WO2010134808A1 - Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor. - Google Patents

Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor. Download PDF

Info

Publication number
WO2010134808A1
WO2010134808A1 PCT/NL2010/050296 NL2010050296W WO2010134808A1 WO 2010134808 A1 WO2010134808 A1 WO 2010134808A1 NL 2010050296 W NL2010050296 W NL 2010050296W WO 2010134808 A1 WO2010134808 A1 WO 2010134808A1
Authority
WO
WIPO (PCT)
Prior art keywords
screen
images
alphanumeric characters
graphical data
entity
Prior art date
Application number
PCT/NL2010/050296
Other languages
French (fr)
Inventor
Wynand Vermeulen
Erik Vermeer
Original Assignee
Bell Identification B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bell Identification B.V. filed Critical Bell Identification B.V.
Publication of WO2010134808A1 publication Critical patent/WO2010134808A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Definitions

  • the present invention is directed to a method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, wherein said screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation, said method comprising the steps of: an interaction entity providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user; displaying said one or more alphanumeric characters on said screen on said randomized positions for selection by said user; and said interaction entity receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters.
  • the present invention is further directed to an interaction entity for use in such a method.
  • PIN personal identification numbers
  • ATM's automatic teller machines
  • POS point of sale
  • PIN personal identification numbers
  • An unexplored possibility in the field of electronic banking is the direct entry of personal identification numbers (PIN) in computer systems, e.g. for online banking.
  • PIN personal identification numbers
  • the direct entry of PIN numbers in a computer system has been largely avoided by the banking industry, as it poses a potential security risk to both the bank and the user of the PIN code.
  • Computer systems can easily be tampered with, such as to perform various types of undesired logging methods for fraudulently and unauthorised acquiring of the PIN number of the user.
  • a solution to this problem for the entry of PIN numbers using screen based entry devices is to display an alphanumeric keypad on the screen wherein the alphanumeric characters on the keypad are placed in positions that are not predictable to a user.
  • the positions of the alphanumeric characters is randomized in the keypad displayed on screen.
  • Position and displacement logging of mouse clicks by fraudulent software installed on the computer systems in that case does not reveal the entered PIN code, since the alphanumeric characters on the keypad are in randomized positions. Therefore if the position of a mouse click is known, it can no longer be linked to a corresponding alphanumeric character selected by the user.
  • a problem with the above described method is formed by the fact that more sophisticated logging software may be designed to take screen shots from the screen and may, in combination with position logging, reveal the link between the position of the mouse click and the alphanumeric character on screen which is selected by the user. The PIN number can thereby be retrieved by the fraudulent software. Preventing screen logging is difficult since within a computer system, taking screen shots is a standard feature made available by the operating system.
  • the present invention has for its object to solve the above mentioned problem of the prior art, and to provide secure and tamper proof method of entering an alphanumeric code on a computer system.
  • a method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, wherein said screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation, said method comprising the steps of: an interaction entity providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user; displaying said one or more alphanumeric characters on said screen on said randomized positions for selection by said user; and said interaction entity receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters; wherein said images are distorted such as to prevent unauthorised screen-capturing of said alphanumeric characters.
  • the images are formed in a distorted manner by the interaction entity.
  • the interaction entity assembles the graphical data, by forming the images containing the alphanumeric characters and by putting the images into a sequence. The images are thereby formed such that the alphanumeric characters are distorted or misformed such as to prevent unauthorised screen capturing of the characters.
  • the graphical data is distorted prior to providing the graphical data to the display screen.
  • the images are formed by the interaction entity and are put into a sequence for providing the graphical data, but the graphical data is distorted after assembling thereof and prior to providing it to the display screen.
  • the graphical data is distorted such that the alphanumeric characters in the images cannot be read when an unauthorised screen capture is taken.
  • the graphical data represents a sequence of images for displaying on the screen, and the images are distorted such that two or more consecutive images comprise fractions of the alphanumeric characters. In a special embodiment thereof, these fractions are complementary fractions that together form at least one of the alphanumeric characters.
  • these complementary fractions are displayed on the display screen, one after the other. Since the images are displayed with a high refresh rate the human eye is not able to resolve the individual images. The human eye of the user will perceive these images as one composite image of all the complementary fractions, presenting the alphanumeric character which is hidden in each of the individual images.
  • Consecutive images may also be formed by, for example, individual seemlessly random shapes of carefully selected colours. Perception by the human eye interprets the composite image as containing the 'hidden' alphanumeric character since the shapes and colours in each of the consecutive images blend together in the composite image. For example, a white coloured shape in a first image which overlaps a black coloured and different shape in a second image yields a grey coloured overlap shape in the composite image. Therefore, carefully selecting the individual shapes and colours in each of the consecutive images may construct the hidden alphanumeric character in the composite image by means of blending the shapes, as interpreted by the human eye.
  • the individual fractions are formed such as to be unrecognisable for identifying the alphanumeric characters. It will be understood that once the fractions shown in a single of the consecutive images is recogn isable as a part of a known alphan u meric character, the alphanumeric character can be identified by performing an unauthorised screen capture at a convenient time. This would pose a security risk.
  • the fractions may be of different colours. By providing the fractions at different colours, this complicates the identification by unauthorised persons even further, as it may not be clear whether or not a fraction shown in the image is a part of the alphanumeric character on the screen.
  • the fractions are randomly formed shapes.
  • the images may further comprise randomly formed further objects which are to mislead an unauthorised person taking a screen capture from identifying the alphanumeric character.
  • interaction entity may be implemented as a hardware component on a computer system. However, it is also possible to implement this entity as a software component.
  • an interaction entity for use in a method as described above, said entity being arranged for enabling secure entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, said entity comprising means for providing graphical data to said display screen, for displaying one or more alphanumeric characters on said screen based on said graphical data for selection by said user, and means for receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters, wherein said means for providing said graphical data are arranged for including in said graphical data screen position data for displaying said alphanumeric characters on said screen on randomized positions, and wherein said interaction entity further comprises means for entity encoding said graphical data prior to providing said graphical data to said display screen such as to prevent unauthorised logging of said graphical data.
  • figure 1 provides an example of a randomized keypad displayed on a screen
  • figure 2 provides an example of a computer system comprising an interaction entity and dedicated driver entity according to the present invention
  • figures 3A-3D illustrate a set of consecutive images in accordance with the invention
