WO2016048236A1 - Leakage resilient password system and method - Google Patents

Leakage resilient password system and method Download PDF

Info

Publication number
WO2016048236A1
WO2016048236A1 PCT/SG2015/050234 SG2015050234W WO2016048236A1 WO 2016048236 A1 WO2016048236 A1 WO 2016048236A1 SG 2015050234 W SG2015050234 W SG 2015050234W WO 2016048236 A1 WO2016048236 A1 WO 2016048236A1
Authority
WO
WIPO (PCT)
Prior art keywords
shadow
pad
buttons
keypad
character
Prior art date
Application number
PCT/SG2015/050234
Other languages
French (fr)
Inventor
Yingjiu Li
Original Assignee
Singapore Management University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Singapore Management University filed Critical Singapore Management University
Priority to SG11201701646QA priority Critical patent/SG11201701646QA/en
Publication of WO2016048236A1 publication Critical patent/WO2016048236A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • LEAKAGE RESILIENT PASSWORD SYSTEM AND METHOD FIELD OF THE INVENTION The invention pertains to the field of reducing the probability of passwords being leaked.
  • BACKGROUND Mobile devices are ubiquitous for connecting users to the cyberspace. A user may use a smartphone, tablet, or wearable device to access not only general informative services but also sensitive services such as mobile banking and corporate services. In order to prevent unauthorized access to these services, user authentication is required to verify the identity of a user. Password-based authentication is still the most pervasive due to significant advantage in usability over other alternatives such as smartcards and biometrics.
  • a system for accepting entry of a password comprising at least one password character
  • the system comprising a display unit; a secure means for implementing a secure channel for the display unit such that the display unit is visible only to a user providing a user entry, the secure channel being removed upon deactivation of the secure means; a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons.
  • the system further describes a memory unit for storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons; and an input unit for accepting the user entry upon the removal of the secure channel.
  • the processing unit is further configured to display on the display unit the plurality of shadow-pad buttons interposed with the plurality of keypad buttons upon the implementation of the secure channel, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons.
  • the processing unit is further configured to recognize that the at least one password character has been entered when the shadow-pad character is entered as the user entry.
  • the system further comprises an output unit and the processing unit is further configured to send the at least one password character to the output unit for authentication.
  • the secure means is a hand- shielding gesture over a gesture detection area.
  • At least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons.
  • the display unit, processing unit, memory unit and input unit are part of a portable handheld device or an automated teller machine or a computer terminal.
  • the shadow pad character is selected either by touching a keypad button or by voice input received by the input unit.
  • a method for accepting entry of a password comprising at least one password character, the method comprising the steps of generating with a processing unit, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; and storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons into a memory unit.
  • the method further comprises the steps of implementing with a secure means a secure channel for a display unit such that the display unit is visible only to a user providing a user entry; and displaying on the display unit, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons.
  • the method further comprises the steps of removing the secure channel by deactivating the secure means; accepting the user entry with an input unit, the user entry being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and recognizing with the processing unit, that the at least one password character has been entered.
  • the method further comprises the step of sending with the processing unit, the at least one password character to an output unit for authentication.
  • the method further comprises the step of implementing a secure channel with a secure means comprises the step of placing a hand- shielding gesture over a gesture detection area.
  • a wearable device for accepting entry of a password when worn on a user's head
  • the password comprising at least one password character
  • the wearable device comprising an optical head mounted display; a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; a memory unit for storing the plurality of shadow- pad buttons interposed with the plurality of keypad buttons; and a voice recognition device for processing a voice input.
  • the processing unit is further configured to display on the optical head mounted display the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons.
  • the at least one password character matches the keypad character of one of the plurality of keypad buttons
  • the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the voice input
  • the processing unit is further configured to determine that the at least one password character has been entered when the shadow-pad character is entered as the voice input.
  • at least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons.
  • a method for accepting entry of a password with a wearable device when worn on a user's head comprising the steps of generating with a processing unit of the wearable device, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons into a memory unit of the wearable device; displaying on an optical head mounted display of the wearable device, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the
  • the method further comprises the steps of accepting a voice input with a voice recognition device of the wearable device, the voice input being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and determining with the processing unit, that the at least one password character has been entered.
  • Figure 2 shows an exemplary example of a secure means.
  • Figure 3 shows input unit displaying keypad buttons interposed with shadow- pad buttons in accordance with a preferred embodiment of the invention.
  • Figures 4(a), 4(b), 4(c), 4(d), 4(e) and 4(f) illustrate the permutations of input unit in accordance with the invention.
  • Figure 5 shows a flowchart that illustrates a method in accordance with a preferred embodiment of the invention.
  • Figure 6 shows an alternative embodiment of the invention where a keypad button is associated with a plurality of shadow-pad buttons.
  • Figure 7 shows a flowchart that illustrates a method in accordance with another preferred embodiment of the invention.
  • Figure 8 shows a keypad partitioned into a plurality of partitioned keypads.
  • Figure 9 shows a flowchart that illustrates a method in accordance with another preferred embodiment of the invention.
  • Figure 1 shows a leakage resilient password system 100 in accordance with a preferred embodiment of the invention.
  • System 100 comprises display unit 101 and secure means 102.
  • System 100 further comprises input unit 103, processing unit 104, output unit 105 and memory 106.
  • Display unit 101 can be a screen of a mobile device.
  • Secure means 102 can be a hand- shielding gesture as shown in Figure 2. Secure means 102 results in a secure channel such that what is being displayed on display unit 101 can be visible and discernible only to the user.
  • Input unit 103 is located in a portion of display unit 101. Input unit 103 can be touch- screen keypads. Optionally, input unit can also comprise voice activation software, where the display unit shows data orally communicated by the user via a voice input.
  • Processing unit 104 can be a microprocessor. Processing unit 104 can read/write to memory 106. Processing unit 104 can generate shadow-pads 303. Processing unit 104 can send information to display unit 101 to display keypad 301 and shadow-pad 303 (see figure 3).
  • Processing unit 104 can accept user's input via input unit 103. Processing unit 104 can also output the user's password to output unit 105, which can be sent to any user authentication application such as unlocking a device, activating a password manager, accessing a user account, or making a payment. [0033] Once processing unit 104 detects that secure means 102 has provided a secure channel, processing unit 104 will send information to display unit 101 to display keypad 301 and shadow-pad 303 as shown in figure 3. Processing unit 104 can detect that secure means 102 (Hand A) has provided a secure channel when the hand- shielding gesture is placed over gesture detection area 107 as shown in figure 2. [0034] Figure 3 shows keypad 301 having keypad buttons 302.
