Browse Prior Art Database

Secure data entry using a bespoke keyboard

IP.com Disclosure Number: IPCOM000177504D
Original Publication Date: 2008-Dec-16
Included in the Prior Art Database: 2008-Dec-16
Document File: 2 page(s) / 40K

Publishing Venue

IBM

Abstract

This invention seeks to solve the problem that a user on a public computer (e.g. in an internet cafe) cannot be sure that the data they enter will remain private. The user of such a computer is at risk when entering sensitive data such as usernames and passwords, bank details, confidential emails etc., if key logging hardware or software has been installed on the computer or if the screen is being captured (screen-scraping). By using a bespoke keyboard which authenticates itself directly with the server the user is accessing and encrypts the data entered, the user can avoid these security risks.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Secure data entry using a bespoke keyboard

Disclosed is a device which buffers a user's input as they type and encrypts it before it is sent to the computer.

    Current solutions are software based and aim at removing software based key-loggers. Newer key-loggers and other spyware is capable of reinstalling itself after removal. To prevent hardware key-loggers, physical inspection of the machine needs to be carried out by someone who is trained in what to look for. One may also argue that an additional alternate solution is to not use public computers.

    In order to prevent all types of key-logging and screen-scraping when entering sensitive data into a web site we propose the use of a bespoke keyboard which can be programmed with a pre-shared key.

    As the user types into the keyboard it buffers up the input and encrypts it using the key before sending the data to the computer. This encrypted data is then submitted to the server where it can be decrypted using the private or symmetric key which is held on the server.

    The primary advantage over the existing solution (attempted removal of key loggers) is that the data entry is definitely secure as it is encrypted on the bespoke keyboard, which is under the control of the user and can be manufactured in a tamper proof way. Additionally, even if all key loggers are removed (which can never be guaranteed) the data on the screen can be screen scraped. In the idea herein, data is not shown in the screen in its un-encrypted form.

    In regard to using using a laptop: the idea herein only requires that a user have a small keyboard, not an entire laptop. Additionally, the keyboard has no value if it is stolen, a laptop does. In regard to using a mobile phone: The user gets the benefit of using large screen and regular input device (keyboard and mouse). Entering any quantity, apart from a small one, of data into a mobile phone is tedious and error prone and many web sites are not compatible with mobile phone browsers.

    The idea herein proposes a specially designed keyboard which is able to receive a public encryption key sent directly to a mobile...