  • figure 3E illustrates the composite image of the images of figures 3A-3D.
  • a randomized keypad is displayed, that may be used in accordance with the present invention .
  • the position of alphanumeric characters for selection by the user is randomized .
  • the keypad 1 comprises for example key 2 for selecting the alphanumeric character "9".
  • this character “9” is different from the position where one would intuitively expect it to be (namely on key 5, where the alphanumeric character "2" is located).
  • the location of the alphanumeric characters can be randomized anew.
  • the position of the keypad 1 on the screen may be varied after each key stroke. After en teri n g th e req u ested secu ri ty cod e (e . g . perso n a l identification number), the user may confirm that entry is completed by selecting OK' on position 3 of the keypad 1 .
  • FIG. 2 there is illustrated a computer system 10 comprising an interaction entity in accordance with the present invention.
  • Computer system 10 comprises a computer 11 (which may be a regular personal computer) comprising an input/output unit 14 for receiving input from input devices such as computer mouse 17.
  • the signal received from computer mouse 17 is provided to the central processing unit of the computer (not shown) which may be provided to interaction entity 22 for further processing.
  • Interaction entity 22 is responsible for providing graphical data to the display screen 15 such as to display an alphanumeric keypad (such a keypad 1 of figure 1 ) on the display screen 15.
  • the graphical data provided to the display screen 15 comprises a sequence of images to be displayed on the display screen 15.
  • the position of the alphanu meric keypad itself may be randomized, but at least the position of the alphanumeric characters within the keypad is randomized as described above. This is controlled by the interaction entity 22.
  • Interaction entity 22 provides the graphical data to graphical processing device 16 which uses its graphical processing unit 20 for transforming the received images into a suitable electronic signal for driving the display screen 15.
  • the images are formed by interaction entity 22. These images are distorted , or at least comprise distorted alphanumeric characters, such that none of the individual images provides sufficient information for identifying the alphanumeric characters.
  • Figure 3E shows a key in a keypad which contains the number '9'.
  • Figure 3E is the composite image as perceived by the human eye when looking at the display screen on which the key pad is displayed.
  • the graphical data provided to the display screen comprise consecutive images 3A, 3B, 3C and 3D respectively.
  • FIG 3A the key is shown in dotted lined box 30. This image only comprises fractions 31 and 32 of the alphanumeric character '9' reformed.
  • box 35 of figure 3B it is shown that the image that follows the image of figure 3A comprises only fractions 36 and 37.
  • the image in box 40 of figure 3C comprises fractions 41 , 42 and 43 and the image in figure 3D, box 45, comprises fractions 46, 47 and 48. None of the individual images 3A-3D reveals sufficient information by itself from which the number can be identified.
  • Figure 3C shows most of the fractions, but from the fractions shown in figure 3C alone, the alphanumeric character formed could still be a '5', '6', '8' or '9', or a letter such as the 'S' or 'B'. Since all the keys in the keypad comprise distorted alphanumeric characters at randomised locations, taking a screen capture in an attempt to identify the alphanumeric characters on each of the keys is pointless. If all the fractions of figures 3A, 3B, 3C and 3D are put together, the alphanumeric character '9' of figure 3E is formed as is shown in box 50.
  • the invention is based on the insight that by both randomising the locations of the key and the keypad on the screen, and distorting the alphanumeric character provided to the screen in each image, makes it virtually impossible to successfully apply logging methods in order to reveal a security code entered. Therefore, the present invention enables the entry of security codes in a safe and secure manner within a virtual computer environment that is not necessarily secured and that may be accessible to unauthorised persons.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Controls And Circuits For Display Device (AREA)

