a. Field of the Invention
This invention relates to methods and devices for verifying the identity of the user of a secure device such as an automated transaction mechanism or computer.
b. Related Art
Electronic systems which require a user to identify himself and establish his authority to execute certain transactions are becoming common. There are, within many business establishments, systems which provide for electronic mail, payroll processing, accounts receivable processing and program development in addition to other applications far too numerous to mention. The use of personal computers in the home with access to extensive communications networks is increasing. Automatic Teller Machine (ATMs) are virtually everywhere and their capabilities are expanding. There are ATMs attached to banking networks that permit the withdrawal of cash and the transfer of funds from one account to another to name two commonplace applications. This trend extends even to the telephone system where long distance telephone calls are made without operator intervention based on the possession of a `phone card` that authorizes the call.
One classical technique for verifying a user's identity (and hence, authority) requires the user to provide two proofs: one that only a legitimate user should have (for example a bank card) and one that only a legitimate user should know (e.g. a PIN). In order to compromise such a system, an imposter must obtain both the object (or a duplicate) and the secret knowledge (or its equivalent). The imposter can obtain the object by force or subterfuge and the secret knowledge by observation of the legitimate user in the act of demonstrating that knowledge (i.e. entering the PIN).
A number of mechanisms have been proposed and implemented to allow the user to demonstrate his authorization by supplying secret knowledge. A weakness in many of these systems is that the secret knowledge can be compromised by an observer. A common countermeasure is to suppress the display of the information as it is entered. Often, this is not effective because an observer might still see which keys or buttons are pressed. Another countermeasure is the use of a person's electronically recorded signature to demonstrate his identity (and hence authorization). This approach depends on the difficulty of reproducing either the signature or motions accurately. It has the weakness of being somewhat unreliable and giving many false negatives.
Another problem with the use of PINs is that they are difficult for most people to remember. This leads to another problem in that people will tend to write the PINs down rather then memorize them. This opens up other opportunities for compromise by losing the written record, or by having that paper stolen.
The ease of compromising the PIN by observation of its use is a weakness in today's ATM systems.