GB2454944A - Protecting the security of an access code such as a PIN or password - Google Patents

Protecting the security of an access code such as a PIN or password Download PDF

Info

Publication number
GB2454944A
GB2454944A GB0800624A GB0800624A GB2454944A GB 2454944 A GB2454944 A GB 2454944A GB 0800624 A GB0800624 A GB 0800624A GB 0800624 A GB0800624 A GB 0800624A GB 2454944 A GB2454944 A GB 2454944A
Authority
GB
United Kingdom
Prior art keywords
access code
characters
sequence
user
pin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0800624A
Other versions
GB0800624D0 (en
Inventor
Roy William Edwards
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0800624D0 publication Critical patent/GB0800624D0/en
Publication of GB2454944A publication Critical patent/GB2454944A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G07C9/00142
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1033Details of the PIN pad

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Input From Keyboards Or The Like (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A user inputs an access code (e.g. pin or password) as a sequence of characters which includes addition the randomly selected character/s in a predetermined position or positions within the sequence such that the access code is obvious gated to an observer. The access code can however be identified by an authority with a knowledge of the positions and the number of additional characters inputted by the user. Additionally the sequence of characters may not be reused. A person for example watching or photographing the entry of a pin number at an ATM would only know the sequence of characters entered and not the actual access code. The invention may be used for access control of a secure lock or in conjunction with a smart card.

Description

PDJ or PASSWORD Code Protector.
One application of this inventive concept relates to a method and apparatus for protecting the security of an access code to the Bank Debit/Credit Card PIN access code, and the protection and securing of the PIN number from cameras or other people watching.
For instance, full stops could be used to highlight random PIN or PASSWORD positions. If it was thought more appropriate a circled character or characters could also be used thus (2) to make random PIN or PASSWORD character or characters stand out.
An example using actual and random PIN or PASSWORD: (1)8(5) = 0823670 67. = 6679 89.6. = 589062 6..8.92. = 61082927 M.ACHIA.S. = AMZAC}IIAKSS When using PIN or PASSWORD character(s) for a transaction the secrecy of the PIN or PASSWORD access code is vely vulnerable. To overcome this problem extra characters are keyed randomly to generate a Random PIN or PASSWORD (the number of extra random characters would be based on how many you set up with your Actual PIN or PASSWORD) and sited within or either end of the Actual PIN or PASSWORD access code.
For even more security, a method of selecting additional character or characters randomly can be made from a predetermined set of characters notified to the authorised PIN or PASSWORD access code holder.
The Random PIN or PASSWORD will not be accepted the second time for a set number of transactions. So, if all the characters are picked up covertly, one would not know (other than the authorised user) the Actual PIN or PASSWORD access code, as it would be mixed in with the whole access code. Only the genuine code holder would have the knowledge to see the Actual PIN or PASSWORD access code within all the characters.
The PIN or PASSWORD Code Protector system would run in conjunction with the existing procedural set-up that is provided by the Banks. If the first four numbers entered are the Actual PIN code number, this would automatically be accepted. However, should the Bank Card Holder decide that extra precautions are necessary due to conditions, i.e. abroad or dubious surroundings or being overlooked, mixing the random numbers within the Actual PIN code obfuscates it.
The obtaining of a different PIN to the one supplied by the Bank or acquiring a Random PIN would be at an A.T.M. (Automated Teller Machine). If you require the Random PIN code facility, you would enter the number of random digits required after entering your Actual PIN code.
On using your PIN for the first time, enter the number of random digits chosen within your Actual PIN, in any position you wish. Note, only at this setting up stage the random PiN numbers should not be in the Actual PIN access code. This format will then stay until altered.

Claims (11)

  1. Claims I. A method of protecting the security of an access code when in use, comprising a user inputting the access code as a sequence of characters including an additional randomly selected character or characters in a predetermined position or positions in the sequence such that the access code is obfuscated to an observer but can be recovered from the sequence by an authority with a knowledge of the position and number of additional characters inputted by the user.
  2. 2. A method as claimed in claim I in which the additional character or characters are randomly selected from a predetermined set of characters notified to the authority by the user.
  3. 3. A method as claimed in claim 1 or 2 in which the authority monitors the sequence of characters inputted in successive transactions and refuses to authorise a transaction in which the same sequence in inputted in successive transactions.
  4. 4. A method as claimed in claim 3 in which the authority refuses to authorise a transaction in which the same sequence in inputted for only a limited number of successive transactions.
  5. 5. A method as claimed in any of the preceding claims in which the access code is using a PASSWORD or security code used in conjunction with a typewriter keyboard.
  6. 6. A method as claimed in any one of the preceding claims in which the access code comprises a PIN or security code used in conjunction with a Smart card transaction, and in which the Smart card is adapted to be used in an authorised terminal to allow the user to nominate or change the position and number of additional characters and/or the predetermined set of characters.
  7. 7. A method as claimed in any one of the preceding claims in which the access code is used in a bank debit or credit card transaction.
  8. 8. A method as claimed in any one of claims 1104 or 6 in which the access code is used to activate a security lock.
  9. 9. Apparatus for protecting the security of an access code when in use comprising one or more user terminals on which a user can input the access code as a sequence of characters including an additional randomly selected character or characters in a predetermined position or positions in the sequence such that the access code is obfUscated to an observer, and an authorisatjon unit that can recover the access code from the sequence with a knowledge of the position and number of additional characters inputted by the user.
  10. 10. An access code authorisation unit adapted to recover the access code from a sequence of characters entered by a user according to the method of any one of the claims I to 4 or 6.
  11. 11. A method as claimed in any of claims 8 or 9 For example, A.T.M. (Automated Teller Machine); Chip and PIN; Dial-Up; Electronic Locks; Keypads; Remote Control -wired; Remote Control -wireless (no wire); Touch Pad; Touch Screen; Typewriter Keyboard.
GB0800624A 2007-11-24 2008-01-15 Protecting the security of an access code such as a PIN or password Withdrawn GB2454944A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0723042.8A GB0723042D0 (en) 2007-11-24 2007-11-24 Bank card pin protector

Publications (2)

Publication Number Publication Date
GB0800624D0 GB0800624D0 (en) 2008-02-20
GB2454944A true GB2454944A (en) 2009-05-27

Family

ID=38925979

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0723042.8A Ceased GB0723042D0 (en) 2007-11-24 2007-11-24 Bank card pin protector
GB0800624A Withdrawn GB2454944A (en) 2007-11-24 2008-01-15 Protecting the security of an access code such as a PIN or password

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0723042.8A Ceased GB0723042D0 (en) 2007-11-24 2007-11-24 Bank card pin protector

Country Status (1)

Country Link
GB (2) GB0723042D0 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2966585A1 (en) * 2014-07-11 2016-01-13 Unify GmbH & Co. KG Method and system for initiating a login of a user

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030172281A1 (en) * 2002-03-05 2003-09-11 Kun-Hak Lee User authentication method using password
EP1708110A1 (en) * 2005-03-22 2006-10-04 Lin, Chyi-Yeu Password input and verification method
GB2443212A (en) * 2006-10-26 2008-04-30 Robert Francis Mcalister An access control system using guest entry codes

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030172281A1 (en) * 2002-03-05 2003-09-11 Kun-Hak Lee User authentication method using password
EP1708110A1 (en) * 2005-03-22 2006-10-04 Lin, Chyi-Yeu Password input and verification method
GB2443212A (en) * 2006-10-26 2008-04-30 Robert Francis Mcalister An access control system using guest entry codes

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
'Dynamic, Randomly-generated, Onscreen Password Strength Enhancement Scaffolding', IP.COM JOURNAL, 2006-11-17, ISSN 1533-0001 *
Dynamic, Randomly-generated, Onscreen Password Strength Enhancement Scaffolding', IP.COM JOURNAL, 2006-11-17, ISSN 1533-0001 *
'Password protection method for internet banking and ATM,...,etc', IP.COM JOURNAL, 2003-12-26, ISSN 1533-0001 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2966585A1 (en) * 2014-07-11 2016-01-13 Unify GmbH & Co. KG Method and system for initiating a login of a user
WO2016005034A1 (en) * 2014-07-11 2016-01-14 Unify Gmbh & Co. Kg Method and system for initiating a login of a user
CN106471512A (en) * 2014-07-11 2017-03-01 统有限责任两合公司 For initiating the method and system of the login of user
US10395014B2 (en) 2014-07-11 2019-08-27 Unify Gmbh & Co. Kg Method and system for initiating a login of a user
US11068568B2 (en) 2014-07-11 2021-07-20 Ringcentral, Inc. Method and system for initiating a login of a user
US11138298B2 (en) 2014-07-11 2021-10-05 Ringcentral, Inc. Method and system for initiating a login of a user

Also Published As

Publication number Publication date
GB0800624D0 (en) 2008-02-20
GB0723042D0 (en) 2008-01-02

Similar Documents

Publication Publication Date Title
US5323465A (en) Access control
CN105825382B (en) Mobile payment method and electronic equipment
CN102638447B (en) Method and device for system login based on autonomously generated password of user
US5280527A (en) Biometric token for authorizing access to a host system
US6957338B1 (en) Individual authentication system performing authentication in multiple steps
US7210622B2 (en) Enhanced PIN and password protection system and method
DE10125954B4 (en) Secure data transfer from unsecured input environments
US20140043243A1 (en) System and method for enhancing device passcode security
CN102576435A (en) Handy terminal and payment method used for the handy terminal
CN103996011A (en) Method and device for protecting codes to be input safely
CN104134032A (en) Anti-peeping coded lock system based on visional confusion and anti-peeing unlocking method based on visional confusion
CN101304315B (en) Method for improving identification authentication security based on password card
WO2007017500A1 (en) Method and apparatus for secure insertion of an access code using an eye-tracking device
GB2454944A (en) Protecting the security of an access code such as a PIN or password
JP2008112231A (en) Apparatus operable on biometric authentication of multiple authorized persons
Nandhini et al. Mobile communication based security for atm pin entry
CN101286249A (en) Anti-riot method utilizing double code for alarming
Takawale et al. A Survey On Cardless Automated Teller Machine (ATM)
KR101632582B1 (en) Method and system for user authentication using password included random key
CN108989041A (en) Encryption method and device, decryption method and device
KR960032192A (en) How to protect device permissions using password
US20070276761A1 (en) Method And Device For Franking Postal Deliveries
US20170300684A1 (en) Method of authenticating a user, corresponding terminals and authentication system
WO2022001707A1 (en) Method and system for receiving a secure input, using a secure input means
WO2013064359A1 (en) Document, process for authenticating a user, more particularly for releasing a smart-card function, and computer system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)