/GB2444285A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • G06F3/0238Programmable keyboards

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

A keypad allows the physical arrangement of the keys to be rearranged by altering the legends on the keypad. This may be done either at the beginning of data entry or after every data item input. A film may be placed over the keys to restrict the angle at which the legends on the keys may be seen. The keypad may have push buttons with a display embedded in the button. The display may be an LCD. Alternatively, the keypad may be a touch screen. The keypad may also use coloured lights or other displays to provide information. The keypad may incorporate a microcontroller to control the display of the key legends or to decode key presses.

Description

Random Generated PIN Kcypad
Description
Numeric keypads and Personal Identification (PIN) numbers are commonly used in the security industry to authenticate the identity of the user. These find many applications in security devices, and are commonly used in transactions as a "secure" form of verifying a users identity and credentials.
With the explosion of electronic based forms of commerce, PIN numbers are used more extensively than ever.
In a typical transaction, the user is required to provide a non-confidential user identifier or token -for example a credit card, and a confidential PIN to gain access to a system. The system compares the confidential PIN with the record stored for that identifier to authenticate the users identity.
A numeric keypad consists of an array of keys in a fixed order which allows numbers to be entered into a system. A numeric keypad commonly consists of the numbers 0-9 in a static array, and usually there are additional option keys such as "Enter" and "Clear" which are used to aid the data entry process.
Users are familiar with the arrangement of a 12-key numeric keypad. The numbers are arranged in a logical order in rows of three: 2 3 4 5 6 7 8 9 Enter 0 Clear Unfortunately, user familiarity with the layout of this keypad compromises its security if the user is under surveillance whilst entering a PIN number.
Even if a user tries to "shield" their PIN number from being seen, the fixed position of the keys means that an observer can judge the number being entered from positional data -seeing where the users finger is moving. It is therefore possible to deduce a PIN from the users approximate finger position, without being able to see the key legends clearly.
PINs are often 4-digit numbers in the range 0000-9999 resulting in 10,000 possible numbers, so that an attacker would need to guess an average of 5000 times to get the correct PIN. Many PIN verification systems allow three attempts, thereby giving a card thief a 1/3000 chance to guess the correct PIN before the PIN is blocked.
If the user has some prior knowledge of the user's finger movements, then this probability can be compromised significantly.
This invention consists of a dynamic keypad, where the legends of the keys are not static and fixed, but change places. This can occur after each and every key entry, or at the beginning of the data entry sequence.
The keypad can either be physical -implemented using individual buttons, or virtual, using a touch-screen type display input device.
By moving the key legends about using a random algorithm, it is possible to create higher security, as the users finger movements give little clue to the number being entered if some or all of the key's are obscured. At the moment, if a user presses the top left key of a numeric keypad, the probability of it being a I is I/I. However, if the keys are randomised, then the probability of that finger movement indicating a I is only I in 12, 0.083 on each key entry occasion. Clearly security is improved if key legends denoting the position of a number cannot be seen, and even if some of the key legends can be seen, the remaining obscured legends provide some level of security.
Additionally, the legends could be shielded from unwanted overlookers by means of an optical film applied over the device which gives a restricted angle of view.
A specific implementation of this device is as follows: A "Screen Key", is a momentary push-switch, with a programmable LCD display in place of a fixed legend. The display can be programmed to display any number, legend or character on a matrix of pixels. A keypad composed of "Screen Keys" is a keypad whereby an array of "Screen Keys" are linked together, with each having a separate progranmiable LCD legend. Additionally, an option available on a "Screen Key" is to have a backlight provided by means of Tn-Coloured Light Emitting Diode. The proportions of Red, Green and Blue can be adjusted to convey colour information to the user, providing additional information about the key's function.
A random number generator pad could comprise an array of 4x3 screen keys controlled by a microcontroller. The microcontroller receives key-press information from each key. The microcontroller can also write data to the LCD screens atop of the key. The microcontroller interfaces to the application device, for example, an ATM machine. This interface could take the form of a digital bus connection to the microcontroller, or to retrofit existing applications, the microcontroller could connect to the application using the interface of the static keypad it is replacing.
The software function of the microcontroller is as follows.
I. Create a lookup table of 12 key positions.
2. Randomly assign each of the "key legend values" to one of the positions in the
lookup table.
3. Associate each physical key, with a corresponding position in the lookup tables.
4. Write the data corresponding to the "key legend values" to the LCD screen of each key, in accordance with the data in the lookup table.
5. Scan the keypad for user entry.
6. One user entry has been detected, lookup the position indicated by the physical key press in the lookup table and obtain a value for the corresponding "key legend value".
7. Output this key legend value to the application device.
The legends on the key could also be shielded from unwanted onlookers by means of an optical film over each key which gives a restricted angle of view.

