US20170154175A1 - System and method of secure data entry - Google Patents

System and method of secure data entry Download PDF

Info

Publication number
US20170154175A1
US20170154175A1 US15/407,794 US201715407794A US2017154175A1 US 20170154175 A1 US20170154175 A1 US 20170154175A1 US 201715407794 A US201715407794 A US 201715407794A US 2017154175 A1 US2017154175 A1 US 2017154175A1
Authority
US
United States
Prior art keywords
user
input
data
pinch gesture
user input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/407,794
Inventor
Michael L. Davis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Assa Abloy AB
Original Assignee
Assa Abloy AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy AB filed Critical Assa Abloy AB
Priority to US15/407,794 priority Critical patent/US20170154175A1/en
Assigned to ASSA ABLOY AB reassignment ASSA ABLOY AB ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DAVIS, MICHAEL L.
Publication of US20170154175A1 publication Critical patent/US20170154175A1/en
Priority to US15/948,416 priority patent/US10599822B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • G06F3/0233Character input methods
    • G06F3/0236Character input methods using selection techniques to select from displayed items
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04847Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • G06F3/04883Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text

Definitions

  • the present disclosure is generally directed toward data entry into user devices and particularly toward mechanisms for securing the same.
  • Traditional keypads have static configurations. They generally consist of numbered buttons ranging from 0 through 9 and an “*” and a “#” button much like a typical telephone keypad. Such numbers exist in a common pattern and hence the user or anyone with knowledge of the pattern can simply enter the code without looking at numbers on the keypad. While this is particularly useful for users with sight impairments, it negatively impacts the security of the system because patterns can be deduced more easily than the codes themselves.
  • keypads are utilized in parking applications such as entrance to a parking facility or a residential gated community which have gated entrances secured with an access control keypad.
  • a user To gain entry to the secured area, a user must provide the keypad with a valid a security code. All individuals with permission to enter the facility are provided with a common security/access code which opens the gate and allows entry on to the premises. Usage in which all individuals have the same password are typically referred to as “common code” systems.
  • the numbers or range of possible numbers i.e., the number of possible combinations which make up a user's password is finite and can be deduced in several ways.
  • a non-authorized user may observe a user and the patterns typed in, significantly reducing the security of the system. Additionally, the non-authorized user may acquire the password by analyzing the physical keypads for wear. Wear indicates high utilization and would also significantly narrow down the range of possibilities. More sophisticated methods of compromising such systems include “dusting” the keys or applying non-visible material in an attempt to determine which keys comprise the password.
  • Hirsch ScramblePad® One common example is referred to as a Hirsch ScramblePad®.
  • the particular construction of the Hirsch ScramblePad® is described in detail in one or more of U.S. Pat. Nos. 4,333,090; 4,479,112; and 4,644,326; all of which are hereby incorporated herein by reference in their entirety.
  • the main concept behind the Hirsch ScramblePad® is to randomize the number which is assigned to a given key for every instance a user is required to provide input via the keypad. This means that the same valid code will not be entered with the same pattern. Rather, different physical keys will need to be depressed to enter the same valid code at different times.
  • embodiments of the present disclosure propose solutions in which the confidentiality of user inputs are protected-by a combination of visual data scrambling and off-angle viewing techniques.
  • the proposed solutions can be implemented at a fraction of the cost of existing solutions.
  • a user input which includes a linear position sensor that is configured to determine if a user's finger is touching the user input as well as the position of where the sensor is being touched. As a user's finger is touching the user input, the user is required to slide their finger along the user input in a scrolling motion. As the user scrolls their finger across the user input and, therefore, across a number of input zones, a user output displays the data value currently corresponding to the input zone where the user's finger is located.
  • the user When the user sees that the desired data value is depicted by the user output, the user removes their finger from the user input and the data value currently corresponding to the input zone where the user's finger was last located is provided as a data input for a computational device. This process can be repeated until the user has entered the entire password.
  • the linear input sensor may be comprised of a linear resistor, linear capacitive element, a full finger biometric sensor, a swipe biometric sensor, and a touch-sensitive screen such as what is used on the Apple iPhone®.
  • This linear sensor may be constructed in a straight line or can be in shapes or even circular and could even be incorporated into the handle of a door lock in which the motion is twisting left or right.
  • One or more additional security mechanisms may be employed to further enhance the security with which user inputs are captured.
  • the input zones of the user input may be re-assigned random and different data values for every instance where a user input is to be captured.
  • they could be arranged in ascending order and then descending order.
  • the size and/or configuration of the input zones themselves may be altered for every instance where a user input is to be captured.
  • a number of different types of user output may be utilized ranging between a single digit display, a multi-digit display, and a touch-screen that incorporates the user output into the same area as the user input.
  • the captured parameters may be mathematically/statistically assessed over a number of valid user inputs and after an appropriate number of valid user inputs have been received and the associated parameters have been incorporated into an average (or mean or some other value obtained from a mathematical formula), the average of the captured parameters can be compared to the current parameter and, if different by a certain amount, may be used to detect potentially suspect user inputs.
  • a privacy shielding material over the user output to limit off-axis viewing of the user output such as 3M VikuitiTM Light Control Film.
  • the user output may be recessed within the computational component and louvers may be utilized.
  • a scrambling keypad may be employed where a user is required to slide their fingers in a groove and across a user input device, such as the one of the several variations described above, to achieve a user input.
  • a traditional keypad with numbers in standard locations could be used to achieve user input.
  • a gesturing keypad may be utilized whereby a plurality of intersecting grooves are provided and a user is required to slide their fingers in various patterns across the intersecting grooves to achieve the desired user input.
  • FIG. 1A is a block diagram of an access control system having a first configuration in accordance with embodiments of the present disclosure
  • FIG. 1B is a block diagram of an access control system having a second configuration in accordance with embodiments of the present disclosure
  • FIG. 2 is a block diagram of a user device in accordance with embodiments of the present disclosure
  • FIG. 3 is a block diagram depicting details of a reader/user device in accordance with embodiments of the present disclosure
  • FIG. 4A is a block diagram depicting a first step of securely entering data via a user interface in accordance with embodiments of the present disclosure
  • FIG. 4B is a block diagram depicting a second step of securely entering data via a user interface in accordance with embodiments of the present disclosure
  • FIG. 4C is a block diagram depicting a third step of securely entering data via a user interface in accordance with embodiments of the present disclosure
  • FIG. 4D is a block diagram depicting a fourth step of securely entering data via a user interface in accordance with embodiments of the present disclosure
  • FIG. 5A is a block diagram depicting a first configuration of a user input in accordance with embodiments of the present disclosure
  • FIG. 5B is a block diagram depicting a second configuration of a user input in accordance with embodiments of the present disclosure
  • FIG. 5C is a block diagram depicting a third configuration of a user input in accordance with embodiments of the present disclosure.
  • FIG. 5D is a block diagram depicting a fourth configuration of a user input in accordance with embodiments of the present disclosure.
  • FIG. 5E is a block diagram depicting a fifth configuration of a user input in accordance with embodiments of the present disclosure.
  • FIG. 5F is a block diagram depicting a sixth configuration of a user input in accordance with embodiments of the present disclosure.
  • FIG. 6 is a block diagram depicting details of a secure user interface in accordance with embodiments of the present disclosure.
  • FIG. 7 is a flow diagram depicting a user input capture method in accordance with embodiments of the present disclosure.
  • FIG. 8 is a flow diagram depicting a user input analysis method in accordance with embodiments of the present disclosure.
  • FIGS. 1A and 1B show illustrative embodiments of an access control system 100 in accordance with embodiments of the prior art. Both configurations of the access control system 100 include a reader 104 that is generally provided at a strategic location to secure one or more assets. In some embodiments, the reader 104 is in communication with a networked device 108 via a first communication link. The first communication link between the reader 104 and networked device 108 may be established over a secured or unsecured communication network via TCP/IP, Wi-Fi, Zigbee, Cellular modem, RS485, current loop, and Wiegand.
  • Such a reader 104 is referred to as a networked reader because the reader 104 provides some or all data used in making an access control decision to the networked device 108 .
  • the networked device 108 comprises the necessary functionality, in the form of an authentication module 116 , to analyze the data received from the reader 104 and make an access control decision for the reader 104 .
  • a control panel is one example of a networked device 108 which is typically used in the access control industry.
  • Other types of networked devices 108 include a host computer with or without a web server, a server providing Software as a Service (SaaS), a cloud-based application, or the like.
  • the networked device 108 communicates the results of the decision back to the reader 104 , which comprises a release mechanism 120 that is enabled to either release one or more assets if a decision has been made to grant access or maintain such assets in a secure state if a decision has been made to deny access.
  • the release mechanism 120 is typically a relay whereas in logical access applications, the release mechanism 120 is realized by software instructions.
  • the release mechanism 120 may be provided in the networked device 108 and the authentication module 116 may be provided in the reader 104 .
  • the reader 104 may make the access control decisions and report the results of those decisions to the networked device 108 which selectively activates the release mechanism 120 depending upon the results of the decision made by the authentication module 116 .
  • a reader 104 may be positioned at an access point for a given asset (e.g., a door for a room, building, or safe, a computer for electronic files, and so on). Unless a user provides the reader 104 with a valid input via a user interface 112 of the reader 104 , the access point is maintained in a secure state such that admittance or access to the asset is denied. If a user enters a valid input via the user interface 112 , then the reader 104 has the discretion to allow the user access to the asset and implement various other actions accordingly.
  • a given asset e.g., a door for a room, building, or safe, a computer for electronic files, and so on.
  • a credential is a device that carries evidence of authority, status, rights, and/or entitlement to privileges for a holder of the credential.
  • a credential is a portable device having memory and a reader interface (i.e., an antenna and Integrated Circuit (IC) chip) which enables the credential to exchange data with the reader 104 , usually via a credential interface of the reader 104 .
  • IC Integrated Circuit
  • a credential is an RFID smartcard that has data stored thereon allowing a holder of the credential to access an asset protected by a reader 104 .
  • Other examples of a machine-readable credential include, but are not limited to, proximity RFID-based cards, access control cards, credit cards, debit cards, passports, identification cards, key fobs, Near Field Communications (NFC)-enabled cellular phones, Personal Digital Assistants (PDAs), tags, or any other device configurable to emulate a virtual credential.
  • the reader 104 is capable of performing dual-factor authentication by verifying both the validity of user input (i.e., something that the user knows) as well as the validity of credential input (i.e., something that the user has).
  • the reader 104 may also be configured to receive biometric input from the user to further enhance the security of the access control system 100 .
  • the networked device 108 may be responsible for making some or all of the asset-access decisions based on data received at the reader 104 from the user.
  • the reader 104 may not be connected to a networked device 108 , in which ease the reader 104 is referred to as a stand-alone reader.
  • Stand-alone readers comprise the decision-making components necessary to analyze input received from a user and determine, based on the received input, if the user is entitled to access an asset secured by the reader 104 .
  • the access control rules for entry including time zone, day of week, etc.
  • the access control decision rules may be contained in the machine-readable credential read at the reader incorporated into the stand-alone device/user input combination.
  • Stand-alone readers are generally desirable in situations where a reader 104 is in an isolated location and a communication link between the networked device 108 and reader 104 is not easily established.
  • a communications network may be used to establish the communication link between the reader 104 and networked device 108 .
  • Exemplary communication networks may provide bi-directional communication capabilities, which may selectively be implemented in a form of wired, wireless, fiber-optic communication links, or combinations thereof Even though the communication link between the networked device 108 and reader 104 is depicted as bi-direction, one skilled in the art can appreciate that the communication link may be unidirectional.
  • the reader 104 may utilize the Wiegand protocol to communicate with the networked device 108 .
  • the communication link between the reader 104 and networked device 108 may be implemented utilizing buses or other types of device connections.
  • the protocols used to communicate between the networked device 108 and the reader 104 may include one or more of the TCP/IP protocol, RS 232, RS 485, Current Loop, Power of Ethernet (POE), Bluetooth, Zigbee, GSM, WiFi, and other communication methods and protocols known in the art.
  • the networked device 108 may be a general-purpose computer adapted for multi-task data processing and suitable for use in a commercial setting.
  • the networked device 108 may be implemented as a host computer or server and the reader 104 can be connected to the host computer via a TCP/IP connection or other type of network connection.