Abstract

Method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device. The screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation. The method comprises the steps of: an interaction entity providing graphical data to said display screen; displaying one or more alphanumeric characters on said screen based on said graphical data, for selection by said user; and the interaction entity receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters. The graphical data comprises screen position data, and the step of displaying comprises displaying said alphanumeric characters on said screen on randomized positions determined by said screen position data. The method further comprises a step of the interaction entity encoding said graphical data prior to providing said graphical data to said display screen such as to prevent unauthorised logging of said graphical data. The invention is further directed to an interaction entity and a dedicated driver entity.

Description

Title:
Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor.
The present invention is directed to a method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, wherein said screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation, said method comprising the steps of: an interaction entity providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user; displaying said one or more alphanumeric characters on said screen on said randomized positions for selection by said user; and said interaction entity receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters.
The present invention is further directed to an interaction entity for use in such a method.
The banking industry has put an enormous amount of effort in security procedures for securing electronic banking activities. One of the areas of focus is the entry of personal identification numbers (PIN) in automatic teller machines (ATM's) or point of sale (POS) terminals . Similarly, security procedures are also an area of focus in the telecommunications and computer industry, for example for securing entry of passwords and the like in computer systems. An unexplored possibility in the field of electronic banking is the direct entry of personal identification numbers (PIN) in computer systems, e.g. for online banking. The direct entry of PIN numbers in a computer system has been largely avoided by the banking industry, as it poses a potential security risk to both the bank and the user of the PIN code. Computer systems can easily be tampered with, such as to perform various types of undesired logging methods for fraudulently and unauthorised acquiring of the PIN number of the user.
A solution to this problem for the entry of PIN numbers using screen based entry devices (such as a computer mouse or touch screen) is to display an alphanumeric keypad on the screen wherein the alphanumeric characters on the keypad are placed in positions that are not predictable to a user. In other words, the positions of the alphanumeric characters is randomized in the keypad displayed on screen. Position and displacement logging of mouse clicks by fraudulent software installed on the computer systems in that case does not reveal the entered PIN code, since the alphanumeric characters on the keypad are in randomized positions. Therefore if the position of a mouse click is known, it can no longer be linked to a corresponding alphanumeric character selected by the user.
A problem with the above described method is formed by the fact that more sophisticated logging software may be designed to take screen shots from the screen and may, in combination with position logging, reveal the link between the position of the mouse click and the alphanumeric character on screen which is selected by the user. The PIN number can thereby be retrieved by the fraudulent software. Preventing screen logging is difficult since within a computer system, taking screen shots is a standard feature made available by the operating system.
The present invention has for its object to solve the above mentioned problem of the prior art, and to provide secure and tamper proof method of entering an alphanumeric code on a computer system.
The above object is achieved by the present invention in that there is provided a method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, wherein said screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation, said method comprising the steps of: an interaction entity providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user; displaying said one or more alphanumeric characters on said screen on said randomized positions for selection by said user; and said interaction entity receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters; wherein said images are distorted such as to prevent unauthorised screen-capturing of said alphanumeric characters.
By randomizing the position of characters on the screen, the logging of mouse click no longer leads to an indication of the character selected by the user. Moreover, since the images that are provided to the display screen are distorted, it will not be possible to retrieve meaningful graphical information from taking screen shots. Taking a screen shot will yield only a distorted version of the image seen by the user. From this distorted image no information can be retrieved on the specific alphanumeric characters and their location on the screen.
According to an embodiment of the invention, the images are formed in a distorted manner by the interaction entity. In this embodiment, the interaction entity assembles the graphical data, by forming the images containing the alphanumeric characters and by putting the images into a sequence. The images are thereby formed such that the alphanumeric characters are distorted or misformed such as to prevent unauthorised screen capturing of the characters.
