A secure novel method for entering a password on a computer or handheld device
Publication Date: 2017-Aug-11
The IP.com Prior Art Database
Title: A secure method for entering a password on a computer or handheld device
Background Generally, when using an Internet website or Internet banking, etc., an ID and password may be inputted for identification purposes. However, the existing method of inputting a password using a keyboard is highly vulnerable to key logging attacks, in which the ID, password, etc., are discovered by recording the key information inputted by the user, and shoulder surfing attacks, in which the ID, password, etc., are discovered by looking over the user's shoulder (Shoulder surfing refers to any attack that may occur in a space that is beyond one's control and includes not only simple overlooking but also attacks using video images from CCTV cameras, etc.). Certain current Internet banking sites have adopted the password input techniques using graphics, where the password (numbers) may be inputted by using a mouse. In most of these cases, the password is not a 6 to 8 digit combination of alphabet letters and numbers, but a 4 to 6 digit combination of numbers. The technique by which the password (numbers) is inputted using a mouse, as adopted by such Internet banking sites, may involve a number grid that is randomly generated on the screen whenever an input is made, rendering a key logging attack ineffective. However, since this input involves inputting the numbers themselves, this technique can be vulnerable to shoulder surfing attacks. Due to this vulnerability of password input methods, the user is recommended not to use Internet banking services, or other websites, online games, etc., that require logging in, in a public environment, such as in an Internet café and on a public PC. In cases where it is unavoidably necessary to input a password using a keyboard in a public environment, and in cases subject to shoulder surfing, a user may suffer losses or may feel anxious about the possibility of information theft. Touch screens, which are especially prolific in modern personal portable devices, also offer the risk that oils or other matter may be left behind when a user enters an authentication sequence or pattern. In other words, touch screens are susceptible to compromise through traces left behind from the user's fingertips. Such trace information may enable another person to estimate or reproduce the user's authentication sequence or pattern. As such, there is a need to develop a password input method that is robust against both key logging attacks and shoulder surfing attacks, so that users may feel at ease even when unavoidably using a password in a public environment. Accordingly, a more powerful, secure method of authenticating a password, and thus authenticating a user is needed. Core Idea: This paper talks about a method to provide a password input system using alphanumeric matrices, and a rotation mechanism for each character entered as part of the input; where-in each alphanumeric character within that matrix is rotatable around an axis. The pa...