  • FIG. 3 also shows shadow-pad 303 having shadow-pad buttons 304.
  • Each keypad button 302 and shadow-pad button 304 bears or presents a character.
  • a character can be any alphabetical letter, digit, punctuation or symbol.
  • Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non-sequential and random in nature as shown in figure 3.
  • Each shadow-pad button 304 is associated with one keypad button 302. As shown in figure 3, shadow-pad buttons 304 are interposed with keypad buttons 302. Shadow- pad buttons 304 are located adjacent and proximate to its associated keypad button 302 as shown in figure 3.
  • Shadow-pad button 304 has to be located proximate to its associated keypad button 302, and away from the neighboring keypad button 302 to such an extent that a user would not be confused as to which keypad button 302 shadow-pad button 304 is associated to.
  • Shadow-pad button 304 can also have a graphic to indicate its association with keypad button 302. For example, in figure 3, shadow-pad button 304 has a "shadow-like" effect graphic to indicate its association with keypad button 302. [0035]
  • the character as presented in shadow-pad button 304 indicate to the user the keypad button 302 the user should select to input the password character or intended character (the character the user intends to input).
  • shadow-pad button 304 bearing character “5" is associated with keypad button 302 bearing character “ 1". This indicates to the user that to enter the intended character " 1", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "5".
  • shadow-pad button 304 bearing the character “9” is associated with keypad button 302 bearing the character “2”. This indicates to the user that to enter the intended character "2", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "9”.
  • shadow-pad character selection may be made by voice input, for those devices with input units capable of receiving voice input.
  • FIGS 4(a), 4(b), 4(c), 4(d), 4(e) and 4(f) illustrate the permutations of keypad 301 and shadow-pad 303 in accordance with the invention.
  • the password of the user has the following string of characters: "3" 7" 4".
  • Processing unit 104 generates an instance of shadow-pad 303 with its shadow- pad buttons 304 and stores this instance of shadow-pad 303 in memory 106.
  • Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature.
  • Each shadow-pad button 304 of this instance of shadow- pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106.
  • processing unit 104 displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(a).
  • Shadow-pad button 304 bearing the character "7" associated with keypad button 302 bearing the character "3" indicates to the user that to enter the intended character "3", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "7".
  • input unit 103 displays only keypad 301 and its keypad buttons 302 as shown in figure 4(b). Shadow-pad 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed. The user selects keypad button 302 bearing the character "7". Based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine that "3" was the intended character. Processing unit 104 stores the intended character "3" in memory 106.
  • processing unit 104 clears memory 106 of the instance of shadow-pad 303 with its shadow-pad buttons 304 and stops the process. [0040] Processing unit 104 generates a new instance of shadow-pad 303 with its shadow-pad buttons 304, and replaces the previous instance of shadow-pad 303 with the new instance of shadow-pad 303 in memory 106.
  • the shadow-pad buttons 304 in this instance of shadow-pad 303 are randomly arranged such that the arrangement of the characters presented by shadow-pad buttons 304 will be different to the previous instance of shadow-pad 303.
  • shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301.
  • processing unit 104 displays this new instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(c).
  • Shadow-pad button 304 bearing the character "0" associated with keypad button 302 bearing the character "7” indicates to the user that to enter the intended character "7", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "0".
  • shadow-pad buttons 304 are randomly arranged.
  • processing unit 104 Based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine that "7" was the intended character. Processing unit 104 stores the intended character "7" in memory 106. If however the user fails to select any keypad button 302 after a predetermined amount of time, or the user inputs a "cancel" at any time, then processing unit 104 clears memory 106 of the instance of shadow-pad 303 with its shadow-pad buttons 304 and stops the process.
  • Processing unit 104 generates a new instance of shadow-pad 303 with its shadow-pad buttons 304, and replaces the previous instance of shadow-pad 303 with the new instance of shadow-pad 303 in memory 106.
  • the shadow-pad buttons 304 in this instance of shadow-pad 303 are randomly arranged such that the arrangement of the characters presented by shadow-pad buttons 304 will be different to the previous instance of shadow-pad 303.
  • Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301.
  • processing unit 104 displays this new instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(e).
  • Shadow-pad button 304 bearing the character "5" associated with keypad button 302 bearing the character "4" indicates to the user that to enter the intended character "4", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "5".
  • input unit 103 displays only keypads 301 and its keypad buttons 302 as shown in figure 4(f).
  • Shadow-pads 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed.
  • the user selects keypad button 302 bearing the character "5".
  • processing unit 104 is able to determine that "4" was the intended character.
  • Processing unit 104 stores the intended character "4" in memory 106. If however the user fails to select any keypad button 302 after a predetermined amount of time, or the user inputs a "cancel" at any time, then processing unit 104 clears memory 106 of the instance of shadow-pads 303 and stops the process.
  • Processing unit 104 can then retrieve the intended characters "3" 7" 4" from memory 106 and send to output unit 105, which can be used for authentication against the user's password for performing a variety of tasks, such as unlocking a device, activating a password manager, accessing a user account, or making a payment.
  • output unit 105 can be used for authentication against the user's password for performing a variety of tasks, such as unlocking a device, activating a password manager, accessing a user account, or making a payment.
  • the embodiment of this invention therefore leverages on a temporary secure channel, which prompts the user which keypad button 302 to select to enter his/her password, when secure means 102 is removed.
  • the advantages are apparent.
  • the invention does not require its users to perform any mental calculations or remember anything beyond the original passwords during password entry. In comparison, many existing innovations impose a considerable amount of cognitive workload on its users. With this invention, the user does not actually key in his password.
  • FIG. 5 describes a flowchart illustrating the method in accordance with a preferred embodiment.
  • user enters the login screen.
  • User has a password having n characters where n is a number which is larger than one.
  • processing unit 104 generates an instance of shadow-pad 303 with its shadow-pad buttons 304 and stores this instance of shadow-pad 303 in memory 106.
  • Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature.
  • Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106.
  • processing unit 104 detects that secure means 102 has been applied and a secure channel is active.
  • processing unit 104 retrieves the instance of shadow-pad 303 with its shadow-pad buttons 304 from memory 106 and displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101. [0055] In step 505, processing unit 104 detects that secure means 102 has been removed and a secure channel is no longer active. [0056] In step 506, input unit 103 displays keypad 301 and its keypad buttons 302 for the user to select. Shadow-pads 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed.