According to another embodiment of the invention, the graphical data is distorted prior to providing the graphical data to the display screen. In this embodiment, the images are formed by the interaction entity and are put into a sequence for providing the graphical data, but the graphical data is distorted after assembling thereof and prior to providing it to the display screen. The graphical data is distorted such that the alphanumeric characters in the images cannot be read when an unauthorised screen capture is taken. In accordance with a preferred embodiment, the graphical data represents a sequence of images for displaying on the screen, and the images are distorted such that two or more consecutive images comprise fractions of the alphanumeric characters. In a special embodiment thereof, these fractions are complementary fractions that together form at least one of the alphanumeric characters. By providing complementary fractions within consecutive images of the sequence carried by the graphical data, these complementary fractions are displayed on the display screen, one after the other. Since the images are displayed with a high refresh rate the human eye is not able to resolve the individual images. The human eye of the user will perceive these images as one composite image of all the complementary fractions, presenting the alphanumeric character which is hidden in each of the individual images.
It will be interesting to appreciate, that in accordance with the invention this is not the only manner in which the results of the invention can be achieved. Consecutive images may also be formed by, for example, individual seemlessly random shapes of carefully selected colours. Perception by the human eye interprets the composite image as containing the 'hidden' alphanumeric character since the shapes and colours in each of the consecutive images blend together in the composite image. For example, a white coloured shape in a first image which overlaps a black coloured and different shape in a second image yields a grey coloured overlap shape in the composite image. Therefore, carefully selecting the individual shapes and colours in each of the consecutive images may construct the hidden alphanumeric character in the composite image by means of blending the shapes, as interpreted by the human eye.
According to a further embodiment the individual fractions are formed such as to be unrecognisable for identifying the alphanumeric characters. It will be understood that once the fractions shown in a single of the consecutive images is recogn isable as a part of a known alphan u meric character, the alphanumeric character can be identified by performing an unauthorised screen capture at a convenient time. This would pose a security risk.
In accordance with a further embodiment of the present invention, the fractions may be of different colours. By providing the fractions at different colours, this complicates the identification by unauthorised persons even further, as it may not be clear whether or not a fraction shown in the image is a part of the alphanumeric character on the screen.
In accordance with a further embodiment, the fractions are randomly formed shapes. As will be understood, the images may further comprise randomly formed further objects which are to mislead an unauthorised person taking a screen capture from identifying the alphanumeric character.
It will be apparent to the skilled person that the interaction entity may be implemented as a hardware component on a computer system. However, it is also possible to implement this entity as a software component.
In accordance with the second aspect of the present invention, there is provided an interaction entity for use in a method as described above, said entity being arranged for enabling secure entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, said entity comprising means for providing graphical data to said display screen, for displaying one or more alphanumeric characters on said screen based on said graphical data for selection by said user, and means for receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters, wherein said means for providing said graphical data are arranged for including in said graphical data screen position data for displaying said alphanumeric characters on said screen on randomized positions, and wherein said interaction entity further comprises means for entity encoding said graphical data prior to providing said graphical data to said display screen such as to prevent unauthorised logging of said graphical data. The present invention will now further be elucidated by means of some specific examples, with reference to the enclosed drawings, wherein: figure 1 provides an example of a randomized keypad displayed on a screen; figure 2 provides an example of a computer system comprising an interaction entity and dedicated driver entity according to the present invention; figures 3A-3D illustrate a set of consecutive images in accordance with the invention; figure 3E illustrates the composite image of the images of figures 3A-3D. In figure 1 a randomized keypad is displayed, that may be used in accordance with the present invention . I n the keypad displayed , the position of alphanumeric characters for selection by the user is randomized . The keypad 1 comprises for example key 2 for selecting the alphanumeric character "9". The position of this character "9" is different from the position where one would intuitively expect it to be (namely on key 5, where the alphanumeric character "2" is located). In accordance with the present invention after each 'key stroke', i.e. selection of a alphanumeric character by the user, the location of the alphanumeric characters can be randomized anew. Also, the position of the keypad 1 on the screen may be varied after each key stroke. After en teri n g th e req u ested secu ri ty cod e (e . g . perso n a l identification number), the user