Browse Prior Art Database

Indirect Dynamic Password Entry Process

IP.com Disclosure Number: IPCOM000247433D
Publication Date: 2016-Sep-07
Document File: 2 page(s) / 46K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system, method, and computer program for enabling secure data entry from standard unmodified keyboards. It consists of a one-time alphanumeric/special character, randomized translation map, prompts the computer system user to enter the one-time translated mapped characters, and then translates the mapped character entry to the actual account or program password within the operating system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Indirect Dynamic Password Entry Process

A security exposure in computer workstation peripheral configurations enables a variety

of hardware hacking techniques, usually related to capturing keyboard input via attached or wireless keyboard stroke readers.

The novel contribution is a system, method, and computer program product for enabling secure data entry from standard unmodified keyboards. This approach defeats hardware or software based keylogging hacking attempts. It consists of a one-time alphanumeric/special character, randomized translation map, prompts the computer system user to enter the one-time translated mapped characters, and then translates the mapped character entry to the actual account or program password within the operating system.

Intended to protect password entry from keyboard entry intercept (i.e., key log), the solution is also applicable to other pin code-type access applications. The approach is based on a tightly coupled interactive algorithm with the user, and the algorithm provides no useful data to an attacker using key log attempts; therefore, analytic techniques such as frequency analysis are much less effective.

The algorithm outline (numeric pin no.) follows:

1. The user enters the associated user ID 2. The system retrieves the password associated with the user ID 3. The system then generates and displays a stream of valid password characters 4. The stream generates a corresponding scrambled stream with all the characters 5. Both streams (from Steps...