This invention relates to means for entering, on or into an apparatus, secure information such as passwords, user identification, personal information, secret information and the like. The invention has potential for utilization in devices and applications such as personal computers, portable computers, flash drives, security, cell phones, cryptographic devices, terminal devices, portable terminals, user validation, passwords, and encryption.
It is often required for security or identification reasons that a user of a system or an apparatus enters a password or user identification as part of validating a person's right to use the apparatus or system, or simply for logging purposes. A personal computer, a computer system, a piece of machinery or any electronic device are examples of such systems where security might be important or mandatory. Entering a password or user identification (such as a userid) typically involves entering an identifying sequence of characters and/or a password. Symbols or other identifying marks might also be entered either individually or in a sequence.
During entry of the userid or password it might be possible for a covert observer to discover the characters being entered by observing operation of the input mechanism. This covert observation could be accomplished in various ways, such as by visual observation of the keystrokes the user enters, or by electrical analysis of signals emanating from the input mechanism, wires associated with the mechanism, or other analysis of signals that are in some way indicative of the characters being entered on the input mechanism, even when the information itself is not being covertly observed. For example, it may be possible through analysis of electronic “noise” emanating from a keyboard to distinguish between one key stroke and another key stroke as the keys are pressed, and this may allow a covert observer to determine a password or to gain information which would help in guessing a password.
Thus, there exists a need to help prevent or completely prevent discovery of private information through observation of the entry, or to decrease the chance of allowing secret information to be discovered by observation or determination of user action during user entry of that secret information into a machine or apparatus such as a computer system.
One such approach is described in a US Patent Application with Publication Number 2005/0262555, by Inventor Amos P. Waterland and assigned to International Business Machines Corporation or Armonk, N.Y. This application discloses a method and system for secure password entry using an approach which defeats unauthorized keystroke logging during password entry. The method utilizes during password entry an approach which displays a password prompt as a changing stream of random characters. Further, the character suggested for selection is highlighted by displaying that character at a visibly detectable higher frequency. The approach is based upon a human visual system process called the “gestalt” effect. This approach has some disadvantage in that controlling the frequency of display requires use of certain types of display, and the circuitry and programming may be complicated by the need for a fairly high speed in changing the display (a frequency of 10 Hertz is suggested).
The Waterland patent application (US 2006/0262555) discusses further the need for the invention, and describes the current use of cryptographic approaches. Also described are several possibilities for keyboard logging through covert observation, active monitoring, passive monitoring, and with approaches using either hardware or software. Keyboard logging may be covertly implanted in a computer system without knowledge of the administrators or the users, and is a widely discussed subject in the art of computer security.
The need for the invention is described in Waterland US 2006/0262555 Patent Application as follows:
Ref paragraph [0004] Within a computer system or network of computer systems, maintaining the security of information and access to that information is important. A common method for maintaining security in computer systems is through associating a particular password with a particular user and requiring the user to submit the password to receive access to information within a computer system or network of computer systems.
Ref paragraph [0005] When setting up passwords, each computer system or network of computer systems typically assigns rules for the length of the password and the types of characters that must be included in the password. For example, it is typical to require a password to contain at least six characters and to include a mix of alphabetic characters and numeric characters.
Ref paragraph [0006] While passwords provide a level of security to protect access to networks, applications, and data, use of passwords as a security device is easily compromised by an attacker employing keystroke logging techniques. In general, a keystroke logging technique records the keystrokes an authorized user uses to enter a password, such that an unauthorized user may then enter the password of the authorized user to access secured networks, applications, or data. As examples, keystroke logging can be performed through hardware, software, active monitoring, and passive monitoring.
Ref paragraph [0007] As a first example, an unauthorized password logger can plant a hardware keystroke logging device inside a keyboard, attached to a keyboard cable, or interposed between the keyboard cable output socket and the computer keyboard input socket. The keystroke logging device records and timestamps all keystrokes typed at the keyboard. The unauthorized password logger can later recover the device and search the log for patterns which indicate an authentication. In a typical pattern, the string of characters typed after an authentication challenge is a password. For example, if the computer to which the keyboard is attached runs a UNIX based operating system, ‘root.vertline.su.vertline.ssh.vertli-ne.gpg’ are patterns which result in an authentication challenge to which the user responds with a password. In another example, if the computer is part of an Internet cafe or other terminal available to multiple users, there is a pattern where the characters typed after entries of the form of “@hotmail.com” or “@yahoo.com” are typically the characters of a password. In yet another example, in computers which implement firmware-level authentication, there is a pattern where the first characters recorded after a long interval without activity are often the characters of the power-on password.
Ref paragraph [0008] One solution to protect against unauthorized placement of hardware keystroke logging devices is physically securing computer systems so that only authorized users have physical access to the computer systems. Realistically, however, enforcing physical security can be difficult, particularly in Internet cafes and other locations where it is advantageous to allow public access to computer systems.
Ref paragraph [0009] As a second example, an unauthorized password logger can implant keystroke logging software in the operating system or other programs of a computer system or network of computer systems. The keystroke logging software records and timestamps all or a selection of keystrokes in a log. In particular, the keystroke logging software can detect which program is receiving keystrokes and only record keystrokes received by particular programs. Like the hardware keystroke logging device, the unauthorized password logger can access the software keystroke log and detect patterns which tend to indicate entry of a password.
Ref paragraph [0010] One solution to protect against unauthorized implanting of a keystroke logging software is through security software installed in the operating system of a computer system that prevents remote intrusions which would serve as a conduit for unauthorized keystroke logging software. A limitation to security software, however, is that the software keystroke logging controller may be implanted in a manner so as to not be detected by the current security software. For example, an authorized user of a computer system may open an email attachment that surreptitiously installs the keystroke logging software to avoid the operating system security.
Ref paragraph [0011] As a third example, an unauthorized password logger can actively monitor keystrokes by watching over a shoulder or recording with a video camera the password keystrokes entered by a user. Keystrokes may also be actively monitored using a microphone to record the unique aural signatures of each key.
Ref paragraph [0012] As with the prevention of hardware keystroke logging device placement, active monitoring of keystroke entry can typically only be prevented through restricting physical access to computer systems and sweeping rooms for unauthorized microphone or video equipment. This security solution is limited, however, because many computers accessible to the public cannot be subject to this type of security.
Ref paragraph [0013] As a fourth example, an unauthorized keystroke logger can passively monitor keystrokes by snooping on electronic signals emitted by a computer system. Video display units leak electromagnetic radiation which can be used by an unauthorized logger to partially or fully reconstruct the image displayed on a computer system screen. In addition, other parts of a computer system emit signals which may be used to infer the operation of the component and access passwords. While passive monitoring can be avoided through the use of electromagnetic shielding that traps outbound electromagnetic radiation, this solution is limited because the shielding is very expensive.
Ref paragraph [0014] In addition to the four examples of ways unauthorized users can access passwords, a combination of hardware keystroke logging devices, keystroke logging software, active monitoring, and passive monitoring may be implemented to avoid current security systems. For example, a software keystroke logging program can configure the keyboard cable to act as a transmitting antenna and send out the log in morse code, which is detected by a local inexpensive radio receiver passively monitoring the computer system from afar.
Ref paragraph [0015] As cryptographic protection technology for entered passwords increases, keystroke logging becomes the ideal way for attackers to access passwords. As previously described, however, current methods of protecting against keystroke logging are limited. Thus, there is a need for a method, system, and program for preventing unauthorized keystroke logging that masks any patterns in password keystroke entry and avoids active and passive monitoring.
The above indicates the need for an approach that prevents determination of secret information through keyboard logging in addition to alternative solutions, with varying degrees of complexity in implementation.