may confirm that entry is completed by selecting OK' on position 3 of the keypad 1 . The user may at any time decide to terminate the entry procedure by pressing 'cancel' on position 4 of the keypad 1 . The keys 3 and 4 for OK' and 'cancel' respectively are at fixed positions in keypad 1 illustrated in figure 1. The positions of these keys 3 and 4 may however be randomized as well to hinder mouse logging even more, and to prevent discovery of the number of digits of the code entered by means detecting selection of the 'OK' button. In figure 2 there is illustrated a computer system 10 comprising an interaction entity in accordance with the present invention. Computer system 10 comprises a computer 11 (which may be a regular personal computer) comprising an input/output unit 14 for receiving input from input devices such as computer mouse 17. The signal received from computer mouse 17 is provided to the central processing unit of the computer (not shown) which may be provided to interaction entity 22 for further processing. Interaction entity 22 is responsible for providing graphical data to the display screen 15 such as to display an alphanumeric keypad (such a keypad 1 of figure 1 ) on the display screen 15. The graphical data provided to the display screen 15 comprises a sequence of images to be displayed on the display screen 15. The position of the alphanu meric keypad itself may be randomized, but at least the position of the alphanumeric characters within the keypad is randomized as described above. This is controlled by the interaction entity 22.
Interaction entity 22 provides the graphical data to graphical processing device 16 which uses its graphical processing unit 20 for transforming the received images into a suitable electronic signal for driving the display screen 15. In accordance with a preferred embodiment, the images are formed by interaction entity 22. These images are distorted , or at least comprise distorted alphanumeric characters, such that none of the individual images provides sufficient information for identifying the alphanumeric characters.
An example of the invention is illustrated in figures 3A-3E. Figure 3E shows a key in a keypad which contains the number '9'. Figure 3E is the composite image as perceived by the human eye when looking at the display screen on which the key pad is displayed. In reality, the graphical data provided to the display screen comprise consecutive images 3A, 3B, 3C and 3D respectively.
In figure 3A, the key is shown in dotted lined box 30. This image only comprises fractions 31 and 32 of the alphanumeric character '9' reformed. In box 35 of figure 3B it is shown that the image that follows the image of figure 3A comprises only fractions 36 and 37. The image in box 40 of figure 3C comprises fractions 41 , 42 and 43 and the image in figure 3D, box 45, comprises fractions 46, 47 and 48. None of the individual images 3A-3D reveals sufficient information by itself from which the number can be identified. Figure 3C shows most of the fractions, but from the fractions shown in figure 3C alone, the alphanumeric character formed could still be a '5', '6', '8' or '9', or a letter such as the 'S' or 'B'. Since all the keys in the keypad comprise distorted alphanumeric characters at randomised locations, taking a screen capture in an attempt to identify the alphanumeric characters on each of the keys is pointless. If all the fractions of figures 3A, 3B, 3C and 3D are put together, the alphanumeric character '9' of figure 3E is formed as is shown in box 50.
The above described specific example uses fractions of the alphanumeric character in a single colour. It will be understood that the images can be enriched by false misleading fractions. In addition, it is not even necessary to use fractions of the alphanumeric character to be shown. Use can also be made of complementary carefully selected forms of carefully selected colours that blend into one in the composite image such as to form a recognisable alphanumeric character. Many other solutions are possible within the teachings of the present invention. Consecutive images may be made of seemlessly random spots that blend into a single alphanumeric character in the composite image. Use can also be made of complementary colours that blend into a different colour revealing the alphanumeric character hidden in each of the images. In general the images may be distorted such that two or more consecutive images, as perceived by a human eye, provide a composite image displaying said one or more alphanumeric characters.
The invention is based on the insight that by both randomising the locations of the key and the keypad on the screen, and distorting the alphanumeric character provided to the screen in each image, makes it virtually impossible to successfully apply logging methods in order to reveal a security code entered. Therefore, the present invention enables the entry of security codes in a safe and secure manner within a virtual computer environment that is not necessarily secured and that may be accessible to unauthorised persons.
In the above detailed description for purposes of explanation and not limitation, example embodiments disclosing specific details were set forth in order to provide a thorough understanding of embodiments according to the present teachings. However, it will be apparent to one having ordinary skills in the art having had the benefit of the present disclosure, that other embodiments according to the present teachings that depart from the specific details disclosed herein, remain within the scope of the teachings. Moreover, although descriptions of well known apparati and methods have been omitted so as not to obscure the description of the example embodiments, such methods and apparati are clearly within the scope of the present teachings. The scope of the invention is determined by the appended claims.

Claims

1 . Method of securing entry of an alphanumeric code on a computer system comprising a display screen and a screen based entry device, wherein said screen based entry device is arranged for enabling interaction between said computer system and a user by selecting information displayed on said screen in operation, said method comprising the steps of: an interaction entity providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user; displaying said one or more alphanumeric characters on said screen on said randomized positions for selection by said user; and said interaction entity receiving input signals from said entry d evi ce, wh ich i n put sig n als a re i nd icative of selected characters of said alphanumeric characters; wherein said images are distorted such as to prevent unauthorised screen-capturing of said alphanumeric characters.
2. Method according to claim 1 , wherein said images are formed in a distorted manner by said interaction entity.
3. Method according to claim 1 , wherein for distorting said images, said graphical data is distorted prior to providing said graphical data to said display screen.
4. Method accord ing to any of the previous clai ms, wherein said graphical data represents a sequence of images for displaying on said screen, and wherein said images are distorted such that two or more consecutive images, as perceived by a human eye, provide a composite image displaying said one or more alphanumeric characters.
5. Method according to claim 4, wherein said images are distorted such that two or more consecutive images comprise fractions of said alphanumeric characters.
6. M eth od a cco rd i n g to c l a i m 5 , wh e re i n sa i d fra cti o n s a re complementary fractions forming at least one of said alphanumeric characters.
7. Method according to claim 5 or 6, wherein individual fractions are formed such as to be unrecognisable for identifying said alphanumeric characters.
8. Method according to any of the claims 5-7, wherein said fractions are of different colours, or wherein said fractions are randomly formed.
9. Method according to any of the previous claims, wherein said images further comprise randomly formed objects.
10. Method accord ing to any of the previous clai ms, wherein said interaction entity is a software component running on said computer system.
1 1 . I nteraction entity for use in a method accordi ng to any of the previous claims, said entity bei ng arran ged for enabli ng secu re entry of a n alphanumeric code on a computer system comprising a display screen and a screen based entry device, said entity comprising means for providing graphical data to said display screen, wherein said graphical data represents images for displaying one or more alphanumeric characters on said screen on randomized positions, for selection by said user, and means for receiving input signals from said entry device, which input signals are indicative of selected characters of said alphanumeric characters, wherein said interaction entity is arranged for distorting said images such as to prevent unauthorised screen-capturing of said alphanumeric characters.
12. Interaction entity according to claim 1 1 , said entity comprising means for forming said images in a distorted manner.
13. Interaction entity according to claim 1 1 or 12, wherein said means for providing graphical data are arranged for including in said graphical data a sequence of images for displaying on said screen , and wherein said interaction entity is arranged for distorting said images such that two or more consecutive images comprise fractions of said alphanumeric characters.
14. Interaction entity according to claim 13, wherein said fractions are complementary fractions forming at least one of said alphanumeric characters.
15. I nteraction entity accord i ng to cla i m 1 3 or 1 4 , wh erei n sai d interaction entity is arranged for forming said individual fractions such as to be unrecognisable for identifying said alphanumeric characters.
PCT/NL2010/050296 2009-05-20 2010-05-19 Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor. WO2010134808A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL1036976A NL1036976C2 (en) 2009-05-20 2009-05-20 METHOD OR SECURING ENTRY OR AN ALPHANUMERIC CODE ON A COMPUTER SYSTEM, INTERACTION AND DEDICATED DRIVER ENTITY THEREFOR.
NL1036976 2009-05-20

Publications (1)

Publication Number Publication Date
WO2010134808A1 true WO2010134808A1 (en) 2010-11-25

Family

ID=41066036

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL2010/050296 WO2010134808A1 (en) 2009-05-20 2010-05-19 Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor.

Country Status (2)

Country Link
NL (1) NL1036976C2 (en)
WO (1) WO2010134808A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2520207A (en) * 2012-07-20 2015-05-13 Licentia Group Ltd Authentication method and system
EP2786280A4 (en) * 2011-11-30 2015-10-28 Patrick Welsch Secure authorization
US9953319B2 (en) 2011-09-28 2018-04-24 Unito Oy Payment system
US10592653B2 (en) 2015-05-27 2020-03-17 Licentia Group Limited Encoding methods and systems

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000041103A1 (en) * 1998-12-31 2000-07-13 Perfecto Technologies Ltd. Method and system for discriminating a human action from a computerized action
US20060020815A1 (en) * 2004-07-07 2006-01-26 Bharosa Inc. Online data encryption and decryption
WO2008091675A1 (en) * 2007-01-23 2008-07-31 Carnegie Mellon University Controlling access to computer systems and for annotating media files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000041103A1 (en) * 1998-12-31 2000-07-13 Perfecto Technologies Ltd. Method and system for discriminating a human action from a computerized action
US20060020815A1 (en) * 2004-07-07 2006-01-26 Bharosa Inc. Online data encryption and decryption
WO2008091675A1 (en) * 2007-01-23 2008-07-31 Carnegie Mellon University Controlling access to computer systems and for annotating media files

