WO2006073313A1 - Method and system for authenticating information entered into computer systems - Google Patents

Method and system for authenticating information entered into computer systems Download PDF

Info

Publication number
WO2006073313A1
WO2006073313A1 PCT/NO2006/000004 NO2006000004W WO2006073313A1 WO 2006073313 A1 WO2006073313 A1 WO 2006073313A1 NO 2006000004 W NO2006000004 W NO 2006000004W WO 2006073313 A1 WO2006073313 A1 WO 2006073313A1
Authority
WO
WIPO (PCT)
Prior art keywords
graphical
authentication
parts
authentication information
program
Prior art date
Application number
PCT/NO2006/000004
Other languages
French (fr)
Inventor
Hans Christian Meyer
Original Assignee
Lumex As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lumex As filed Critical Lumex As
Publication of WO2006073313A1 publication Critical patent/WO2006073313A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention is related to a method and system for authenticating users or applications running on computer systems, and specially to a method and system for entering of a password, PIN code, credit card number or similar authentication information via a computer display, displaying graphically provided information on said display associated with said authentication information, which is selected by a user using a pointing mechanism in said computer system.
  • the Internet based solutions enables a wide variety of services ranging from online sales of books, to paying bills and booking plane-tickets.
  • the vulnerability of these online services is often quite high. Especially the one's with the narrowest margins.
  • Financial transactions on the Internet are done by providing an account for a user on a banking server. Whenever the consumer wants to perform a financial transaction, he connects his own client computer to the server via the Internet. The user often enters his account by transferring a user name (name of account holder) and a password issued by the bank to the server. The password (multisession) is usually transferred in advance to the consumer by ordinary secured mail. A key-logger may easily report the user name and password when the consumer enters these items on the keyboard attached to his local computer. To ensure a secure channel via the internet for the transfer of the password, many financial institutions utilize an encryption scheme for the transfer of the password information as known to a person skilled in the art. This, however, will not protect against key-loggers running between the keyboard and the encryption scheme.
  • US 6,720,860 disclose an authentication system intended to be used in a wearable device providing authentication for access to networks. According to this disclosure a sequence of images comprising elements representing a password is flashed at randomly located places on a screen and varied temporally, and the user will hit the screen with a pointing device, wherein the verification is done by comparing the images hit by the pointing device with the password elements represented by the image.
  • some keylogger programs comprise screen dump functionality which may be activated when a user hit the screen, for example, with his pointing device (or a mouse click etc.). Thereby it is possible to capture the images representing a password even though the o locations are varied temporally.
  • JP2004102460 disclose an authentication process providing a hindrance for keyloggers to use tracking of cursor movements as a mean to reveal passwords. Images of buttons are displayed randomly on a screen by the authentication software, and only the s coordinates representing the image pointed to by the cursor are transferred to the authentication process thereby making it impossible to identify the password since the coordinates change value each time the authentication is performed.
  • a keylogger program or a screen dump program may be activated each time a pointing device (or a mouse click) is activated, thereby revealing which images that are 0 representing the password.
  • any type of keylogger program must share the same computer resources as the authentication process are using. Therefore it as an aspect of the present invention to provide a saturation condition of the computer system in which an authentication takes place such that any keylogger program will not gain access to computer resources, and hence not be able to capture a screen dump revealing details about password images, even when an activation of a pointing device takes place.
  • Another aspect of the present invention is to provide said graphical parts associated with said authentication information as a video stream.
  • said graphical parts associated with said authentication information is an animation sequence.
  • the saturation condition may be achieved by providing an image of the cursor itself, and wherein the cursor image may comprise a plurality of picture elements, including static elements, but also picture elements in motion, thereby making impossible to know what the cursor is actually pointing to without prior knowledge of the cursor image.
  • the only possible solution for a spy-ware program to capture this situation would be to sample many screen dumps, which is practically impossible to do because of the magnitude of data involved.
  • the computer system will easily reach a saturation condition.
  • the image displayed on the screen comprising picture elements may be a video of an aquarium with a plurality of different fish.
  • the cursor image is a superposition of an image comprising at least two different additional fishes that the cursor may move around in the tank of the aquarium.
  • the tank with its fishes and the additional fishes belonging to the cursor seems to be the same video.
  • the authentification takes place when a particular fish of the cursor image is in the vicinity of a particular fish in the tank of the aquarium.
  • the relative distance between the "cursor fish" and a fish in the tank representing for example a part of a password is within a certain threshold, the authentication software triggers an acknowledgment.
  • Figure 1 illustrates a typically unprotected computer system.
  • Figure 2 illustrates a preferred embodiment according to the present invention.
  • Figure 1 illustrates the typical situation facing users communicating over a network with a banking server, internet shop or another type of service provider.
  • the home computer or office computer provides a terminal for the user when communicating with the server over the network.
  • the user starts a browser application in his own computer and addresses for example his bank server with the correct URL.
  • a session is then started where the bank server will prompt the user to enter a user name and a password.
  • a key logger program may have been entered into the user's computer.
  • the key logger program can then record both the user name and the password. On a later stage the key logger program may transfer this information back to a third party over the Internet.
  • FIG. 2 illustrates a preferred example of embodiment of the present invention.
  • the banking server Whenever a user starts a session with for example a banking server via for example a WEB browser, the banking server prompts the user for a password, for example.
  • the password is agreed upon between the user and the bank when the account is established.
  • the banking server has several images representing different characters constituting the password.
  • the authentication program transfers a set of such images to the client computer from the banking server.
  • a program running in the client computer displays this set of images on the client computer display on randomly selected locations selected by the authentication program.
  • the user selects those images that constitute said authentication information, such as a password, by highlighting the corresponding images with a cursor movement, and by clicking on a mouse button, for example.
  • This selection transfers back to the authentication program the display coordinates of the highlighted image.
  • the authentication program will start to compare the display coordinates transferred back from the user with the coordinates that the program randomly selected when the images was transferred to the client computer. In this simple manner the authentication program can verify the password. If the display coordinates transferred back from the client computer is identical with the locations randomly selected by the authentication program, the password or the authentication information was selected correctly by the user clicking on the images with a mouse device, arrow keys or similar pointing means.
  • the computer display may comprise a touch sensitive surface making it possible to highlight and select images just by pushing on the screen with a finger, a stylus, etc.
  • the above authentication scheme also provides protection against keyloggers comprising screen dump functionality if the authentification process constitutes a saturation condition in the computer system hosting the user authentification process.
  • the authentification process constitutes a saturation condition in the computer system hosting the user authentification process.
  • the screen dump functionality must handle too much data to be of practical use. The authentification process will finish before the keylogger program gain access to the computer resources again.
  • the image representing the cursor in the computer system may change visual appearance when entering a window comprising picture elements constituting authentification information.
  • the only manner a spy-ware program may reveal this situation is to sample many screen dumps, which makes the amount of data impractical to handle in the computer system.
  • a key logger program is installed in the client computer, as depicted in figure 1, the key logger will not record any keystrokes since the keyboard is not used in this authentication session according to the present invention. Even when the key logger program is capable of recording the mouse movements and the display coordinates when clicking the mouse; the authentication is done on basis of randomly selected locations for the images constituting the authentication information. Therefore this information is changing randomly in every authentication session making it impossible to detect a password, for example.
  • the images constituting the authentication information in said video streams or animation sequences are distributed randomly in time.
  • an animation sequence is provided as a point moving along the outline of for example a character.
  • the authentication program is highlighting a point starting at the upper left corner of the character two.
  • the next image in the animation sequence moves the highlighted point along an imaginary line defining the shape of the character for the number two, and so on.
  • the human brain is capable of detecting this imaginary line defining the shape of the number two.
  • a screen dump program must record these images at double the speed of the movement of the highlighted point to be able to detect the character. This will also generate enormous amount of data making this an impractical scheme, as known to a person skilled in the art.
  • the displaying of said images constituting said authentication information provides a controllable distortion of said images. This can be achieved for example by inverting or moving pixels in said images randomly. By controlling the amount of pixels that are altered, the image may be rendered interpretable by a human eye, but being uninterruptible by a screen dump program running an OCR function, for example. Examples of such images are the so called CAPTCHA (Complete Automatic Public Turing test to tell Computers and Humans Apart.)
  • a graphical window is opened on said computer display, and the location for this window is selected randomly by the authentication program.
  • the images constituting said authentication information is displayed at randomly selected coordinates relative to the coordinates of the opened graphical window.
  • the computer system comprises only one computer device. The authentication program is then running in the same computer as the user is utilizing for the authentication session.

Abstract

A method and system for authentication of users, programs, financial transactions etc. in computer systems comprising a computer device and/or networked client server computer systems is disclosed. According to the present invention the authentication may be performed by letting an authentication program display graphical images associated with authentication information such as a password, PIN code, credit card number etc. on randomly selected locations on a computer display. The user highlights and selects the correct images constituting said authentication information thereby initiating a transfer of display coordinates back to said authentication program. The authentication program verifies the authentication information selected by the user by comparing the display coordinates transferred back to the program with the randomly selected coordinates when the images was displayed.

Description

Method and system for authenticating information entered into computer systems
The present invention is related to a method and system for authenticating users or applications running on computer systems, and specially to a method and system for entering of a password, PIN code, credit card number or similar authentication information via a computer display, displaying graphically provided information on said display associated with said authentication information, which is selected by a user using a pointing mechanism in said computer system.
The widespread use of computers and the Internet has provided dishonest people and organizations with the tools to spy on, and trace many types of information and activities on computers of ordinary people. Spy ware and ad- ware, for example, may provide marketing departments with valuable information about consumer interests and behavior. A more sinister use of such spy ware and ad-ware is obviously to trace/record consumer's passwords and security routines. These devious devices (not limited to software programs) can be executed both on networked pc's (Internet, LAN etc.), and on offline systems (where critical information can be retrieved at a later point in time). Criminal activity utilizing the above mentioned devices and methods, are on the rise all over the world. At the same time the competition among financial institutions such as banks, and online brokers to capture greater shares of the consumer market, is driving the financial service providers to implement cost effective and easy to use Internet solutions. The Internet based solutions enables a wide variety of services ranging from online sales of books, to paying bills and booking plane-tickets. The vulnerability of these online services is often quite high. Especially the one's with the narrowest margins.
Earthlink recently scanned more than 1 million personal computers and found on average 28 hidden Spy and commercially related ad-ware programs on each PC. One of the reasons for this enormous quantity of hidden programs on personal computers has been the legal situation regarding this evolving technology. Up until now it has not been illegal for US companies to upload Spy ware and ad-ware to unsuspecting users as part of pictures, files, programs, attachments to e-mails etc. When a consumer is downloading such items, the consumer is unaware of the downloading of the additional programs attached to the information he/she intended to download. The most widespread types of ad- ware are probably the old fashioned virus program that can infect and harm computer system. The legal situation regarding ad-ware and virus programs is now addressed by legislators all over the world. Such hidden uploading/downloading of malicious spy and virus programs is now dealt with in market legislation, criminal legislation and also in international agreements addressing the problem (since the Internet by nature is international).
The technology of hiding the downloading of spy ware such as key loggers logging recording all the users' keystrokes on the keyboard is still possible for the criminal minded person or organization. It is also possible to insert such software in computer systems even when the user is not downloading other information. The widespread use of broadband network technologies such as for example ADSL leaves the computers connected to the Internet most of the time providing the possibility to forcefully upload unwanted Spy ware on your computer system at any time (if the system is not properly protected, which is the case for tens of millions of computer systems around the world).
In the prior art there are many solutions for preventing unwanted software to enter a computer. Firewall technology, and antivirus software is among the best known. There also exists software that can scan a computer system looking for Spy ware and ad-ware programs. Examples of free software solutions in this field are Spybot Search & Destroy and Lavasoft Ad- Aware. The problems with these solutions are the same as for most antivirus packages. In most anti-spy ware/antivirus software the spy ware, ad- ware or virus must be identified by a signature describing the unwanted software before the program can locate and remove the hostile software. A recurring problem is therefore outdated files containing the mal-ware signatures.
Financial transactions on the Internet are done by providing an account for a user on a banking server. Whenever the consumer wants to perform a financial transaction, he connects his own client computer to the server via the Internet. The user often enters his account by transferring a user name (name of account holder) and a password issued by the bank to the server. The password (multisession) is usually transferred in advance to the consumer by ordinary secured mail. A key-logger may easily report the user name and password when the consumer enters these items on the keyboard attached to his local computer. To ensure a secure channel via the internet for the transfer of the password, many financial institutions utilize an encryption scheme for the transfer of the password information as known to a person skilled in the art. This, however, will not protect against key-loggers running between the keyboard and the encryption scheme. The keylogger problem applies to most, if not all, software based solutions for log-on security on the Internet. US 6,720,860 disclose an authentication system intended to be used in a wearable device providing authentication for access to networks. According to this disclosure a sequence of images comprising elements representing a password is flashed at randomly located places on a screen and varied temporally, and the user will hit the screen with a pointing device, wherein the verification is done by comparing the images hit by the pointing device with the password elements represented by the image. However, some keylogger programs comprise screen dump functionality which may be activated when a user hit the screen, for example, with his pointing device (or a mouse click etc.). Thereby it is possible to capture the images representing a password even though the o locations are varied temporally.
JP2004102460 disclose an authentication process providing a hindrance for keyloggers to use tracking of cursor movements as a mean to reveal passwords. Images of buttons are displayed randomly on a screen by the authentication software, and only the s coordinates representing the image pointed to by the cursor are transferred to the authentication process thereby making it impossible to identify the password since the coordinates change value each time the authentication is performed. However, a keylogger program or a screen dump program may be activated each time a pointing device (or a mouse click) is activated, thereby revealing which images that are 0 representing the password.
In the prior art, high-end security are much more rugged and resilient solutions. These are rather more expensive and often comprise dedicated hardware or multiple one-time passwords sent by regular mail. What these high end solutions have in S common (depending on the integrity of the particular implementations), is a much higher level of theoretical strength, but also an order of magnitude higher cost in administration and hardware.
It is an object of the present invention to facilitate software solutions for the above 0 mentioned problem, and offer these at low cost while maintaining a level of security on par with the most expensive solutions of today.
From a competitive point of view, it is an advantage to provide secure Internet banking services to consumers at a low cost. It is therefore a need to provide a cost effective 5 method for securing passwords, PIN codes, credit card numbers and similar information when entered into a computer system by a user. It is also a problem that encryption keys and digital certificates may be stolen and misused by a third party. It is therefore a general problem in the prior art how to authenticate users, programs, etc. in a highly secure yet cost-effective manner.
According to an aspect of the present invention, any type of keylogger program must share the same computer resources as the authentication process are using. Therefore it as an aspect of the present invention to provide a saturation condition of the computer system in which an authentication takes place such that any keylogger program will not gain access to computer resources, and hence not be able to capture a screen dump revealing details about password images, even when an activation of a pointing device takes place.
Another aspect of the present invention is to provide said graphical parts associated with said authentication information as a video stream.
According to yet another aspect of the present invention, said graphical parts associated with said authentication information is an animation sequence.
According to yet another aspect of the present invention, the saturation condition may be achieved by providing an image of the cursor itself, and wherein the cursor image may comprise a plurality of picture elements, including static elements, but also picture elements in motion, thereby making impossible to know what the cursor is actually pointing to without prior knowledge of the cursor image. The only possible solution for a spy-ware program to capture this situation would be to sample many screen dumps, which is practically impossible to do because of the magnitude of data involved. The computer system will easily reach a saturation condition.
According to an example of embodiment of the present invention, the image displayed on the screen comprising picture elements may be a video of an aquarium with a plurality of different fish. When a cursor is moved into the video window, the cursor image is a superposition of an image comprising at least two different additional fishes that the cursor may move around in the tank of the aquarium. When viewed by the user, the tank with its fishes and the additional fishes belonging to the cursor seems to be the same video. The authentification takes place when a particular fish of the cursor image is in the vicinity of a particular fish in the tank of the aquarium. The relative distance between the "cursor fish" and a fish in the tank representing for example a part of a password is within a certain threshold, the authentication software triggers an acknowledgment.
Figure 1 illustrates a typically unprotected computer system.
Figure 2 illustrates a preferred embodiment according to the present invention.
Figure 1 illustrates the typical situation facing users communicating over a network with a banking server, internet shop or another type of service provider. The home computer or office computer provides a terminal for the user when communicating with the server over the network. Typically the user starts a browser application in his own computer and addresses for example his bank server with the correct URL. A session is then started where the bank server will prompt the user to enter a user name and a password. A key logger program may have been entered into the user's computer. The key logger program can then record both the user name and the password. On a later stage the key logger program may transfer this information back to a third party over the Internet.
As described above, prior art provides solutions such as Firewalls, encryption etc., but none of these systems and solutions are cost effective. As understood by the present inventor, much of the problems associated with authentication in computer systems are that the user must enter the authentication information such as a password, PIN code, bank account number, credit card number etc. via the keyboard connected to his computer. It is the keystrokes that are easy to detect by ad- ware and spy ware.
Figure 2 illustrates a preferred example of embodiment of the present invention. Whenever a user starts a session with for example a banking server via for example a WEB browser, the banking server prompts the user for a password, for example. The password is agreed upon between the user and the bank when the account is established. In the preferred example of embodiment as depicted in figure 2, the banking server has several images representing different characters constituting the password. The authentication program transfers a set of such images to the client computer from the banking server. In this example of embodiment, a program running in the client computer displays this set of images on the client computer display on randomly selected locations selected by the authentication program. The user selects those images that constitute said authentication information, such as a password, by highlighting the corresponding images with a cursor movement, and by clicking on a mouse button, for example. This selection transfers back to the authentication program the display coordinates of the highlighted image. When all images are selected that constitute for example a password, the authentication program will start to compare the display coordinates transferred back from the user with the coordinates that the program randomly selected when the images was transferred to the client computer. In this simple manner the authentication program can verify the password. If the display coordinates transferred back from the client computer is identical with the locations randomly selected by the authentication program, the password or the authentication information was selected correctly by the user clicking on the images with a mouse device, arrow keys or similar pointing means. For example the computer display may comprise a touch sensitive surface making it possible to highlight and select images just by pushing on the screen with a finger, a stylus, etc.
According to an aspect of the present invention, the above authentication scheme also provides protection against keyloggers comprising screen dump functionality if the authentification process constitutes a saturation condition in the computer system hosting the user authentification process. For example, if the images constituting picture elements comprise picture elements in motion, such as video, the screen dump functionality must handle too much data to be of practical use. The authentification process will finish before the keylogger program gain access to the computer resources again.
According to another aspect of the present invention, the image representing the cursor in the computer system may change visual appearance when entering a window comprising picture elements constituting authentification information. According to this aspect of the present invention, the only manner a spy-ware program may reveal this situation, is to sample many screen dumps, which makes the amount of data impractical to handle in the computer system.
Also according to this aspect of the present invention, if a keylogger type of program would attempt to perform such sampling, the response of the computer system would slow down to such a degree that the user would recognize the situation, whereby the user may terminate the authentification process and start a search and destroy procedure to get read of infecting software in his computer system.
If a key logger program is installed in the client computer, as depicted in figure 1, the key logger will not record any keystrokes since the keyboard is not used in this authentication session according to the present invention. Even when the key logger program is capable of recording the mouse movements and the display coordinates when clicking the mouse; the authentication is done on basis of randomly selected locations for the images constituting the authentication information. Therefore this information is changing randomly in every authentication session making it impossible to detect a password, for example.
In another example of embodiment of the present invention, the images constituting the authentication information in said video streams or animation sequences are distributed randomly in time.
In another example of embodiment of the present invention, an animation sequence is provided as a point moving along the outline of for example a character. To draw an image of for example the number two, the authentication program is highlighting a point starting at the upper left corner of the character two. The next image in the animation sequence moves the highlighted point along an imaginary line defining the shape of the character for the number two, and so on. When a human eye is looking at this moving point, the human brain is capable of detecting this imaginary line defining the shape of the number two. A screen dump program must record these images at double the speed of the movement of the highlighted point to be able to detect the character. This will also generate enormous amount of data making this an impractical scheme, as known to a person skilled in the art.
In yet another example of embodiment of the present invention the displaying of said images constituting said authentication information provides a controllable distortion of said images. This can be achieved for example by inverting or moving pixels in said images randomly. By controlling the amount of pixels that are altered, the image may be rendered interpretable by a human eye, but being uninterruptible by a screen dump program running an OCR function, for example. Examples of such images are the so called CAPTCHA (Complete Automatic Public Turing test to tell Computers and Humans Apart.)
In yet another example of embodiment of the present invention, a graphical window is opened on said computer display, and the location for this window is selected randomly by the authentication program. The images constituting said authentication information is displayed at randomly selected coordinates relative to the coordinates of the opened graphical window. In yet another example of embodiment of the present invention, the computer system comprises only one computer device. The authentication program is then running in the same computer as the user is utilizing for the authentication session.

Claims

C l a i m s
1.
Method for authenticating users, programs, financial transactions, or similar authentication purposes in a computer system comprising a single computer device or a networked client server computer system, wherein an authentication program is running in said computer system providing an appropriate authentication whenever a user or a program is requesting such an authentication by providing an examination of authentication information in said authentication program, wherein said method comprises the steps of:
providing at least one graphical window on a computer display in said computer system,
providing at least one graphical image comprising at least some graphical parts in motion associated with said authentication information as data for said authentication program,
letting said authentication program displaying said graphical image in said graphical window such that said graphical parts in motion associated with said authentication information is displayed at randomly selected locations provided by said authentication program as a response to said request for an authentication by said user or program,
marking said randomly displayed graphical parts in motion associated with said authentication information with a cursor movement on said computer display, selecting said marked displayed graphical parts thereby transferring display coordinates related to said marked randomly displayed graphical parts back to said authentication program,
comparing said display coordinates transferred back from said selection with said randomly selected locations for displaying said graphical parts in said at least one graphical image, thereby providing said examination in said authentication program to provide said appropriate authentication.
2.
Method according to claim 1, wherein said marking of said randomly displayed graphical parts in motion associated with said authentication information is performed by providing a graphical image comprising additional picture elements in motion as symbol of the cursor.
3.
Method according to claim 2, wherein a particular picture element in motion in the graphical window representing authentification information is marked when one of said additional picture elements constituting said cursor is inside a predefined limit of said authentification information.
4.
Method according to claim 1, wherein said graphical parts associated with said authentication information is parts of at least one video stream.
5.
Method according to claim 2, wherein said graphical parts associated with said authentication information is randomly distributed in time in said video stream.
6.
Method according to claim 1, wherein said graphical parts associated with said authentication information is part of at least one animation sequence.
7. Method according to claim 4, wherein said animation sequence is a displayed point moving along a virtual outline defining said graphical parts associated with said authentication information.
8. Method according to claim 1, wherein said graphical parts associated with said authentication information are images of characters such as letters and numbers, and wherein said displaying on randomly selected locations provide a controllable randomly generated distortion of said images of said characters and numbers, thereby allowing a displaying of images that only are slightly looking like letters and numbers as perceived by a human eye.
9.
Method according to claim 1, wherein said at least one graphical window is provided on a randomly selected location on said computer display, and wherein said randomly selected locations for said graphical parts are relative locations relative to said at least one graphical window.
10.
Method according to claim 1, wherein said displaying of said graphical parts associated with said authentication information comprises displaying said graphical parts one at a time in a randomly selected sequence.
11.
System for authenticating users, programs, financial transactions, or similar authentication purposes in a computer system comprising a single computer device or a networked client server computer system, wherein an authentication program is running in said computer system providing a appropriate authentication whenever a user or a program is requesting such an authentication by providing an examination of authentication information in said authentication program, wherein said system comprises:
at least one graphical window on a computer display in said computer system, wherein said authentication program is displaying at least some graphical parts in motion associated with said authentication information arranged as data for said authentication program, on randomly selected locations in said graphical window as a response to said request for an authentication by said user or program,
a graphical interface providing means to mark said randomly displayed graphical parts associated with said authentication information with a cursor movement on said computer display, means for selecting said marked displayed graphical parts thereby enabling said graphical interface to transfer display coordinates related to said marked randomly displayed graphical parts back to said authentication program,
means for comparing said display coordinates transferred back from said selection with said randomly selected locations for displaying said graphical parts in said at least one graphical window, thereby providing said examination in said authentication program to provide said appropriate authentication.
12.
System according to claim 1, wherein said marking of said randomly displayed graphical parts in motion associated with said authentication information is performed by providing a graphical image comprising additional picture elements in motion as symbol of the cursor.
13.
System according to claim 12, wherein a particular picture element in motion in the graphical window representing authentification information is marked when one of said additional picture elements constituting said cursor is inside a predefined limit of said authentification information.
14.
System according to claim 11, wherein said graphical parts associated with said authentication information is part of at least one video stream.
15.
System according to claim 11, wherein said graphical parts associated with said authentication information is randomly distributed in time in said video stream.
16.
System according to claim 11, wherein said graphical parts associated with said authentication information are parts of at least one animation sequence.
17.
System according to claim 16, wherein said animation sequence is a displayed point moving along a virtual outline defining said graphical parts associated with said authentication information.
18.
System according to claim 11, wherein said graphical parts associated with said authentication information are images of characters such as letters and numbers, and wherein said authentication program when displaying said characters and numbers on randomly selected locations introduces a controllable randomly generated distortion of said images of said characters and numbers, thereby allowing a displaying of images that only are slightly looking like letters and numbers as perceived by a human eye.
19. System according to claim 11, wherein said at least one graphical window is located on a randomly selected location on said computer display, and wherein said randomly selected locations for said graphical parts are relative locations relative to said at least one graphical window.
20. System according to claim 11, wherein said displaying of said graphical parts associated with said authentication information comprises displaying said graphical parts one at a time in a randomly selected sequence.
PCT/NO2006/000004 2005-01-05 2006-01-05 Method and system for authenticating information entered into computer systems WO2006073313A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20050051 2005-01-05
NO20050051A NO20050051D0 (en) 2005-01-05 2005-01-05 Authentication information method and system fed into computer systems

Publications (1)

Publication Number Publication Date
WO2006073313A1 true WO2006073313A1 (en) 2006-07-13

Family

ID=35209737

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2006/000004 WO2006073313A1 (en) 2005-01-05 2006-01-05 Method and system for authenticating information entered into computer systems

Country Status (2)

Country Link
NO (1) NO20050051D0 (en)
WO (1) WO2006073313A1 (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2304545A1 (en) * 2008-06-12 2011-04-06 ADS Captcha Ltd A time-resolved&user-spatially-activated feedback entrance and method thereof
EP2466521A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Obscuring visual login
EP2466516A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Adjusting the position of an endpoint reference for increasing security during device log-on
EP2466513A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Visual or touchscreen password entry
EP2466514A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Multi-layer multi-point or randomized passwords
EP2487620A1 (en) * 2010-12-16 2012-08-15 Research In Motion Limited Multi-layered color-sensitive passwords
US8631487B2 (en) 2010-12-16 2014-01-14 Research In Motion Limited Simple algebraic and multi-layer passwords
US8635676B2 (en) 2010-12-16 2014-01-21 Blackberry Limited Visual or touchscreen password entry
US8650635B2 (en) 2010-12-16 2014-02-11 Blackberry Limited Pressure sensitive multi-layer passwords
US8650624B2 (en) 2010-12-16 2014-02-11 Blackberry Limited Obscuring visual login
US8661530B2 (en) 2010-12-16 2014-02-25 Blackberry Limited Multi-layer orientation-changing password
US8745694B2 (en) 2010-12-16 2014-06-03 Research In Motion Limited Adjusting the position of an endpoint reference for increasing security during device log-on
US8769668B2 (en) 2011-05-09 2014-07-01 Blackberry Limited Touchscreen password entry
US8769641B2 (en) 2010-12-16 2014-07-01 Blackberry Limited Multi-layer multi-point or pathway-based passwords
US8863271B2 (en) 2010-12-16 2014-10-14 Blackberry Limited Password entry using 3D image with spatial alignment
US8931083B2 (en) 2010-12-16 2015-01-06 Blackberry Limited Multi-layer multi-point or randomized passwords
US9064104B2 (en) 2009-06-18 2015-06-23 Blackberry Limited Graphical authentication
WO2015091035A1 (en) * 2013-12-19 2015-06-25 Gemalto Sa Method and device for verifying symbols selected amongst sets of superposed symbols displayed by an electronic device cooperating with a security element
US9135426B2 (en) 2010-12-16 2015-09-15 Blackberry Limited Password entry using moving images
US9223948B2 (en) 2011-11-01 2015-12-29 Blackberry Limited Combined passcode and activity launch modifier
US9258123B2 (en) 2010-12-16 2016-02-09 Blackberry Limited Multi-layered color-sensitive passwords

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6209104B1 (en) * 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
WO2002071177A2 (en) * 2001-03-03 2002-09-12 Moneyhive.Com Pte Ltd Method and system for substantially secure electronic transactions
US6720860B1 (en) * 2000-06-30 2004-04-13 International Business Machines Corporation Password protection using spatial and temporal variation in a high-resolution touch sensitive display
US6934860B1 (en) * 2000-05-08 2005-08-23 Xerox Corporation System, method and article of manufacture for knowledge-based password protection of computers and other systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6209104B1 (en) * 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US6934860B1 (en) * 2000-05-08 2005-08-23 Xerox Corporation System, method and article of manufacture for knowledge-based password protection of computers and other systems
US6720860B1 (en) * 2000-06-30 2004-04-13 International Business Machines Corporation Password protection using spatial and temporal variation in a high-resolution touch sensitive display
WO2002071177A2 (en) * 2001-03-03 2002-09-12 Moneyhive.Com Pte Ltd Method and system for substantially secure electronic transactions

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2304545A4 (en) * 2008-06-12 2012-07-11 Ads Captcha Ltd A time-resolved&user-spatially-activated feedback entrance and method thereof
EP2304545A1 (en) * 2008-06-12 2011-04-06 ADS Captcha Ltd A time-resolved&user-spatially-activated feedback entrance and method thereof
US10325086B2 (en) 2009-06-18 2019-06-18 Blackberry Limited Computing device with graphical authentication interface
US10176315B2 (en) 2009-06-18 2019-01-08 Blackberry Limited Graphical authentication
US9064104B2 (en) 2009-06-18 2015-06-23 Blackberry Limited Graphical authentication
CN102592075A (en) * 2010-12-16 2012-07-18 捷讯研究有限公司 Visual or touchscreen password entry
US8863271B2 (en) 2010-12-16 2014-10-14 Blackberry Limited Password entry using 3D image with spatial alignment
EP2487620A1 (en) * 2010-12-16 2012-08-15 Research In Motion Limited Multi-layered color-sensitive passwords
US8631487B2 (en) 2010-12-16 2014-01-14 Research In Motion Limited Simple algebraic and multi-layer passwords
US8635676B2 (en) 2010-12-16 2014-01-21 Blackberry Limited Visual or touchscreen password entry
US8650635B2 (en) 2010-12-16 2014-02-11 Blackberry Limited Pressure sensitive multi-layer passwords
US8650624B2 (en) 2010-12-16 2014-02-11 Blackberry Limited Obscuring visual login
US8661530B2 (en) 2010-12-16 2014-02-25 Blackberry Limited Multi-layer orientation-changing password
US8745694B2 (en) 2010-12-16 2014-06-03 Research In Motion Limited Adjusting the position of an endpoint reference for increasing security during device log-on
US10621328B2 (en) 2010-12-16 2020-04-14 Blackberry Limited Password entry using 3D image with spatial alignment
US8769641B2 (en) 2010-12-16 2014-07-01 Blackberry Limited Multi-layer multi-point or pathway-based passwords
EP2466514A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Multi-layer multi-point or randomized passwords
US8931083B2 (en) 2010-12-16 2015-01-06 Blackberry Limited Multi-layer multi-point or randomized passwords
EP2466513A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Visual or touchscreen password entry
EP2466521A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Obscuring visual login
US9135426B2 (en) 2010-12-16 2015-09-15 Blackberry Limited Password entry using moving images
EP2466516A1 (en) * 2010-12-16 2012-06-20 Research In Motion Limited Adjusting the position of an endpoint reference for increasing security during device log-on
US9258123B2 (en) 2010-12-16 2016-02-09 Blackberry Limited Multi-layered color-sensitive passwords
US8769668B2 (en) 2011-05-09 2014-07-01 Blackberry Limited Touchscreen password entry
US9223948B2 (en) 2011-11-01 2015-12-29 Blackberry Limited Combined passcode and activity launch modifier
WO2015091035A1 (en) * 2013-12-19 2015-06-25 Gemalto Sa Method and device for verifying symbols selected amongst sets of superposed symbols displayed by an electronic device cooperating with a security element

Also Published As

Publication number Publication date
NO20050051D0 (en) 2005-01-05

Similar Documents

Publication Publication Date Title
WO2006073313A1 (en) Method and system for authenticating information entered into computer systems
US8176332B2 (en) Computer security using visual authentication
JP5023075B2 (en) Computer-implemented authentication interface system
JP5153327B2 (en) Online data encryption and decryption
CA2624712C (en) Method and system for secure password/pin input via mouse scroll wheel
AU2007268223B2 (en) Graphical image authentication and security system
US20110113388A1 (en) Systems and methods for security management based on cursor events
US20080184363A1 (en) Coordinate Based Computer Authentication System and Methods
US20110202762A1 (en) Method and apparatus for carrying out secure electronic communication
Schlöglhofer et al. Secure and usable authentication on mobile devices
Pande Introduction to cyber security
Ivanov et al. Phishing attacks and protection against them
Szydlowski et al. Secure input for web applications
US20190102790A1 (en) Method of ecommerce ad fraud prevention
Emm et al. It threat evolution in Q2 2016
Neenu On screen randomized blank keyboard
Sbai The threat of screenshot-taking malware: analysis, detection and prevention
Varshney et al. Anti-phishing: A comprehensive perspective
Blasko et al. A wristwatch-computer based password-vault
Whitaker et al. Chained Exploits: Advanced Hacking Attacks from Start to Finish
Piccard Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet's Greatest Threat
Sherly et al. Improving security in mobile network access using screen brightness and symbols
Shamir A Security Concern in MS-Windows: Stealing User Information From Internet Browsers Using Faked Windows
Lakshmi Evaluation of Captcha Technologies towards Prevention of Phishing attacks
Nagalakshmi et al. Confident Multi-Factor Authentication on web application via Captcha Technologies

Legal Events

Date Code Title Description
WA Withdrawal of international application
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE