GB2456048A - Pin authentication using variable input matrix - Google Patents

Pin authentication using variable input matrix Download PDF

Info

Publication number
GB2456048A
GB2456048A GB0709391A GB0709391A GB2456048A GB 2456048 A GB2456048 A GB 2456048A GB 0709391 A GB0709391 A GB 0709391A GB 0709391 A GB0709391 A GB 0709391A GB 2456048 A GB2456048 A GB 2456048A
Authority
GB
Grant status
Application
Patent type
Prior art keywords
password
system according
matrix
entered
unauthorised
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0709391A
Other versions
GB0709391D0 (en )
Inventor
David John Duke
Original Assignee
David John Duke
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1033Details of the PIN pad
    • G07F7/1041PIN input keyboard gets new key allocation at each use
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/201Accessories of ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Abstract

A password entry system (which may use an oblong matrix) of characters, which are then moved around for subsequent entry. This password entry system is designed to prevent third parties from stealing personal identification numbers (PIN) when they are entered in plain view. This can protect passwords entered on computer systems or over the internet where keys, screens and mouse data are recorded, using multiple matrix dimensions (e.g. 3D) and techniques to avoid the identification or regeneration of the data by a third party. The character matrix may be surrounded by row selection buttons, which are used to select the row in which the characters of the password exist, in the order in which they appear in the password. Because the computer knows your password which may be linked to your user name, device, or biometrics, it can filter out the other letters that have been selected and confirm whether or not your password is valid.

Description

Oblong Multiple Dimension Matrix Authentication

DESCRIPTION

Oblong Multiple Dimension Matrix Authentication is a technique for users to enter passwords without a third party obtaining the password by watching or recording it being entered. Specifically to stop phishing websites, hackers or unauthorised people from obtaining your passwords by watching, collecting or recording your password entry multiple times to calculate your password.

This invention would specifically prevent unauthorised people from using recorded key presses, screen data, fake login screens, character enumeration and mouse clicks, all of which give them the ability to steal your password.

This is achieved through the following process:-A variable sized matrix is generated, which may or may not be square, an oblong matrix is more secure as it cannot be easily rotated on fake login sites or devices. This matrix contains random characters, letters or numbers or symbols, using unique or non unique letters ( non unique which are more secure).

These random numbers are generated once at the login process. However they are moved around (not regenerated) each time a selection is made. This prevents a hacker from building a fake login screen with the known letters, and prevents him from changing these letters to different positions to work out the password. This also prevents the hacker from counting the letters to work out the password based on the number of occurrences of the password in the matrix.

The matrix is surrounded by selection buttons to select the row in which the characters of the password exists. When the user enters their password he selects a row for each character of the password in the order in which they appear in the password. This is used to select the individual characters of the password. The computer can then match the known password against the data that has been collected from the characters in the selected rows.

Each time the user logs in, the letters, symbols and/or numbers in the matrix appear in different positions, as the original random letters generated are random the letter A may appear several times in several positions, and some letters and/or numbers may not even be present.

Example

In figure C the password to be entered is fred.

You can click any row indicator which has the letter "F" somewhere in the line. In this example you can see that the row "EOZAF" has been selected which contains the first letter of the password "F" The computer would see that you had the "f' as the first letter of your password and then discard the other letters in the row.

For the second letter "r", you can see the row "IMQSDZMIR" has been selected, which contains the letter "R".

The third image shows the selection "EQLUB" this contains "A" and the last selection "VUODNIJEK" contains the last letter "D.

This example shows a 6 sided selection object in the matrix, using more sides will significantly increase the difficulty for the password to be compromised.

This example shows the letters on the matrix are static to simplify the description process. However to be more secure the letters are moved (not regenerated) every time a row is selected.

The next time you logged in, the letters, numbers or symbols would all be in different place on the matrix and would also be different and may not contain all the letters in the alphabet, some could be duplicated, this adds to the security of the matrix.