  • a memory comprising a database of records for the system 100 may be associated with the networked device 108 .
  • the database although not depicted, may be integral with or separated from the networked device 108 or it may be incorporated into the reader 104 .
  • the database maintains records associated with the readers 104 , users, algorithm(s) for acquiring, decoding, verifying, and modifying data contained in the readers 104 , algorithm(s) for testing authenticity and validity of user inputs, algorithm(s) for implementing actions based on the results of these tests, and other needed software programs.
  • Specific configurations of the networked device 108 are determined based on and compliant with computing and interfacing capabilities of the readers 104 .
  • FIG. 2 depicts an exemplary user device 204 , which may be equipped with a user interface 112 that is similar or identical to the user interface 112 of the reader 104 .
  • the user device 204 may correspond to any type of device capable of performing one or more actions based on input received at the user interface 112 .
  • the user device 204 may also be connected to a communication network and may be configured to exchange messages with networked devices 108 via the network. Examples of a user device 204 include, without limitation, a computer, laptop, netbook, iPad®, iPod®, iPhone®, mobile/cellular phone, telephone, Personal Digital Assistant (PDA), or the like.
  • PDA Personal Digital Assistant
  • the computational device 104 , 204 may comprise memory 304 that includes a number of instructions 308 , modules, and other data structures as well as a processor 336 for executing the instructions 308 and other contents of memory 304 .
  • the computational device 104 , 204 may also include a communication interface 344 which allows the computational device 104 , 204 to communicate with a networked device 108 .
  • exemplary types of communication interfaces 344 include, without limitation, an RF antenna and driver, an infrared port, a fiberoptics interface, a Universal Serial Bus (USB) port, an Ethernet port, a serial data port, a parallel data port, any type of interface which facilitates communications over a packet-based communication network, such as the Internet, and so on.
  • the computational device 104 , 204 may further include a credential interface (not depicted) which enables the computational device 104 , 204 to communication with one, two, three, or more different types of credentials.
  • the type of credential interface provided on the computational device 104 , 204 may vary according to the type of credential that is in the system 100 .
  • the credential interface includes one or more of an antenna, an array of antennas, an infrared port, an optical port, a magnetic stripe reader, a barcode reader or similar machine-vision components, a Near Field Communications (NFC) interface, or any other component or collection of components which enables the computational device 104 , 204 to communicate with credentials and other portable memory devices.
  • NFC Near Field Communications
  • the credential interface enables the computational device 104 , 204 to read one or more non-RFID machine-readable credentials including one or more of magnetic stripe cards, bar codes, Wiegand cards, Hollerith, infrared, Dallas 1-wire, and barium ferrite.
  • the credential interface and communication interface 344 are of the same type (i.e., RF communication interfaces). In some embodiments, the credential interface and communication interface 344 are implemented as a single interface. Thus, the computational device 104 , 204 may be enabled to communicate with credentials and networked devices 108 by using the same hardware components.
  • the computational device 104 , 204 may include a user interface 112 which facilitates user interaction between the computational device 104 , 204 and a user thereof.
  • the user interface 112 may include one or more user inputs, one or more user outputs, or a combination user input/output.
  • Exemplary user inputs include, without limitation, keypads (traditional or laser-projected), buttons, switches, a linear pressure sensor (e.g., linear potentiometer that is resistive and/or capacitive), a peripheral device such as a touch pad peripheral included as part of a PC or as a separate peripheral connected by, for example, USB, a mouse/trackball wheel, a mouse or trackball movement, optical detection technologies, pressure sensitive device, resistive, capacitive touch, electrostatic, or magnetic screen enabled to detect finger and pen input, rotating door knob, combination, lock, or the like.
  • Exemplary user outputs include, without limitation, lights, display screens (projection, LCD, LED, OLED, plasma, etc.), individual LED's, seven segment LED display, multi-digit LED display, etc.
  • the user output may also be provided with a privacy shielding material, such as 3M's Vituki® product.
  • the privacy shielding material may help ensure that off-axis viewing of the user output is minimized.
  • a louver may be utilized which recesses the actual display portion of the user output within a cavity that limits the field of view to the display portion.
  • Exemplary combination user input/outputs may include a touch-screen interface, a multi-touch-screen interface (i.e., a touch-screen interface adapted to recognize multiple simultaneous touches, gestures, “pinches”) or any other type of interface which is capable of simultaneously displaying a user output and receiving a user input.
  • the computational device 104 , 204 may also include processing memory 340 , which may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by the processor 336 .
  • processing memory 340 may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by the processor 336 .
  • RAM Randomly Accessible Memory
  • the processing memory 340 is used to temporarily store data during processing tasks
  • the memory 304 is provided to store permanent instructions 308 which control the operational behavior of the computational device 104 , 204 .
  • the memory 304 and/or 340 may be implemented using various types of electronic memory generally including at least one array of non-volatile memory cells (e.g., Erasable Programmable Read Only Memory (EPROM) cells or FLASH memory cells, etc.)
  • the memory 304 and/or 340 may also include at least one array of dynamic random access memory (DRAM) cells.
  • the various routines and modules which may be included in memory 304 comprise one or more of an authentication module 312 , authentication data 320 , a communication module 316 , and configuration data 324 .
  • the communication module 316 provides instructions which enable the computational device 104 , 204 to communicate with other devices.
  • the communication module 316 may comprise message encoding and/or decoding instructions, message encryption and/or decryption instructions, compression and/or decompression instructions, trans-coding instructions, and any other known type of instructions which facilitate communications over a communications network.
  • the communication module 316 may comprise instructions which enable the computational device 104 , 204 to create one or more messages or communication packets which are appropriately formatted and transmitted in accordance with a known communication protocol via the communication interface 344 .
  • the communication module 316 may also comprise instructions which enable the computational device 104 , 204 to format messages received over the communication interface 344 for processing by various other components of the computational device 104 , 204 .
  • an authentication module 312 that is capable of receiving data from the user input portion of the user interface 112 , analyzing the received data, and determining if the received data corresponds to valid data.
  • the authentication module 312 may refer to authentication data 320 which is also stored in memory 304 .
  • the authentication data 320 may comprise a list of valid or authorized credentials and their corresponding credential data.
  • the authentication data 320 may comprise algorithms for analyzing received data and determining if such data is valid.
  • Configuration data 324 may also be maintained in memory 304 .
  • the configuration data 324 describes operating characteristics of the computational device 104 , 204 such as model number, firmware version(s), software version(s), computational device 104 , 204 identifier, and other data which describes the computational device 104 , 204 .
  • the characteristics of computational device 104 , 204 may be inherent characteristics or provisioned characteristics.
  • the memory 304 may also contain heuristic instructions for detecting attacks on the computational device 104 , 204 or other components of the access control system 100 . Details of a computational device 104 , 204 configured with embedded attack detection heuristics is further described in U.S. Patent Publication No. 2010/0039220 to Davis, the entire contents of which are hereby incorporated herein by reference.
  • Other components of memory 204 may include a User Interface (UI) driver 328 and an operating system 332 , which is a high-level application that facilitates interactions between various other modules and applications in memory 204 and hardware components of the computational device 104 , 204 .
  • the UI driver 328 may be responsible for facilitating operations of the user interface 112 .
  • the UI driver 328 includes commands for determining when user inputs are received at the user interface 112 , identifying parameters of user inputs received at the user interface 112 , conditioning parameters of use inputs received at the user interface 112 into data values which can be processed by the modules contained in memory 304 , determining what and when to display data as an output at the user interface 112 , and the like.
  • the UI driver 328 may contain any commands necessary to provide a secure user interface 112 as described herein.
  • the processor 336 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming.
  • DSP digital signal processor
  • the various modules described herein may be implemented as hardware or firmware rather than software and the processor 304 may comprise a specially configured Application Specific Integrated Circuit (ASIC).
  • ASIC Application Specific Integrated Circuit
  • FIGS. 4A-D an exemplary user interface 112 and process for securely entering data via the user interface 112 will be described in accordance with at least some embodiments of the present disclosure.
  • the process depicted and described enters the simple number combination of “639”.
  • alphanumeric inputs and more complicated data values may be utilized and the example depicted in FIGS. 4A-D is merely illustrative of one type of data input which can be realized with the user interface 112 of the present disclosure.
  • a user's finger is depicted as providing the input on a user input portion 404
  • any other type of mechanism may be utilized to interact with the user input portion 404 .
  • the user may interact with the user input portion 404 with a stylus, pen, mouse, etc.
  • the user interface 112 may comprise both a user input portion 404 and a separate user output portion 408 .
  • the user input portion 404 may comprise a number of input zones 412 a -N, each corresponding to a different input value.
  • a user engages the user interface 112 by touching the user input portion 404 .
  • the touching of the user input portion 404 is detected by a pressure-sensitive user input portion 404 .
  • the user input portion 404 may be configured with optics which detects a user's input by taking a plurality of images and determining that the user's finger is engaged with and moving across the user input portion 404 .
  • the user input zones 412 a -N are sequentially activated and deactivated (i.e., the data value corresponding to the input zone 412 where the user's finger is currently detected is displayed via the user output portion 408 ), based on detection of the user's finger within a particular user input zone 412 .
  • the first input zone 412 a may be assigned a first data value
  • the second input zone 412 b may be assigned a second data value
  • the third input zone 412 c may be assigned a third data value, and so on.
  • the first data value may be displayed via the user output portion 408 . While sliding, the user's finger transitions from the first input zone 412 a to the second input zone 412 b. Once a greater amount of the user's finger area is within the second input zone 412 b instead of the first input zone 412 a, the user output portion 408 displays the second data value instead of the first data value.
  • the user continues moving their finger across the user input portion 404 until they reach the desired input zone 416 , which corresponds to the data value that the user wants to enter.
  • the desired data value is depicted via the user output portion 408 .
  • the user sees the desired data value in the user output portion 408 , the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a first data input.
  • the first data input corresponds to the data value of 6 .
  • each input zone 412 a -N may be re-assigned to new input zones.
  • each input zone 412 a -N may continue to have the same data value assigned thereto until a complete data entry has been completed or until an invalid data entry has been detected.
  • the first data input may be provided from the UI driver 326 to the authentication module 312 immediately after it has been input by the user or it may be stored in cache memory until the user selects enter, at which time a series of data inputs is provided to the authentication module 312 for analysis.
  • the user may re-engage the user input portion 404 to provide a second instance of data input as is depicted in FIG. 4B .
  • different data values may be assigned to the input zones 412 a -N
  • the process for providing the data input is similar to the first instance of the data input.
  • the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
  • the user is able to determine that their finger is within the desired input zone 416 by monitoring the value displayed via the user output portion 408 .
  • the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a second data input.
  • the second data input corresponds to the data value of 3.
  • the user may re-engage the user input portion 404 to provide a third instance of data input as is depicted in FIG. 4C .
  • the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
  • the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a third data input.
  • the third data input corresponds to the data value of 9.
  • the user then has to engage the user input portion 404 to command the UI driver 328 to enter the complete data entry and provide the complete data entry to the authentication module 312 .
  • the enter command is entered in a similar fashion as the first, second, and third data inputs were entered.
  • the user slides their finger across the input zones 412 a -N of the user input portion 404 until their finger reaches the desired input zone 416 .
  • the enter command is assigned to the desired input zone 416 instead of a data value.
  • the user releases their finger from the user input portion 404 after they determine that their finger is within the desired input zone 416 and the enter command is provided to the UI driver 328 , thereby causing the UI driver 328 to send the complete data entry to the authentication module 312 for analysis.
  • the active implementation of an enter input is not required.
  • the E key is not displayed and, instead, the data entry is complete after the last digit has been entered.
  • the authentication module 312 may determine that the user is allowed to access whatever asset is being secured by the computational device 104 , 204 . In response to making such a determination, the computational device 104 , 204 may allow the user access to whatever asset was previously secured.
  • each input zone 412 a -N may be assigned a different data value.
  • the data value-to-input zone assignment may be configured to last permanently, for a predetermined amount of time, until a predetermined event occurs, and so on.
  • each input zone 412 a -N may have new data values assigned thereto after every instance of user input.
  • the data values assigned to the input zones 412 a -N may be flipped-flopped after every instance of user input or after every instance of a completed data entry.
  • the data values assigned to the input zones 412 a -N may vary between numeric data values and then alphabetical/character data values after every instance of user input.
  • the spaces between input zones 412 a -N or relative sizes of input zones 412 a -N may be altered after every instance of user input or after every instance of a completed data entry.
  • the data values assigned to the input zones 412 a -N may be randomly re-assigned after every instance of user input or after every instance of a completed data entry. Combinations of the above examples may also be implemented.
  • a more secure user interface 112 can be provided.
  • changing the data values assigned to the input zones 412 a -N helps ensure that a particular pattern cannot be discerned as corresponding to a valid input since the same values will likely be input with different patterns.
  • the exemplary configurations of the data value-to-input zone assignments represent only a few of the many possible configurations (whether specifically discussed or not) may be utilized by the user interface 112 .
  • a first exemplary configuration of a user input portion 404 is depicted where the data values are assigned incrementally to adjacent input zones 412 starting at the left and moving to the right.
  • a second exemplary configuration of a user input portion 404 is depicted where the data values are assigned decrementally to adjacent input zones 412 starting at the left and moving to the right.
  • a third exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412 .
  • the enter command is assigned to the Nth input zone 412 N.
  • certain configurations may allow the enter command to be assigned to some input zone 412 that is surrounded by at least two input zones 412 .
  • a fourth exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412 and the enter command is assigned to the first input zone 412 a.
  • a fifth exemplary configuration of a user input portion 404 is depicted where the size of each input zone 412 varies from one input zone to the next.
  • the alteration of size/area of input zones 412 may be coupled with other configurations described herein to further enhance the security of the user interface 112 .
  • a sixth exemplary configuration of a user input portion 404 is depicted where data values are assigned to all but two of the input zones 412 a -N, the enter command is assigned to the first input zone 412 a, and a clear command is assigned to the Nth input zone 412 N.
  • the clear command can be used to delete the last data value that was entered by a user or to delete a complete data entry.
  • the user interface 112 may comprise a controller 604 which includes one or more links to a user input 608 , one or more links to a user output 612 , and one or more links to a communication network.
  • the controller 604 corresponds to a microcontroller and may be implemented as part or all of the processor 336 .
  • the user input 608 may correspond to a linear potentiometer (resistive or capacitive) which is configured to detect pressure applied thereto and a location of such pressure and provide an output electrical signal to the controller 604 in response thereto.
  • the controller 604 may be configured to analyze the electrical signals received from the user input 608 , determine a data value associated with such electrical signals, and send a command to the user output 612 which causes the user output 612 to display the data values so that they can be perceived by the user.
  • the user output 612 corresponds to a single or multiple digit seven segment LED/LCD display and the controller 604 may comprise an 8 bit or higher analog-to-digital converter which converts analog signals received from the user input 608 into digital signals for transmission to the user output 612 .
  • connection to the communication network may be implemented as any type of known communication interfaces 344 .
  • Examples of such communication interfaces 344 include, without limitation, a Wiegand port, an RS485 output, an Ethernet port, a USB port, and the like.
  • the method begins at step 704 and continues when user interaction with the user interface 112 is detected (step 708 ).
  • detection of user activity at the user interface 112 may trigger the initiation of the user input capture method.
  • the way in which user activity is detected at the user interface 112 will depend on the type of user interface 112 being utilized. In particular, if a user interface 112 is employed that includes a pressure-sensitive user input portion 404 , then detection of user activity occurs when pressure is detected as being applied at a concentrated point or area within the user input portion 404 . If a user interface 112 is employed that includes an optical user input portion 404 , then detection of user activity occurs when one or more images are captured which indicate that a user has touched the user input portion 404 .
  • the method continues with the controller 604 or UI driver 328 determining the data value corresponding to the currently selected input zone 412 and causing the determined data value to be displayed via a user output portion 408 of the user interface 112 (step 712 ).
  • the controller 604 or UI driver 328 determines if the release of pressure has been detected (step 716 ).
  • the amount of pressure release required to affirmatively answer the query of step 716 may vary depending upon tolerances of the user input portion 404 , environmental factors, and the like. In some embodiments, a complete release of pressure (i.e., a reading of ambient pressure only) may be required to satisfy the query of step 716 . Alternatively, the pressure may only need to be decreased by a predetermined amount or by a predetermined percentage of the maximum pressure detected during step 708 .
  • step 712 a new data value is determined and displayed if the user scrolls their finger into a new input zone 412 of the user input portion 404 .
  • step 716 the method continues with the controller 604 or UI driver 328 determining if the release occurred within a defined input zone 412 having a data value or command associated therewith (step 728 ). If not, then an error message is displayed via the user output portion 408 (step 724 ). Thereafter, the determination is made as to whether the user input capture method is done (step 728 ). This query may be answered negatively if user input is again detected at the user input portion 404 within a predetermined amount of time after the error message was displayed.
  • the query of step 728 may be answered affirmatively if a predetermined number of errors occurred within a predetermined amount of time or if some other user input was detected which suggests that the computational device 104 , 204 is under a potential attack. For example, if the user engages a panic input (e.g., by applying a pressure at the user input portion 404 that is greater than a predetermined pressure threshold), then the query of step 728 may be answered affirmatively. If the query of step 728 is answered affirmatively, then the user input capture method is concluded (step 732 ). In some embodiments, an additional step of temporarily disabling some or all functionality of the computational device 104 , 204 may be performed if it is determined that the computational device 104 , 204 is potentially under attack.
  • step 728 If the query of step 728 is answered negatively, then the method returns to step 708 .
  • step 720 if the user releases the user input portion 404 within an input zone having a data value assigned thereto, then the controller 604 or UI driver 328 determines the data value currently corresponding to the input zone 412 where the pressure was last detected (e.g., where the release was detected) (step 736 ).
  • the data value determined during the first iteration of step 736 may correspond to a first data input.
  • the method continues by determining whether or not there will be more data entry before data is transmitted to the authentication module 312 for analysis (step 740 ). If no additional data capture is necessary (e.g., the user has selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 sequentially rather than as a string of data values), then the first data input is transmitted to the authentication module 312 for analysis (step 744 ). Alternatively, the first data input may be transmitted to a networked device 108 for analysis. Thereafter, the method continues to step 728 to determine whether additional data inputs are being received or whether the user input capture method is complete.
  • step 740 if additional data capture is necessary (e.g., the user has not selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 as a string of data values rather than sequential inputs), then the first data input is stored in a cache memory for later transmission with other data inputs that are yet to be captured (step 748 ). Thereafter, the method returns to step 708 to begin the process of capturing the second data input, third data input, and so on until the user selects the enter command or until a predetermined number of data inputs have been captured.
  • the method begins when user input is received at the user interface 112 (step 804 ). Thereafter, the method may proceed down one of two paths depending upon a number of considerations. One path corresponds to a process of determining a user input parameter average (or other result obtained from a different mathematical formula), whereas the other path corresponds to a process of analyzing the currently received user input based on a historical user input parameter average to determine if the currently received user input is suspect.
  • the analysis process is generally not performed until a predetermined and suitable number of user inputs have been received such that a user input parameter average is determined and the standard deviation of the user input parameters used to calculate the average is less than a predetermined threshold value.
  • one or more parameters of interest are determined for the recently received user input (step 808 ).
  • Exemplary parameters of interest which may be determined in this step include amount of pressure applied to the user input portion 404 , size of finger, fingerprints or fingerprint characteristics, slide speed, and so on.
  • the determined parameter(s) of interest determined for the recently received user input are then used to determine an average of the parameter(s) of interest (step 812 ).
  • the average values may be based on all user inputs received or based only on valid user inputs received.
  • the method continues with the authentication module 312 comparing one or more parameters of interest from the recently received user input with averages of the corresponding one or more parameters of interest (step 816 ). Based on the comparison of step 816 , the authentication module 312 determines if the parameter(s) of interest for the recently received user input are valid (step 820 ). In this step, the authentication module 312 may determine that user inputs are invalid or suspect if they have a parameter of interest which deviates from the average by more than a predetermined threshold value (i.e., by either exceeding or falling below the average).
  • a predetermined threshold value i.e., by either exceeding or falling below the average.
  • the computational device 104 , 204 may perform one or more actions which are consistent with determining that an invalid or suspect user input has been received (step 824 ). Such actions may include slowing down the rate at which entries are accepted by the computational device 104 , 204 , temporarily disabling functionality of the computational device 104 , 204 , permanently disabling functionality of the computational device 104 , 204 , transmitting a message to security personnel, sounding an alarm, combinations thereof, or the like.
  • step 820 If, however, the query of step 820 is answered affirmatively, then the method may continue with the process of determining a user input parameter average.
  • a linear potentiometer is not the only type of user input portion 404 that can be utilized to achieve a cost-effective but secure user interface 112 . Rather, the use of a touch screen configured to simultaneously detect and analyze multiple inputs can be utilized. In such an implementation in addition to sliding motions, different gesturing motions, such as pinching, could be utilized to select individual digits. In particular, if a pinching gesture is utilized to achieve a user input, then the relative distance between the user's two fingers may be correlated to the input zones 412 described above.
  • a very small distance (e.g., 1-5 mm) between the user's two fingers may correspond to the Nth input zone 412 N whereas a very larger distance (e.g., 10-20 cm) between the user's two fingers may correspond to the first input zone 412 a.
  • All other aspects of the present disclosure may be performed in substantially the same way as described. Specifically, there could be separate pinch zones for each data value in a multi-digit entry.
  • the electronics of the user interface 112 including the controller 604 , the connections between the controller 604 , the user input 608 , and the user output 612 may be potted in a potting material, thereby making the user interface 112 substantially weather resistant.
  • a pressure sensitive device could be used to select data inputs where different magnitudes of applied pressure correspond to the input zones 412 described above.
  • a number of different magnitudes of applied pressure may have different data values assigned thereto.
  • the different data values may be displayed via the user output 408 .
  • the user may completely release the user input portion 404 and the data value corresponding to the last-displayed data value is selected as the data input.
  • the value may correspond to a digit, an enter command, a clear command, or a series of input commands.
  • a pressure sensor may also enable additional inputs without requiring the user to slide their finger across the user input portion 404 .
  • a user may press the user input portion 404 extra “hard” (e.g., applies a pressure greater than a predetermined amount of pressure) to signify: (1) that data entry is complete; (2) that one or more previous entries should be erased; or (3) that the user is under duress and security personnel should be notified.
  • a reserved code can be utilized to enter a “programming mode” where the configuration data 324 can be changed.
  • the configuration data 324 may define how configurations of the user input portion 404 are scrambled between user inputs, the number of digits to be displayed via the user output portion 408 , data output formats, the programming mode code, a list of one or more input passwords that will unlock access to the asset, etc.
  • the programming mode one or more of these operating characteristics can be modified.
  • a biometric swipe sensor may be designed to utilize some or all of the concepts disclosed herein.
  • the biometric swipe sensor can be configured to detect partial swipes of a user's finger and correlate different amounts of partial swipes to a different input value. During such partial swipes, the user's finger print may also be analyzed as a second factor of authentication.
  • machine-executable instructions may be stored on one or more machine readable mediums, such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions.
  • machine readable mediums such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions.
  • the methods may be performed by a combination of hardware and software.
  • a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged.
  • a process is terminated when its operations are completed, but could have additional steps not included in the figure.
  • a process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
  • embodiments- may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof.
  • the program code or code segments to perform the necessary tasks may be stored in a machine readable medium such as storage medium.
  • a processor(s) may perform the necessary tasks.
  • a code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements.
  • a code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