  • processing unit 104 processes the user's keypad button 302 selection and based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and its association in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input). [0058] In step 508, processing unit 104 stores the intended character into memory 106 and lodges this as a password character entry. [0059] In step 509, processing unit 104 checks whether the number of intended characters stored in memory 106 is smaller than n. [0060] If the number of intended characters stored in memory 106 is smaller than n, steps 502, 503, 504, 505, 506, 507, 508 and 509 are repeated.
  • processing unit 104 sends the stored intended characters to output unit 105.
  • input unit 103 is capable of accepting voice input
  • step 504 when the instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 are displayed on display unit 101, the user does not need to wait for the secure means 102 to be removed in step 505 to provide the voice input and enter his password. The user simply needs to speak the character presented on shadow-pad button 304 associated with keypad button 302 bearing the intended character.
  • each shadow-pad button 304 is associated with one keypad button 302.
  • one keypad button 302 can be associated with a plurality of shadow-pad buttons 304.
  • keypad button 302 is associated with shadow-pad button 304 and shadow-pad button 304'.
  • Keypad button 302 bears the character "A”
  • shadow-pad button 304 bears the character "2”
  • shadow-pad button 304' bears the character "D”.
  • Shadow-pad button 304 and shadow-pad button 304' have different graphics to indicate its association with keypad button 302.
  • Shadow-pad button 304 has a "shadow-like” effect graphic that arches downwards while shadow-pad button 304' has a “shadow-like” effect graphic that arches upwards.
  • the obvious advantage is that more shadow-pad buttons 304 may be shown on the screen. With the limited size of most hand held devices, this embodiment of the invention could be particularly useful. [0064]
  • One possible use of keypad button 302 having a plurality of associated shadow- pad buttons 304 would be to represent different permutations of the character presented by keypad button 302.
  • shadow-pad button 304' may indicate to the user that to enter the uppercase permutation of the intended character "A", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character 'D'.
  • shadow-pad button 304 may indicate to the user that to enter the lowercase permutation of the intended character "a”, once secure means 102 is removed, the user would have to select keypad button 302 bearing the character '2'.
  • keypad 301 may not be able to be displayed on display unit 101 in its entirety.
  • processing unit 104 partitions keypad 301 into a plurality of partitioned keypads 801, 802, 803 (as shown in figure 8). This plurality of partitioned keypads 801, 802, 803 form a keypad pool and this keypad pool is saved to memory 106.
  • processing unit 104 creates shadow-pad 303 with its shadow-pad buttons 304. Shadow-pad 303 and its shadow-pad buttons 304 are essentially a random re- shuffled version of keypad 301 and its keypad buttons 302. Each shadow-pad button 304 of shadow-pad 303 is associated with one keypad button 302 of keypad 301.
  • processing unit 104 partitions shadow-pad 303 into a plurality of partitioned shadow-pads in a similar manner to partitioned keypads 801, 802, 803 and stores the plurality of partitioned shadow-pads in memory 106.
  • processing unit 104 detects that secure means 102 has been applied and a secure channel is active.
  • processing unit 104 randomly selects one of the partitioned keypads 801, 802 and 803 from the keypad pool, and displays the selected partitioned keypad 801 with its keypad buttons 302 and the associated shadow-pad buttons 304 of partitioned shadow-pad on display unit 101.
  • step 706 if the user is unable to locate the password character on any of the keypad buttons 302 of partitioned keypad 801, user can use input unit 103 to select "next" and processing unit 104 removes partitioned keypad 801 from the keypad pool and randomly selects one of the remaining partitioned keypads 802, 803 from the keypad pool, and displays the selected partitioned keypad 803 with its keypad buttons 302 and the associated shadow- pad buttons 304 of partitioned shadow-pad on display unit 101. [0071] In step 707, if user locates the password character on one of the keypad buttons 302 of partitioned keypad 803, user notes the character as presented (i.e.
  • processing unit 104 displays partitioned keypad 801 and its keypad buttons 302 on display unit 101.
  • processing unit 104 displays partitioned keypad 802 and its keypad buttons 302 on display unit 101.
  • step 710 if user locates the shadow-pad character on one of the keypad buttons 302 of partitioned keypad 802, user selects that keypad button 302.
  • Processing unit 104 then processes the user's keypad button 302 selection and based on the stored shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input).
  • the user may choose to customize a keypad which includes all the user's password characters such that the customized keypad and shadow-pad 303 can always fit into display unit 101.
  • the customized keypad will contain a subset of the characters of the entire keypad 301 but all the user's password characters.
  • the shadow-pad 303 in this case will contain a random permutation of the characters of the entire keypad 301.
  • the password entry process with the customized keypad is similar to the process with keypad 301 except that when a secure channel is detected, the customized keypad is displayed; instead of keypad 301 or partitioned keypad 801, 802, 803.
  • the apparent advantage of customized keypad is that it is very convenient for the user to provide the password entry. [0076] Throughout the disclosure in the specification, it is described that a user primarily provides input (or inputs his password) by selecting keypad button 302 on keypad 301.
  • display unit 101 is an optical head mounted display of the wearable device. Due to the close proximity of the display unit 101 with the user's eyes, an inherent secure channel will already be in place and there would not be any need for secure means 102. Onlookers will be unable to view whatever is being displayed on display unit 101.
  • FIG. 9 shows a flowchart describing an embodiment of the invention using a wearable device as described above.
  • step 901 user enters the login screen.
  • User has a password having n characters where n is a number which is larger than one.
  • step 902 processing unit 104 generates an instance of shadow-pad 303 with its shadow-pad buttons 304 and stores this instance of shadow-pad 303 in memory 106.
  • Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature.
  • Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106.
  • processing unit 104 detects that secure means 102 has been applied and a secure channel is active. In this embodiment, secure means 102 has been applied because the user is wearing the wearable device with its optical head mounted display in close proximity with the user's eyes.
  • processing unit 104 retrieves the instance of shadow-pad 303 with its shadow-pad buttons 304 from memory 106 and displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101.
  • processing unit 104 receives the user's selection via voice input.
  • the user speaks the character presented on shadow-pad button 304 associated with keypad button 302 bearing the intended character.
  • Input unit 103 (which comprises a voice recognition device in this embodiment) will receive the voice input as provided by the user.
  • processing unit 104 processes the user's selection and based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input). [0083] In step 907, processing unit 104 stores the intended character into memory 106. [0084] In step 908, processing unit 104 checks whether the number of intended characters stored in memory 106 is smaller than n. [0085] If the number of intended characters stored in memory 106 is smaller than n, steps 902, 903, 904, 905, 906, 907 and 908 are repeated.
  • the "permanent secure channel" embodiment described in figure 9 differs from the “temporary secure channel” embodiment described in figure 5 in the sense that as a permanent secure channel exists, the display unit 101 can display shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 without any concern of an onlooker glancing upon it, and therefore the user can freely provide his voice input.
  • display unit 101 can no longer display shadow-pad 303 with its shadow- pad buttons 304.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

A system for accepting entry of a password is described, the system comprising a display unit and a secure means for implementing a secure channel for the display unit such that the display unit is visible only to a user providing a user entry, the secure channel being removed upon deactivation of the secure means. The system further comprises a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each keypad button bearing a keypad character and shadow-pad button bearing a shadow-pad character, and each shadow-pad button being associated with a keypad button. The system further comprises a memory unit for storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons and an input unit for accepting the user entry upon the removal of the secure channel. Wherein the processing unit is further configured to display on the display unit the plurality of shadow-pad buttons interposed with the plurality of keypad buttons upon the implementation of the secure channel, each associated shadow-pad button having a visual effect to indicate its association with the corresponding keypad button. Wherein when a password character matches the keypad character of one of the keypad buttons, the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the user entry upon the removal of the secure channel; and wherein the processing unit is further configured to recognize that the password character has been entered when the shadow-pad character is entered as the user entry.

Description

LEAKAGE RESILIENT PASSWORD SYSTEM AND METHOD FIELD OF THE INVENTION [0001] The invention pertains to the field of reducing the probability of passwords being leaked. BACKGROUND [0002] Mobile devices are ubiquitous for connecting users to the cyberspace. A user may use a smartphone, tablet, or wearable device to access not only general informative services but also sensitive services such as mobile banking and corporate services. In order to prevent unauthorized access to these services, user authentication is required to verify the identity of a user. Password-based authentication is still the most pervasive due to significant advantage in usability over other alternatives such as smartcards and biometrics. [0003] However, password-based user authentication suffers from an intrinsic weakness of password leakage during password entry, which may reveal passwords to surrounding attackers (e.g., by shoulder surfing and key logging). This threat is compounded in scenarios when mobile devices are involved, as mobile devices are widely used in public places. [0004] It is therefore an object of an invention to solve the above deficiencies and at least provide a novel leakage resilient password system and method. SUMMARY OF INVENTION [0005] The invention will now be described in detail with reference to the accompanying drawings. [0006] According to a first aspect of the invention, a system for accepting entry of a password is described, the password comprising at least one password character, the system comprising a display unit; a secure means for implementing a secure channel for the display unit such that the display unit is visible only to a user providing a user entry, the secure channel being removed upon deactivation of the secure means; a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons. The system further describes a memory unit for storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons; and an input unit for accepting the user entry upon the removal of the secure channel. Wherein the processing unit is further configured to display on the display unit the plurality of shadow-pad buttons interposed with the plurality of keypad buttons upon the implementation of the secure channel, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons. Wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons, the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the user entry upon the removal of the secure channel; and wherein the processing unit is further configured to recognize that the at least one password character has been entered when the shadow-pad character is entered as the user entry. [0007] Preferably, the system further comprises an output unit and the processing unit is further configured to send the at least one password character to the output unit for authentication. [0008] Preferably, the secure means is a hand- shielding gesture over a gesture detection area. [0009] Preferably, at least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons. [0010] Preferably, the display unit, processing unit, memory unit and input unit are part of a portable handheld device or an automated teller machine or a computer terminal. [0011] Preferably, the shadow pad character is selected either by touching a keypad button or by voice input received by the input unit. [0012] According to a second aspect of the invention, a method for accepting entry of a password is described, the password comprising at least one password character, the method comprising the steps of generating with a processing unit, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; and storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons into a memory unit. The method further comprises the steps of implementing with a secure means a secure channel for a display unit such that the display unit is visible only to a user providing a user entry; and displaying on the display unit, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons. The method further comprises the steps of removing the secure channel by deactivating the secure means; accepting the user entry with an input unit, the user entry being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and recognizing with the processing unit, that the at least one password character has been entered. [0013] Preferably, the method further comprises the step of sending with the processing unit, the at least one password character to an output unit for authentication. [0014] Preferably, the method further comprises the step of implementing a secure channel with a secure means comprises the step of placing a hand- shielding gesture over a gesture detection area. [0015] According to a third aspect of the invention, a wearable device for accepting entry of a password when worn on a user's head is described, the password comprising at least one password character, the wearable device comprising an optical head mounted display; a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; a memory unit for storing the plurality of shadow- pad buttons interposed with the plurality of keypad buttons; and a voice recognition device for processing a voice input. Wherein the processing unit is further configured to display on the optical head mounted display the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons. Wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons, the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the voice input; and wherein the processing unit is further configured to determine that the at least one password character has been entered when the shadow-pad character is entered as the voice input. [0016] Preferably, at least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons. [0017] According to a fourth aspect of the invention, a method for accepting entry of a password with a wearable device when worn on a user's head is described, the password comprising at least one password character, the method comprising the steps of generating with a processing unit of the wearable device, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons; storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons into a memory unit of the wearable device; displaying on an optical head mounted display of the wearable device, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons. The method further comprises the steps of accepting a voice input with a voice recognition device of the wearable device, the voice input being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and determining with the processing unit, that the at least one password character has been entered. [0018] The invention will now be described in detail with reference to the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS [0019] The accompanying figures illustrate disclosed embodiment(s) and serve to explain principles of the disclosed embodiment(s). It is to be understood, however, that these drawings are presented for purposes of illustration only, and not for defining limits of the application. [0020] Figure 1 shows a leakage resilient password system in accordance with a preferred embodiment of the invention. [0021] Figure 2 shows an exemplary example of a secure means. [0022] Figure 3 shows input unit displaying keypad buttons interposed with shadow- pad buttons in accordance with a preferred embodiment of the invention. [0023] Figures 4(a), 4(b), 4(c), 4(d), 4(e) and 4(f) illustrate the permutations of input unit in accordance with the invention. [0024] Figure 5 shows a flowchart that illustrates a method in accordance with a preferred embodiment of the invention. [0025] Figure 6 shows an alternative embodiment of the invention where a keypad button is associated with a plurality of shadow-pad buttons. [0026] Figure 7 shows a flowchart that illustrates a method in accordance with another preferred embodiment of the invention. [0027] Figure 8 shows a keypad partitioned into a plurality of partitioned keypads. [0028] Figure 9 shows a flowchart that illustrates a method in accordance with another preferred embodiment of the invention. [0029] Exemplary, non-limiting embodiments of the present application will now be described with references to the above-mentioned figures. DETAILED DESCRIPTION [0030] Figure 1 shows a leakage resilient password system 100 in accordance with a preferred embodiment of the invention. System 100 comprises display unit 101 and secure means 102. System 100 further comprises input unit 103, processing unit 104, output unit 105 and memory 106. [0031] Display unit 101 can be a screen of a mobile device. Secure means 102 can be a hand- shielding gesture as shown in Figure 2. Secure means 102 results in a secure channel such that what is being displayed on display unit 101 can be visible and discernible only to the user. Input unit 103 is located in a portion of display unit 101. Input unit 103 can be touch- screen keypads. Optionally, input unit can also comprise voice activation software, where the display unit shows data orally communicated by the user via a voice input. [0032] Processing unit 104 can be a microprocessor. Processing unit 104 can read/write to memory 106. Processing unit 104 can generate shadow-pads 303. Processing unit 104 can send information to display unit 101 to display keypad 301 and shadow-pad 303 (see figure 3). Processing unit 104 can accept user's input via input unit 103. Processing unit 104 can also output the user's password to output unit 105, which can be sent to any user authentication application such as unlocking a device, activating a password manager, accessing a user account, or making a payment. [0033] Once processing unit 104 detects that secure means 102 has provided a secure channel, processing unit 104 will send information to display unit 101 to display keypad 301 and shadow-pad 303 as shown in figure 3. Processing unit 104 can detect that secure means 102 (Hand A) has provided a secure channel when the hand- shielding gesture is placed over gesture detection area 107 as shown in figure 2. [0034] Figure 3 shows keypad 301 having keypad buttons 302. Figure 3 also shows shadow-pad 303 having shadow-pad buttons 304. Each keypad button 302 and shadow-pad button 304 bears or presents a character. A character can be any alphabetical letter, digit, punctuation or symbol. Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non-sequential and random in nature as shown in figure 3. Each shadow-pad button 304 is associated with one keypad button 302. As shown in figure 3, shadow-pad buttons 304 are interposed with keypad buttons 302. Shadow- pad buttons 304 are located adjacent and proximate to its associated keypad button 302 as shown in figure 3. Shadow-pad button 304 has to be located proximate to its associated keypad button 302, and away from the neighboring keypad button 302 to such an extent that a user would not be confused as to which keypad button 302 shadow-pad button 304 is associated to. Shadow-pad button 304 can also have a graphic to indicate its association with keypad button 302. For example, in figure 3, shadow-pad button 304 has a "shadow-like" effect graphic to indicate its association with keypad button 302. [0035] The character as presented in shadow-pad button 304 indicate to the user the keypad button 302 the user should select to input the password character or intended character (the character the user intends to input). For example, referring to figure 3, shadow-pad button 304 bearing character "5" is associated with keypad button 302 bearing character " 1". This indicates to the user that to enter the intended character " 1", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "5". In another example found in figure 3, shadow-pad button 304 bearing the character "9" is associated with keypad button 302 bearing the character "2". This indicates to the user that to enter the intended character "2", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "9". Alternatively, shadow-pad character selection may be made by voice input, for those devices with input units capable of receiving voice input. [0036] Figures 4(a), 4(b), 4(c), 4(d), 4(e) and 4(f) illustrate the permutations of keypad 301 and shadow-pad 303 in accordance with the invention. In this illustration, the password of the user has the following string of characters: "3" 7" 4". [0037] Processing unit 104 generates an instance of shadow-pad 303 with its shadow- pad buttons 304 and stores this instance of shadow-pad 303 in memory 106. Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature. Each shadow-pad button 304 of this instance of shadow- pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106. When secure means 102 is applied and a secure channel is detected, processing unit 104 displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(a). [0038] Shadow-pad button 304 bearing the character "7" associated with keypad button 302 bearing the character "3" indicates to the user that to enter the intended character "3", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "7". [0039] Once secure means 102 is removed, input unit 103 displays only keypad 301 and its keypad buttons 302 as shown in figure 4(b). Shadow-pad 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed. The user selects keypad button 302 bearing the character "7". Based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine that "3" was the intended character. Processing unit 104 stores the intended character "3" in memory 106. If however the user fails to select any keypad button 302 after a predetermined amount of time, or the user inputs a "cancel" at any time, then processing unit 104 clears memory 106 of the instance of shadow-pad 303 with its shadow-pad buttons 304 and stops the process. [0040] Processing unit 104 generates a new instance of shadow-pad 303 with its shadow-pad buttons 304, and replaces the previous instance of shadow-pad 303 with the new instance of shadow-pad 303 in memory 106. The shadow-pad buttons 304 in this instance of shadow-pad 303 are randomly arranged such that the arrangement of the characters presented by shadow-pad buttons 304 will be different to the previous instance of shadow-pad 303. Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. [0041] When secure means 102 is reapplied and a secure channel is detected, processing unit 104 displays this new instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(c). Shadow-pad button 304 bearing the character "0" associated with keypad button 302 bearing the character "7" indicates to the user that to enter the intended character "7", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "0". [0042] As mentioned above, shadow-pad buttons 304 are randomly arranged. This is to ensure that arrangement of the characters presented by shadow-pad buttons 304 in each instance of shadow-pad 303 is different. For example, the arrangement of the characters presented by shadow-pad buttons 304 in the instance of shadow-pad 303 generated in figure 4(a) is different from the arrangement of the characters presented by shadow-pad buttons 304 in the instance of shadow-pad 303 generated in figure 4(c). This is to ensure that the arrangement of the characters presented by shadow-pad buttons 304 in shadow-pad 303 does not exhibit any discernable pattern which enhances security. [0043] Once secure means 102 is removed, input unit 103 displays only keypad 301 and its keypad buttons 302 as shown in figure 4(d). Shadow-pad 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed. The user selects keypad button 302 bearing the character "0". Based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine that "7" was the intended character. Processing unit 104 stores the intended character "7" in memory 106. If however the user fails to select any keypad button 302 after a predetermined amount of time, or the user inputs a "cancel" at any time, then processing unit 104 clears memory 106 of the instance of shadow-pad 303 with its shadow-pad buttons 304 and stops the process. [0044] Processing unit 104 generates a new instance of shadow-pad 303 with its shadow-pad buttons 304, and replaces the previous instance of shadow-pad 303 with the new instance of shadow-pad 303 in memory 106. The shadow-pad buttons 304 in this instance of shadow-pad 303 are randomly arranged such that the arrangement of the characters presented by shadow-pad buttons 304 will be different to the previous instance of shadow-pad 303. Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. [0045] When secure means 102 is reapplied and a secure channel is detected, processing unit 104 displays this new instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101 as shown in figure 4(e). Shadow-pad button 304 bearing the character "5" associated with keypad button 302 bearing the character "4" indicates to the user that to enter the intended character "4", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character "5". [0046] Once secure means 102 is removed, input unit 103 displays only keypads 301 and its keypad buttons 302 as shown in figure 4(f). Shadow-pads 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed. The user selects keypad button 302 bearing the character "5". Based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine that "4" was the intended character. Processing unit 104 stores the intended character "4" in memory 106. If however the user fails to select any keypad button 302 after a predetermined amount of time, or the user inputs a "cancel" at any time, then processing unit 104 clears memory 106 of the instance of shadow-pads 303 and stops the process. [0047] Processing unit 104 can then retrieve the intended characters "3" 7" 4" from memory 106 and send to output unit 105, which can be used for authentication against the user's password for performing a variety of tasks, such as unlocking a device, activating a password manager, accessing a user account, or making a payment. [0048] Therefore, although the user's password is "3" 7" "4", the keypad buttons 302 that the user actually selects bear the characters "7" "0" "5", masking the user's password from any onlooker. Further, due to the random nature of the arrangement of the characters presented by shadow-pad buttons 304 in each instance of shadow-pad 303, the next time the user logins into system 100, the keypad buttons 302 that the user selects would be different. [0049] The embodiment of this invention therefore leverages on a temporary secure channel, which prompts the user which keypad button 302 to select to enter his/her password, when secure means 102 is removed. The advantages are apparent. The invention does not require its users to perform any mental calculations or remember anything beyond the original passwords during password entry. In comparison, many existing innovations impose a considerable amount of cognitive workload on its users. With this invention, the user does not actually key in his password. Therefore, an onlooker would be unable to discern the password (although the onlooker would be able to discern the length of the password). One skilled in the art will appreciate that this invention can be implemented on any portable handheld device, or any automated teller machine or any computer terminal or the like. [0050] Figure 5 describes a flowchart illustrating the method in accordance with a preferred embodiment. [0051] In step 501, user enters the login screen. User has a password having n characters where n is a number which is larger than one. [0052] In step 502, processing unit 104 generates an instance of shadow-pad 303 with its shadow-pad buttons 304 and stores this instance of shadow-pad 303 in memory 106. Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature. Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106. [0053] In step 503, processing unit 104 detects that secure means 102 has been applied and a secure channel is active. [0054] In step 504, processing unit 104 retrieves the instance of shadow-pad 303 with its shadow-pad buttons 304 from memory 106 and displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101. [0055] In step 505, processing unit 104 detects that secure means 102 has been removed and a secure channel is no longer active. [0056] In step 506, input unit 103 displays keypad 301 and its keypad buttons 302 for the user to select. Shadow-pads 303 and its shadow-pad buttons 304 are not displayed once secure means 102 is removed. [0057] In step 507, processing unit 104 processes the user's keypad button 302 selection and based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and its association in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input). [0058] In step 508, processing unit 104 stores the intended character into memory 106 and lodges this as a password character entry. [0059] In step 509, processing unit 104 checks whether the number of intended characters stored in memory 106 is smaller than n. [0060] If the number of intended characters stored in memory 106 is smaller than n, steps 502, 503, 504, 505, 506, 507, 508 and 509 are repeated. [0061] If the number of intended characters stored in memory 106 is not smaller than n, in step 510, processing unit 104 sends the stored intended characters to output unit 105. [0062] In an alternative embodiment, if input unit 103 is capable of accepting voice input, after step 504, when the instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 are displayed on display unit 101, the user does not need to wait for the secure means 102 to be removed in step 505 to provide the voice input and enter his password. The user simply needs to speak the character presented on shadow-pad button 304 associated with keypad button 302 bearing the intended character. [0063] Till this point, the disclosure in the specification has described that each shadow-pad button 304 is associated with one keypad button 302. In an alternative embodiment, one keypad button 302 can be associated with a plurality of shadow-pad buttons 304. As shown in figure 6, keypad button 302 is associated with shadow-pad button 304 and shadow-pad button 304'. Keypad button 302 bears the character "A", shadow-pad button 304 bears the character "2" and shadow-pad button 304' bears the character "D". Shadow-pad button 304 and shadow-pad button 304' have different graphics to indicate its association with keypad button 302. Shadow-pad button 304 has a "shadow-like" effect graphic that arches downwards while shadow-pad button 304' has a "shadow-like" effect graphic that arches upwards. The obvious advantage is that more shadow-pad buttons 304 may be shown on the screen. With the limited size of most hand held devices, this embodiment of the invention could be particularly useful. [0064] One possible use of keypad button 302 having a plurality of associated shadow- pad buttons 304 would be to represent different permutations of the character presented by keypad button 302. For example, using the illustration as provided in figure 6, shadow-pad button 304' may indicate to the user that to enter the uppercase permutation of the intended character "A", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character 'D'. And shadow-pad button 304 may indicate to the user that to enter the lowercase permutation of the intended character "a", once secure means 102 is removed, the user would have to select keypad button 302 bearing the character '2'. [0065] As the screen size of display unit 101 may be limited, keypad 301 may not be able to be displayed on display unit 101 in its entirety. In such a scenario, in step 701 in figure 7, processing unit 104 partitions keypad 301 into a plurality of partitioned keypads 801, 802, 803 (as shown in figure 8). This plurality of partitioned keypads 801, 802, 803 form a