1. Technical Field
This invention relates to the field of user authentication and more particularly to a method and apparatus for secure entry of a user-identifier in a publicly positioned device.
2. Description of the Related Art
In today's environment, it is common for users to interact with machines which require that the user identify themselves in some unique way. For example, telephone carriers require that users enter calling card numbers. More particularly, often the user of a telephone calling card can be required to key in an identifier, for instance, a Personal Identification Number (“PIN”). Similarly, to authenticate the identity of a user, banking Automatic Teller Machines (“ATMs”) require that the user provide an ATM or credit card to a card reader in addition to separately keying in a PIN. Finally, like ATMs and telephone kiosks, before granting a user access to sensitive information stored within a computer or workstation, the computer or workstation can require the user to authenticate the user's identity using a personal identification method.
Still, the very nature of the services provided by ATMs, telephone booths and the like require that they be located in public places. Telephone kiosks at airports, public Internet terminals in libraries and Internet cafes, as well as ATM machines on the sidewalk in front of a building are three common examples. Additionally, like ATMs and telephone kiosks, often computers and workstations used to access sensitive information can be located in public places, for example on a user's lap in an airplane, on a train, or on a table in a library.
Various security systems have been developed to address the need for privacy of data in public places. Well known in the industry, these devices most commonly include password protected telephones, ATM machines, computers and computer programs. Additionally, systems have been developed that “lock” a computer or other such device until a valid identification card has been provided to a security card reader. Still, even with these known security methods, it remains an easy task for a would-be unwanted observer to view a password as a legitimate user provides the same to the ATM, telephone kiosk, secure computer or workstation. In particular, if a would-be PIN thief has an awareness of the general sequence of prompts provided to a user by a personal identification method, the would-be thief can visually identify the user's secretive pin number from a distance by merely observing the timing, order and manner in which a user keys in numbers in a numeric keypad, for example. That is, although the PIN number may not be echoed to a screen, by observing the keystrokes of the user, the PIN number can become compromised. Likewise, a would-be thief can audibly identify the user's secretive PIN number from a distance by listening to the sequence of numbers spoken by the user through a telephone receiver, for example. By simply waiting, the would-be thief, in many cases can guess correctly which string of keystrokes or spoken data represent the PIN.
Notably, the more public the location of the computer or workstation, the easier it becomes for an unwanted observer to view the legitimate user's password. Also, it has become commonplace for password pirates to fraudulently reproduce identification cards used to access secure devices. Thus, groups such as the banking, on-line computing and telephone industry have been plagued by stolen access codes and PINs, many of which are observed by trained thieves stationed proximate to the publicly positioned device, for example airport phone terminals.