A computational device having a user interface is disclosed, the user interface enables a user to securely enter data into the computational device. In particular, the user interface may include a user input portion and a user output portion. The user input portion may be partitioned into a number of input zones, each having a data value associated therewith that when engaged by a user causes the data value associated with the engaged input zone to be provided as input to the computational device.

Description

    FIELD OF THE DISCLOSURE
  • The present disclosure is generally directed toward data entry into user devices and particularly toward mechanisms for securing the same.
  • BACKGROUND
  • Secure and private entry of data has always been a major concern in systems intended to control access to a resource or a facility. In many such systems such as those used in the physical and logical access control industries, restricted access is provided to a select group of users via a numeric keypad alone or a keypad incorporated into a reader. These keypads typically have a set of numbers plus special symbols (characters) that are exposed to the user side for data entry. These characters are connected to an electronic device with intelligence to recognize the characters entered (decode) and compare them to the code required to provide entrance to the system. Sometimes this device does not actually process the entered code and instead, transmits this to another device to actually perform the comparison. The users interact with the system by pressing the appropriate characters that represent an access code or password specifically chosen for that system. Examples of such keypads are those employed at credit card terminals, burglar alarm keypads, and access control keypads.
  • Traditional keypads have static configurations. They generally consist of numbered buttons ranging from 0 through 9 and an “*” and a “#” button much like a typical telephone keypad. Such numbers exist in a common pattern and hence the user or anyone with knowledge of the pattern can simply enter the code without looking at numbers on the keypad. While this is particularly useful for users with sight impairments, it negatively impacts the security of the system because patterns can be deduced more easily than the codes themselves.
  • One example of the utilization of such keypads is in parking applications such as entrance to a parking facility or a residential gated community which have gated entrances secured with an access control keypad. To gain entry to the secured area, a user must provide the keypad with a valid a security code. All individuals with permission to enter the facility are provided with a common security/access code which opens the gate and allows entry on to the premises. Usage in which all individuals have the same password are typically referred to as “common code” systems.
  • In single common code systems, the numbers or range of possible numbers (i.e., the number of possible combinations) which make up a user's password is finite and can be deduced in several ways. A non-authorized user may observe a user and the patterns typed in, significantly reducing the security of the system. Additionally, the non-authorized user may acquire the password by analyzing the physical keypads for wear. Wear indicates high utilization and would also significantly narrow down the range of possibilities. More sophisticated methods of compromising such systems include “dusting” the keys or applying non-visible material in an attempt to determine which keys comprise the password.
  • In statistical measure, if we assume a typical keypad with digits 0 through 9 and an “*” and “#” button, if the access code is four digits, then the probability of guessing the correct code is (1/9!*1/4!) or 1 chance in 157,464. However, assume that the user can reduce the digits used to the four most commonly utilized digits based on the wear of the keypad numbers. This probability then reduces to (1/4!) or 1 chance in 24.
  • For these reasons and more, it would be desirable to have an improved method for increasing security of systems accessed utilizing security keypads. Additionally, it would be desirable to have such an improved method for increasing security of systems wherein the keypad configuration changes automatically after each or a series of user interfaces.
  • Some solutions have been proposed to address the above-described problem. One common example is referred to as a Hirsch ScramblePad®. The particular construction of the Hirsch ScramblePad® is described in detail in one or more of U.S. Pat. Nos. 4,333,090; 4,479,112; and 4,644,326; all of which are hereby incorporated herein by reference in their entirety. The main concept behind the Hirsch ScramblePad® is to randomize the number which is assigned to a given key for every instance a user is required to provide input via the keypad. This means that the same valid code will not be entered with the same pattern. Rather, different physical keys will need to be depressed to enter the same valid code at different times. Accordingly, the idea of utilizing a variable keypad addresses many of the security concerns described above. Other mechanisms for securing user input are described, for example, in U.S. Pat. Nos. 4,100,534; 4,221,975; 4,369,973; 4,502,048; 4,806,745; 5,949,348; 5,970,146; 6,049,790; 6,317,835; 6,434,702; 6,549,194; and 7,479,949; all of which are hereby incorporated herein by reference in their entirety.
  • A problem common to all of the above-noted solutions is that they are complex and, therefore, very costly to implement. Implementing these solutions in many situations becomes cost-prohibitive. Accordingly, there exists a need for a secure yet cost-effective mechanism for securing data entries of a user.
  • SUMMARY
  • It is, therefore, one aspect of the present disclosure to provide a secure and cost-effective solution for securing data entries of a user in a computational device. In particular, embodiments of the present disclosure propose solutions in which the confidentiality of user inputs are protected-by a combination of visual data scrambling and off-angle viewing techniques. The proposed solutions can be implemented at a fraction of the cost of existing solutions.
  • In one embodiment of the present disclosure, a user input is provided which includes a linear position sensor that is configured to determine if a user's finger is touching the user input as well as the position of where the sensor is being touched. As a user's finger is touching the user input, the user is required to slide their finger along the user input in a scrolling motion. As the user scrolls their finger across the user input and, therefore, across a number of input zones, a user output displays the data value currently corresponding to the input zone where the user's finger is located. When the user sees that the desired data value is depicted by the user output, the user removes their finger from the user input and the data value currently corresponding to the input zone where the user's finger was last located is provided as a data input for a computational device. This process can be repeated until the user has entered the entire password.
  • When the number of digits in the password is not a fixed number, then we can add an additional symbol to the set of characters that are displayed as the user slides his finger along the user input device. This symbol e.g., “E” for enter, is used as a terminator to indicate that all of the data has been entered.
  • Since it is possible that the user has incorrectly entered data, we need to provide a way for the user to clear the previous entries and start again. This can be accomplished by the use of an additional symbol. When the user slides his finger and this symbol is displayed, e.g., “C” for clear, then the input data is cleared and the process starts again.
  • The linear input sensor may be comprised of a linear resistor, linear capacitive element, a full finger biometric sensor, a swipe biometric sensor, and a touch-sensitive screen such as what is used on the Apple iPhone®. This linear sensor may be constructed in a straight line or can be in shapes or even circular and could even be incorporated into the handle of a door lock in which the motion is twisting left or right.
  • One or more additional security mechanisms may be employed to further enhance the security with which user inputs are captured. As one example, the input zones of the user input may be re-assigned random and different data values for every instance where a user input is to be captured. As another example, they could be arranged in ascending order and then descending order. As another example, the size and/or configuration of the input zones themselves may be altered for every instance where a user input is to be captured. As another example, a number of different types of user output may be utilized ranging between a single digit display, a multi-digit display, and a touch-screen that incorporates the user output into the same area as the user input.
  • In some embodiments, it may also be possible to capture one or more parameters (e.g., applied pressure, slide speed, fingerprint, finger size, etc.) of a user's input. The captured parameters may be mathematically/statistically assessed over a number of valid user inputs and after an appropriate number of valid user inputs have been received and the associated parameters have been incorporated into an average (or mean or some other value obtained from a mathematical formula), the average of the captured parameters can be compared to the current parameter and, if different by a certain amount, may be used to detect potentially suspect user inputs.
  • It is another aspect of the present disclosure to provide a privacy shielding material over the user output to limit off-axis viewing of the user output such as 3M Vikuiti™ Light Control Film. For stronger off-axis viewing protection, the user output may be recessed within the computational component and louvers may be utilized.
  • It is another aspect of the present disclosure to provide interchangeable snap-in bezels which enable an input mode of the computational device to be altered. In one input mode, a scrambling keypad may be employed where a user is required to slide their fingers in a groove and across a user input device, such as the one of the several variations described above, to achieve a user input. In another input mode, a traditional keypad with numbers in standard locations could be used to achieve user input. In another mode, a gesturing keypad may be utilized whereby a plurality of intersecting grooves are provided and a user is required to slide their fingers in various patterns across the intersecting grooves to achieve the desired user input.
  • The present invention will be further understood from the drawings and the following detailed description. Although this description sets forth specific details, it is understood that certain embodiments of the invention may be practiced without these specific details. It is also understood that in some instances, well-known circuits, components and techniques have not been shown in detail in order to avoid obscuring the understanding of the invention.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present disclosure is described in conjunction with the appended figures:
  • FIG. 1A is a block diagram of an access control system having a first configuration in accordance with embodiments of the present disclosure;
  • FIG. 1B is a block diagram of an access control system having a second configuration in accordance with embodiments of the present disclosure;
  • FIG. 2 is a block diagram of a user device in accordance with embodiments of the present disclosure;
  • FIG. 3 is a block diagram depicting details of a reader/user device in accordance with embodiments of the present disclosure;
  • FIG. 4A is a block diagram depicting a first step of securely entering data via a user interface in accordance with embodiments of the present disclosure;
  • FIG. 4B is a block diagram depicting a second step of securely entering data via a user interface in accordance with embodiments of the present disclosure;
  • FIG. 4C is a block diagram depicting a third step of securely entering data via a user interface in accordance with embodiments of the present disclosure;
  • FIG. 4D is a block diagram depicting a fourth step of securely entering data via a user interface in accordance with embodiments of the present disclosure;
  • FIG. 5A is a block diagram depicting a first configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 5B is a block diagram depicting a second configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 5C is a block diagram depicting a third configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 5D is a block diagram depicting a fourth configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 5E is a block diagram depicting a fifth configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 5F is a block diagram depicting a sixth configuration of a user input in accordance with embodiments of the present disclosure;
  • FIG. 6 is a block diagram depicting details of a secure user interface in accordance with embodiments of the present disclosure;
  • FIG. 7 is a flow diagram depicting a user input capture method in accordance with embodiments of the present disclosure; and
  • FIG. 8 is a flow diagram depicting a user input analysis method in accordance with embodiments of the present disclosure.
  • DETAILED DESCRIPTION
  • The ensuing description provides embodiments only, and is not intended to limit the scope, applicability, or configuration of the claims. Rather, the ensuing description will provide those skilled in the art with an enabling description for implementing the described embodiments. It being understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the appended claims.
  • FIGS. 1A and 1B show illustrative embodiments of an access control system 100 in accordance with embodiments of the prior art. Both configurations of the access control system 100 include a reader 104 that is generally provided at a strategic location to secure one or more assets. In some embodiments, the reader 104 is in communication with a networked device 108 via a first communication link. The first communication link between the reader 104 and networked device 108 may be established over a secured or unsecured communication network via TCP/IP, Wi-Fi, Zigbee, Cellular modem, RS485, current loop, and Wiegand. Such a reader 104 is referred to as a networked reader because the reader 104 provides some or all data used in making an access control decision to the networked device 108. In the embodiment depicted in FIG. 1B, the networked device 108 comprises the necessary functionality, in the form of an authentication module 116, to analyze the data received from the reader 104 and make an access control decision for the reader 104. A control panel is one example of a networked device 108 which is typically used in the access control industry. Other types of networked devices 108 include a host computer with or without a web server, a server providing Software as a Service (SaaS), a cloud-based application, or the like.
  • After the access control decision has been made at the authentication module 116 of the networked device 108, the networked device 108 communicates the results of the decision back to the reader 104, which comprises a release mechanism 120 that is enabled to either release one or more assets if a decision has been made to grant access or maintain such assets in a secure state if a decision has been made to deny access. For access control applications, the release mechanism 120 is typically a relay whereas in logical access applications, the release mechanism 120 is realized by software instructions.
  • In an alternative configuration depicted in FIG. 1A, the release mechanism 120 may be provided in the networked device 108 and the authentication module 116 may be provided in the reader 104. In this configuration, the reader 104 may make the access control decisions and report the results of those decisions to the networked device 108 which selectively activates the release mechanism 120 depending upon the results of the decision made by the authentication module 116.
  • One function of a reader 104 is to control access to certain assets. More specifically, a reader 104 may be positioned at an access point for a given asset (e.g., a door for a room, building, or safe, a computer for electronic files, and so on). Unless a user provides the reader 104 with a valid input via a user interface 112 of the reader 104, the access point is maintained in a secure state such that admittance or access to the asset is denied. If a user enters a valid input via the user interface 112, then the reader 104 has the discretion to allow the user access to the asset and implement various other actions accordingly.
  • Although the reader 104 is depicted as having only a user interface 112, one skilled in the art will appreciate that the reader 104 may be configured to read data from an access control credential carried by the user in addition to receiving user input from the user. A credential is a device that carries evidence of authority, status, rights, and/or entitlement to privileges for a holder of the credential. A credential is a portable device having memory and a reader interface (i.e., an antenna and Integrated Circuit (IC) chip) which enables the credential to exchange data with the reader 104, usually via a credential interface of the reader 104. One example of a credential is an RFID smartcard that has data stored thereon allowing a holder of the credential to access an asset protected by a reader 104. Other examples of a machine-readable credential include, but are not limited to, proximity RFID-based cards, access control cards, credit cards, debit cards, passports, identification cards, key fobs, Near Field Communications (NFC)-enabled cellular phones, Personal Digital Assistants (PDAs), tags, or any other device configurable to emulate a virtual credential.
  • In embodiments where the reader 104 is configured to receive both user input via the user interface 112 and credential input from a credential carried by the user, the reader 104 is capable of performing dual-factor authentication by verifying both the validity of user input (i.e., something that the user knows) as well as the validity of credential input (i.e., something that the user has). The reader 104 may also be configured to receive biometric input from the user to further enhance the security of the access control system 100.
  • As noted above, the networked device 108 may be responsible for making some or all of the asset-access decisions based on data received at the reader 104 from the user. In some embodiments, the reader 104 may not be connected to a networked device 108, in which ease the reader 104 is referred to as a stand-alone reader. Stand-alone readers comprise the decision-making components necessary to analyze input received from a user and determine, based on the received input, if the user is entitled to access an asset secured by the reader 104. The access control rules for entry including time zone, day of week, etc. may be contained in a database in the stand-alone reader that is programmable by methods including using the keypad itself, using a PDA or mobile phone via NFC, infrared light, audio, or a wired connection. In some cases, the access control decision rules may be contained in the machine-readable credential read at the reader incorporated into the stand-alone device/user input combination. Stand-alone readers are generally desirable in situations where a reader 104 is in an isolated location and a communication link between the networked device 108 and reader 104 is not easily established.
  • In configurations where the reader 104 is a networked reader, a communications network may be used to establish the communication link between the reader 104 and networked device 108. Exemplary communication networks may provide bi-directional communication capabilities, which may selectively be implemented in a form of wired, wireless, fiber-optic communication links, or combinations thereof Even though the communication link between the networked device 108 and reader 104 is depicted as bi-direction, one skilled in the art can appreciate that the communication link may be unidirectional. As one example, the reader 104 may utilize the Wiegand protocol to communicate with the networked device 108.
  • The communication link between the reader 104 and networked device 108 may be implemented utilizing buses or other types of device connections. The protocols used to communicate between the networked device 108 and the reader 104 may include one or more of the TCP/IP protocol, RS 232, RS 485, Current Loop, Power of Ethernet (POE), Bluetooth, Zigbee, GSM, WiFi, and other communication methods and protocols known in the art.
  • The networked device 108 may be a general-purpose computer adapted for multi-task data processing and suitable for use in a commercial setting. Alternatively, the networked device 108 may be implemented as a host computer or server and the reader 104 can be connected to the host computer via a TCP/IP connection or other type of network connection. A memory comprising a database of records for the system 100 may be associated with the networked device 108. The database, although not depicted, may be integral with or separated from the networked device 108 or it may be incorporated into the reader 104. The database maintains records associated with the readers 104, users, algorithm(s) for acquiring, decoding, verifying, and modifying data contained in the readers 104, algorithm(s) for testing authenticity and validity of user inputs, algorithm(s) for implementing actions based on the results of these tests, and other needed software programs. Specific configurations of the networked device 108 are determined based on and compliant with computing and interfacing capabilities of the readers 104.
  • FIG. 2 depicts an exemplary user device 204, which may be equipped with a user interface 112 that is similar or identical to the user interface 112 of the reader 104. The user device 204 may correspond to any type of device capable of performing one or more actions based on input received at the user interface 112. Although not depicted, the user device 204 may also be connected to a communication network and may be configured to exchange messages with networked devices 108 via the network. Examples of a user device 204 include, without limitation, a computer, laptop, netbook, iPad®, iPod®, iPhone®, mobile/cellular phone, telephone, Personal Digital Assistant (PDA), or the like.
  • With reference now to FIG. 3, additional details of a reader 104 and/or user device 204 (collectively referred to hereinafter as a “ computational device 104, 204”) will be described in accordance with embodiments of the present invention. The computational device 104, 204 may comprise memory 304 that includes a number of instructions 308, modules, and other data structures as well as a processor 336 for executing the instructions 308 and other contents of memory 304.
  • The computational device 104, 204 may also include a communication interface 344 which allows the computational device 104, 204 to communicate with a networked device 108. Exemplary types of communication interfaces 344 include, without limitation, an RF antenna and driver, an infrared port, a fiberoptics interface, a Universal Serial Bus (USB) port, an Ethernet port, a serial data port, a parallel data port, any type of interface which facilitates communications over a packet-based communication network, such as the Internet, and so on.
  • The computational device 104, 204 may further include a credential interface (not depicted) which enables the computational device 104, 204 to communication with one, two, three, or more different types of credentials. The type of credential interface provided on the computational device 104, 204 may vary according to the type of credential that is in the system 100. In some embodiments, the credential interface includes one or more of an antenna, an array of antennas, an infrared port, an optical port, a magnetic stripe reader, a barcode reader or similar machine-vision components, a Near Field Communications (NFC) interface, or any other component or collection of components which enables the computational device 104, 204 to communicate with credentials and other portable memory devices. In some embodiments, the credential interface enables the computational device 104, 204 to read one or more non-RFID machine-readable credentials including one or more of magnetic stripe cards, bar codes, Wiegand cards, Hollerith, infrared, Dallas 1-wire, and barium ferrite.
  • In some embodiments, the credential interface and communication interface 344 are of the same type (i.e., RF communication interfaces). In some embodiments, the credential interface and communication interface 344 are implemented as a single interface. Thus, the computational device 104, 204 may be enabled to communicate with credentials and networked devices 108 by using the same hardware components.
  • In addition to a communication interface 344, the computational device 104, 204 may include a user interface 112 which facilitates user interaction between the computational device 104, 204 and a user thereof. As will be discussed in further detail herein, the user interface 112 may include one or more user inputs, one or more user outputs, or a combination user input/output. Exemplary user inputs include, without limitation, keypads (traditional or laser-projected), buttons, switches, a linear pressure sensor (e.g., linear potentiometer that is resistive and/or capacitive), a peripheral device such as a touch pad peripheral included as part of a PC or as a separate peripheral connected by, for example, USB, a mouse/trackball wheel, a mouse or trackball movement, optical detection technologies, pressure sensitive device, resistive, capacitive touch, electrostatic, or magnetic screen enabled to detect finger and pen input, rotating door knob, combination, lock, or the like. Exemplary user outputs include, without limitation, lights, display screens (projection, LCD, LED, OLED, plasma, etc.), individual LED's, seven segment LED display, multi-digit LED display, etc. In some embodiments, the user output may also be provided with a privacy shielding material, such as 3M's Vituki® product. The privacy shielding material may help ensure that off-axis viewing of the user output is minimized. For an even stronger protection against off-axis viewing, a louver may be utilized which recesses the actual display portion of the user output within a cavity that limits the field of view to the display portion. Exemplary combination user input/outputs may include a touch-screen interface, a multi-touch-screen interface (i.e., a touch-screen interface adapted to recognize multiple simultaneous touches, gestures, “pinches”) or any other type of interface which is capable of simultaneously displaying a user output and receiving a user input.
  • In addition to memory 304, the computational device 104, 204 may also include processing memory 340, which may be in the form of a Randomly Accessible Memory (RAM), cache memory, or any other type of memory used to facilitate efficient processing of instructions 208 by the processor 336.
  • Whereas the processing memory 340 is used to temporarily store data during processing tasks, the memory 304 is provided to store permanent instructions 308 which control the operational behavior of the computational device 104, 204. The memory 304 and/or 340 may be implemented using various types of electronic memory generally including at least one array of non-volatile memory cells (e.g., Erasable Programmable Read Only Memory (EPROM) cells or FLASH memory cells, etc.) The memory 304 and/or 340 may also include at least one array of dynamic random access memory (DRAM) cells. The various routines and modules which may be included in memory 304 comprise one or more of an authentication module 312, authentication data 320, a communication module 316, and configuration data 324.
  • The communication module 316 provides instructions which enable the computational device 104, 204 to communicate with other devices. In particular, the communication module 316 may comprise message encoding and/or decoding instructions, message encryption and/or decryption instructions, compression and/or decompression instructions, trans-coding instructions, and any other known type of instructions which facilitate communications over a communications network. For example, the communication module 316 may comprise instructions which enable the computational device 104, 204 to create one or more messages or communication packets which are appropriately formatted and transmitted in accordance with a known communication protocol via the communication interface 344. Likewise, the communication module 316 may also comprise instructions which enable the computational device 104, 204 to format messages received over the communication interface 344 for processing by various other components of the computational device 104, 204.
  • Another module which may be provided in the instructions 308 is an authentication module 312 that is capable of receiving data from the user input portion of the user interface 112, analyzing the received data, and determining if the received data corresponds to valid data. In some embodiments, the authentication module 312 may refer to authentication data 320 which is also stored in memory 304. In some embodiments, the authentication data 320 may comprise a list of valid or authorized credentials and their corresponding credential data. Alternatively, the authentication data 320 may comprise algorithms for analyzing received data and determining if such data is valid.
  • Configuration data 324 may also be maintained in memory 304. In some embodiments, the configuration data 324 describes operating characteristics of the computational device 104, 204 such as model number, firmware version(s), software version(s), computational device 104, 204 identifier, and other data which describes the computational device 104, 204. The characteristics of computational device 104, 204 may be inherent characteristics or provisioned characteristics.
  • Although not depicted, the memory 304 may also contain heuristic instructions for detecting attacks on the computational device 104, 204 or other components of the access control system 100. Details of a computational device 104, 204 configured with embedded attack detection heuristics is further described in U.S. Patent Publication No. 2010/0039220 to Davis, the entire contents of which are hereby incorporated herein by reference. Other components of memory 204 may include a User Interface (UI) driver 328 and an operating system 332, which is a high-level application that facilitates interactions between various other modules and applications in memory 204 and hardware components of the computational device 104, 204. The UI driver 328 may be responsible for facilitating operations of the user interface 112. In some embodiments, the UI driver 328 includes commands for determining when user inputs are received at the user interface 112, identifying parameters of user inputs received at the user interface 112, conditioning parameters of use inputs received at the user interface 112 into data values which can be processed by the modules contained in memory 304, determining what and when to display data as an output at the user interface 112, and the like. In other words, the UI driver 328 may contain any commands necessary to provide a secure user interface 112 as described herein.
  • The processor 336 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming. Alternatively, the various modules described herein may be implemented as hardware or firmware rather than software and the processor 304 may comprise a specially configured Application Specific Integrated Circuit (ASIC).
  • With reference now to FIGS. 4A-D, an exemplary user interface 112 and process for securely entering data via the user interface 112 will be described in accordance with at least some embodiments of the present disclosure. The process depicted and described enters the simple number combination of “639”. As can be appreciated, alphanumeric inputs and more complicated data values may be utilized and the example depicted in FIGS. 4A-D is merely illustrative of one type of data input which can be realized with the user interface 112 of the present disclosure.
  • Also, although a user's finger is depicted as providing the input on a user input portion 404, any other type of mechanism may be utilized to interact with the user input portion 404. For example, the user may interact with the user input portion 404 with a stylus, pen, mouse, etc.
  • The user interface 112 may comprise both a user input portion 404 and a separate user output portion 408. The user input portion 404 may comprise a number of input zones 412 a-N, each corresponding to a different input value. A user engages the user interface 112 by touching the user input portion 404. In some embodiments, the touching of the user input portion 404 is detected by a pressure-sensitive user input portion 404. In some embodiments, the user input portion 404 may be configured with optics which detects a user's input by taking a plurality of images and determining that the user's finger is engaged with and moving across the user input portion 404. As the user slides their finger across the user input portion 404 in the direction of arrow 420, the user input zones 412 a-N are sequentially activated and deactivated (i.e., the data value corresponding to the input zone 412 where the user's finger is currently detected is displayed via the user output portion 408), based on detection of the user's finger within a particular user input zone 412.
  • In some embodiments, during the first instance of user input depicted in FIG. 4A, the first input zone 412 a may be assigned a first data value, the second input zone 412 b may be assigned a second data value, the third input zone 412 c may be assigned a third data value, and so on. When the user initially touches the first input zone 412 a, the first data value may be displayed via the user output portion 408. While sliding, the user's finger transitions from the first input zone 412 a to the second input zone 412 b. Once a greater amount of the user's finger area is within the second input zone 412 b instead of the first input zone 412 a, the user output portion 408 displays the second data value instead of the first data value. The user continues moving their finger across the user input portion 404 until they reach the desired input zone 416, which corresponds to the data value that the user wants to enter. Upon reaching the desired input zone 416, the desired data value is depicted via the user output portion 408. When the user sees the desired data value in the user output portion 408, the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a first data input. In the example of FIG. 4A, the first data input corresponds to the data value of 6.
  • After the first instance of user input, the data values assigned to each input zone 412 a-N may be re-assigned to new input zones. Alternatively, each input zone 412 a-N may continue to have the same data value assigned thereto until a complete data entry has been completed or until an invalid data entry has been detected. In other words, it may be possible to re-assign data values to input zones 412 a-N every time a new data input is received, after a complete valid password has been received, after the enter or clear input has been selected, or after an incomplete password has been received.
  • Moreover, the first data input may be provided from the UI driver 326 to the authentication module 312 immediately after it has been input by the user or it may be stored in cache memory until the user selects enter, at which time a series of data inputs is provided to the authentication module 312 for analysis.
  • Following the first data input, the user may re-engage the user input portion 404 to provide a second instance of data input as is depicted in FIG. 4B. Although different data values may be assigned to the input zones 412 a-N, the process for providing the data input is similar to the first instance of the data input. In particular, the user slides their finger across the input zones 412 a-N of the user input portion 404 until their finger reaches the desired input zone 416. The user is able to determine that their finger is within the desired input zone 416 by monitoring the value displayed via the user output portion 408. Once the user's finger is within the desired input zone 416, the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a second data input. In the example of FIG. 4B, the second data input corresponds to the data value of 3.
  • Following the second data input, the user may re-engage the user input portion 404 to provide a third instance of data input as is depicted in FIG. 4C. Again, the user slides their finger across the input zones 412 a-N of the user input portion 404 until their finger reaches the desired input zone 416. Once the user's finger is within the desired input zone 416, the user releases their finger from the user input portion 404 and the data value corresponding to the desired input zone 416 is entered as a third data input. In the example of FIG. 4C, the third data input corresponds to the data value of 9.
  • Assuming that a complete and valid data entry is “639”, the user then has to engage the user input portion 404 to command the UI driver 328 to enter the complete data entry and provide the complete data entry to the authentication module 312. The enter command is entered in a similar fashion as the first, second, and third data inputs were entered. In particular, the user slides their finger across the input zones 412 a-N of the user input portion 404 until their finger reaches the desired input zone 416. As can be seen in FIG. 4D, in this step of the process, the enter command is assigned to the desired input zone 416 instead of a data value. The user releases their finger from the user input portion 404 after they determine that their finger is within the desired input zone 416 and the enter command is provided to the UI driver 328, thereby causing the UI driver 328 to send the complete data entry to the authentication module 312 for analysis.
  • In some embodiments, however, if the code to be entered is a fixed number of digits, then the active implementation of an enter input is not required. In particular, the E key is not displayed and, instead, the data entry is complete after the last digit has been entered.
  • If the complete data entry corresponds to a valid user input, then the authentication module 312 may determine that the user is allowed to access whatever asset is being secured by the computational device 104, 204. In response to making such a determination, the computational device 104, 204 may allow the user access to whatever asset was previously secured.
  • With reference now to FIGS. 5A-F, a number of possible configurations of a user input portion 404 of a user interface 112 will be described in accordance with embodiments of the present disclosure. As discussed above, each input zone 412 a-N may be assigned a different data value. The data value-to-input zone assignment may be configured to last permanently, for a predetermined amount of time, until a predetermined event occurs, and so on. As one example, each input zone 412 a-N may have new data values assigned thereto after every instance of user input. As another example, the data values assigned to the input zones 412 a-N may be flipped-flopped after every instance of user input or after every instance of a completed data entry. As another example, the data values assigned to the input zones 412 a-N may vary between numeric data values and then alphabetical/character data values after every instance of user input. As another example, the spaces between input zones 412 a-N or relative sizes of input zones 412 a-N may be altered after every instance of user input or after every instance of a completed data entry. An another example, the data values assigned to the input zones 412 a-N may be randomly re-assigned after every instance of user input or after every instance of a completed data entry. Combinations of the above examples may also be implemented.
  • By providing a user input portion 404 with the ability to have the data values assigned to the input zones 412 a-N according to a number of different configurations, a more secure user interface 112 can be provided. In particular, changing the data values assigned to the input zones 412 a-N helps ensure that a particular pattern cannot be discerned as corresponding to a valid input since the same values will likely be input with different patterns. The exemplary configurations of the data value-to-input zone assignments represent only a few of the many possible configurations (whether specifically discussed or not) may be utilized by the user interface 112.
  • Referring initially to FIG. 5A, a first exemplary configuration of a user input portion 404 is depicted where the data values are assigned incrementally to adjacent input zones 412 starting at the left and moving to the right.
  • With reference to FIG. 5B, a second exemplary configuration of a user input portion 404 is depicted where the data values are assigned decrementally to adjacent input zones 412 starting at the left and moving to the right.
  • With reference to FIG. 5C, a third exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412. In the first, second, and third exemplary configurations, the enter command is assigned to the Nth input zone 412N. As can be appreciated, certain configurations may allow the enter command to be assigned to some input zone 412 that is surrounded by at least two input zones 412.
  • With reference to FIG. 5D, a fourth exemplary configuration of a user input portion 404 is depicted where the data values are assigned randomly to the input zones 412 and the enter command is assigned to the first input zone 412 a.
  • With reference to FIG. 5E, a fifth exemplary configuration of a user input portion 404 is depicted where the size of each input zone 412 varies from one input zone to the next. The alteration of size/area of input zones 412 may be coupled with other configurations described herein to further enhance the security of the user interface 112.
  • With reference to FIG. 5F, a sixth exemplary configuration of a user input portion 404 is depicted where data values are assigned to all but two of the input zones 412 a-N, the enter command is assigned to the first input zone 412 a, and a clear command is assigned to the Nth input zone 412N. In some embodiments, the clear command can be used to delete the last data value that was entered by a user or to delete a complete data entry.
  • With reference now to FIG. 6, exemplary components of a user interface 112 are depicted in accordance with at least some embodiments of the present disclosure. The components used to construct the user interface 112 provide both a secure mechanism for capturing user input as well as a cost-effective alternative to the Hirsch ScramblePad® and similar secure data-entry technologies. In some embodiments, the user interface 112 may comprise a controller 604 which includes one or more links to a user input 608, one or more links to a user output 612, and one or more links to a communication network. In some embodiments, the controller 604 corresponds to a microcontroller and may be implemented as part or all of the processor 336.
  • The user input 608 may correspond to a linear potentiometer (resistive or capacitive) which is configured to detect pressure applied thereto and a location of such pressure and provide an output electrical signal to the controller 604 in response thereto. The controller 604 may be configured to analyze the electrical signals received from the user input 608, determine a data value associated with such electrical signals, and send a command to the user output 612 which causes the user output 612 to display the data values so that they can be perceived by the user. In some embodiments, the user output 612 corresponds to a single or multiple digit seven segment LED/LCD display and the controller 604 may comprise an 8 bit or higher analog-to-digital converter which converts analog signals received from the user input 608 into digital signals for transmission to the user output 612.
  • The connection to the communication network may be implemented as any type of known communication interfaces 344. Examples of such communication interfaces 344 include, without limitation, a Wiegand port, an RS485 output, an Ethernet port, a USB port, and the like.
  • With reference now to FIG. 7, an exemplary user input capture method will be described in accordance with at least some embodiments of the present disclosure. The method begins at step 704 and continues when user interaction with the user interface 112 is detected (step 708). In some embodiments, detection of user activity at the user interface 112 may trigger the initiation of the user input capture method. Additionally, the way in which user activity is detected at the user interface 112 will depend on the type of user interface 112 being utilized. In particular, if a user interface 112 is employed that includes a pressure-sensitive user input portion 404, then detection of user activity occurs when pressure is detected as being applied at a concentrated point or area within the user input portion 404. If a user interface 112 is employed that includes an optical user input portion 404, then detection of user activity occurs when one or more images are captured which indicate that a user has touched the user input portion 404.
  • Assuming that a pressure-sensitive user input portion 404 is being utilized, the method continues with the controller 604 or UI driver 328 determining the data value corresponding to the currently selected input zone 412 and causing the determined data value to be displayed via a user output portion 408 of the user interface 112 (step 712).
  • Thereafter, the controller 604 or UI driver 328 determines if the release of pressure has been detected (step 716). The amount of pressure release required to affirmatively answer the query of step 716 may vary depending upon tolerances of the user input portion 404, environmental factors, and the like. In some embodiments, a complete release of pressure (i.e., a reading of ambient pressure only) may be required to satisfy the query of step 716. Alternatively, the pressure may only need to be decreased by a predetermined amount or by a predetermined percentage of the maximum pressure detected during step 708.
  • If the release of pressure has not been detected, then the method returns to step 712 and a new data value is determined and displayed if the user scrolls their finger into a new input zone 412 of the user input portion 404.
  • If, however, the query of step 716 is answered affirmatively, then the method continues with the controller 604 or UI driver 328 determining if the release occurred within a defined input zone 412 having a data value or command associated therewith (step 728). If not, then an error message is displayed via the user output portion 408 (step 724). Thereafter, the determination is made as to whether the user input capture method is done (step 728). This query may be answered negatively if user input is again detected at the user input portion 404 within a predetermined amount of time after the error message was displayed. Conversely, the query of step 728 may be answered affirmatively if a predetermined number of errors occurred within a predetermined amount of time or if some other user input was detected which suggests that the computational device 104, 204 is under a potential attack. For example, if the user engages a panic input (e.g., by applying a pressure at the user input portion 404 that is greater than a predetermined pressure threshold), then the query of step 728 may be answered affirmatively. If the query of step 728 is answered affirmatively, then the user input capture method is concluded (step 732). In some embodiments, an additional step of temporarily disabling some or all functionality of the computational device 104, 204 may be performed if it is determined that the computational device 104, 204 is potentially under attack.
  • If the query of step 728 is answered negatively, then the method returns to step 708.
  • Referring back to step 720, if the user releases the user input portion 404 within an input zone having a data value assigned thereto, then the controller 604 or UI driver 328 determines the data value currently corresponding to the input zone 412 where the pressure was last detected (e.g., where the release was detected) (step 736).
  • The data value determined during the first iteration of step 736 may correspond to a first data input. The method continues by determining whether or not there will be more data entry before data is transmitted to the authentication module 312 for analysis (step 740). If no additional data capture is necessary (e.g., the user has selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 sequentially rather than as a string of data values), then the first data input is transmitted to the authentication module 312 for analysis (step 744). Alternatively, the first data input may be transmitted to a networked device 108 for analysis. Thereafter, the method continues to step 728 to determine whether additional data inputs are being received or whether the user input capture method is complete.
  • Referring back to step 740, if additional data capture is necessary (e.g., the user has not selected the enter command or data inputs are provided to the authentication module 312 or networked device 108 as a string of data values rather than sequential inputs), then the first data input is stored in a cache memory for later transmission with other data inputs that are yet to be captured (step 748). Thereafter, the method returns to step 708 to begin the process of capturing the second data input, third data input, and so on until the user selects the enter command or until a predetermined number of data inputs have been captured.
  • With reference now to FIG. 8, an exemplary user input analysis method will be described in accordance with at least some embodiments of the present disclosure. The method begins when user input is received at the user interface 112 (step 804). Thereafter, the method may proceed down one of two paths depending upon a number of considerations. One path corresponds to a process of determining a user input parameter average (or other result obtained from a different mathematical formula), whereas the other path corresponds to a process of analyzing the currently received user input based on a historical user input parameter average to determine if the currently received user input is suspect. The analysis process is generally not performed until a predetermined and suitable number of user inputs have been received such that a user input parameter average is determined and the standard deviation of the user input parameters used to calculate the average is less than a predetermined threshold value.
  • If the method continues only with the process of determining a user input parameter average, then one or more parameters of interest are determined for the recently received user input (step 808). Exemplary parameters of interest which may be determined in this step include amount of pressure applied to the user input portion 404, size of finger, fingerprints or fingerprint characteristics, slide speed, and so on. The determined parameter(s) of interest determined for the recently received user input are then used to determine an average of the parameter(s) of interest (step 812). The average values may be based on all user inputs received or based only on valid user inputs received.
  • Referring back to step 804, if the method continues with the process of determining user input validity (i.e., the analysis process), then the method continues with the authentication module 312 comparing one or more parameters of interest from the recently received user input with averages of the corresponding one or more parameters of interest (step 816). Based on the comparison of step 816, the authentication module 312 determines if the parameter(s) of interest for the recently received user input are valid (step 820). In this step, the authentication module 312 may determine that user inputs are invalid or suspect if they have a parameter of interest which deviates from the average by more than a predetermined threshold value (i.e., by either exceeding or falling below the average).
  • Accordingly, if the query of step 820 is answered negatively, then the computational device 104, 204 may perform one or more actions which are consistent with determining that an invalid or suspect user input has been received (step 824). Such actions may include slowing down the rate at which entries are accepted by the computational device 104, 204, temporarily disabling functionality of the computational device 104, 204, permanently disabling functionality of the computational device 104, 204, transmitting a message to security personnel, sounding an alarm, combinations thereof, or the like.
  • If, however, the query of step 820 is answered affirmatively, then the method may continue with the process of determining a user input parameter average.
  • A number of extensions and alternative implementations are considered to be within the scope of the present disclosure. As one example, a linear potentiometer is not the only type of user input portion 404 that can be utilized to achieve a cost-effective but secure user interface 112. Rather, the use of a touch screen configured to simultaneously detect and analyze multiple inputs can be utilized. In such an implementation in addition to sliding motions, different gesturing motions, such as pinching, could be utilized to select individual digits. In particular, if a pinching gesture is utilized to achieve a user input, then the relative distance between the user's two fingers may be correlated to the input zones 412 described above. A very small distance (e.g., 1-5 mm) between the user's two fingers may correspond to the Nth input zone 412N whereas a very larger distance (e.g., 10-20 cm) between the user's two fingers may correspond to the first input zone 412 a. All other aspects of the present disclosure may be performed in substantially the same way as described. Specifically, there could be separate pinch zones for each data value in a multi-digit entry.
  • As another possible extension contemplated by the present disclosure, the electronics of the user interface 112 including the controller 604, the connections between the controller 604, the user input 608, and the user output 612 may be potted in a potting material, thereby making the user interface 112 substantially weather resistant.
  • As another possible extension contemplated by the present disclosure, a pressure sensitive device could be used to select data inputs where different magnitudes of applied pressure correspond to the input zones 412 described above. A number of different magnitudes of applied pressure may have different data values assigned thereto. As the user presses the user input portion 404 harder, the different data values may be displayed via the user output 408. When the desired data value is displayed via the user output 408, the user may completely release the user input portion 404 and the data value corresponding to the last-displayed data value is selected as the data input. The value may correspond to a digit, an enter command, a clear command, or a series of input commands.
  • The use of a pressure sensor may also enable additional inputs without requiring the user to slide their finger across the user input portion 404. In particular, a user may press the user input portion 404 extra “hard” (e.g., applies a pressure greater than a predetermined amount of pressure) to signify: (1) that data entry is complete; (2) that one or more previous entries should be erased; or (3) that the user is under duress and security personnel should be notified.
  • In another possible extension contemplated by the present disclosure, a reserved code can be utilized to enter a “programming mode” where the configuration data 324 can be changed. For example, the configuration data 324 may define how configurations of the user input portion 404 are scrambled between user inputs, the number of digits to be displayed via the user output portion 408, data output formats, the programming mode code, a list of one or more input passwords that will unlock access to the asset, etc. During the programming mode, one or more of these operating characteristics can be modified.
  • In another possible extension, a biometric swipe sensor may be designed to utilize some or all of the concepts disclosed herein. Specifically, the biometric swipe sensor can be configured to detect partial swipes of a user's finger and correlate different amounts of partial swipes to a different input value. During such partial swipes, the user's finger print may also be analyzed as a second factor of authentication.
  • In the foregoing description, for the purposes of illustration, methods were described in a particular order. It should be appreciated that in alternate embodiments, the methods may be performed in a different order than that described. It should also be appreciated that the methods described above may be performed by hardware components or may be embodied in sequences of machine-executable instructions, which may be used to cause a machine, such as a general-purpose or special-purpose processor or logic circuits programmed with the instructions to perform the methods. These machine-executable instructions may be stored on one or more machine readable mediums, such as CD-ROMs or other type of optical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, SIMs, SAM,s, magnetic or optical cards, flash memory, or other types of machine-readable mediums suitable for storing electronic instructions. Alternatively, the methods may be performed by a combination of hardware and software.
  • Specific details were given in the description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits may be shown in block diagrams in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
  • Also, it is noted that the embodiments were described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed, but could have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
  • Furthermore, embodiments-may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks may be stored in a machine readable medium such as storage medium. A processor(s) may perform the necessary tasks. A code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc.
  • While illustrative embodiments of the disclosure have been described in detail herein, it is to be understood that the inventive concepts may be otherwise variously embodied and employed, and that the appended claims are intended to be construed to include such variations, except as limited by the prior art.