keypad pool and this keypad pool is saved to memory 106. [0066] In step 702, processing unit 104 creates shadow-pad 303 with its shadow-pad buttons 304. Shadow-pad 303 and its shadow-pad buttons 304 are essentially a random re- shuffled version of keypad 301 and its keypad buttons 302. Each shadow-pad button 304 of shadow-pad 303 is associated with one keypad button 302 of keypad 301. [0067] In step 703, processing unit 104 partitions shadow-pad 303 into a plurality of partitioned shadow-pads in a similar manner to partitioned keypads 801, 802, 803 and stores the plurality of partitioned shadow-pads in memory 106. [0068] In step 704, processing unit 104 detects that secure means 102 has been applied and a secure channel is active. [0069] In step 705, processing unit 104 randomly selects one of the partitioned keypads 801, 802 and 803 from the keypad pool, and displays the selected partitioned keypad 801 with its keypad buttons 302 and the associated shadow-pad buttons 304 of partitioned shadow-pad on display unit 101. [0070] In step 706, if the user is unable to locate the password character on any of the keypad buttons 302 of partitioned keypad 801, user can use input unit 103 to select "next" and processing unit 104 removes partitioned keypad 801 from the keypad pool and randomly selects one of the remaining partitioned keypads 802, 803 from the keypad pool, and displays the selected partitioned keypad 803 with its keypad buttons 302 and the associated shadow- pad buttons 304 of partitioned shadow-pad on display unit 101. [0071] In step 707, if user locates the password character on one of the keypad buttons 302 of partitioned keypad 803, user notes the character as presented (i.e. shadow-pad character) on the associated shadow-pad button 304 of that keypad button 302, and removes the secure means 102. [0072] In step 708, once processing unit 104 detects that secure means 102 has been removed and a secure channel is no longer active, processing unit 104 displays partitioned keypad 801 and its keypad buttons 302 on display unit 101. [0073] In step 709, if the user is unable to locate the shadow-pad character on any of the keypad buttons 302 of partitioned keypad 801, user can use input unit 103 to select "next" and processing unit 104 displays partitioned keypad 802 and its keypad buttons 302 on display unit 101. [0074] In step 710, if user locates the shadow-pad character on one of the keypad buttons 302 of partitioned keypad 802, user selects that keypad button 302. Processing unit 104 then processes the user's keypad button 302 selection and based on the stored shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input). [0075] To avoid the inconvenience of scrolling through the numerous partitioned keypads 801, 802, 803 during password entry, the user may choose to customize a keypad which includes all the user's password characters such that the customized keypad and shadow-pad 303 can always fit into display unit 101. The customized keypad will contain a subset of the characters of the entire keypad 301 but all the user's password characters. The shadow-pad 303 in this case will contain a random permutation of the characters of the entire keypad 301. The password entry process with the customized keypad is similar to the process with keypad 301 except that when a secure channel is detected, the customized keypad is displayed; instead of keypad 301 or partitioned keypad 801, 802, 803. The apparent advantage of customized keypad is that it is very convenient for the user to provide the password entry. [0076] Throughout the disclosure in the specification, it is described that a user primarily provides input (or inputs his password) by selecting keypad button 302 on keypad 301. However, a person skilled in the art would appreciate that a user can provide input via other means (for example, via voice input) and the invention would still be able to function. Voice input may be necessary because the user may be using a wearable device (such as Google glass) and may not have touch screens for inputting passwords. In such an embodiment, display unit 101 is an optical head mounted display of the wearable device. Due to the close proximity of the display unit 101 with the user's eyes, an inherent secure channel will already be in place and there would not be any need for secure means 102. Onlookers will be unable to view whatever is being displayed on display unit 101. With this permanent secure channel in place (permanent as long as the user is wearing the wearable device), display unit 101 can display shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 when the user provides voice input to input unit 103. In this embodiment, input unit 103 comprises a voice recognition device. [0077] Figure 9 shows a flowchart describing an embodiment of the invention using a wearable device as described above. In step 901, user enters the login screen. User has a password having n characters where n is a number which is larger than one. [0078] In step 902, processing unit 104 generates an instance of shadow-pad 303 with its shadow-pad buttons 304 and stores this instance of shadow-pad 303 in memory 106. Shadow-pad 303 with its shadow-pad buttons 304 are essentially a randomly re-shuffled version of keypad 301 and its keypad buttons 302 such that the characters presented by shadow-pad buttons 304 are non- sequential and random in nature. Each shadow-pad button 304 of this instance of shadow-pad 303 is associated with one keypad button 302 of keypad 301. This association is also stored in memory 106. [0079] In step 903, processing unit 104 detects that secure means 102 has been applied and a secure channel is active. In this embodiment, secure means 102 has been applied because the user is wearing the wearable device with its optical head mounted display in close proximity with the user's eyes. [0080] In step 904, processing unit 104 retrieves the instance of shadow-pad 303 with its shadow-pad buttons 304 from memory 106 and displays this instance of shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 on display unit 101. [0081] In step 905, processing unit 104 receives the user's selection via voice input. The user speaks the character presented on shadow-pad button 304 associated with keypad button 302 bearing the intended character. Input unit 103 (which comprises a voice recognition device in this embodiment) will receive the voice input as provided by the user. [0082] In step 906, processing unit 104 processes the user's selection and based on the stored instance of shadow-pad 303 with its shadow-pad buttons 304 and their association with keypad buttons 302 in memory 106, processing unit 104 is able to determine the intended character (the character the user intended to input). [0083] In step 907, processing unit 104 stores the intended character into memory 106. [0084] In step 908, processing unit 104 checks whether the number of intended characters stored in memory 106 is smaller than n. [0085] If the number of intended characters stored in memory 106 is smaller than n, steps 902, 903, 904, 905, 906, 907 and 908 are repeated. [0086] The "permanent secure channel" embodiment described in figure 9 differs from the "temporary secure channel" embodiment described in figure 5 in the sense that as a permanent secure channel exists, the display unit 101 can display shadow-pad 303 with its shadow-pad buttons 304 and its associated keypad buttons 302 of keypad 301 without any concern of an onlooker glancing upon it, and therefore the user can freely provide his voice input. For the "temporary secure channel" embodiment described in figure 5, once the secure channel is removed, display unit 101 can no longer display shadow-pad 303 with its shadow- pad buttons 304. [0087] In the application, unless specified otherwise, the terms "comprising", "comprise", and grammatical variants thereof, intended to represent "open" or "inclusive" language such that they include recited elements but also permit inclusion of additional, non- explicitly recited elements. [0088] It will be apparent that various other modifications and adaptations of the application will be apparent to the person skilled in the art after reading the foregoing disclosure without departing from the spirit and scope of the application and it is intended that all such modifications and adaptations come within the scope of the appended claims.

Claims

CLAIMS 1. A system for accepting entry of a password, the password comprising at least one password character, the system comprising:
a display unit;
a secure means for implementing a secure channel for the display unit such that the display unit is visible only to a user providing a user entry, the secure channel being removed upon deactivation of the secure means;
a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons;
a memory unit for storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons; and
an input unit for accepting the user entry upon the removal of the secure channel;
wherein the processing unit is further configured to display on the display unit the plurality of shadow-pad buttons interposed with the plurality of keypad buttons upon the implementation of the secure channel, each one of the plurality of shadow- pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons;
wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons, the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the user entry upon the removal of the secure channel; and
wherein the processing unit is further configured to recognize that the at least one password character has been entered when the shadow-pad character is entered as the user entry.
2. The system of claim 1 further comprising an output unit and the processing unit is further configured to send the at least one password character to the output unit for authentication.
3. The system of claim 1 or claim 2 wherein the secure means is a hand- shielding gesture over a gesture detection area.
4. The system of any one of the preceding claims wherein at least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons.
5. The system of any one of the preceding claims wherein the display unit, processing unit, memory unit and input unit are part of a portable handheld device or an automated teller machine or a computer terminal.
6. The system of any one of the preceding claims wherein the shadow pad character is selected either by touching a keypad button or by voice input received by the input unit.
7. A method for accepting entry of a password, the password comprising at least one password character, the method comprising the steps of:
generating with a processing unit, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow- pad buttons bearing a shadow-pad character, and each one of the plurality of shadow- pad buttons being associated with one of the plurality of keypad buttons;
storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons;
implementing with a secure means a secure channel for a display unit such that the display unit is visible only to a user providing a user entry;
displaying on the display unit, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons;
removing the secure channel by deactivating the secure means;
accepting the user entry with an input unit, the user entry being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and recognizing with the processing unit, that the at least one password character has been entered.
8. The method of claim 6 further comprising the step of sending with the processing unit, the at least one password character to an output unit for authentication.
9. The method of claim 6 or claim 7 wherein the step of implementing a secure channel with a secure means comprises the step of placing a hand- shielding gesture over a gesture detection area.
10. A wearable device for accepting entry of a password when worn on a user's head, the password comprising at least one password character, the wearable device comprising: an optical head mounted display;
a processing unit configured to generate a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons;
a memory unit for storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons; and
a voice recognition device for processing a voice input;
wherein the processing unit is further configured to display on the optical head mounted display the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons;
wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons, the shadow-pad character of the shadow-pad button associated with the matched keypad button indicates that the shadow-pad character should be selected as the voice input; and
wherein the processing unit is further configured to determine that the at least one password character has been entered when the shadow-pad character is entered as the voice input.
11. The wearable device of claim 9 wherein at least one of the plurality of keypad buttons has a plurality of associated shadow-pad buttons.
12. A method for accepting entry of a password with a wearable device when worn on a user's head, the password comprising at least one password character, the method comprising the steps of:
generating with a processing unit of the wearable device, a plurality of randomly arranged shadow-pad buttons interposed with a plurality of keypad buttons, each one of the plurality of keypad buttons bearing a keypad character, and each one of the plurality of shadow-pad buttons bearing a shadow-pad character, and each one of the plurality of shadow-pad buttons being associated with one of the plurality of keypad buttons;
storing the plurality of shadow-pad buttons interposed with the plurality of keypad buttons into a memory unit of the wearable device;
displaying on an optical head mounted display of the wearable device, the plurality of shadow-pad buttons interposed with the plurality of keypad buttons, each one of the plurality of shadow-pad buttons having a visual effect to indicate the association with one of the plurality of keypad buttons; wherein the at least one password character matches the keypad character of one of the plurality of keypad buttons;
accepting a voice input with a voice recognition device of the wearable device, the voice input being the shadow-pad character of the shadow-pad button associated with the matched keypad button; and
determining with the processing unit, that the at least one password character has been entered.
PCT/SG2015/050234 2014-09-23 2015-07-24 Leakage resilient password system and method WO2016048236A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
SG11201701646QA SG11201701646QA (en) 2014-09-23 2015-07-24 Leakage resilient password system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG10201405977P 2014-09-23
SG10201405977P 2014-09-23

Publications (1)

Publication Number Publication Date
WO2016048236A1 true WO2016048236A1 (en) 2016-03-31

Family

ID=55581577

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2015/050234 WO2016048236A1 (en) 2014-09-23 2015-07-24 Leakage resilient password system and method

Country Status (2)

Country Link
SG (1) SG11201701646QA (en)
WO (1) WO2016048236A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11036845B2 (en) * 2015-05-27 2021-06-15 Licentia Group Limited Authentication methods and systems
US11048784B2 (en) 2012-07-20 2021-06-29 Licentia Group Limited Authentication method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19980052634A (en) * 1996-12-24 1998-09-25 배순훈 Random combination of numbers for keypad
US20060053301A1 (en) * 2002-12-23 2006-03-09 Hwa-Shik Shin Device and method for inputting password using random keypad
KR100703439B1 (en) * 2001-02-28 2007-04-03 삼성전자주식회사 Method for inputting key data of device having a keypad
US20130047237A1 (en) * 2010-04-26 2013-02-21 Kyu Choul Ahn Password security input system using shift value of password key and password security input method thereof
US20140201844A1 (en) * 2013-01-14 2014-07-17 Lookout, Inc. Detection of and privacy preserving response to observation of display screen

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19980052634A (en) * 1996-12-24 1998-09-25 배순훈 Random combination of numbers for keypad
KR100703439B1 (en) * 2001-02-28 2007-04-03 삼성전자주식회사 Method for inputting key data of device having a keypad
US20060053301A1 (en) * 2002-12-23 2006-03-09 Hwa-Shik Shin Device and method for inputting password using random keypad
US20130047237A1 (en) * 2010-04-26 2013-02-21 Kyu Choul Ahn Password security input system using shift value of password key and password security input method thereof
US20140201844A1 (en) * 2013-01-14 2014-07-17 Lookout, Inc. Detection of and privacy preserving response to observation of display screen

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11048784B2 (en) 2012-07-20 2021-06-29 Licentia Group Limited Authentication method and system
US11048783B2 (en) 2012-07-20 2021-06-29 Licentia Group Limited Authentication method and system
US11194892B2 (en) 2012-07-20 2021-12-07 Licentia Group Limited Authentication method and system
US11036845B2 (en) * 2015-05-27 2021-06-15 Licentia Group Limited Authentication methods and systems
US11048790B2 (en) * 2015-05-27 2021-06-29 Licentia Group Limited Authentication methods and systems

Also Published As

Publication number Publication date
SG11201701646QA (en) 2017-04-27

Similar Documents

Publication Publication Date Title
US9013424B2 (en) Method for encoded input and control by fingerprint
US9471761B2 (en) Unlocking electronic devices using touchscreen input gestures
US20140098141A1 (en) Method and Apparatus for Securing Input of Information via Software Keyboards
US9357391B1 (en) Unlocking electronic devices with touchscreen input gestures
US20060174339A1 (en) An arrangement and method of graphical password authentication
US20100175016A1 (en) Security key inputting system for touch screen device
CN103996011A (en) Method and device for protecting codes to be input safely
US20120036573A1 (en) Drag-and-Tag Authentication
Kuribara et al. Vibrainput: Two-step pin entry system based on vibration and visual information
CN101655768A (en) Anti-peep password input method
Rajarajan et al. Shoulder surfing resistant virtual keyboard for internet banking
KR101122197B1 (en) Method of displaying virtual keypad for preventing the leaking of information
WO2016048236A1 (en) Leakage resilient password system and method
US20170154173A1 (en) Array password authentication system and method thereof
KR101015633B1 (en) A method and a computer readable media for secure data input
Gao et al. Usability and security of the recall-based graphical password schemes
KR101969838B1 (en) Method and apparatus for authenication using dial virtual keypad
EP3142038B1 (en) Authentication system and method
KR101432943B1 (en) Secure password input method for smart phone
JP6493973B2 (en) Character string input method and program
KR101155532B1 (en) Method for processing security number and system using the same
JP5618437B1 (en) Personal authentication method
US20220374507A1 (en) Improved systems and methods for secure data input and authentication
KR101430199B1 (en) Device and method for providing security channel interface
KR20050022576A (en) Password input method for preventing password from being exposing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15843360

Country of ref document: EP

Kind code of ref document: A1

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15843360

Country of ref document: EP

Kind code of ref document: A1