The two key areas of this invention are designed to stop internet phishing sites (the theft of passwords from a fake site or fake login screen), or unauthorised people working out the password from a matrix based password entry system.

Note: A fixed width and height matrix based system can be compromised by a fake login screen which rotates the matrix 90 degrees. Then asking for the password again. This enables unauthorised peoples to directly identify the users password and makes normal matrix based password entry insecure.

This is shown in figure A and figure B. This invention overcomes this problem with two specific inventions, first that the matrix is not square, and second that the letters are moved around after each row selection.

Figure A shows an unauthorised person asking for your first entry, figure B shows the unauthorised person asking again for the password, the user picks row 2 and colunm 3 to reference the letter "H" as the first letter in his password. As you can see the matrix is then rotated 90 degrees by the unauthorised person and the password is asked for again. When the password is entered the second time, row 3 column 4. The unauthorised person can identif' the character in the password instantly.

2. You will also notice that the letters in the alphabet on figure C or D are unique, each letter of the alphabet exists only once. This makes it easier for unauthorised people to detect the specific character if an unauthorised person captures the password entry multiple times. This is overcome through the movement of data within the login screen after each row is selected.

Claims (9)

C MATRIX A UTHENTICA TION SYSTEM CLAIMS
1. This invention is a system that enables a user to securely enter a password in a public place or over the internet where the data entry process can be observed or recorded.
2. This is a system according to claim 1 which prevents unauthorised peoples from obtaining passwords entered using this system and subsequently working out the password from the collected data.
3. This is a system according to claim 2 which has a unique data entry format consisting of a non square matrix which contains multiple references to the same data in more than two dimensions therefore making it harder to guess the password entered.
4. This is a system according to claim 3, which stops unauthorised peoples from "capturing" a user's password by logging keys pressed on a keyboard.
5. This is a system according to claim 4, which stops unauthorised peoples from gaining a user's password by capturing images or video from a screen as the password is being entered.
6. This is a system according to claim 5, which stops unauthorised peoples from gaining a user's password by capturing mouse clicks or mouse positions.
7. This is a system according to claim 6, which prevents unscrupulous users building dummy screens to collect password information
8. This is a system according to claim 7 which prevents unscrupulous users rotating password data entry screens to workout where letters in the password are.
9. This is a system according to claim 8, which uses a three or more dimensional matrix, allowing password sections in three or more different directions, not just horizontal and vertical.
1 O.This is a system according to claim 9 which uses multiple sided objects in a matrix to increase the difficulty to work out the letters selected.
l1.This is a system according to claim 10 to prevent automated phishing (data capture) sites from collecting password information entered automatically in one go.
GB0709391A 2007-05-16 2007-05-16 Pin authentication using variable input matrix Withdrawn GB2456048A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0709391A GB2456048A (en) 2007-05-16 2007-05-16 Pin authentication using variable input matrix

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0709391A GB2456048A (en) 2007-05-16 2007-05-16 Pin authentication using variable input matrix

Publications (2)

Publication Number Publication Date
GB0709391D0 true GB0709391D0 (en) 2007-06-27
GB2456048A true true GB2456048A (en) 2009-07-08

Family

ID=38234531

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0709391A Withdrawn GB2456048A (en) 2007-05-16 2007-05-16 Pin authentication using variable input matrix

Country Status (1)

Country Link
GB (1) GB2456048A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2476822A (en) * 2010-01-11 2011-07-13 Paul Michael Dunphy Observation-resistant authentication method using finger pressure determination
US20140068754A1 (en) * 2011-04-27 2014-03-06 Vance Burkill Password generation and recall
DE102016120111A1 (en) * 2016-10-21 2018-04-26 Cherry Gmbh Method and apparatus for authenticating a user of a device and information system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6246769B1 (en) * 2000-02-24 2001-06-12 Michael L. Kohut Authorized user verification by sequential pattern recognition and access code acquisition
US6434702B1 (en) * 1998-12-08 2002-08-13 International Business Machines Corporation Automatic rotation of digit location in devices used in passwords
GB2388229A (en) * 2002-05-04 2003-11-05 Robert Macalonan Keypad for generating code with scrambled displayed key sequence
GB2402649A (en) * 2003-06-11 2004-12-15 Mathew Jonathan Dawson Personal identification code entry device
GB2438886A (en) * 2006-06-10 2007-12-12 Gina Maria Eldon Random personal identification number input screen

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6434702B1 (en) * 1998-12-08 2002-08-13 International Business Machines Corporation Automatic rotation of digit location in devices used in passwords
US6246769B1 (en) * 2000-02-24 2001-06-12 Michael L. Kohut Authorized user verification by sequential pattern recognition and access code acquisition
GB2388229A (en) * 2002-05-04 2003-11-05 Robert Macalonan Keypad for generating code with scrambled displayed key sequence
GB2402649A (en) * 2003-06-11 2004-12-15 Mathew Jonathan Dawson Personal identification code entry device
GB2438886A (en) * 2006-06-10 2007-12-12 Gina Maria Eldon Random personal identification number input screen

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2476822A (en) * 2010-01-11 2011-07-13 Paul Michael Dunphy Observation-resistant authentication method using finger pressure determination
GB2476822B (en) * 2010-01-11 2012-05-09 Paul Michael Dunphy Authentication by multi-level pressure exertion on multi-touch tabletop interfaces
US20140068754A1 (en) * 2011-04-27 2014-03-06 Vance Burkill Password generation and recall
US9053294B2 (en) * 2011-04-27 2015-06-09 Vance Burkill Password generation and recall
DE102016120111A1 (en) * 2016-10-21 2018-04-26 Cherry Gmbh Method and apparatus for authenticating a user of a device and information system

Also Published As

Publication number Publication date Type
GB0709391D0 (en) 2007-06-27 application

Similar Documents

Publication Publication Date Title
US7616764B2 (en) Online data encryption and decryption
Biddle et al. Graphical passwords: Learning from the first twelve years
Zhu et al. Captcha as Graphical Passwords-A New Security Primitive Based on Hard AI Problems.
US20120011564A1 (en) Methods And Systems For Graphical Image Authentication
Chiasson et al. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism
US20110191592A1 (en) Secure Access by a User to a Resource
Dunphy et al. A closer look at recognition-based graphical passwords on mobile devices
US20060174339A1 (en) An arrangement and method of graphical password authentication
Tari et al. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
US7093291B2 (en) Method and system for detecting and preventing an intrusion in multiple platform computing environments
US20090037983A1 (en) User-centric authentication system and method
US20130138968A1 (en) Graphical encryption and display of codes and text
Kim et al. Multi-touch authentication on tabletops
US20120023574A1 (en) Graphical Image Authentication And Security System
US20050193208A1 (en) User authentication
De Luca et al. ColorPIN: securing PIN entry through indirect input
US20090077653A1 (en) Graphical Image Authentication And Security System
US20090037986A1 (en) Non-disclosing password entry method
US20090213132A1 (en) Secure computer screen entry system and method
US20080168546A1 (en) Randomized images collection method enabling a user means for entering data from an insecure client-computing device to a server-computing device
US20080201578A1 (en) Computer security using visual authentication
US20130047236A1 (en) Authentication system and method thereof
Tan et al. Spy-resistant keyboard: more secure password entry on public touch screen displays
US20080229397A1 (en) Website log in system with user friendly combination lock
Raza et al. A survey of password attacks and comparative analysis on methods for secure authentication

Legal Events

Date Code Title Description
AT Applications terminated before publication under section 16(1)
S20A Reinstatement of application (sect. 20a/patents act 1977)

Free format text: REQUEST FOR REINSTATEMENT FILED

Effective date: 20090128

WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)