US20170154175A1 - System and method of secure data entry - Google Patents
System and method of secure data entry Download PDFInfo
- Publication number
- US20170154175A1 US20170154175A1 US15/407,794 US201715407794A US2017154175A1 US 20170154175 A1 US20170154175 A1 US 20170154175A1 US 201715407794 A US201715407794 A US 201715407794A US 2017154175 A1 US2017154175 A1 US 2017154175A1
- Authority
- US
- United States
- Prior art keywords
- user
- input
- data
- pinch gesture
- user input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/02—Input arrangements using manually operated switches, e.g. using keyboards or dials
- G06F3/023—Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
- G06F3/0233—Character input methods
- G06F3/0236—Character input methods using selection techniques to select from displayed items
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0484—Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
- G06F3/04842—Selection of displayed objects or displayed text elements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0484—Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
- G06F3/04847—Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0487—Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
- G06F3/0488—Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
- G06F3/04883—Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
Definitions
- the present disclosure is generally directed toward data entry into user devices and particularly toward mechanisms for securing the same.
- Traditional keypads have static configurations. They generally consist of numbered buttons ranging from 0 through 9 and an “*” and a “#” button much like a typical telephone keypad. Such numbers exist in a common pattern and hence the user or anyone with knowledge of the pattern can simply enter the code without looking at numbers on the keypad. While this is particularly useful for users with sight impairments, it negatively impacts the security of the system because patterns can be deduced more easily than the codes themselves.
- keypads are utilized in parking applications such as entrance to a parking facility or a residential gated community which have gated entrances secured with an access control keypad.
- a user To gain entry to the secured area, a user must provide the keypad with a valid a security code. All individuals with permission to enter the facility are provided with a common security/access code which opens the gate and allows entry on to the premises. Usage in which all individuals have the same password are typically referred to as “common code” systems.
- the numbers or range of possible numbers i.e., the number of possible combinations which make up a user's password is finite and can be deduced in several ways.
- a non-authorized user may observe a user and the patterns typed in, significantly reducing the security of the system. Additionally, the non-authorized user may acquire the password by analyzing the physical keypads for wear. Wear indicates high utilization and would also significantly narrow down the range of possibilities. More sophisticated methods of compromising such systems include “dusting” the keys or applying non-visible material in an attempt to determine which keys comprise the password.
- Hirsch ScramblePad® One common example is referred to as a Hirsch ScramblePad®.
- the particular construction of the Hirsch ScramblePad® is described in detail in one or more of U.S. Pat. Nos. 4,333,090; 4,479,112; and 4,644,326; all of which are hereby incorporated herein by reference in their entirety.
- the main concept behind the Hirsch ScramblePad® is to randomize the number which is assigned to a given key for every instance a user is required to provide input via the keypad. This means that the same valid code will not be entered with the same pattern. Rather, different physical keys will need to be depressed to enter the same valid code at different times.
- embodiments of the present disclosure propose solutions in which the confidentiality of user inputs are protected-by a combination of visual data scrambling and off-angle viewing techniques.
- the proposed solutions can be implemented at a fraction of the cost of existing solutions.
- a user input which includes a linear position sensor that is configured to determine if a user's finger is touching the user input as well as the position of where the sensor is being touched. As a user's finger is touching the user input, the user is required to slide their finger along the user input in a scrolling motion. As the user scrolls their finger across the user input and, therefore, across a number of input zones, a user output displays the data value currently corresponding to the input zone where the user's finger is located.
- the user When the user sees that the desired data value is depicted by the user output, the user removes their finger from the user input and the data value currently corresponding to the input zone where the user's finger was last located is provided as a data input for a computational device. This process can be repeated until the user has entered the entire password.
- the linear input sensor may be comprised of a linear resistor, linear capacitive element, a full finger biometric sensor, a swipe biometric sensor, and a touch-sensitive screen such as what is used on the Apple iPhone®.
- This linear sensor may be constructed in a straight line or can be in shapes or even circular and could even be incorporated into the handle of a door lock in which the motion is twisting left or right.
- One or more additional security mechanisms may be employed to further enhance the security with which user inputs are captured.
- the input zones of the user input may be re-assigned random and different data values for every instance where a user input is to be captured.
- they could be arranged in ascending order and then descending order.
- the size and/or configuration of the input zones themselves may be altered for every instance where a user input is to be captured.
- a number of different types of user output may be utilized ranging between a single digit display, a multi-digit display, and a touch-screen that incorporates the user output into the same area as the user input.
- the captured parameters may be mathematically/statistically assessed over a number of valid user inputs and after an appropriate number of valid user inputs have been received and the associated parameters have been incorporated into an average (or mean or some other value obtained from a mathematical formula), the average of the captured parameters can be compared to the current parameter and, if different by a certain amount, may be used to detect potentially suspect user inputs.
- a privacy shielding material over the user output to limit off-axis viewing of the user output such as 3M VikuitiTM Light Control Film.
- the user output may be recessed within the computational component and louvers may be utilized.
- a scrambling keypad may be employed where a user is required to slide their fingers in a groove and across a user input device, such as the one of the several variations described above, to achieve a user input.
- a traditional keypad with numbers in standard locations could be used to achieve user input.
- a gesturing keypad may be utilized whereby a plurality of intersecting grooves are provided and a user is required to slide their fingers in various patterns across the intersecting grooves to achieve the desired user input.
- FIG. 1A is a block diagram of an access control system having a first configuration in accordance with embodiments of the present disclosure
- FIG. 1B is a block diagram of an access control system having a second configuration in accordance with embodiments of the present disclosure
- FIG. 2 is a block diagram of a user device in accordance with embodiments of the present disclosure
- FIG. 3 is a block diagram depicting details of a reader/user device in accordance with embodiments of the present disclosure
- FIG. 4A is a block diagram depicting a first step of securely entering data via a user interface in accordance with embodiments of the present disclosure
- FIG. 4B is a block diagram depicting a second step of securely entering data via a user interface in accordance with embodiments of the present disclosure
- FIG. 4C is a block diagram depicting a third step of securely entering data via a user interface in accordance with embodiments of the present disclosure
- FIG. 4D is a block diagram depicting a fourth step of securely entering data via a user interface in accordance with embodiments of the present disclosure
- FIG. 5A is a block diagram depicting a first configuration of a user input in accordance with embodiments of the present disclosure
- FIG. 5B is a block diagram depicting a second configuration of a user input in accordance with embodiments of the present disclosure
- FIG. 5C is a block diagram depicting a third configuration of a user input in accordance with embodiments of the present disclosure.
- FIG. 5D is a block diagram depicting a fourth configuration of a user input in accordance with embodiments of the present disclosure.
- FIG. 5E is a block diagram depicting a fifth configuration of a user input in accordance with embodiments of the present disclosure.
- FIG. 5F is a block diagram depicting a sixth configuration of a user input in accordance with embodiments of the present disclosure.
- FIG. 6 is a block diagram depicting details of a secure user interface in accordance with embodiments of the present disclosure.
- FIG. 7 is a flow diagram depicting a user input capture method in accordance with embodiments of the present disclosure.
- FIG. 8 is a flow diagram depicting a user input analysis method in accordance with embodiments of the present disclosure.
- FIGS. 1A and 1B show illustrative embodiments of an access control system 100 in accordance with embodiments of the prior art. Both configurations of the access control system 100 include a reader 104 that is generally provided at a strategic location to secure one or more assets. In some embodiments, the reader 104 is in communication with a networked device 108 via a first communication link. The first communication link between the reader 104 and networked device 108 may be established over a secured or unsecured communication network via TCP/IP, Wi-Fi, Zigbee, Cellular modem, RS485, current loop, and Wiegand.
- Such a reader 104 is referred to as a networked reader because the reader 104 provides some or all data used in making an access control decision to the networked device 108 .
- the networked device 108 comprises the necessary functionality, in the form of an authentication module 116 , to analyze the data received from the reader 104 and make an access control decision for the reader 104 .
- a control panel is one example of a networked device 108 which is typically used in the access control industry.
- Other types of networked devices 108 include a host computer with or without a web server, a server providing Software as a Service (SaaS), a cloud-based application, or the like.
- the networked device 108 communicates the results of the decision back to the reader 104 , which comprises a release mechanism 120 that is enabled to either release one or more assets if a decision has been made to grant access or maintain such assets in a secure state if a decision has been made to deny access.
- the release mechanism 120 is typically a relay whereas in logical access applications, the release mechanism 120 is realized by software instructions.
- the release mechanism 120 may be provided in the networked device 108 and the authentication module 116 may be provided in the reader 104 .
- the reader 104 may make the access control decisions and report the results of those decisions to the networked device 108 which selectively activates the release mechanism 120 depending upon the results of the decision made by the authentication module 116 .
- a reader 104 may be positioned at an access point for a given asset (e.g., a door for a room, building, or safe, a computer for electronic files, and so on). Unless a user provides the reader 104 with a valid input via a user interface 112 of the reader 104 , the access point is maintained in a secure state such that admittance or access to the asset is denied. If a user enters a valid input via the user interface 112 , then the reader 104 has the discretion to allow the user access to the asset and implement various other actions accordingly.
- a given asset e.g., a door for a room, building, or safe, a computer for electronic files, and so on.
- a credential is a device that carries evidence of authority, status, rights, and/or entitlement to privileges for a holder of the credential.
- a credential is a portable device having memory and a reader interface (i.e., an antenna and Integrated Circuit (IC) chip) which enables the credential to exchange data with the reader 104 , usually via a credential interface of the reader 104 .
- IC Integrated Circuit
- a credential is an RFID smartcard that has data stored thereon allowing a holder of the credential to access an asset protected by a reader 104 .
- Other examples of a machine-readable credential include, but are not limited to, proximity RFID-based cards, access control cards, credit cards, debit cards, passports, identification cards, key fobs, Near Field Communications (NFC)-enabled cellular phones, Personal Digital Assistants (PDAs), tags, or any other device configurable to emulate a virtual credential.
- the reader 104 is capable of performing dual-factor authentication by verifying both the validity of user input (i.e., something that the user knows) as well as the validity of credential input (i.e., something that the user has).
- the reader 104 may also be configured to receive biometric input from the user to further enhance the security of the access control system 100 .
- the networked device 108 may be responsible for making some or all of the asset-access decisions based on data received at the reader 104 from the user.
- the reader 104 may not be connected to a networked device 108 , in which ease the reader 104 is referred to as a stand-alone reader.
- Stand-alone readers comprise the decision-making components necessary to analyze input received from a user and determine, based on the received input, if the user is entitled to access an asset secured by the reader 104 .
- the access control rules for entry including time zone, day of week, etc.
- the access control decision rules may be contained in the machine-readable credential read at the reader incorporated into the stand-alone device/user input combination.
- Stand-alone readers are generally desirable in situations where a reader 104 is in an isolated location and a communication link between the networked device 108 and reader 104 is not easily established.
- a communications network may be used to establish the communication link between the reader 104 and networked device 108 .
- Exemplary communication networks may provide bi-directional communication capabilities, which may selectively be implemented in a form of wired, wireless, fiber-optic communication links, or combinations thereof Even though the communication link between the networked device 108 and reader 104 is depicted as bi-direction, one skilled in the art can appreciate that the communication link may be unidirectional.
- the reader 104 may utilize the Wiegand protocol to communicate with the networked device 108 .
- the communication link between the reader 104 and networked device 108 may be implemented utilizing buses or other types of device connections.
