Systems are known that are designed to allow secure data entry and access to computer systems, ATMs, online services, and the like. For example, in an office computer environment with access to a computer network such as a wide area network ("WAN") or a local area network ("LAN"), access by individual users to the computer network is often controlled by a password entry system. Such systems usually involve identifying the user to the network such as by entering the user's name or initials (often referred to as the "user ID"), and then entering a multi-digit alphanumeric password for that user. Entry of the user ID and password typically involves typing the alphanumeric characters that comprise the user ID or password. If the correct password corresponding to the identified user is entered, the user will be signed on to the network and allowed access, as appropriate.
In online applications, a user may seek to obtain access to a secure networked resource, such as a World Wide Web ("Web") site on the Internet or other online service, in order to access online banking services or other information subject to restricted access. Additionally, a user might wish to shop for and purchase a product or service available via a Web site. In these online services examples, after the user is properly identified, an alphanumeric code or personal identification number ("PIN") usually must be entered. If the code or PIN is correct, access will be granted. The online shopping example also presents another situation requiring secure data entry. There, a user may desire to enter a credit card number or similar information to make a purchase.
In an ATM system, a user typically will be provided with a card having a readable magnetic strip which identifies the user to the ATM network. A personal identification number, or PIN, must be entered by the user as the password in order to gain access to the user's account. The PIN is generally entered by a user through a numeric keypad. Once the PIN is verified, access to the user's bank accounts, including the withdrawal of cash, is permitted. Similarly, a person using a calling card on a payphone will enter his or her account number and PIN to place a phone call.
Systems such as the ones described above are susceptible to being compromised by the theft of, or otherwise unapproved access to, passwords and PINs. Online shopping applications are equally susceptible to having information such as credit card numbers pilfered. Two security problems for password and other data entry systems are the "over-the-shoulder" problem and "interception." The over-the-shoulder problem refers to the fact that direct keyboard entry of passwords and other data is susceptible to ready observation by a third party. This is particularly troublesome for ATMs, calling card operated phones and other systems which require the entry of passwords or other sensitive information in a public environment.
The "interception" problem refers to the fact passwords and other data are also susceptible to compromise during their transmission over computer networks. There are numerous cryptographic techniques known in the prior art for encrypting data to deter the unauthorized disclosure thereof if data is captured. Even with the use of encryption, however, the code can be broken or deciphered, the password can be learned, and the system can then be broken into. Moreover, increases in computing capabilities make encryption techniques susceptible to computational decryption techniques. In any event, once the user identification and password are obtained, illegal access to a given restricted resource may be readily gained by a third party. Additionally, various computer-based "observation" techniques are known for determining passwords. For example, a trojan horse program running on a user's computer can present an interface familiar to a user while stealthily recording that user's password without detection.
Various proposals have been suggested for other than alphanumeric entry of the password on a keyboard or pad. For example, Davies U.S. Pat. No. 5,608,387 proposes a system whereby slightly differing complex facial expressions or appearances in a matrix displayed on a screen are recognized visually by an authorized user to select a visually recognized facial image which represents the password. Davies addresses the over-the-shoulder problem by relying on the human ability to distinguish complex, subtle differences in facial expressions. Unlike Davies, the present invention does not require either complex images or false images. Additionally, it does not require that particular images be associated with each user.
Cottrell U.S. Pat. No. 5,465,084 also addresses the over-the-shoulder problem. Cottrell describes a system whereby a user is presented with a blank grid and selects a pattern of letters on a screen. This pattern is compared with a stored master pattern to determine whether a proper match of the pattern has been entered. Cottrell relies on the vast number of combinations possible by making positioning of password characters in more than one dimension and the color of the data elements possible components of the password. Cottrell requires that password characters be entered in a grid pattern.
Baker U.S. Pat. No. 5,428,349 is directed to a password entry system in which the password is embedded in various columns and rows which are then selected to indicate the password. In a representative embodiment of that invention, a user picks a six character column out of six such columns displayed on a screen that contains the proper character of a password. This is done for each character of the password. In this way, Baker provides deterrence against third party observation of the password and provides transmission protection. However, Baker is limited to always using an m.times.n grid, requires the user to select an entire column or row, and is subject to a logical deduction to a possible set of passwords.
Note also that Davies, Cottrell and Baker all are limited to a password entry function. None of the three may be used to provide a secure general data entry function whereby any data can be entered and transmitted.
What is needed is a system that is at once user-friendly, not readily susceptible to observation during data entry, and resistant to interception and computational deciphering techniques.