In many electronic contexts, access to a restricted resource is provided to a user only upon the user entering an electronic security term. For one example, when a user wishes to gain access to a particular site on a network such as the Internet, the user oftentimes must have a security term such as a password along with a user ID or the like, and the user ID and password must be appropriately entered and validated prior to the user being given access to the particular site. For another example, when a user wishes to gain access to services available from a bank ATM (Automated Teller Machine) or the like, the user oftentimes must have a security term such as a PIN (Personal Identification Number) along with an electronic ATM card or the like, the ATM card must be electronically presented at the ATM, the PIN must be appropriately entered into the ATM, and the presented ATM card and entered PIN must then be validated prior to the user being given access to the services available from the ATM. For yet another example, when a user wishes to gain access to a security area within a building, a room, a perimeter, or the like, the user oftentimes must have a security term such as an access code along with an electronic access card or the like, the access card must be electronically presented at an access device, the access code must be appropriately entered into the access device, and the presented access card and entered accessed code must then be validated prior to the user being given access to the security area.
Note, though, that a nefarious entity may attempt by a variety of means to obtain the security term of a user in order to inappropriately gain access to a corresponding restricted resource. In the example above where the resource is a particular site on a network such as the Internet, then, the nefarious entity would attempt to obtain the password of the user along with the user ID. Similarly, in the example above where the resource is services available from a bank ATM, the nefarious entity would attempt to obtain the PIN for use with the ATM card or a copy thereof. As should now be evident, in the example above where the resource is a security area, the nefarious entity would attempt to obtain the access code for use with the access card or a copy thereof.
In any particular situation, the nefarious entity may attempt to obtain the security term of a user by any of a number of methods, including subterfuge, electronic probing, verbal or physical threats, outright theft, or the like. Notably, one of the simplest methods that the nefarious entity may employ is to view the user entering the security term. Thus, the nefarious entity may stand behind the user while the user is at a computing device entering a password, at an ATM entering a PIN, at an access device entering an access code, or the like, and while so standing view the user entering the security term, presuming the user is not especially careful to guard such entered security term from such viewing. In a similar manner, the nefarious entity may be some distance away from the entering user but viewing same by way of a magnification device.
Regardless of how the nefarious entity obtains the security term of the user, such nefarious entity may then employ such security term to access the corresponding restricted resource, likely in a manner that is detrimental to the user and/or the organization providing the restricted resource. In particular, if the restricted resource is a particular site on a network such as the Internet, the nefarious entity could conduct a transaction at the site and charge same to the user; if an ATM, the nefarious entity could withdraw funds of the user therefrom; and if a security area, the nefarious entity could enter and take an object therein or create mayhem therein.
Accordingly, a need exists for a system and method for obscuring entry by a user of an electronic security term at an entry device therefor. In particular, a need exists for such a system and method that requires the user to enter characters in addition to the characters of the security term so as to pad the security term according to a predefined padding scheme. More particularly, a need exists for such a system and method whereby the security term is discerned from the entered padded security term, and for denying access to a restricted resource if the entered padded security term has recently been employed.