- the protocols used to communicate between the networked device 108 and the reader 104 may include one or more of the TCP/IP protocol, RS 232, RS 485, Current Loop, Power of Ethernet (POE), Bluetooth, Zigbee, GSM, WiFi, and other communication methods and protocols known in the art.
- the networked device 108 may be a general-purpose computer adapted for multi-task data processing and suitable for use in a commercial setting.
- the networked device 108 may be implemented as a host computer or server and the reader 104 can be connected to the host computer via a TCP/IP connection or other type of network connection.
- a memory comprising a database of records for the system 100 may be associated with the networked device 108 .
- the database although not depicted, may be integral with or separated from the networked device 108 or it may be incorporated into the reader 104 .
- the database maintains records associated with the readers 104 , users, algorithm(s) for acquiring, decoding, verifying, and modifying data contained in the readers 104 , algorithm(s) for testing authenticity and validity of user inputs, algorithm(s) for implementing actions based on the results of these tests, and other needed software programs.
- Specific configurations of the networked device 108 are determined based on and compliant with computing and interfacing capabilities of the readers 104 .
- FIG. 2 depicts an exemplary user device 204 , which may be equipped with a user interface 112 that is similar or identical to the user interface 112 of the reader 104 .
- the user device 204 may correspond to any type of device capable of performing one or more actions based on input received at the user interface 112 .
- the user device 204 may also be connected to a communication network and may be configured to exchange messages with networked devices 108 via the network. Examples of a user device 204 include, without limitation, a computer, laptop, netbook, iPad®, iPod®, iPhone®, mobile/cellular phone, telephone, Personal Digital Assistant (PDA), or the like.
- PDA Personal Digital Assistant
- the computational device 104 , 204 may comprise memory 304 that includes a number of instructions 308 , modules, and other data structures as well as a processor 336 for executing the instructions 308 and other contents of memory 304 .
- the computational device 104 , 204 may also include a communication interface 344 which allows the computational device 104 , 204 to communicate with a networked device 108 .
- exemplary types of communication interfaces 344 include, without limitation, an RF antenna and driver, an infrared port, a fiberoptics interface, a Universal Serial Bus (USB) port, an Ethernet port, a serial data port, a parallel data port, any type of interface which facilitates communications over a packet-based communication network, such as the Internet, and so on.
- the computational device 104 , 204 may further include a credential interface (not depicted) which enables the computational device 104 , 204 to communication with one, two, three, or more different types of credentials.
- the type of credential interface provided on the computational device 104 , 204 may vary according to the type of credential that is in the system 100 .
- the credential interface includes one or more of an antenna, an array of antennas, an infrared port, an optical port, a magnetic stripe reader, a barcode reader or similar machine-vision components, a Near Field Communications (NFC) interface, or any other component or collection of components which enables the computational device 104 , 204 to communicate with credentials and other portable memory devices.
- NFC Near Field Communications
- the credential interface enables the computational device 104 , 204 to read one or more non-RFID machine-readable credentials including one or more of magnetic stripe cards, bar codes, Wiegand cards, Hollerith, infrared, Dallas 1-wire, and barium ferrite.
- the credential interface and communication interface 344 are of the same type (i.e., RF communication interfaces). In some embodiments, the credential interface and communication interface 344 are implemented as a single interface. Thus, the computational device 104 , 204 may be enabled to communicate with credentials and networked devices 108 by using the same hardware components.
- the computational device 104 , 204 may include a user interface 112 which facilitates user interaction between the computational device 104 , 204 and a user thereof.
- the user interface 112 may include one or more user inputs, one or more user outputs, or a combination user input/output.
- Exemplary user inputs include, without limitation, keypads (traditional or laser-projected), buttons, switches, a linear pressure sensor (e.g., linear potentiometer that is resistive and/or capacitive), a peripheral device such as a touch pad peripheral included as part of a PC or as a separate peripheral connected by, for example, USB, a mouse/trackball wheel, a mouse or trackball movement, optical detection technologies, pressure sensitive device, resistive, capacitive touch, electrostatic, or magnetic screen enabled to detect finger and pen input, rotating door knob, combination, lock, or the like.
- Exemplary user outputs include, without limitation, lights, display screens (projection, LCD, LED, OLED, plasma, etc.), individual LED's, seven segment LED display, multi-digit LED display, etc.
- the user output may also be provided with a privacy shielding material, such as 3M's Vituki® product.
- the privacy shielding material may help ensure that off-axis viewing of the user output is minimized.
- a louver may be utilized which recesses the actual display portion of the user output within a cavity that limits the field of view to the display portion.
- Exemplary combination user input/outputs may include a touch-screen interface, a multi-touch-screen interface (i.e., a touch-screen interface adapted to recognize multiple simultaneous touches, gestures, “pinches”) or any other type of interface which is capable of simultaneously displaying a user output and receiving a user input.
- the computational device 104 , 204 may also include processing memory 340 , which may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by the processor 336 .
- processing memory 340 may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by the processor 336 .
- RAM Randomly Accessible Memory
- the processing memory 340 is used to temporarily store data during processing tasks
- the memory 304 is provided to store permanent instructions 308 which control the operational behavior of the computational device 104 , 204 .
- the memory 304 and/or 340 may be implemented using various types of electronic memory generally including at least one array of non-volatile memory cells (e.g., Erasable Programmable Read Only Memory (EPROM) cells or FLASH memory cells, etc.)
- the memory 304 and/or 340 may also include at least one array of dynamic random access memory (DRAM) cells.
- the various routines and modules which may be included in memory 304 comprise one or more of an authentication module 312 , authentication data 320 , a communication module 316 , and configuration data 324 .
- the communication module 316 provides instructions which enable the computational device 104 , 204 to communicate with other devices.
- the communication module 316 may comprise message encoding and/or decoding instructions, message encryption and/or decryption instructions, compression and/or decompression instructions, trans-coding instructions, and any other known type of instructions which facilitate communications over a communications network.
- the communication module 316 may comprise instructions which enable the computational device 104 , 204 to create one or more messages or communication packets which are appropriately formatted and transmitted in accordance with a known communication protocol via the communication interface 344 .
- the communication module 316 may also comprise instructions which enable the computational device 104 , 204 to format messages received over the communication interface 344 for processing by various other components of the computational device 104 , 204 .
- an authentication module 312 that is capable of receiving data from the user input portion of the user interface 112 , analyzing the received data, and determining if the received data corresponds to valid data.
- the authentication module 312 may refer to authentication data 320 which is also stored in memory 304 .
- the authentication data 320 may comprise a list of valid or authorized credentials and their corresponding credential data.
- the authentication data 320 may comprise algorithms for analyzing received data and determining if such data is valid.
- Configuration data 324 may also be maintained in memory 304 .
- the configuration data 324 describes operating characteristics of the computational device 104 , 204 such as model number, firmware version(s), software version(s), computational device 104 , 204 identifier, and other data which describes the computational device 104 , 204 .
- the characteristics of computational device 104 , 204 may be inherent characteristics or provisioned characteristics.
- the memory 304 may also contain heuristic instructions for detecting attacks on the computational device 104 , 204 or other components of the access control system 100 . Details of a computational device 104 , 204 configured with embedded attack detection heuristics is further described in U.S. Patent Publication No. 2010/0039220 to Davis, the entire contents of which are hereby incorporated herein by reference.
- Other components of memory 204 may include a User Interface (UI) driver 328 and an operating system 332 , which is a high-level application that facilitates interactions between various other modules and applications in memory 204 and hardware components of the computational device 104 , 204 .
- the UI driver 328 may be responsible for facilitating operations of the user interface 112 .
- the UI driver 328 includes commands for determining when user inputs are received at the user interface 112 , identifying parameters of user inputs received at the user interface 112 , conditioning parameters of use inputs received at the user interface 112 into data values which can be processed by the modules contained in memory 304 , determining what and when to display data as an output at the user interface 112 , and the like.
- the UI driver 328 may contain any commands necessary to provide a secure user interface 112 as described herein.
- the processor 336 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming.
- DSP digital signal processor
- the various modules described herein may be implemented as hardware or firmware rather than software and the processor 304 may comprise a specially configured Application Specific Integrated Circuit (ASIC).
- ASIC Application Specific Integrated Circuit
- FIGS. 4A-D an exemplary user interface 112 and process for securely entering data via the user interface 112 will be described in accordance with at least some embodiments of the present disclosure.
- the process depicted and described enters the simple number combination of “639”.
- alphanumeric inputs and more complicated data values may be utilized and the example depicted in FIGS. 4A-D is merely illustrative of one type of data input which can be realized with the user interface 112 of the present disclosure.
- a user's finger is depicted as providing the input on a user input portion 404
- any other type of mechanism may be utilized to interact with the user input portion 404 .
- the user may interact with the user input portion 404 with a stylus, pen, mouse, etc.
- the user interface 112 may comprise both a user input portion 404 and a separate user output portion 408 .
- the user input portion 404 may comprise a number of input zones 412 a -N, each corresponding to a different input value.
- a user engages the user interface 112 by touching the user input portion 404 .
- the touching of the user input portion 404 is detected by a pressure-sensitive user input portion 404 .
- the user input portion 404 may be configured with optics which detects a user's input by taking a plurality of images and determining that the user's finger is engaged with and moving across the user input portion 404 .
- the user input zones 412 a -N are sequentially activated and deactivated (i.e., the data value corresponding to the input zone 412 where the user's finger is currently detected is displayed via the user output portion 408 ), based on detection of the user's finger within a particular user input zone 412 .
- the first input zone 412 a may be assigned a first data value
- the second input zone 412 b may be assigned a second data value
- the third input zone 412 c may be assigned a third data value, and so on.
- the first data value may be displayed via the user output portion 408 . While sliding, the user's finger transitions from the first input zone 412 a to the second input zone 412 b. Once a greater amount of the user's finger area is within the second input zone 412 b instead of the first input zone 412 a, the user output portion 408 displays the second data value instead of the first data value.
- the user continues moving their finger across the user input portion 404 until they reach the desired input zone 416 , which corresponds to the data value that the user wants to enter.
- the desired data value is depicted via the user output portion 408 .
- the user sees the desired data value in the user output portion 408 , the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a first data input.
- the first data input corresponds to the data value of 6 .
- each input zone 412 a -N may be re-assigned to new input zones.
- each input zone 412 a -N may continue to have the same data value assigned thereto until a complete data entry has been completed or until an invalid data entry has been detected.
- the first data input may be provided from the UI driver 326 to the authentication module 312 immediately after it has been input by the user or it may be stored in cache memory until the user selects enter, at which time a series of data inputs is provided to the authentication module 312 for analysis.
- the user may re-engage the user input portion 404 to provide a second instance of data input as is depicted in FIG. 4B .
- different data values may be assigned to the input zones 412 a -N
- the process for providing the data input is similar to the first instance of the data input.
- the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
- the user is able to determine that their finger is within the desired input zone 416 by monitoring the value displayed via the user output portion 408 .
- the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a second data input.
- the second data input corresponds to the data value of 3.
- the user may re-engage the user input portion 404 to provide a third instance of data input as is depicted in FIG. 4C .
- the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
- the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a third data input.
- the third data input corresponds to the data value of 9.
- the user then has to engage the user input portion 404 to command the UI driver 328 to enter the complete data entry and provide the complete data entry to the authentication module 312 .
- the enter command is entered in a similar fashion as the first, second, and third data inputs were entered.
- the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
- the enter command is assigned to the desired input zone 416 instead of a data value.
- the user releases their finger from the user input portion 404 after they determine that their finger is within the desired input zone 416 and the enter command is provided to the UI driver 328 , thereby causing the UI driver 328 to send the complete data entry to the authentication module 312 for analysis.
- the active implementation of an enter input is not required.
- the E key is not displayed and, instead, the data entry is complete after the last digit has been entered.
- the authentication module 312 may determine that the user is allowed to access whatever asset is being secured by the computational device 104 , 204 . In response to making such a determination, the computational device 104 , 204 may allow the user access to whatever asset was previously secured.
- each input zone 412 a -N may be assigned a different data value.
- the data value-to-input zone assignment may be configured to last permanently, for a predetermined amount of time, until a predetermined event occurs, and so on.
- each input zone 412 a -N may have new data values assigned thereto after every instance of user input.
- the data values assigned to the input zones 412 a -N may be flipped-flopped after every instance of user input or after every instance of a completed data entry.
- the data values assigned to the input zones 412 a -N may vary between numeric data values and then alphabetical/character data values after every instance of user input.
- the spaces between input zones 412 a -N or relative sizes of input zones 412 a -N may be altered after every instance of user input or after every instance of a completed data entry.
- the data values assigned to the input zones 412 a -N may be randomly re-assigned after every instance of user input or after every instance of a completed data entry. Combinations of the above examples may also be implemented.
- a more secure user interface 112 can be provided.
- changing the data values assigned to the input zones 412 a -N helps ensure that a particular pattern cannot be discerned as corresponding to a valid input since the same values will likely be input with different patterns.
- the exemplary configurations of the data value-to-input zone assignments represent only a few of the many possible configurations (whether specifically discussed or not) may be utilized by the user interface 112 .
- a first exemplary configuration of a user input portion 404 is depicted where the data values are assigned incrementally to adjacent input zones 412 starting at the left and moving to the right.
- a second exemplary configuration of a user input portion 404 is depicted where the data values are assigned decrementally to adjacent input zones 412 starting at the left and moving to the right.
- a third exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412 .
- the enter command is assigned to the Nth input zone 412 N.
- certain configurations may allow the enter command to be assigned to some input zone 412 that is surrounded by at least two input zones 412 .
- a fourth exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412 and the enter command is assigned to the first input zone 412 a.
- a fifth exemplary configuration of a user input portion 404 is depicted where the size of each input zone 412 varies from one input zone to the next.
- the alteration of size/area of input zones 412 may be coupled with other configurations described herein to further enhance the security of the user interface 112 .
- a sixth exemplary configuration of a user input portion 404 is depicted where data values are assigned to all but two of the input zones 412 a -N, the enter command is assigned to the first input zone 412 a, and a clear command is assigned to the Nth input zone 412 N.
- the clear command can be used to delete the last data value that was entered by a user or to delete a complete data entry.
- the user interface 112 may comprise a controller 604 which includes one or more links to a user input 608 , one or more links to a user output 612 , and one or more links to a communication network.
- the controller 604 corresponds to a microcontroller and may be implemented as part or all of the processor 336 .
- the user input 608 may correspond to a linear potentiometer (resistive or capacitive) which is configured to detect pressure applied thereto and a location of such pressure and provide an output electrical signal to the controller 604 in response thereto.
- the controller 604 may be configured to analyze the electrical signals received from the user input 608 , determine a data value associated with such electrical signals, and send a command to the user output 612 which causes the user output 612 to display the data values so that they can be perceived by the user.
- the user output 612 corresponds to a single or multiple digit seven segment LED/LCD display and the controller 604 may comprise an 8 bit or higher analog-to-digital converter which converts analog signals received from the user input 608 into digital signals for transmission to the user output 612 .
- connection to the communication network may be implemented as any type of known communication interfaces 344 .
- Examples of such communication interfaces 344 include, without limitation, a Wiegand port, an RS485 output, an Ethernet port, a USB port, and the like.
- the method begins at step 704 and continues when user interaction with the user interface 112 is detected (step 708 ).
- detection of user activity at the user interface 112 may trigger the initiation of the user input capture method.
- the way in which user activity is detected at the user interface 112 will depend on the type of user interface 112 being utilized. In particular, if a user interface 112 is employed that includes a pressure-sensitive user input portion 404 , then detection of user activity occurs when pressure is detected as being applied at a concentrated point or area within the user input portion 404 . If a user interface 112 is employed that includes an optical user input portion 404 , then detection of user activity occurs when one or more images are captured which indicate that a user has touched the user input portion 404 .
- the method continues with the controller 604 or UI driver 328 determining the data value corresponding to the currently selected input zone 412 and causing the determined data value to be displayed via a user output portion 408 of the user interface 112 (step 712 ).
- the controller 604 or UI driver 328 determines if the release of pressure has been detected (step 716 ).
- the amount of pressure release required to affirmatively answer the query of step 716 may vary depending upon tolerances of the user input portion 404 , environmental factors, and the like. In some embodiments, a complete release of pressure (i.e., a reading of ambient pressure only) may be required to satisfy the query of step 716 . Alternatively, the pressure may only need to be decreased by a predetermined amount or by a predetermined percentage of the maximum pressure detected during step 708 .
- step 712 a new data value is determined and displayed if the user scrolls their finger into a new input zone 412 of the user input portion 404 .
- step 716 the method continues with the controller 604 or UI driver 328 determining if the release occurred within a defined input zone 412 having a data value or command associated therewith (step 728 ). If not, then an error message is displayed via the user output portion 408 (step 724 ). Thereafter, the determination is made as to whether the user input capture method is done (step 728 ). This query may be answered negatively if user input is again detected at the user input portion 404 within a predetermined amount of time after the error message was displayed.
- the query of step 728 may be answered affirmatively if a predetermined number of errors occurred within a predetermined amount of time or if some other user input was detected which suggests that the computational device 104 , 204 is under a potential attack. For example, if the user engages a panic input (e.g., by applying a pressure at the user input portion 404 that is greater than a predetermined pressure threshold), then the query of step 728 may be answered affirmatively. If the query of step 728 is answered affirmatively, then the user input capture method is concluded (step 732 ). In some embodiments, an additional step of temporarily disabling some or all functionality of the computational device 104 , 204 may be performed if it is determined that the computational device 104 , 204 is potentially under attack.
- step 728 If the query of step 728 is answered negatively, then the method returns to step 708 .
- step 720 if the user releases the user input portion 404 within an input zone having a data value assigned thereto, then the controller 604 or UI driver 328 determines the data value currently corresponding to the input zone 412 where the pressure was last detected (e.g., where the release was detected) (step 736 ).
- the data value determined during the first iteration of step 736 may correspond to a first data input.
- the method continues by determining whether or not there will be more data entry before data is transmitted to the authentication module 312 for analysis (step 740 ). If no additional data capture is necessary (e.g., the user has selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 sequentially rather than as a string of data values), then the first data input is transmitted to the authentication module 312 for analysis (step 744 ). Alternatively, the first data input may be transmitted to a networked device 108 for analysis. Thereafter, the method continues to step 728 to determine whether additional data inputs are being received or whether the user input capture method is complete.
- step 740 if additional data capture is necessary (e.g., the user has not selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 as a string of data values rather than sequential inputs), then the first data input is stored in a cache memory for later transmission with other data inputs that are yet to be captured (step 748 ). Thereafter, the method returns to step 708 to begin the process of capturing the second data input, third data input, and so on until the user selects the enter command or until a predetermined number of data inputs have been captured.
- the method begins when user input is received at the user interface 112 (step 804 ). Thereafter, the method may proceed down one of two paths depending upon a number of considerations. One path corresponds to a process of determining a user input parameter average (or other result obtained from a different mathematical formula), whereas the other path corresponds to a process of analyzing the currently received user input based on a historical user input parameter average to determine if the currently received user input is suspect.
- the analysis process is generally not performed until a predetermined and suitable number of user inputs have been received such that a user input parameter average is determined and the standard deviation of the user input parameters used to calculate the average is less than a predetermined threshold value.
- one or more parameters of interest are determined for the recently received user input (step 808 ).
- Exemplary parameters of interest which may be determined in this step include amount of pressure applied to the user input portion 404 , size of finger, fingerprints or fingerprint characteristics, slide speed, and so on.
- the determined parameter(s) of interest determined for the recently received user input are then used to determine an average of the parameter(s) of interest (step 812 ).
- the average values may be based on all user inputs received or based only on valid user inputs received.
- the method continues with the authentication module 312 comparing one or more parameters of interest from the recently received user input with averages of the corresponding one or more parameters of interest (step 816 ). Based on the comparison of step 816 , the authentication module 312 determines if the parameter(s) of interest for the recently received user input are valid (step 820 ). In this step, the authentication module 312 may determine that user inputs are invalid or suspect if they have a parameter of interest which deviates from the average by more than a predetermined threshold value (i.e., by either exceeding or falling below the average).
- a predetermined threshold value i.e., by either exceeding or falling below the average.
- the computational device 104 , 204 may perform one or more actions which are consistent with determining that an invalid or suspect user input has been received (step 824 ). Such actions may include slowing down the rate at which entries are accepted by the computational device 104 , 204 , temporarily disabling functionality of the computational device 104 , 204 , permanently disabling functionality of the computational device 104 , 204 , transmitting a message to security personnel, sounding an alarm, combinations thereof, or the like.
- step 820 If, however, the query of step 820 is answered affirmatively, then the method may continue with the process of determining a user input parameter average.
- a linear potentiometer is not the only type of user input portion 404 that can be utilized to achieve a cost-effective but secure user interface 112 . Rather, the use of a touch screen configured to simultaneously detect and analyze multiple inputs can be utilized. In such an implementation in addition to sliding motions, different gesturing motions, such as pinching, could be utilized to select individual digits. In particular, if a pinching gesture is utilized to achieve a user input, then the relative distance between the user's two fingers may be correlated to the input zones 412 described above.
- a very small distance (e.g., 1-5 mm) between the user's two fingers may correspond to the Nth input zone 412 N whereas a very larger distance (e.g., 10-20 cm) between the user's two fingers may correspond to the first input zone 412 a.
- All other aspects of the present disclosure may be performed in substantially the same way as described. Specifically, there could be separate pinch zones for each data value in a multi-digit entry.
- the electronics of the user interface 112 including the controller 604 , the connections between the controller 604 , the user input 608 , and the user output 612 may be potted in a potting material, thereby making the user interface 112 substantially weather resistant.
- a pressure sensitive device could be used to select data inputs where different magnitudes of applied pressure correspond to the input zones 412 described above.
- a number of different magnitudes of applied pressure may have different data values assigned thereto.
- the different data values may be displayed via the user output 408 .
- the user may completely release the user input portion 404 and the data value corresponding to the last-displayed data value is selected as the data input.
- the value may correspond to a digit, an enter command, a clear command, or a series of input commands.
- a pressure sensor may also enable additional inputs without requiring the user to slide their finger across the user input portion 404 .
- a user may press the user input portion 404 extra “hard” (e.g., applies a pressure greater than a predetermined amount of pressure) to signify: (1) that data entry is complete; (2) that one or more previous entries should be erased; or (3) that the user is under duress and security personnel should be notified.
- a reserved code can be utilized to enter a “programming mode” where the configuration data 324 can be changed.