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9953319B2 (en) 2011-09-28 2018-04-24 Unito Oy Payment system
EP2786280A4 (en) * 2011-11-30 2015-10-28 Patrick Welsch Secure authorization
US10565359B2 (en) 2012-07-20 2020-02-18 Licentia Group Limited Authentication method and system
US11048783B2 (en) 2012-07-20 2021-06-29 Licentia Group Limited Authentication method and system
GB2520207B (en) * 2012-07-20 2016-01-06 Licentia Group Ltd Authentication method and system
EP3489918A1 (en) * 2012-07-20 2019-05-29 Licentia Group Limited Authentication method and system
GB2517879B (en) * 2012-07-20 2019-08-28 Licentia Group Ltd Authentication method and system
GB2571019B (en) * 2012-07-20 2019-12-04 Licentia Group Ltd Authentication method and system
GB2520207A (en) * 2012-07-20 2015-05-13 Licentia Group Ltd Authentication method and system
AU2016225848B2 (en) * 2012-07-20 2016-09-29 Licentia Group Limited Pin verification
EP3929888A1 (en) * 2012-07-20 2021-12-29 Licentia Group Limited Pin verification
US11194892B2 (en) 2012-07-20 2021-12-07 Licentia Group Limited Authentication method and system
US11048784B2 (en) 2012-07-20 2021-06-29 Licentia Group Limited Authentication method and system
US10592653B2 (en) 2015-05-27 2020-03-17 Licentia Group Limited Encoding methods and systems
US11048790B2 (en) 2015-05-27 2021-06-29 Licentia Group Limited Authentication methods and systems
US11036845B2 (en) 2015-05-27 2021-06-15 Licentia Group Limited Authentication methods and systems
US10740449B2 (en) 2015-05-27 2020-08-11 Licentia Group Limited Authentication methods and systems

Also Published As

Publication number Publication date
NL1036976C2 (en) 2010-11-24

Similar Documents

Publication Publication Date Title
US8212833B2 (en) Secure computer screen entry system and method
US6658574B1 (en) Method for non-disclosing password entry
KR101916173B1 (en) Pin verification
US20170324726A1 (en) Digital authentication using augmented reality
EP1912183B1 (en) A method of secure data communication
AU2006221804B2 (en) A method of secure data communication
US9996683B2 (en) Physiological response pin entry
US20090037986A1 (en) Non-disclosing password entry method
US20120299701A1 (en) Method and apparatus for passcode entry
JPH06318186A (en) Password input device
JP2006243938A (en) Password input device
US20060098841A1 (en) Method and system for enabling remote message composition
AU2005228907C1 (en) Method for safely logging onto a technical system
WO2010134808A1 (en) Method of securing entry of an alphanumeric code on a computer system, interaction and dedicated driver entity therefor.
CN108027855A (en) Multi-user's strong authentication token
US20070096946A1 (en) Information inputting system with a variable arrangement of keypad, and control method thereof
WO2012009334A1 (en) Personal secure terminal with virtual keypad
JP5774461B2 (en) INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND DEVICE PROGRAM
CN110532819A (en) Input the verification method and system of information
GB2498350A (en) Input device that shuffles the input positions of input values
Kovelamudi et al. On the adoption of scramble keypad for unlocking PIN-protected smartphones
AU2012202723B2 (en) A Method of Secure Data Communication
WO2004008304A2 (en) Unpredictable keyboard
CN114730336A (en) Improved system and method for secure data entry and authentication
CN101739121A (en) Peer and intercept preventing password input device without any display parts

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10731824

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10731824

Country of ref document: EP

Kind code of ref document: A1