Claims (6)

  1. Claims I. The device comprises a keypad, where the physical arrangement
    of the key functions is rearranged by altering the legends on each key of the keypad electronically either: I) at the beginning of data entry ii) after every individual data item input
  2. 2. The device may also incorporate a film over each key which only allows the dynamically changeable Legend to be viewed from a narrow field of view.
  3. 3. The device may achieve this function through the use of pushbuttons with display screens embedded within the device, allowing the key legend to be dynamically altered.
  4. 4. The device may also incorporate coloured lighting and or displays to provide additional information to the user.
  5. 5. The device may also encompass an interface which allows the "new keypad" to be retrofitted to older systems.
  6. 6. The device may contain an embedded microcontroller which provides interface functions to a system.
GB0623944A 2006-11-30 2006-11-30 Keypad with random key layout Withdrawn GB2444285A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0623944A GB2444285A (en) 2006-11-30 2006-11-30 Keypad with random key layout

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0623944A GB2444285A (en) 2006-11-30 2006-11-30 Keypad with random key layout

Publications (2)

Publication Number Publication Date
GB0623944D0 GB0623944D0 (en) 2007-01-10
GB2444285A true GB2444285A (en) 2008-06-04

Family

ID=37671617

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0623944A Withdrawn GB2444285A (en) 2006-11-30 2006-11-30 Keypad with random key layout

Country Status (1)

Country Link
GB (1) GB2444285A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2504066A (en) * 2012-07-10 2014-01-22 Mopowered Ltd Location of symbols on display of input device modified according to user selection
US10409406B2 (en) 2017-03-03 2019-09-10 Verifone, Inc. Systems and methods for increased security in authentication code entry for touch-sensitive screen enabled devices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993011551A1 (en) * 1991-12-06 1993-06-10 Maurras Jean Francois Rendum reset keypad
FR2693815A1 (en) * 1992-07-15 1994-01-21 Gemplus Card Int Security process for data entry keypad with touchscreen - uses keys with associated character changed randomly and visible only to user
CA2214190A1 (en) * 1997-10-15 1999-04-15 Michael Ernest Blom Improved security data entry alphanumeric keypad
US6434702B1 (en) * 1998-12-08 2002-08-13 International Business Machines Corporation Automatic rotation of digit location in devices used in passwords
EP1280113A2 (en) * 2001-07-24 2003-01-29 Robert Bosch Gmbh Code input apparatus
US6549194B1 (en) * 1999-10-01 2003-04-15 Hewlett-Packard Development Company, L.P. Method for secure pin entry on touch screen display
GB2402649A (en) * 2003-06-11 2004-12-15 Mathew Jonathan Dawson Personal identification code entry device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993011551A1 (en) * 1991-12-06 1993-06-10 Maurras Jean Francois Rendum reset keypad
FR2693815A1 (en) * 1992-07-15 1994-01-21 Gemplus Card Int Security process for data entry keypad with touchscreen - uses keys with associated character changed randomly and visible only to user
CA2214190A1 (en) * 1997-10-15 1999-04-15 Michael Ernest Blom Improved security data entry alphanumeric keypad
US6434702B1 (en) * 1998-12-08 2002-08-13 International Business Machines Corporation Automatic rotation of digit location in devices used in passwords
US6549194B1 (en) * 1999-10-01 2003-04-15 Hewlett-Packard Development Company, L.P. Method for secure pin entry on touch screen display
EP1280113A2 (en) * 2001-07-24 2003-01-29 Robert Bosch Gmbh Code input apparatus
GB2402649A (en) * 2003-06-11 2004-12-15 Mathew Jonathan Dawson Personal identification code entry device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2504066A (en) * 2012-07-10 2014-01-22 Mopowered Ltd Location of symbols on display of input device modified according to user selection
US10409406B2 (en) 2017-03-03 2019-09-10 Verifone, Inc. Systems and methods for increased security in authentication code entry for touch-sensitive screen enabled devices

Also Published As

Publication number Publication date
GB0623944D0 (en) 2007-01-10

Similar Documents

Publication Publication Date Title
US9514316B2 (en) Optical security enhancement device
US20090037986A1 (en) Non-disclosing password entry method
US20120120013A1 (en) Method for encoded input and control by fingerprint
US20120082306A1 (en) Data Encryption and Input System
US20060098841A1 (en) Method and system for enabling remote message composition
JP2006243938A (en) Password input device
CN108027855A (en) Multi-user's strong authentication token
KR100880862B1 (en) Security method for user input data to electronic device
KR101228809B1 (en) Method and device for inputting password and recording medium for the same
US20140325677A1 (en) Optical security enhancement device
GB2444285A (en) Keypad with random key layout
WO2012009334A1 (en) Personal secure terminal with virtual keypad
CN201063155Y (en) Cipher input device against peep
US20210192091A1 (en) Secure input mode of keyboards
JP6684933B1 (en) Key input system, electronic device, software keyboard control method
WO2010134808A1 (en) Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor.
Kasat et al. Study and analysis of shoulder-surfing methods
JP4532476B2 (en) Secure card terminal
JP2001350590A (en) Input device
EP2992476A1 (en) Optical security enhancement device
Masuzawa et al. Development of keypads which use colors or shapes to prevent shoulder surfing
JP4716201B2 (en) Input device
KR20140087595A (en) Device and method for inputting secure pin
CN220121285U (en) Safety password input equipment, password lock, POS machine, ATM and medical insurance card swiping equipment
RU172845U1 (en) Code panel

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)