Secure and private entry of data has always been a major concern in systems intended to control access to a resource or a facility. In many such systems such as those used in the physical and logical access control industries, restricted access is provided to a select group of users via a numeric keypad alone or a keypad incorporated into a reader. These keypads typically have a set of numbers plus special symbols (characters) that are exposed to the user side for data entry. These characters are connected to an electronic device with intelligence to recognize the characters entered (decode) and compare them to the code required to provide entrance to the system. Sometimes this device does not actually process the entered code and instead, transmits this to another device to actually perform the comparison. The users interact with the system by pressing the appropriate characters that represent an access code or password specifically chosen for that system. Examples of such keypads are those employed at credit card terminals, burglar alarm keypads, and access control keypads.
Traditional keypads have static configurations. They generally consist of numbered buttons ranging from 0 through 9 and an “*” and a “#” button much like a typical telephone keypad. Such numbers exist in a common pattern and hence the user or anyone with knowledge of the pattern can simply enter the code without looking at numbers on the keypad. While this is particularly useful for users with sight impairments, it negatively impacts the security of the system because patterns can be deduced more easily than the codes themselves.
One example of the utilization of such keypads is in parking applications such as entrance to a parking facility or a residential gated community which have gated entrances secured with an access control keypad. To gain entry to the secured area, a user must provide the keypad with a valid a security code. All individuals with permission to enter the facility are provided with a common security/access code which opens the gate and allows entry on to the premises. Usage in which all individuals have the same password are typically referred to as “common code” systems.
In single common code systems, the numbers or range of possible numbers (i.e., the number of possible combinations) which make up a user's password is finite and can be deduced in several ways. A non-authorized user may observe a user and the patterns typed in, significantly reducing the security of the system. Additionally, the non-authorized user may acquire the password by analyzing the physical keypads for wear. Wear indicates high utilization and would also significantly narrow down the range of possibilities. More sophisticated methods of compromising such systems include “dusting” the keys or applying non-visible material in an attempt to determine which keys comprise the password.
In statistical measure, if we assume a typical keypad with digits 0 through 9 and an “*” and “#” button, if the access code is four digits, then the probability of guessing the correct code is ( 1/9!*¼!) or 1 chance in 157,464. However, assume that the user can reduce the digits used to the four most commonly utilized digits based on the wear of the keypad numbers. This probability then reduces to (¼!) or 1 chance in 24.
For these reasons and more, it would be desirable to have an improved method for increasing security of systems accessed utilizing security keypads. Additionally, it would be desirable to have such an improved method for increasing security of systems wherein the keypad configuration changes automatically after each or a series of user interfaces.
Some solutions have been proposed to address the above-described problem. One common example is referred to as a Hirsch ScramblePad®. The particular construction of the Hirsch ScramblePad® is described in detail in one or more of U.S. Pat. Nos. 4,333,090; 4,479,112; and 4,644,326; all of which are hereby incorporated herein by reference in their entirety. The main concept behind the Hirsch ScramblePad® is to randomize the number which is assigned to a given key for every instance a user is required to provide input via the keypad. This means that the same valid code will not be entered with the same pattern. Rather, different physical keys will need to be depressed to enter the same valid code at different times. Accordingly, the idea of utilizing a variable keypad addresses many of the security concerns described above. Other mechanisms for securing user input are described, for example, in U.S. Pat. Nos. 4,100,534; 4,221,975; 4,369,973; 4,502,048; 4,806,745; 5,949,348; 5,970,146; 6,049,790; 6,317,835; 6,434,702; 6,549,194; and 7,479,949; all of which are hereby incorporated herein by reference in their entirety.
A problem common to all of the above-noted solutions is that they are complex and, therefore, very costly to implement. Implementing these solutions in many situations becomes cost-prohibitive. Accordingly, there exists a need for a secure yet cost-effective mechanism for securing data entries of a user.