Claims (10)

1-21. (canceled)
22. A method of securely receiving user input at a computational device, the method comprising:
detecting a first user pinch gesture at a user input of the computational device, the first user pinch gesture having a first size;
correlating the first user pinch gesture to a first selection based on the first size of the first user pinch gesture;
detecting a second user pinch gesture at the user input of the computational device, the second user pinch gesture having a second size that is different from the first size; and
correlating the second user pinch gesture to a second selection based on the second size of the second pinch gesture.
23. The method of claim 22, further comprising:
conditioning the first selection and second selection as input data for the computational device; and
transmitting the input data to an authentication module for comparison with authentication data.
24. The method of claim 23, wherein the authentication module is contained within the computational device.
25. The method of claim 22, further comprising:
determining, for the first user pinch gesture, a first value of a user input parameter of interest;
determining, for the second user pinch gesture, a second value of the user input parameter of interest; and
determining an average value of the user input parameter of interest based, at least in part, on the first and second values of the user input parameter of interest.
26. The method of claim 22, further comprising:
altering a size of an input zone for the user input based on either the first size or the second size.
27. The method of claim 22, further comprising:
altering a space between input zones between the first user pinch gesture and the second user pinch gesture.
28. A computational device, comprising:
a user interface including a user input portion and a user output portion;
a processor; and
a computer-readable medium coupled to the processor, the computer-readable medium including instructions configured to enable the processor to detect a first user pinch gesture at the user input portion then correlate a size of the first user pinch gesture to a first input, determine a first data value corresponding to the first input, cause the first data value to be displayed via the user output portion, detect a second user pinch gesture at the user input portion then correlate a size of the second user pinch gesture to a second input, wherein the size of the first user pinch gesture is different from the size of the second user pinch gesture, determine a second data value corresponding to the second input, cause the second data value to be displayed via the user output portion, determine that a user has discontinued the second user pinch gesture, and in response to determining that the user has discontinued the second user pinch gesture, condition the second data value as input data for the computational device.
29. The device of claim 28, further comprising a communication interface configured to transmit the second data value to a networked device.
30. The device of claim 28, wherein the user output portion is physically separated from the user input portion such that the data values displayed via the user output portion are not viewed through the user input portion.
US15/407,794 2011-03-21 2017-01-17 System and method of secure data entry Abandoned US20170154175A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US15/407,794 US20170154175A1 (en) 2011-03-21 2017-01-17 System and method of secure data entry
US15/948,416 US10599822B2 (en) 2011-03-21 2018-04-09 System and method of secure data entry

