1. Field of the Invention
The present invention related generally to secure data entry and more particularly to keying in passwords or other important secure information in unsecured spaces where the data entry actions are visible or otherwise capturable by eavesdropping or other means.
2. Background Description
Currently, there is an explosion of pervasive computing. Small hand held devices can now support sophisticated computational power, in particular, sufficient to handle cryptographic functions. Porting such capabilities to wireless communication system, such as in a smart phone, may enable secure voice and data communications and, in particular, allow performance of routine business transactions (such as stock trades) and online payment. To complement typical telephony the Bluetooth wireless technology standard has been promulgated, for example, to promote development of small-form factor, low-cost, short range radio links between mobile PCs, mobile phones and other portable devices. A smart phone typically contains one or more smart cards, such as a (Subscriber Identification Module) SIM card. If properly equipped with a secure identification function, a SIM card may be identified securely during a communication.
However, portable smart phones may be stolen. So, it is also important to ensure during transactions that the smart phone is being used is by its owner or another legitimate user. To that effect, one may use Personal Identification Numbers (PINs), also referred to as passwords, especially to protect charge cards and credit cards from unauthorized use. Biometrics also have been used for this purpose.
Typically, a PIN is keyed into a terminal keypad. A password may be spoken, e.g., “your mother's maiden name,” or entered using speech recognition software, if such a feature is available. Often, PIN entry is performed in open, non-secure public places, e.g., an Automated Teller Machine (ATM) in a grocery store or a public telephone booth at an airport. Also, the PIN may be entered at a computer terminal in the workplace, where other people have access to the computer. Depending upon the level of security of the location or the particular point of PIN entry, an unscrupulous person spying on the person entering the PIN, may steal it.
Frequently, stories appear in the newspapers about PIN thieves, waiting with binoculars at airports, watching people on public phones as they key in credit card information and corresponding PINs which are then sold and widely distributed to other dishonest people. Spoken passwords can be stolen by a lip reader observing the speaker, by a surreptitiously placed microphone or, by someone just within hearing range of the speaker. An unscrupulous person may even use these techniques to defeat biometric security systems. Also, there have been cases reported of false ATMs placed solely for the purpose of stealing PINs.
Once these stolen passwords and/or PINs are in the possession of a dishonest person, if the possessor also steals the smart phone or credit card the possessor may make fraudulent purchases that are charged to that account. If the password thief calls a bank pretending to be the rightful owner of an account and provides the owner's mother's maiden name the thief can empty the account.
Approaches are being developed to reduce this exposure to eavesdroppers. One such approach is provided in U.S. Pat. No. 5,774,525, entitled “Method and apparatus utilizing dynamic questioning to provide secure access control” to Kanevsky et al. assigned to the assignee of the present invention. Kanevsky et al. teach protecting against fraudulent PIN or password use by probing the user for the intimate and dynamic knowledge, thereby making eavesdropping useless. However, this approach requires the institution to maintain an extensive data base of personal information about its clients and customers.
However, there still is a need for ways to input confidential data such as passwords in an open environment where the input may be observable by others while maintaining the security of the data being entered.