Identity verification system resistant to compromise by observation of its use

US 5,276,314 A
Filed: 04/03/1992
Issued: 01/04/1994
Est. Priority Date: 04/03/1992
Status: Expired due to Fees

First Claim

Patent Images

1. A system for providing access to a secure device, comprising:

input means for receiving user identification information;

display means, coupled to said input means, for displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information;

manipulator means, coupled to said display means, for simultaneously changing a displayed state of a multiplicity of said symbols;

comparison means, coupled to said manipulator means, for comparing a displayed state of said key symbols with a key state defining said access key; and

,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for an automated system to allow a user of the system to demonstrate his legitimacy by demonstration of secret knowledge. The mechanism is resistant to compromise by observation of its use. An array of symbols is presented to the user and the user is required to manipulate several symbols at once until assigned key symbols are manipulated into predetermined states. Doing so effectively prevents an observer from determining which symbols are the ones of interest. For example, pushing a button might cause several symbols in the array to exchange their positions. The user continues to do this, having, perhaps, to use several different buttons, until a certain subset of the symbols appears in certain locations within the array. (In this example, the arrangement of this subset of symbols is the user'"'"'s password or PIN.) In this process many symbols in the array, in addition to the user'"'"'s specific symbols, would also have been moved, making it virtually impossible for an observer to identify which symbols and array-positions are pertinent to the user'"'"'s password or PIN.

169 Citations

20 Claims

1. A system for providing access to a secure device, comprising:
- input means for receiving user identification information;
  
  display means, coupled to said input means, for displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information;
  
  manipulator means, coupled to said display means, for simultaneously changing a displayed state of a multiplicity of said symbols;
  
  comparison means, coupled to said manipulator means, for comparing a displayed state of said key symbols with a key state defining said access key; and
  
  ,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein said key state is defined by a color of said symbols.
  - 3. The system of claim 1 wherein said said key state is defined by a position of said symbols on said display means.
  - 4. The system of claim 1 wherein said initial state of said symbols is in the form of a row and column array.
  - 5. The system of claim 4 wherein said manipulator means comprises means for simultaneously altering a row or column position of a plurality of said symbols within said array.
  - 6. The system of claim 1 further comprising first database means, coupled to said input means, for storing data defining a plurality of key states and for retrieving said access key responsive to receipt of said user identification information.
  - 7. The system of claim 6 further comprising second database means, coupled to said input means, for storing data indicative of a plurality of users and processor means for comparing said user identification with said users in said database to determine whether an authorized user is attempting to access said secure device.
  - 8. The system of claim 7 wherein said input means comprises means for receiving an identification card, said identification card having means for storing said user identification information.
  - 9. The system of claim 1 wherein said input means comprises means for receiving an identification card, said identification card having means for storing said user identification information and said key state.
  - 10. The system of claim 1 further comprising signal means, coupled to said authorization means, for indicating when a user has completed manipulation of said symbols and wherein said authorization means is operable responsive to said signal means.

11. A system for providing access to a secure device, comprising:
- input means for receiving user identification information;
  
  verification means coupled to said input means, for determining whether said user identification information is indicative of an authorized user of said secured device and for denying access to said secure device when said identification information is not indicative of an authorized user;
  
  display means, coupled to said input means for displaying a plurality of symbols in a row and column array, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information;
  
  manipulator means, coupled to said display means, for simultaneously changing a displayed position of a multiplicity of said symbols;
  
  signal means, for indicating when a user is finished changing said displayed position;
  
  comparison means, coupled to said signal means, for comparing a displayed state of said key symbols with a key state defining said access key when said signal means indicates that said user is finished displaying said symbols; and
  
  ,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key.

12. A method of providing access to a secure device, comprising the steps of:
- receiving user identification information;
  
  displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of a user access key corresponding to said user identification information;
  
  simultaneously changing a displayed state of a multiplicity of said plurality of symbols;
  
  after said changing, comparing a displayed state of said key symbols with a key state defining said user access key; and
  
  ,providing access to said secure device when said comparing indicates that said displayed state of said key symbols matches said user access key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12 wherein said said access key is defined by a position of a symbols on said display means.
  - 14. The method of claim 12 wherein said initial state of said symbols is in the form of a row and column array.
  - 15. The system of claim 14 wherein said simultaneously changing comprises the step of simultaneously altering a row or column position of a multiplicity of said symbols within said array.
  - 16. The method of claim 12 further comprising the step of storing data defining a plurality of access keys and retrieving said user access key responsive to receipt of said user identification information.
  - 17. The method of claim 16 further comprising the steps of storing data indicative of a plurality of users and, comparing said user identification information with said users in said database to determine whether an authorized user is attempting to access said secure device.
  - 18. The method of claim 17 wherein said receiving comprises the step of receiving an identification card, said identification card having means for storing said user identification information.
  - 19. The method of claim 12 wherein said receiving comprises the step of receiving an identification card, said identification card having means for storing said user identification information and said user access key.
  - 20. The method of claim 12 further comprising the step of indicating when a user has completed manipulation of said symbols performing said comparing responsive to said indicating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Meissner, Geoffrey L., Paulsen, Robert C. Jr., Martino, Michael J.
Primary Examiner(s)
Cross, E. Rollins
Assistant Examiner(s)
SOLIS, ERICK R

Application Number

US07/864,887
Time in Patent Office

641 Days
Field of Search

380/23, 380/24, 380/25, 340/825.31, 340/825.32, 340/825.33, 235/380, 902/4, 902/5
US Class Current

340/5.27
CPC Class Codes

G06Q 20/382   insuring higher security of...

G07C 9/23   by means of a password

G07C 9/33   by means of a password

G07F 7/10   together with a coded signa...

G07F 7/1041   PIN input keyboard gets new...

Identity verification system resistant to compromise by observation of its use

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

169 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity verification system resistant to compromise by observation of its use

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links