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
PCT/US2011/029142 WO2012128750A1 (en) 2011-03-21 2011-03-21 System and method of secure data entry
US201314006329A 2013-12-17 2013-12-17
US15/407,794 US20170154175A1 (en) 2011-03-21 2017-01-17 System and method of secure data entry

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2011/029142 Division WO2012128750A1 (en) 2011-03-21 2011-03-21 System and method of secure data entry
US14/006,329 Division US20140173717A1 (en) 2011-03-21 2011-03-21 System and method of secure data entry

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/948,416 Continuation US10599822B2 (en) 2011-03-21 2018-04-09 System and method of secure data entry

Publications (1)

Publication Number Publication Date
US20170154175A1 true US20170154175A1 (en) 2017-06-01

Family

ID=46879643

Family Applications (3)

Application Number Title Priority Date Filing Date
US14/006,329 Abandoned US20140173717A1 (en) 2011-03-21 2011-03-21 System and method of secure data entry
US15/407,794 Abandoned US20170154175A1 (en) 2011-03-21 2017-01-17 System and method of secure data entry
US15/948,416 Active 2031-04-01 US10599822B2 (en) 2011-03-21 2018-04-09 System and method of secure data entry

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/006,329 Abandoned US20140173717A1 (en) 2011-03-21 2011-03-21 System and method of secure data entry

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/948,416 Active 2031-04-01 US10599822B2 (en) 2011-03-21 2018-04-09 System and method of secure data entry

Country Status (3)

Country Link
US (3) US20140173717A1 (en)
EP (1) EP2689304A4 (en)
WO (1) WO2012128750A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10599822B2 (en) 2011-03-21 2020-03-24 Assa Abloy Ab System and method of secure data entry

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101615461B1 (en) 2007-09-24 2016-04-25 애플 인크. Embedded authentication systems in an electronic device
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
US9002322B2 (en) 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
KR101509495B1 (en) * 2013-10-18 2015-04-09 한국전자통신연구원 The input device and method for security keypad by shifting keypad
KR102187219B1 (en) * 2014-01-22 2020-12-04 삼성전자주식회사 Electronic device and method for providing control function using fingerprint sensor
US10691332B2 (en) * 2014-02-28 2020-06-23 Samsung Electronics Company, Ltd. Text input on an interactive display
US10482461B2 (en) 2014-05-29 2019-11-19 Apple Inc. User interface for payments
DK179471B1 (en) 2016-09-23 2018-11-26 Apple Inc. Image data for enhanced user interactions
JP6736686B1 (en) 2017-09-09 2020-08-05 アップル インコーポレイテッドApple Inc. Implementation of biometrics
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
EP4264460A1 (en) 2021-01-25 2023-10-25 Apple Inc. Implementation of biometric authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088017A (en) * 1995-11-30 2000-07-11 Virtual Technologies, Inc. Tactile feedback man-machine interface device
US20110179381A1 (en) * 2010-01-21 2011-07-21 Research In Motion Limited Portable electronic device and method of controlling same
US20110199386A1 (en) * 2010-02-12 2011-08-18 Honeywell International Inc. Overlay feature to provide user assistance in a multi-touch interactive display environment
US9183554B1 (en) * 2009-04-21 2015-11-10 United Services Automobile Association (Usaa) Systems and methods for user authentication via mobile device

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4100534A (en) 1976-12-09 1978-07-11 Tuthill Corporation Electronic security system
US4221975A (en) 1978-04-19 1980-09-09 Touch Activated Switch Arrays, Inc. Touch activated controller and method
EP0046763B1 (en) 1980-02-15 1985-08-14 Rehm Pty. Ltd. Keyboard operated security apparatus
US4333090A (en) 1980-05-05 1982-06-01 Hirsch Steven B Secure keyboard input terminal
US4479112A (en) 1980-05-05 1984-10-23 Secure Keyboards Limited Secure input system
US4369973A (en) 1980-11-21 1983-01-25 Aurora Joseph R D Electronic crossword puzzle
US4644326A (en) 1983-06-03 1987-02-17 Secure Keyboards Limited Unitary key panel
US4806745A (en) 1986-04-18 1989-02-21 Sharp Kabushiki Kaisha IC card with fewer input keys
US5600324A (en) 1992-05-11 1997-02-04 Rockwell International Corporation Keyless entry system using a rolling code
US5949348A (en) 1992-08-17 1999-09-07 Ncr Corporation Method and apparatus for variable keyboard display
FR2723806A1 (en) 1994-08-17 1996-02-23 Schlumberger Ind Sa SECURE KEYBOARD DEVICE
US5970146A (en) 1996-05-14 1999-10-19 Dresser Industries, Inc. Data encrypted touchscreen
IL137478A (en) * 1998-01-26 2005-11-20 Westerman Wayne Method and apparatus for integrating manual input
US6434702B1 (en) 1998-12-08 2002-08-13 International Business Machines Corporation Automatic rotation of digit location in devices used in passwords
US6317835B1 (en) 1998-12-23 2001-11-13 Radiant Systems, Inc. Method and system for entry of encrypted and non-encrypted information on a touch screen
US6549194B1 (en) 1999-10-01 2003-04-15 Hewlett-Packard Development Company, L.P. Method for secure pin entry on touch screen display
US7370983B2 (en) * 2000-03-02 2008-05-13 Donnelly Corporation Interior mirror assembly with display
US20030014239A1 (en) * 2001-06-08 2003-01-16 Ichbiah Jean D. Method and system for entering accented and other extended characters
GB2381603B (en) * 2001-10-30 2005-06-08 F Secure Oyj Method and apparatus for selecting a password
US7652660B2 (en) * 2005-10-11 2010-01-26 Fish & Richardson P.C. Mobile device customizer
US7649522B2 (en) * 2005-10-11 2010-01-19 Fish & Richardson P.C. Human interface input acceleration system
US8564544B2 (en) 2006-09-06 2013-10-22 Apple Inc. Touch screen device, method, and graphical user interface for customizing display of content category icons
US20080165149A1 (en) * 2007-01-07 2008-07-10 Andrew Emilio Platzer System, Method, and Graphical User Interface for Inputting Date and Time Information on a Portable Multifunction Device
US8059101B2 (en) * 2007-06-22 2011-11-15 Apple Inc. Swipe gestures for touch screen keyboards
CN101340281B (en) * 2007-07-02 2010-12-22 联想(北京)有限公司 Method and system for safe login input on network
JP2009169456A (en) * 2008-01-10 2009-07-30 Nec Corp Electronic equipment, information input method and information input control program used for same electronic equipment, and portable terminal device
US8909297B2 (en) * 2008-03-04 2014-12-09 Mike Matas Access management
ES2485501T3 (en) 2008-08-14 2014-08-13 Assa Abloy Ab RFID reader with built-in attack detection heuristics
KR101517509B1 (en) * 2008-09-08 2015-05-04 엘지전자 주식회사 Mobile terminal and control method thereof
US8982105B2 (en) * 2008-12-09 2015-03-17 Sony Corporation Ergonomic user interfaces and electronic devices incorporating same
US20120019471A1 (en) * 2009-04-20 2012-01-26 Carsten Schlipf Entering information into a communications device
US8681106B2 (en) * 2009-06-07 2014-03-25 Apple Inc. Devices, methods, and graphical user interfaces for accessibility using a touch-sensitive surface
CN101655771B (en) * 2009-09-07 2011-07-20 上海合合信息科技发展有限公司 Method and system for inputting multi-contact characters
US20110316791A1 (en) * 2010-06-27 2011-12-29 Peigen Jiang Touch pad character entering system and method
US8856688B2 (en) * 2010-10-11 2014-10-07 Facebook, Inc. Pinch gesture to navigate application layers
EP2689304A4 (en) 2011-03-21 2014-09-10 Assa Abloy Ab System and method of secure data entry

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088017A (en) * 1995-11-30 2000-07-11 Virtual Technologies, Inc. Tactile feedback man-machine interface device
US9183554B1 (en) * 2009-04-21 2015-11-10 United Services Automobile Association (Usaa) Systems and methods for user authentication via mobile device
US20110179381A1 (en) * 2010-01-21 2011-07-21 Research In Motion Limited Portable electronic device and method of controlling same
US20110199386A1 (en) * 2010-02-12 2011-08-18 Honeywell International Inc. Overlay feature to provide user assistance in a multi-touch interactive display environment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10599822B2 (en) 2011-03-21 2020-03-24 Assa Abloy Ab System and method of secure data entry

Also Published As

Publication number Publication date
EP2689304A4 (en) 2014-09-10
US10599822B2 (en) 2020-03-24
EP2689304A1 (en) 2014-01-29
US20140173717A1 (en) 2014-06-19
WO2012128750A1 (en) 2012-09-27
US20180293368A1 (en) 2018-10-11

Similar Documents

Publication Publication Date Title
US10599822B2 (en) System and method of secure data entry
US11089012B2 (en) Event driven second factor credential authentication
Jansen Authenticating users on handheld devices
KR101280050B1 (en) Location-based security system for portable electronic device
EP1980049B1 (en) Wireless authentication
US9507928B2 (en) Preventing the discovery of access codes
EP2192511B1 (en) Simplified biometric character sequence entry
US9342673B2 (en) Method for user authentication in a device comprising a touch screen
CN105894616A (en) Access Management System And Method
EP3094122B1 (en) Systems and methods for protecting sensitive information stored on a mobile device
CA2925747A1 (en) Secure passcode entry user interface
CN105678147B (en) Touch operation method and device
CN108475306B (en) User interface for mobile device
Guerar et al. Securing PIN‐based authentication in smartwatches with just two gestures
US20140230026A1 (en) Biometric-Based Access Control System Comprising a Near Field Communication Link
US20120017273A1 (en) Apparatus and method for improving the security in portable communication system
US8924734B2 (en) Key and method for entering computer related passwords via a mnemonic combination
EP2738707B1 (en) Interactive reader commander
US9515831B2 (en) Reducing the effectiveness of smudge and thermal imaging attacks
US20210083877A1 (en) System and a method for user authentication and/or authorization
CN107480482A (en) A kind of touch screen unlocking method, device and touch screen terminal
EP3564837A1 (en) System, method and computer programs for user authentication and/or authorization
CN106845180A (en) Verify identity method, using and computing device
CN112364673A (en) Information verification method, terminal equipment, NFC verification device and system
US20240095331A1 (en) Apparatus, system and method for secure data entry

Legal Events

Date Code Title Description
AS Assignment

Owner name: ASSA ABLOY AB, SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DAVIS, MICHAEL L.;REEL/FRAME:040988/0515

Effective date: 20131203

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION