1. Field of the Invention
The present invention relates to securely entering private data in a public setting. More particularly, the invention concerns a voice guided system, method, and article of manufacture for secure entry of private user data in a public location, such that the data cannot be ascertained
2. Description of the Related Art
Many services, for example, banking, investment, travel, and retail services are accessible on-line via telephones, automated teller machines (ATM""s), magnetic card readers, computer-equipped kiosks, and personal computers. With computers, services may be accessed directly, or through the Internet. On-line services are frequently accessed from public locations such as shopping malls, hotel lobbies, airports, subways, trains, airplanes, and streets, where public telephones, ATM""s, and computer-equipped kiosks are typically installed. Personal wireless telephones and portable computers are also frequently used to access on-line services from public locations. Accessing on-line services from public places allows users to communicate and obtain important information in a timely fashion.
In order to gain access to on-line services, or to use a calling card to make a telephone call, ordinarily users must identify themselves with a personal identification number or password. Additionally, during the process of accessing on-line services, users are often required to enter additional sensitive data such as credit card numbers or bank account numbers. This information is typically entered by pressing buttons on a telephone keypad or a computer keyboard, or by speaking words into the mouthpiece of a telephone handset.
Experience has shown that entering private data in this manner in a public setting is vulnerable to observation-based security attacks. The attackers often directly observe the entry of the data, or make a video and/or audio recording of the entry of the data. The observed or recorded information is then used to derive the private data, which is then sold or otherwise exploited for the financial gain of the data thief. The theft of telephone calling card numbers entered into public telephones at airports is a well known example of this type of security problem. Generally, due to the use of unsecured data entry methods when accessing on-line services and telephone services from public locations, the theft of private data in public locations is a growing problem.
Broadly, the present invention concerns a system and method for securely entering private user data from a public location in a way that the data cannot be ascertained by observers of the data entry. In an illustrative embodiment of the invention, a voice agent generates vocal instructions for the user, which instruct the user to enter response data. The vocal instructions are communicated to the user with a telephonic link, in a manner that is secure from observers of entry of the response data. The instructions implement an encryption function. As a result of the use of the encryption function, the private user data is encrypted within the response data in a manner known only to the user, the voice agent, and a security agent. The response data is entered by the user vocally into a telephone, or by pressing buttons on a telephone keypad, or by pressing keys on a computer keyboard. The response data entered by the user is received by the security agent, which ascertains the private user data from the response data, and which also determines the validity of the data.
In one embodiment, the invention may be implemented to provide a system for securely entering private user data in public. Another implementation of the invention concerns a method for securely entering private user data in public. Another implementation of the invention concerns an article of manufacture, such as a data storage medium tangibly embodying a program of machine readable instructions executable by a digital processing apparatus to perform a method for securely entering private user data in public.
The invention affords its users with a number of distinct advantages. Chiefly, the invention provides for the entry of private user data from a public location in a manner that prevents observers of entry of the response data from ascertaining the private user data. Another advantage is that the invention provides for secure entry of private user data with any of a variety of data entry methods. For example, the data may be entered vocally into a telephone, or by pressing buttons on a telephone keypad, or by pressing keys on a computer keyboard. Another advantage is that different encryption functions having different combinations of security strength, useable life span, and demand on the user, can be used as is appropriate for different on-line services. The present invention also provides other advantages and benefits, which are apparent from the following description.