- the configuration data 324 may define how configurations of the user input portion 404 are scrambled between user inputs, the number of digits to be displayed via the user output portion 408 , data output formats, the programming mode code, a list of one or more input passwords that will unlock access to the asset, etc.
- the programming mode one or more of these operating characteristics can be modified.
- a biometric swipe sensor may be designed to utilize some or all of the concepts disclosed herein.
- the biometric swipe sensor can be configured to detect partial swipes of a user's finger and correlate different amounts of partial swipes to a different input value. During such partial swipes, the user's finger print may also be analyzed as a second factor of authentication.
- machine-executable instructions may be stored on one or more machine readable mediums, such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions.
- machine readable mediums such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions.
- the methods may be performed by a combination of hardware and software.
- a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged.
- a process is terminated when its operations are completed, but could have additional steps not included in the figure.
- a process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
- embodiments- may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof.
- the program code or code segments to perform the necessary tasks may be stored in a machine readable medium such as storage medium.
- a processor(s) may perform the necessary tasks.
- a code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements.
- a code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Social Psychology (AREA)
- General Health & Medical Sciences (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
A computational device having a user interface is disclosed, the user interface enables a user to securely enter data into the computational device. In particular, the user interface may include a user input portion and a user output portion. The user input portion may be partitioned into a number of input zones, each having a data value associated therewith that when engaged by a user causes the data value associated with the engaged input zone to be provided as input to the computational device.
Description
- The present disclosure is generally directed toward data entry into user devices and particularly toward mechanisms for securing the same.
- Secure and private entry of data has always been a major concern in systems intended to control access to a resource or a facility. In many such systems such as those used in the physical and logical access control industries, restricted access is provided to a select group of users via a numeric keypad alone or a keypad incorporated into a reader. These keypads typically have a set of numbers plus special symbols (characters) that are exposed to the user side for data entry. These characters are connected to an electronic device with intelligence to recognize the characters entered (decode) and compare them to the code required to provide entrance to the system. Sometimes this device does not actually process the entered code and instead, transmits this to another device to actually perform the comparison. The users interact with the system by pressing the appropriate characters that represent an access code or password specifically chosen for that system. Examples of such keypads are those employed at credit card terminals, burglar alarm keypads, and access control keypads.
- Traditional keypads have static configurations. They generally consist of numbered buttons ranging from 0 through 9 and an “*” and a “#” button much like a typical telephone keypad. Such numbers exist in a common pattern and hence the user or anyone with knowledge of the pattern can simply enter the code without looking at numbers on the keypad. While this is particularly useful for users with sight impairments, it negatively impacts the security of the system because patterns can be deduced more easily than the codes themselves.
- One example of the utilization of such keypads is in parking applications such as entrance to a parking facility or a residential gated community which have gated entrances secured with an access control keypad. To gain entry to the secured area, a user must provide the keypad with a valid a security code. All individuals with permission to enter the facility are provided with a common security/access code which opens the gate and allows entry on to the premises. Usage in which all individuals have the same password are typically referred to as “common code” systems.
- In single common code systems, the numbers or range of possible numbers (i.e., the number of possible combinations) which make up a user's password is finite and can be deduced in several ways. A non-authorized user may observe a user and the patterns typed in, significantly reducing the security of the system. Additionally, the non-authorized user may acquire the password by analyzing the physical keypads for wear. Wear indicates high utilization and would also significantly narrow down the range of possibilities. More sophisticated methods of compromising such systems include “dusting” the keys or applying non-visible material in an attempt to determine which keys comprise the password.
- In statistical measure, if we assume a typical keypad with digits 0 through 9 and an “*” and “#” button, if the access code is four digits, then the probability of guessing the correct code is (1/9!*1/4!) or 1 chance in 157,464. However, assume that the user can reduce the digits used to the four most commonly utilized digits based on the wear of the keypad numbers. This probability then reduces to (1/4!) or 1 chance in 24.
- For these reasons and more, it would be desirable to have an improved method for increasing security of systems accessed utilizing security keypads. Additionally, it would be desirable to have such an improved method for increasing security of systems wherein the keypad configuration changes automatically after each or a series of user interfaces.
- Some solutions have been proposed to address the above-described problem. One common example is referred to as a Hirsch ScramblePad®. The particular construction of the Hirsch ScramblePad® is described in detail in one or more of U.S. Pat. Nos. 4,333,090; 4,479,112; and 4,644,326; all of which are hereby incorporated herein by reference in their entirety. The main concept behind the Hirsch ScramblePad® is to randomize the number which is assigned to a given key for every instance a user is required to provide input via the keypad. This means that the same valid code will not be entered with the same pattern. Rather, different physical keys will need to be depressed to enter the same valid code at different times. Accordingly, the idea of utilizing a variable keypad addresses many of the security concerns described above. Other mechanisms for securing user input are described, for example, in U.S. Pat. Nos. 4,100,534; 4,221,975; 4,369,973; 4,502,048; 4,806,745; 5,949,348; 5,970,146; 6,049,790; 6,317,835; 6,434,702; 6,549,194; and 7,479,949; all of which are hereby incorporated herein by reference in their entirety.
- A problem common to all of the above-noted solutions is that they are complex and, therefore, very costly to implement. Implementing these solutions in many situations becomes cost-prohibitive. Accordingly, there exists a need for a secure yet cost-effective mechanism for securing data entries of a user.
- It is, therefore, one aspect of the present disclosure to provide a secure and cost-effective solution for securing data entries of a user in a computational device. In particular, embodiments of the present disclosure propose solutions in which the confidentiality of user inputs are protected-by a combination of visual data scrambling and off-angle viewing techniques. The proposed solutions can be implemented at a fraction of the cost of existing solutions.
- In one embodiment of the present disclosure, a user input is provided which includes a linear position sensor that is configured to determine if a user's finger is touching the user input as well as the position of where the sensor is being touched. As a user's finger is touching the user input, the user is required to slide their finger along the user input in a scrolling motion. As the user scrolls their finger across the user input and, therefore, across a number of input zones, a user output displays the data value currently corresponding to the input zone where the user's finger is located. When the user sees that the desired data value is depicted by the user output, the user removes their finger from the user input and the data value currently corresponding to the input zone where the user's finger was last located is provided as a data input for a computational device. This process can be repeated until the user has entered the entire password.
- When the number of digits in the password is not a fixed number, then we can add an additional symbol to the set of characters that are displayed as the user slides his finger along the user input device. This symbol e.g., “E” for enter, is used as a terminator to indicate that all of the data has been entered.
- Since it is possible that the user has incorrectly entered data, we need to provide a way for the user to clear the previous entries and start again. This can be accomplished by the use of an additional symbol. When the user slides his finger and this symbol is displayed, e.g., “C” for clear, then the input data is cleared and the process starts again.
- The linear input sensor may be comprised of a linear resistor, linear capacitive element, a full finger biometric sensor, a swipe biometric sensor, and a touch-sensitive screen such as what is used on the Apple iPhone®. This linear sensor may be constructed in a straight line or can be in shapes or even circular and could even be incorporated into the handle of a door lock in which the motion is twisting left or right.
- One or more additional security mechanisms may be employed to further enhance the security with which user inputs are captured. As one example, the input zones of the user input may be re-assigned random and different data values for every instance where a user input is to be captured. As another example, they could be arranged in ascending order and then descending order. As another example, the size and/or configuration of the input zones themselves may be altered for every instance where a user input is to be captured. As another example, a number of different types of user output may be utilized ranging between a single digit display, a multi-digit display, and a touch-screen that incorporates the user output into the same area as the user input.
- In some embodiments, it may also be possible to capture one or more parameters (e.g., applied pressure, slide speed, fingerprint, finger size, etc.) of a user's input. The captured parameters may be mathematically/statistically assessed over a number of valid user inputs and after an appropriate number of valid user inputs have been received and the associated parameters have been incorporated into an average (or mean or some other value obtained from a mathematical formula), the average of the captured parameters can be compared to the current parameter and, if different by a certain amount, may be used to detect potentially suspect user inputs.
- It is another aspect of the present disclosure to provide a privacy shielding material over the user output to limit off-axis viewing of the user output such as 3M Vikuiti™ Light Control Film. For stronger off-axis viewing protection, the user output may be recessed within the computational component and louvers may be utilized.
- It is another aspect of the present disclosure to provide interchangeable snap-in bezels which enable an input mode of the computational device to be altered. In one input mode, a scrambling keypad may be employed where a user is required to slide their fingers in a groove and across a user input device, such as the one of the several variations described above, to achieve a user input. In another input mode, a traditional keypad with numbers in standard locations could be used to achieve user input. In another mode, a gesturing keypad may be utilized whereby a plurality of intersecting grooves are provided and a user is required to slide their fingers in various patterns across the intersecting grooves to achieve the desired user input.
- The present invention will be further understood from the drawings and the following detailed description. Although this description sets forth specific details, it is understood that certain embodiments of the invention may be practiced without these specific details. It is also understood that in some instances, well-known circuits, components and techniques have not been shown in detail in order to avoid obscuring the understanding of the invention.
- The present disclosure is described in conjunction with the appended figures:
-
FIG. 1A is a block diagram of an access control system having a first configuration in accordance with embodiments of the present disclosure; -
FIG. 1B is a block diagram of an access control system having a second configuration in accordance with embodiments of the present disclosure; -
FIG. 2 is a block diagram of a user device in accordance with embodiments of the present disclosure; -
FIG. 3 is a block diagram depicting details of a reader/user device in accordance with embodiments of the present disclosure; -
FIG. 4A is a block diagram depicting a first step of securely entering data via a user interface in accordance with embodiments of the present disclosure; -
FIG. 4B is a block diagram depicting a second step of securely entering data via a user interface in accordance with embodiments of the present disclosure; -
FIG. 4C is a block diagram depicting a third step of securely entering data via a user interface in accordance with embodiments of the present disclosure; -
FIG. 4D is a block diagram depicting a fourth step of securely entering data via a user interface in accordance with embodiments of the present disclosure; -
FIG. 5A is a block diagram depicting a first configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 5B is a block diagram depicting a second configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 5C is a block diagram depicting a third configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 5D is a block diagram depicting a fourth configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 5E is a block diagram depicting a fifth configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 5F is a block diagram depicting a sixth configuration of a user input in accordance with embodiments of the present disclosure; -
FIG. 6 is a block diagram depicting details of a secure user interface in accordance with embodiments of the present disclosure; -
FIG. 7 is a flow diagram depicting a user input capture method in accordance with embodiments of the present disclosure; and -
FIG. 8 is a flow diagram depicting a user input analysis method in accordance with embodiments of the present disclosure. - The ensuing description provides embodiments only, and is not intended to limit the scope, applicability, or configuration of the claims. Rather, the ensuing description will provide those skilled in the art with an enabling description for implementing the described embodiments. It being understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the appended claims.
-
FIGS. 1A and 1B show illustrative embodiments of anaccess control system 100 in accordance with embodiments of the prior art. Both configurations of theaccess control system 100 include areader 104 that is generally provided at a strategic location to secure one or more assets. In some embodiments, thereader 104 is in communication with anetworked device 108 via a first communication link. The first communication link between thereader 104 andnetworked device 108 may be established over a secured or unsecured communication network via TCP/IP, Wi-Fi, Zigbee, Cellular modem, RS485, current loop, and Wiegand. Such areader 104 is referred to as a networked reader because thereader 104 provides some or all data used in making an access control decision to thenetworked device 108. In the embodiment depicted inFIG. 1B , thenetworked device 108 comprises the necessary functionality, in the form of anauthentication module 116, to analyze the data received from thereader 104 and make an access control decision for thereader 104. A control panel is one example of anetworked device 108 which is typically used in the access control industry. Other types ofnetworked devices 108 include a host computer with or without a web server, a server providing Software as a Service (SaaS), a cloud-based application, or the like. - After the access control decision has been made at the
authentication module 116 of thenetworked device 108, thenetworked device 108 communicates the results of the decision back to thereader 104, which comprises arelease mechanism 120 that is enabled to either release one or more assets if a decision has been made to grant access or maintain such assets in a secure state if a decision has been made to deny access. For access control applications, therelease mechanism 120 is typically a relay whereas in logical access applications, therelease mechanism 120 is realized by software instructions. - In an alternative configuration depicted in
FIG. 1A , therelease mechanism 120 may be provided in thenetworked device 108 and theauthentication module 116 may be provided in thereader 104. In this configuration, thereader 104 may make the access control decisions and report the results of those decisions to thenetworked device 108 which selectively activates therelease mechanism 120 depending upon the results of the decision made by theauthentication module 116. - One function of a
reader 104 is to control access to certain assets. More specifically, areader 104 may be positioned at an access point for a given asset (e.g., a door for a room, building, or safe, a computer for electronic files, and so on). Unless a user provides thereader 104 with a valid input via auser interface 112 of thereader 104, the access point is maintained in a secure state such that admittance or access to the asset is denied. If a user enters a valid input via theuser interface 112, then thereader 104 has the discretion to allow the user access to the asset and implement various other actions accordingly. - Although the
reader 104 is depicted as having only auser interface 112, one skilled in the art will appreciate that thereader 104 may be configured to read data from an access control credential carried by the user in addition to receiving user input from the user. A credential is a device that carries evidence of authority, status, rights, and/or entitlement to privileges for a holder of the credential. A credential is a portable device having memory and a reader interface (i.e., an antenna and Integrated Circuit (IC) chip) which enables the credential to exchange data with thereader 104, usually via a credential interface of thereader 104. One example of a credential is an RFID smartcard that has data stored thereon allowing a holder of the credential to access an asset protected by areader 104. Other examples of a machine-readable credential include, but are not limited to, proximity RFID-based cards, access control cards, credit cards, debit cards, passports, identification cards, key fobs, Near Field Communications (NFC)-enabled cellular phones, Personal Digital Assistants (PDAs), tags, or any other device configurable to emulate a virtual credential. - In embodiments where the
reader 104 is configured to receive both user input via theuser interface 112 and credential input from a credential carried by the user, thereader 104 is capable of performing dual-factor authentication by verifying both the validity of user input (i.e., something that the user knows) as well as the validity of credential input (i.e., something that the user has). Thereader 104 may also be configured to receive biometric input from the user to further enhance the security of theaccess control system 100. - As noted above, the
networked device 108 may be responsible for making some or all of the asset-access decisions based on data received at thereader 104 from the user. In some embodiments, thereader 104 may not be connected to anetworked device 108, in which ease thereader 104 is referred to as a stand-alone reader. Stand-alone readers comprise the decision-making components necessary to analyze input received from a user and determine, based on the received input, if the user is entitled to access an asset secured by thereader 104. The access control rules for entry including time zone, day of week, etc. may be contained in a database in the stand-alone reader that is programmable by methods including using the keypad itself, using a PDA or mobile phone via NFC, infrared light, audio, or a wired connection. In some cases, the access control decision rules may be contained in the machine-readable credential read at the reader incorporated into the stand-alone device/user input combination. Stand-alone readers are generally desirable in situations where areader 104 is in an isolated location and a communication link between thenetworked device 108 andreader 104 is not easily established. - In configurations where the
reader 104 is a networked reader, a communications network may be used to establish the communication link between thereader 104 andnetworked device 108. Exemplary communication networks may provide bi-directional communication capabilities, which may selectively be implemented in a form of wired, wireless, fiber-optic communication links, or combinations thereof Even though the communication link between thenetworked device 108 andreader 104 is depicted as bi-direction, one skilled in the art can appreciate that the communication link may be unidirectional. As one example, thereader 104 may utilize the Wiegand protocol to communicate with thenetworked device 108. - The communication link between the
reader 104 andnetworked device 108 may be implemented utilizing buses or other types of device connections. The protocols used to communicate between thenetworked device 108 and thereader 104 may include one or more of the TCP/IP protocol, RS 232, RS 485, Current Loop, Power of Ethernet (POE), Bluetooth, Zigbee, GSM, WiFi, and other communication methods and protocols known in the art. - The
networked device 108 may be a general-purpose computer adapted for multi-task data processing and suitable for use in a commercial setting. Alternatively, thenetworked device 108 may be implemented as a host computer or server and thereader 104 can be connected to the host computer via a TCP/IP connection or other type of network connection. A memory comprising a database of records for thesystem 100 may be associated with thenetworked device 108. The database, although not depicted, may be integral with or separated from thenetworked device 108 or it may be incorporated into thereader 104. The database maintains records associated with thereaders 104, users, algorithm(s) for acquiring, decoding, verifying, and modifying data contained in thereaders 104, algorithm(s) for testing authenticity and validity of user inputs, algorithm(s) for implementing actions based on the results of these tests, and other needed software programs. Specific configurations of thenetworked device 108 are determined based on and compliant with computing and interfacing capabilities of thereaders 104. -
FIG. 2 depicts anexemplary user device 204, which may be equipped with auser interface 112 that is similar or identical to theuser interface 112 of thereader 104. Theuser device 204 may correspond to any type of device capable of performing one or more actions based on input received at theuser interface 112. Although not depicted, theuser device 204 may also be connected to a communication network and may be configured to exchange messages withnetworked devices 108 via the network. Examples of auser device 204 include, without limitation, a computer, laptop, netbook, iPad®, iPod®, iPhone®, mobile/cellular phone, telephone, Personal Digital Assistant (PDA), or the like. - With reference now to
FIG. 3 , additional details of areader 104 and/or user device 204 (collectively referred to hereinafter as a “computational device computational device memory 304 that includes a number ofinstructions 308, modules, and other data structures as well as aprocessor 336 for executing theinstructions 308 and other contents ofmemory 304. - The
computational device communication interface 344 which allows thecomputational device networked device 108. Exemplary types ofcommunication interfaces 344 include, without limitation, an RF antenna and driver, an infrared port, a fiberoptics interface, a Universal Serial Bus (USB) port, an Ethernet port, a serial data port, a parallel data port, any type of interface which facilitates communications over a packet-based communication network, such as the Internet, and so on. - The
computational device computational device computational device system 100. In some embodiments, the credential interface includes one or more of an antenna, an array of antennas, an infrared port, an optical port, a magnetic stripe reader, a barcode reader or similar machine-vision components, a Near Field Communications (NFC) interface, or any other component or collection of components which enables thecomputational device computational device - In some embodiments, the credential interface and
communication interface 344 are of the same type (i.e., RF communication interfaces). In some embodiments, the credential interface andcommunication interface 344 are implemented as a single interface. Thus, thecomputational device networked devices 108 by using the same hardware components. - In addition to a
communication interface 344, thecomputational device user interface 112 which facilitates user interaction between thecomputational device user interface 112 may include one or more user inputs, one or more user outputs, or a combination user input/output. Exemplary user inputs include, without limitation, keypads (traditional or laser-projected), buttons, switches, a linear pressure sensor (e.g., linear potentiometer that is resistive and/or capacitive), a peripheral device such as a touch pad peripheral included as part of a PC or as a separate peripheral connected by, for example, USB, a mouse/trackball wheel, a mouse or trackball movement, optical detection technologies, pressure sensitive device, resistive, capacitive touch, electrostatic, or magnetic screen enabled to detect finger and pen input, rotating door knob, combination, lock, or the like. Exemplary user outputs include, without limitation, lights, display screens (projection, LCD, LED, OLED, plasma, etc.), individual LED's, seven segment LED display, multi-digit LED display, etc. In some embodiments, the user output may also be provided with a privacy shielding material, such as 3M's Vituki® product. The privacy shielding material may help ensure that off-axis viewing of the user output is minimized. For an even stronger protection against off-axis viewing, a louver may be utilized which recesses the actual display portion of the user output within a cavity that limits the field of view to the display portion. Exemplary combination user input/outputs may include a touch-screen interface, a multi-touch-screen interface (i.e., a touch-screen interface adapted to recognize multiple simultaneous touches, gestures, “pinches”) or any other type of interface which is capable of simultaneously displaying a user output and receiving a user input. - In addition to
memory 304, thecomputational device processing memory 340, which may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by theprocessor 336. - Whereas the
processing memory 340 is used to temporarily store data during processing tasks, thememory 304 is provided to storepermanent instructions 308 which control the operational behavior of thecomputational device memory 304 and/or 340 may be implemented using various types of electronic memory generally including at least one array of non-volatile memory cells (e.g., Erasable Programmable Read Only Memory (EPROM) cells or FLASH memory cells, etc.) Thememory 304 and/or 340 may also include at least one array of dynamic random access memory (DRAM) cells. The various routines and modules which may be included inmemory 304 comprise one or more of anauthentication module 312,authentication data 320, acommunication module 316, andconfiguration data 324. - The
communication module 316 provides instructions which enable thecomputational device communication module 316 may comprise message encoding and/or decoding instructions, message encryption and/or decryption instructions, compression and/or decompression instructions, trans-coding instructions, and any other known type of instructions which facilitate communications over a communications network. For example, thecommunication module 316 may comprise instructions which enable thecomputational device communication interface 344. Likewise, thecommunication module 316 may also comprise instructions which enable thecomputational device communication interface 344 for processing by various other components of thecomputational device - Another module which may be provided in the
instructions 308 is anauthentication module 312 that is capable of receiving data from the user input portion of theuser interface 112, analyzing the received data, and determining if the received data corresponds to valid data. In some embodiments, theauthentication module 312 may refer toauthentication data 320 which is also stored inmemory 304. In some embodiments, theauthentication data 320 may comprise a list of valid or authorized credentials and their corresponding credential data. Alternatively, theauthentication data 320 may comprise algorithms for analyzing received data and determining if such data is valid. -
Configuration data 324 may also be maintained inmemory 304. In some embodiments, theconfiguration data 324 describes operating characteristics of thecomputational device computational device computational device computational device - Although not depicted, the
memory 304 may also contain heuristic instructions for detecting attacks on thecomputational device access control system 100. Details of acomputational device memory 204 may include a User Interface (UI)driver 328 and anoperating system 332, which is a high-level application that facilitates interactions between various other modules and applications inmemory 204 and hardware components of thecomputational device UI driver 328 may be responsible for facilitating operations of theuser interface 112. In some embodiments, theUI driver 328 includes commands for determining when user inputs are received at theuser interface 112, identifying parameters of user inputs received at theuser interface 112, conditioning parameters of use inputs received at theuser interface 112 into data values which can be processed by the modules contained inmemory 304, determining what and when to display data as an output at theuser interface 112, and the like. In other words, theUI driver 328 may contain any commands necessary to provide asecure user interface 112 as described herein. - The
processor 336 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming. Alternatively, the various modules described herein may be implemented as hardware or firmware rather than software and theprocessor 304 may comprise a specially configured Application Specific Integrated Circuit (ASIC). - With reference now to
FIGS. 4A-D , anexemplary user interface 112 and process for securely entering data via theuser interface 112 will be described in accordance with at least some embodiments of the present disclosure. The process depicted and described enters the simple number combination of “639”. As can be appreciated, alphanumeric inputs and more complicated data values may be utilized and the example depicted inFIGS. 4A-D is merely illustrative of one type of data input which can be realized with theuser interface 112 of the present disclosure. - Also, although a user's finger is depicted as providing the input on a
user input portion 404, any other type of mechanism may be utilized to interact with theuser input portion 404. For example, the user may interact with theuser input portion 404 with a stylus, pen, mouse, etc. - The
user interface 112 may comprise both auser input portion 404 and a separateuser output portion 408. Theuser input portion 404 may comprise a number ofinput zones 412 a-N, each corresponding to a different input value. A user engages theuser interface 112 by touching theuser input portion 404. In some embodiments, the touching of theuser input portion 404 is detected by a pressure-sensitiveuser input portion 404. In some embodiments, theuser input portion 404 may be configured with optics which detects a user's input by taking a plurality of images and determining that the user's finger is engaged with and moving across theuser input portion 404. As the user slides their finger across theuser input portion 404 in the direction ofarrow 420, theuser input zones 412 a-N are sequentially activated and deactivated (i.e., the data value corresponding to theinput zone 412 where the user's finger is currently detected is displayed via the user output portion 408), based on detection of the user's finger within a particularuser input zone 412. - In some embodiments, during the first instance of user input depicted in
FIG. 4A , thefirst input zone 412 a may be assigned a first data value, thesecond input zone 412 b may be assigned a second data value, thethird input zone 412 c may be assigned a third data value, and so on. When the user initially touches thefirst input zone 412 a, the first data value may be displayed via theuser output portion 408. While sliding, the user's finger transitions from thefirst input zone 412 a to thesecond input zone 412 b. Once a greater amount of the user's finger area is within thesecond input zone 412 b instead of thefirst input zone 412 a, theuser output portion 408 displays the second data value instead of the first data value. The user continues moving their finger across theuser input portion 404 until they reach the desiredinput zone 416, which corresponds to the data value that the user wants to enter. Upon reaching the desiredinput zone 416, the desired data value is depicted via theuser output portion 408. When the user sees the desired data value in theuser output portion 408, the user releases their finger from theuser input portion 404 and the data value corresponding to the desiredinput zone 416 is entered as a first data input. In the example ofFIG. 4A , the first data input corresponds to the data value of 6. - After the first instance of user input, the data values assigned to each
input zone 412 a-N may be re-assigned to new input zones. Alternatively, eachinput zone 412 a-N may continue to have the same data value assigned thereto until a complete data entry has been completed or until an invalid data entry has been detected. In other words, it may be possible to re-assign data values to inputzones 412 a-N every time a new data input is received, after a complete valid password has been received, after the enter or clear input has been selected, or after an incomplete password has been received. - Moreover, the first data input may be provided from the UI driver 326 to the
authentication module 312 immediately after it has been input by the user or it may be stored in cache memory until the user selects enter, at which time a series of data inputs is provided to theauthentication module 312 for analysis. - Following the first data input, the user may re-engage the
user input portion 404 to provide a second instance of data input as is depicted inFIG. 4B . Although different data values may be assigned to theinput zones 412 a-N, the process for providing the data input is similar to the first instance of the data input. In particular, the user slides their finger across theinput zones 412 a-N of theuser input portion 404 until their finger reaches the desiredinput zone 416. The user is able to determine that their finger is within the desiredinput zone 416 by monitoring the value displayed via theuser output portion 408. Once the user's finger is within the desiredinput zone 416, the user releases their finger from theuser input portion 404 and the data value corresponding to the desiredinput zone 416 is entered as a second data input. In the example ofFIG. 4B , the second data input corresponds to the data value of 3. - Following the second data input, the user may re-engage the
user input portion 404 to provide a third instance of data input as is depicted inFIG. 4C . Again, the user slides their finger across theinput zones 412 a-N of theuser input portion 404 until their finger reaches the desiredinput zone 416. Once the user's finger is within the desiredinput zone 416, the user releases their finger from theuser input portion 404 and the data value corresponding to the desiredinput zone 416 is entered as a third data input. In the example ofFIG. 4C , the third data input corresponds to the data value of 9. - Assuming that a complete and valid data entry is “639”, the user then has to engage the
user input portion 404 to command theUI driver 328 to enter the complete data entry and provide the complete data entry to theauthentication module 312. The enter command is entered in a similar fashion as the first, second, and third data inputs were entered. In particular, the user slides their finger across theinput zones 412 a-N of theuser input portion 404 until their finger reaches the desiredinput zone 416. As can be seen inFIG. 4D , in this step of the process, the enter command is assigned to the desiredinput zone 416 instead of a data value. The user releases their finger from theuser input portion 404 after they determine that their finger is within the desiredinput zone 416 and the enter command is provided to theUI driver 328, thereby causing theUI driver 328 to send the complete data entry to theauthentication module 312 for analysis. - In some embodiments, however, if the code to be entered is a fixed number of digits, then the active implementation of an enter input is not required. In particular, the E key is not displayed and, instead, the data entry is complete after the last digit has been entered.
- If the complete data entry corresponds to a valid user input, then the
authentication module 312 may determine that the user is allowed to access whatever asset is being secured by thecomputational device computational device - With reference now to
FIGS. 5A-F , a number of possible configurations of auser input portion 404 of auser interface 112 will be described in accordance with embodiments of the present disclosure. As discussed above, eachinput zone 412 a-N may be assigned a different data value. The data value-to-input zone assignment may be configured to last permanently, for a predetermined amount of time, until a predetermined event occurs, and so on. As one example, eachinput zone 412 a-N may have new data values assigned thereto after every instance of user input. As another example, the data values assigned to theinput zones 412 a-N may be flipped-flopped after every instance of user input or after every instance of a completed data entry. As another example, the data values assigned to theinput zones 412 a-N may vary between numeric data values and then alphabetical/character data values after every instance of user input. As another example, the spaces betweeninput zones 412 a-N or relative sizes ofinput zones 412 a-N may be altered after every instance of user input or after every instance of a completed data entry. An another example, the data values assigned to theinput zones 412 a-N may be randomly re-assigned after every instance of user input or after every instance of a completed data entry. Combinations of the above examples may also be implemented. - By providing a
user input portion 404 with the ability to have the data values assigned to theinput zones 412 a-N according to a number of different configurations, a moresecure user interface 112 can be provided. In particular, changing the data values assigned to theinput zones 412 a-N helps ensure that a particular pattern cannot be discerned as corresponding to a valid input since the same values will likely be input with different patterns. The exemplary configurations of the data value-to-input zone assignments represent only a few of the many possible configurations (whether specifically discussed or not) may be utilized by theuser interface 112. - Referring initially to
FIG. 5A , a first exemplary configuration of auser input portion 404 is depicted where the data values are assigned incrementally toadjacent input zones 412 starting at the left and moving to the right. - With reference to
FIG. 5B , a second exemplary configuration of auser input portion 404 is depicted where the data values are assigned decrementally toadjacent input zones 412 starting at the left and moving to the right. - With reference to
FIG. 5C , a third exemplary configuration of auser input portion 404 is depicted where the data values are assigned randomly to theinput zones 412. In the first, second, and third exemplary configurations, the enter command is assigned to theNth input zone 412N. As can be appreciated, certain configurations may allow the enter command to be assigned to someinput zone 412 that is surrounded by at least twoinput zones 412. - With reference to
FIG. 5D , a fourth exemplary configuration of auser input portion 404 is depicted where the data values are assigned randomly to theinput zones 412 and the enter command is assigned to thefirst input zone 412 a. - With reference to
FIG. 5E , a fifth exemplary configuration of auser input portion 404 is depicted where the size of eachinput zone 412 varies from one input zone to the next. The alteration of size/area ofinput zones 412 may be coupled with other configurations described herein to further enhance the security of theuser interface 112. - With reference to
FIG. 5F , a sixth exemplary configuration of auser input portion 404 is depicted where data values are assigned to all but two of theinput zones 412 a-N, the enter command is assigned to thefirst input zone 412 a, and a clear command is assigned to theNth input zone 412N. In some embodiments, the clear command can be used to delete the last data value that was entered by a user or to delete a complete data entry. - With reference now to
FIG. 6 , exemplary components of auser interface 112 are depicted in accordance with at least some embodiments of the present disclosure. The components used to construct theuser interface 112 provide both a secure mechanism for capturing user input as well as a cost-effective alternative to the Hirsch ScramblePad® and similar secure data-entry technologies. In some embodiments, theuser interface 112 may comprise acontroller 604 which includes one or more links to auser input 608, one or more links to auser output 612, and one or more links to a communication network. In some embodiments, thecontroller 604 corresponds to a microcontroller and may be implemented as part or all of theprocessor 336. - The
user input 608 may correspond to a linear potentiometer (resistive or capacitive) which is configured to detect pressure applied thereto and a location of such pressure and provide an output electrical signal to thecontroller 604 in response thereto. Thecontroller 604 may be configured to analyze the electrical signals received from theuser input 608, determine a data value associated with such electrical signals, and send a command to theuser output 612 which causes theuser output 612 to display the data values so that they can be perceived by the user. In some embodiments, theuser output 612 corresponds to a single or multiple digit seven segment LED/LCD display and thecontroller 604 may comprise an 8 bit or higher analog-to-digital converter which converts analog signals received from theuser input 608 into digital signals for transmission to theuser output 612. - The connection to the communication network may be implemented as any type of known communication interfaces 344. Examples of
such communication interfaces 344 include, without limitation, a Wiegand port, an RS485 output, an Ethernet port, a USB port, and the like. - With reference now to
FIG. 7 , an exemplary user input capture method will be described in accordance with at least some embodiments of the present disclosure. The method begins atstep 704 and continues when user interaction with theuser interface 112 is detected (step 708). In some embodiments, detection of user activity at theuser interface 112 may trigger the initiation of the user input capture method. Additionally, the way in which user activity is detected at theuser interface 112 will depend on the type ofuser interface 112 being utilized. In particular, if auser interface 112 is employed that includes a pressure-sensitiveuser input portion 404, then detection of user activity occurs when pressure is detected as being applied at a concentrated point or area within theuser input portion 404. If auser interface 112 is employed that includes an opticaluser input portion 404, then detection of user activity occurs when one or more images are captured which indicate that a user has touched theuser input portion 404. - Assuming that a pressure-sensitive
user input portion 404 is being utilized, the method continues with thecontroller 604 orUI driver 328 determining the data value corresponding to the currently selectedinput zone 412 and causing the determined data value to be displayed via auser output portion 408 of the user interface 112 (step 712). - Thereafter, the
controller 604 orUI driver 328 determines if the release of pressure has been detected (step 716). The amount of pressure release required to affirmatively answer the query ofstep 716 may vary depending upon tolerances of theuser input portion 404, environmental factors, and the like. In some embodiments, a complete release of pressure (i.e., a reading of ambient pressure only) may be required to satisfy the query ofstep 716. Alternatively, the pressure may only need to be decreased by a predetermined amount or by a predetermined percentage of the maximum pressure detected duringstep 708. - If the release of pressure has not been detected, then the method returns to step 712 and a new data value is determined and displayed if the user scrolls their finger into a
new input zone 412 of theuser input portion 404. - If, however, the query of
step 716 is answered affirmatively, then the method continues with thecontroller 604 orUI driver 328 determining if the release occurred within a definedinput zone 412 having a data value or command associated therewith (step 728). If not, then an error message is displayed via the user output portion 408 (step 724). Thereafter, the determination is made as to whether the user input capture method is done (step 728). This query may be answered negatively if user input is again detected at theuser input portion 404 within a predetermined amount of time after the error message was displayed. Conversely, the query ofstep 728 may be answered affirmatively if a predetermined number of errors occurred within a predetermined amount of time or if some other user input was detected which suggests that thecomputational device user input portion 404 that is greater than a predetermined pressure threshold), then the query ofstep 728 may be answered affirmatively. If the query ofstep 728 is answered affirmatively, then the user input capture method is concluded (step 732). In some embodiments, an additional step of temporarily disabling some or all functionality of thecomputational device computational device - If the query of
step 728 is answered negatively, then the method returns to step 708. - Referring back to step 720, if the user releases the
user input portion 404 within an input zone having a data value assigned thereto, then thecontroller 604 orUI driver 328 determines the data value currently corresponding to theinput zone 412 where the pressure was last detected (e.g., where the release was detected) (step 736). - The data value determined during the first iteration of
step 736 may correspond to a first data input. The method continues by determining whether or not there will be more data entry before data is transmitted to theauthentication module 312 for analysis (step 740). If no additional data capture is necessary (e.g., the user has selected the enter command or data inputs are provided to theauthentication module 312 ornetworked device 108 sequentially rather than as a string of data values), then the first data input is transmitted to theauthentication module 312 for analysis (step 744). Alternatively, the first data input may be transmitted to anetworked device 108 for analysis. Thereafter, the method continues to step 728 to determine whether additional data inputs are being received or whether the user input capture method is complete. - Referring back to step 740, if additional data capture is necessary (e.g., the user has not selected the enter command or data inputs are provided to the
authentication module 312 ornetworked device 108 as a string of data values rather than sequential inputs), then the first data input is stored in a cache memory for later transmission with other data inputs that are yet to be captured (step 748). Thereafter, the method returns to step 708 to begin the process of capturing the second data input, third data input, and so on until the user selects the enter command or until a predetermined number of data inputs have been captured. - With reference now to
FIG. 8 , an exemplary user input analysis method will be described in accordance with at least some embodiments of the present disclosure. The method begins when user input is received at the user interface 112 (step 804). Thereafter, the method may proceed down one of two paths depending upon a number of considerations. One path corresponds to a process of determining a user input parameter average (or other result obtained from a different mathematical formula), whereas the other path corresponds to a process of analyzing the currently received user input based on a historical user input parameter average to determine if the currently received user input is suspect. The analysis process is generally not performed until a predetermined and suitable number of user inputs have been received such that a user input parameter average is determined and the standard deviation of the user input parameters used to calculate the average is less than a predetermined threshold value. - If the method continues only with the process of determining a user input parameter average, then one or more parameters of interest are determined for the recently received user input (step 808). Exemplary parameters of interest which may be determined in this step include amount of pressure applied to the
user input portion 404, size of finger, fingerprints or fingerprint characteristics, slide speed, and so on. The determined parameter(s) of interest determined for the recently received user input are then used to determine an average of the parameter(s) of interest (step 812). The average values may be based on all user inputs received or based only on valid user inputs received. - Referring back to step 804, if the method continues with the process of determining user input validity (i.e., the analysis process), then the method continues with the
authentication module 312 comparing one or more parameters of interest from the recently received user input with averages of the corresponding one or more parameters of interest (step 816). Based on the comparison ofstep 816, theauthentication module 312 determines if the parameter(s) of interest for the recently received user input are valid (step 820). In this step, theauthentication module 312 may determine that user inputs are invalid or suspect if they have a parameter of interest which deviates from the average by more than a predetermined threshold value (i.e., by either exceeding or falling below the average). - Accordingly, if the query of
step 820 is answered negatively, then thecomputational device computational device computational device computational device - If, however, the query of
step 820 is answered affirmatively, then the method may continue with the process of determining a user input parameter average. - A number of extensions and alternative implementations are considered to be within the scope of the present disclosure. As one example, a linear potentiometer is not the only type of
user input portion 404 that can be utilized to achieve a cost-effective butsecure user interface 112. Rather, the use of a touch screen configured to simultaneously detect and analyze multiple inputs can be utilized. In such an implementation in addition to sliding motions, different gesturing motions, such as pinching, could be utilized to select individual digits. In particular, if a pinching gesture is utilized to achieve a user input, then the relative distance between the user's two fingers may be correlated to theinput zones 412 described above. A very small distance (e.g., 1-5 mm) between the user's two fingers may correspond to theNth input zone 412N whereas a very larger distance (e.g., 10-20 cm) between the user's two fingers may correspond to thefirst input zone 412 a. All other aspects of the present disclosure may be performed in substantially the same way as described. Specifically, there could be separate pinch zones for each data value in a multi-digit entry. - As another possible extension contemplated by the present disclosure, the electronics of the
user interface 112 including thecontroller 604, the connections between thecontroller 604, theuser input 608, and theuser output 612 may be potted in a potting material, thereby making theuser interface 112 substantially weather resistant. - As another possible extension contemplated by the present disclosure, a pressure sensitive device could be used to select data inputs where different magnitudes of applied pressure correspond to the
input zones 412 described above. A number of different magnitudes of applied pressure may have different data values assigned thereto. As the user presses theuser input portion 404 harder, the different data values may be displayed via theuser output 408. When the desired data value is displayed via theuser output 408, the user may completely release theuser input portion 404 and the data value corresponding to the last-displayed data value is selected as the data input. The value may correspond to a digit, an enter command, a clear command, or a series of input commands. - The use of a pressure sensor may also enable additional inputs without requiring the user to slide their finger across the
user input portion 404. In particular, a user may press theuser input portion 404 extra “hard” (e.g., applies a pressure greater than a predetermined amount of pressure) to signify: (1) that data entry is complete; (2) that one or more previous entries should be erased; or (3) that the user is under duress and security personnel should be notified. - In another possible extension contemplated by the present disclosure, a reserved code can be utilized to enter a “programming mode” where the
configuration data 324 can be changed. For example, theconfiguration data 324 may define how configurations of theuser input portion 404 are scrambled between user inputs, the number of digits to be displayed via theuser output portion 408, data output formats, the programming mode code, a list of one or more input passwords that will unlock access to the asset, etc. During the programming mode, one or more of these operating characteristics can be modified. - In another possible extension, a biometric swipe sensor may be designed to utilize some or all of the concepts disclosed herein. Specifically, the biometric swipe sensor can be configured to detect partial swipes of a user's finger and correlate different amounts of partial swipes to a different input value. During such partial swipes, the user's finger print may also be analyzed as a second factor of authentication.
- In the foregoing description, for the purposes of illustration, methods were described in a particular order. It should be appreciated that in alternate embodiments, the methods may be performed in a different order than that described. It should also be appreciated that the methods described above may be performed by hardware components or may be embodied in sequences of machine-executable instructions, which may be used to cause a machine, such as a general-purpose or special-purpose processor or logic circuits programmed with the instructions to perform the methods. These machine-executable instructions may be stored on one or more machine readable mediums, such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions. Alternatively, the methods may be performed by a combination of hardware and software.
- Specific details were given in the description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits may be shown in block diagrams in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
- Also, it is noted that the embodiments were described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed, but could have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
- Furthermore, embodiments-may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks may be stored in a machine readable medium such as storage medium. A processor(s) may perform the necessary tasks. A code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc.
- While illustrative embodiments of the disclosure have been described in detail herein, it is to be understood that the inventive concepts may be otherwise variously embodied and employed, and that the appended claims are intended to be construed to include such variations, except as limited by the prior art.
Claims (10)
1-21. (canceled)
22. A method of securely receiving user input at a computational device, the method comprising:
detecting a first user pinch gesture at a user input of the computational device, the first user pinch gesture having a first size;
correlating the first user pinch gesture to a first selection based on the first size of the first user pinch gesture;
detecting a second user pinch gesture at the user input of the computational device, the second user pinch gesture having a second size that is different from the first size; and
correlating the second user pinch gesture to a second selection based on the second size of the second pinch gesture.
23. The method of claim 22 , further comprising:
conditioning the first selection and second selection as input data for the computational device; and
transmitting the input data to an authentication module for comparison with authentication data.
24. The method of claim 23 , wherein the authentication module is contained within the computational device.
25. The method of claim 22 , further comprising:
determining, for the first user pinch gesture, a first value of a user input parameter of interest;
determining, for the second user pinch gesture, a second value of the user input parameter of interest; and
determining an average value of the user input parameter of interest based, at least in part, on the first and second values of the user input parameter of interest.
26. The method of claim 22 , further comprising:
altering a size of an input zone for the user input based on either the first size or the second size.
27. The method of claim 22 , further comprising:
altering a space between input zones between the first user pinch gesture and the second user pinch gesture.
28. A computational device, comprising:
a user interface including a user input portion and a user output portion;
a processor; and
a computer-readable medium coupled to the processor, the computer-readable medium including instructions configured to enable the processor to detect a first user pinch gesture at the user input portion then correlate a size of the first user pinch gesture to a first input, determine a first data value corresponding to the first input, cause the first data value to be displayed via the user output portion, detect a second user pinch gesture at the user input portion then correlate a size of the second user pinch gesture to a second input, wherein the size of the first user pinch gesture is different from the size of the second user pinch gesture, determine a second data value corresponding to the second input, cause the second data value to be displayed via the user output portion, determine that a user has discontinued the second user pinch gesture, and in response to determining that the user has discontinued the second user pinch gesture, condition the second data value as input data for the computational device.
29. The device of claim 28 , further comprising a communication interface configured to transmit the second data value to a networked device.
30. The device of claim 28 , wherein the user output portion is physically separated from the user input portion such that the data values displayed via the user output portion are not viewed through the user input portion.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/407,794 US20170154175A1 (en) | 2011-03-21 | 2017-01-17 | System and method of secure data entry |
US15/948,416 US10599822B2 (en) | 2011-03-21 | 2018-04-09 | System and method of secure data entry |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2011/029142 WO2012128750A1 (en) | 2011-03-21 | 2011-03-21 | System and method of secure data entry |
US201314006329A | 2013-12-17 | 2013-12-17 | |
US15/407,794 US20170154175A1 (en) | 2011-03-21 | 2017-01-17 | System and method of secure data entry |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2011/029142 Division WO2012128750A1 (en) | 2011-03-21 | 2011-03-21 | System and method of secure data entry |
US14/006,329 Division US20140173717A1 (en) | 2011-03-21 | 2011-03-21 | System and method of secure data entry |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/948,416 Continuation US10599822B2 (en) | 2011-03-21 | 2018-04-09 | System and method of secure data entry |
Publications (1)
Publication Number | Publication Date |
---|---|
US20170154175A1 true US20170154175A1 (en) | 2017-06-01 |
Family
ID=46879643
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/006,329 Abandoned US20140173717A1 (en) | 2011-03-21 | 2011-03-21 | System and method of secure data entry |
US15/407,794 Abandoned US20170154175A1 (en) | 2011-03-21 | 2017-01-17 | System and method of secure data entry |
US15/948,416 Active 2031-04-01 US10599822B2 (en) | 2011-03-21 | 2018-04-09 | System and method of secure data entry |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/006,329 Abandoned US20140173717A1 (en) | 2011-03-21 | 2011-03-21 | System and method of secure data entry |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/948,416 Active 2031-04-01 US10599822B2 (en) | 2011-03-21 | 2018-04-09 | System and method of secure data entry |
Country Status (3)
Country | Link |
---|---|
US (3) | US20140173717A1 (en) |
EP (1) | EP2689304A4 (en) |
WO (1) | WO2012128750A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10599822B2 (en) | 2011-03-21 | 2020-03-24 | Assa Abloy Ab | System and method of secure data entry |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101615461B1 (en) | 2007-09-24 | 2016-04-25 | 애플 인크. | Embedded authentication systems in an electronic device |
US8600120B2 (en) | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
US9002322B2 (en) | 2011-09-29 | 2015-04-07 | Apple Inc. | Authentication with secondary approver |
US9898642B2 (en) | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
KR101509495B1 (en) * | 2013-10-18 | 2015-04-09 | 한국전자통신연구원 | The input device and method for security keypad by shifting keypad |
KR102187219B1 (en) * | 2014-01-22 | 2020-12-04 | 삼성전자주식회사 | Electronic device and method for providing control function using fingerprint sensor |
US10691332B2 (en) * | 2014-02-28 | 2020-06-23 | Samsung Electronics Company, Ltd. | Text input on an interactive display |
US10482461B2 (en) | 2014-05-29 | 2019-11-19 | Apple Inc. | User interface for payments |
DK179471B1 (en) | 2016-09-23 | 2018-11-26 | Apple Inc. | Image data for enhanced user interactions |
JP6736686B1 (en) | 2017-09-09 | 2020-08-05 | アップル インコーポレイテッドApple Inc. | Implementation of biometrics |
US11170085B2 (en) | 2018-06-03 | 2021-11-09 | Apple Inc. | Implementation of biometric authentication |
US11100349B2 (en) | 2018-09-28 | 2021-08-24 | Apple Inc. | Audio assisted enrollment |
US10860096B2 (en) | 2018-09-28 | 2020-12-08 | Apple Inc. | Device control using gaze information |
EP4264460A1 (en) | 2021-01-25 | 2023-10-25 | Apple Inc. | Implementation of biometric authentication |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6088017A (en) * | 1995-11-30 | 2000-07-11 | Virtual Technologies, Inc. | Tactile feedback man-machine interface device |
US20110179381A1 (en) * | 2010-01-21 | 2011-07-21 | Research In Motion Limited | Portable electronic device and method of controlling same |
US20110199386A1 (en) * | 2010-02-12 | 2011-08-18 | Honeywell International Inc. | Overlay feature to provide user assistance in a multi-touch interactive display environment |
US9183554B1 (en) * | 2009-04-21 | 2015-11-10 | United Services Automobile Association (Usaa) | Systems and methods for user authentication via mobile device |
Family Cites Families (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4100534A (en) | 1976-12-09 | 1978-07-11 | Tuthill Corporation | Electronic security system |
US4221975A (en) | 1978-04-19 | 1980-09-09 | Touch Activated Switch Arrays, Inc. | Touch activated controller and method |
EP0046763B1 (en) | 1980-02-15 | 1985-08-14 | Rehm Pty. Ltd. | Keyboard operated security apparatus |
US4333090A (en) | 1980-05-05 | 1982-06-01 | Hirsch Steven B | Secure keyboard input terminal |
US4479112A (en) | 1980-05-05 | 1984-10-23 | Secure Keyboards Limited | Secure input system |
US4369973A (en) | 1980-11-21 | 1983-01-25 | Aurora Joseph R D | Electronic crossword puzzle |
US4644326A (en) | 1983-06-03 | 1987-02-17 | Secure Keyboards Limited | Unitary key panel |
US4806745A (en) | 1986-04-18 | 1989-02-21 | Sharp Kabushiki Kaisha | IC card with fewer input keys |
US5600324A (en) | 1992-05-11 | 1997-02-04 | Rockwell International Corporation | Keyless entry system using a rolling code |
US5949348A (en) | 1992-08-17 | 1999-09-07 | Ncr Corporation | Method and apparatus for variable keyboard display |
FR2723806A1 (en) | 1994-08-17 | 1996-02-23 | Schlumberger Ind Sa | SECURE KEYBOARD DEVICE |
US5970146A (en) | 1996-05-14 | 1999-10-19 | Dresser Industries, Inc. | Data encrypted touchscreen |
IL137478A (en) * | 1998-01-26 | 2005-11-20 | Westerman Wayne | Method and apparatus for integrating manual input |
US6434702B1 (en) | 1998-12-08 | 2002-08-13 | International Business Machines Corporation | Automatic rotation of digit location in devices used in passwords |
US6317835B1 (en) | 1998-12-23 | 2001-11-13 | Radiant Systems, Inc. | Method and system for entry of encrypted and non-encrypted information on a touch screen |
US6549194B1 (en) | 1999-10-01 | 2003-04-15 | Hewlett-Packard Development Company, L.P. | Method for secure pin entry on touch screen display |
US7370983B2 (en) * | 2000-03-02 | 2008-05-13 | Donnelly Corporation | Interior mirror assembly with display |
US20030014239A1 (en) * | 2001-06-08 | 2003-01-16 | Ichbiah Jean D. | Method and system for entering accented and other extended characters |
GB2381603B (en) * | 2001-10-30 | 2005-06-08 | F Secure Oyj | Method and apparatus for selecting a password |
US7652660B2 (en) * | 2005-10-11 | 2010-01-26 | Fish & Richardson P.C. | Mobile device customizer |
US7649522B2 (en) * | 2005-10-11 | 2010-01-19 | Fish & Richardson P.C. | Human interface input acceleration system |
US8564544B2 (en) | 2006-09-06 | 2013-10-22 | Apple Inc. | Touch screen device, method, and graphical user interface for customizing display of content category icons |
US20080165149A1 (en) * | 2007-01-07 | 2008-07-10 | Andrew Emilio Platzer | System, Method, and Graphical User Interface for Inputting Date and Time Information on a Portable Multifunction Device |
US8059101B2 (en) * | 2007-06-22 | 2011-11-15 | Apple Inc. | Swipe gestures for touch screen keyboards |
CN101340281B (en) * | 2007-07-02 | 2010-12-22 | 联想(北京)有限公司 | Method and system for safe login input on network |
JP2009169456A (en) * | 2008-01-10 | 2009-07-30 | Nec Corp | Electronic equipment, information input method and information input control program used for same electronic equipment, and portable terminal device |
US8909297B2 (en) * | 2008-03-04 | 2014-12-09 | Mike Matas | Access management |
ES2485501T3 (en) | 2008-08-14 | 2014-08-13 | Assa Abloy Ab | RFID reader with built-in attack detection heuristics |
KR101517509B1 (en) * | 2008-09-08 | 2015-05-04 | 엘지전자 주식회사 | Mobile terminal and control method thereof |
US8982105B2 (en) * | 2008-12-09 | 2015-03-17 | Sony Corporation | Ergonomic user interfaces and electronic devices incorporating same |
US20120019471A1 (en) * | 2009-04-20 | 2012-01-26 | Carsten Schlipf | Entering information into a communications device |
US8681106B2 (en) * | 2009-06-07 | 2014-03-25 | Apple Inc. | Devices, methods, and graphical user interfaces for accessibility using a touch-sensitive surface |
CN101655771B (en) * | 2009-09-07 | 2011-07-20 | 上海合合信息科技发展有限公司 | Method and system for inputting multi-contact characters |
US20110316791A1 (en) * | 2010-06-27 | 2011-12-29 | Peigen Jiang | Touch pad character entering system and method |
US8856688B2 (en) * | 2010-10-11 | 2014-10-07 | Facebook, Inc. | Pinch gesture to navigate application layers |
EP2689304A4 (en) | 2011-03-21 | 2014-09-10 | Assa Abloy Ab | System and method of secure data entry |
-
2011
- 2011-03-21 EP EP11861633.3A patent/EP2689304A4/en not_active Withdrawn
- 2011-03-21 WO PCT/US2011/029142 patent/WO2012128750A1/en active Application Filing
- 2011-03-21 US US14/006,329 patent/US20140173717A1/en not_active Abandoned
-
2017
- 2017-01-17 US US15/407,794 patent/US20170154175A1/en not_active Abandoned
-
2018
- 2018-04-09 US US15/948,416 patent/US10599822B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6088017A (en) * | 1995-11-30 | 2000-07-11 | Virtual Technologies, Inc. | Tactile feedback man-machine interface device |
US9183554B1 (en) * | 2009-04-21 | 2015-11-10 | United Services Automobile Association (Usaa) | Systems and methods for user authentication via mobile device |
US20110179381A1 (en) * | 2010-01-21 | 2011-07-21 | Research In Motion Limited | Portable electronic device and method of controlling same |
US20110199386A1 (en) * | 2010-02-12 | 2011-08-18 | Honeywell International Inc. | Overlay feature to provide user assistance in a multi-touch interactive display environment |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10599822B2 (en) | 2011-03-21 | 2020-03-24 | Assa Abloy Ab | System and method of secure data entry |
Also Published As
Publication number | Publication date |
---|---|
EP2689304A4 (en) | 2014-09-10 |
US10599822B2 (en) | 2020-03-24 |
EP2689304A1 (en) | 2014-01-29 |
US20140173717A1 (en) | 2014-06-19 |
WO2012128750A1 (en) | 2012-09-27 |
US20180293368A1 (en) | 2018-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10599822B2 (en) | System and method of secure data entry | |
US11089012B2 (en) | Event driven second factor credential authentication | |
Jansen | Authenticating users on handheld devices | |
KR101280050B1 (en) | Location-based security system for portable electronic device | |
EP1980049B1 (en) | Wireless authentication | |
US9507928B2 (en) | Preventing the discovery of access codes | |
EP2192511B1 (en) | Simplified biometric character sequence entry | |
US9342673B2 (en) | Method for user authentication in a device comprising a touch screen | |
CN105894616A (en) | Access Management System And Method | |
EP3094122B1 (en) | Systems and methods for protecting sensitive information stored on a mobile device | |
CA2925747A1 (en) | Secure passcode entry user interface | |
CN105678147B (en) | Touch operation method and device | |
CN108475306B (en) | User interface for mobile device | |
Guerar et al. | Securing PIN‐based authentication in smartwatches with just two gestures | |
US20140230026A1 (en) | Biometric-Based Access Control System Comprising a Near Field Communication Link | |
US20120017273A1 (en) | Apparatus and method for improving the security in portable communication system | |
US8924734B2 (en) | Key and method for entering computer related passwords via a mnemonic combination | |
EP2738707B1 (en) | Interactive reader commander | |
US9515831B2 (en) | Reducing the effectiveness of smudge and thermal imaging attacks | |
US20210083877A1 (en) | System and a method for user authentication and/or authorization | |
CN107480482A (en) | A kind of touch screen unlocking method, device and touch screen terminal | |
EP3564837A1 (en) | System, method and computer programs for user authentication and/or authorization | |
CN106845180A (en) | Verify identity method, using and computing device | |
CN112364673A (en) | Information verification method, terminal equipment, NFC verification device and system | |
US20240095331A1 (en) | Apparatus, system and method for secure data entry |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ASSA ABLOY AB, SWEDEN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DAVIS, MICHAEL L.;REEL/FRAME:040988/0515 Effective date: 20131203 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |