Identity verification system resistant to compromise by observation of its use
First Claim
1. A system for providing access to a secure device, comprising:
- input means for receiving user identification information;
display means, coupled to said input means, for displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information;
manipulator means, coupled to said display means, for simultaneously changing a displayed state of a multiplicity of said symbols;
comparison means, coupled to said manipulator means, for comparing a displayed state of said key symbols with a key state defining said access key; and
,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for an automated system to allow a user of the system to demonstrate his legitimacy by demonstration of secret knowledge. The mechanism is resistant to compromise by observation of its use. An array of symbols is presented to the user and the user is required to manipulate several symbols at once until assigned key symbols are manipulated into predetermined states. Doing so effectively prevents an observer from determining which symbols are the ones of interest. For example, pushing a button might cause several symbols in the array to exchange their positions. The user continues to do this, having, perhaps, to use several different buttons, until a certain subset of the symbols appears in certain locations within the array. (In this example, the arrangement of this subset of symbols is the user'"'"'s password or PIN.) In this process many symbols in the array, in addition to the user'"'"'s specific symbols, would also have been moved, making it virtually impossible for an observer to identify which symbols and array-positions are pertinent to the user'"'"'s password or PIN.
169 Citations
20 Claims
-
1. A system for providing access to a secure device, comprising:
-
input means for receiving user identification information; display means, coupled to said input means, for displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information; manipulator means, coupled to said display means, for simultaneously changing a displayed state of a multiplicity of said symbols; comparison means, coupled to said manipulator means, for comparing a displayed state of said key symbols with a key state defining said access key; and
,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing access to a secure device, comprising:
-
input means for receiving user identification information; verification means coupled to said input means, for determining whether said user identification information is indicative of an authorized user of said secured device and for denying access to said secure device when said identification information is not indicative of an authorized user; display means, coupled to said input means for displaying a plurality of symbols in a row and column array, said plurality of symbols including a subset of key symbols which are elements of an access key corresponding to said user identification information; manipulator means, coupled to said display means, for simultaneously changing a displayed position of a multiplicity of said symbols; signal means, for indicating when a user is finished changing said displayed position; comparison means, coupled to said signal means, for comparing a displayed state of said key symbols with a key state defining said access key when said signal means indicates that said user is finished displaying said symbols; and
,access authorization means, coupled to said comparison means, for providing access to said secure device when said comparison means indicates that said displayed state of said key symbols matches said access key.
-
-
12. A method of providing access to a secure device, comprising the steps of:
-
receiving user identification information; displaying a plurality of symbols in an initial state, said plurality of symbols including a subset of key symbols which are elements of a user access key corresponding to said user identification information; simultaneously changing a displayed state of a multiplicity of said plurality of symbols; after said changing, comparing a displayed state of said key symbols with a key state defining said user access key; and
,providing access to said secure device when said comparing indicates that said displayed state of said key symbols matches said user access key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification