WO2016091645A1 - Procédé, appareil et système de traitement d'une entrée d'utilisateur - Google Patents

Procédé, appareil et système de traitement d'une entrée d'utilisateur Download PDF

Info

Publication number
WO2016091645A1
WO2016091645A1 PCT/EP2015/078134 EP2015078134W WO2016091645A1 WO 2016091645 A1 WO2016091645 A1 WO 2016091645A1 EP 2015078134 W EP2015078134 W EP 2015078134W WO 2016091645 A1 WO2016091645 A1 WO 2016091645A1
Authority
WO
WIPO (PCT)
Prior art keywords
initial state
randomised
user input
user
environment
Prior art date
Application number
PCT/EP2015/078134
Other languages
English (en)
Inventor
Hendrik Jan Jozef Hubertus Schepers
Paulus Mathias Hubertus Mechtildis Antonius Gorissen
Original Assignee
Koninklijke Philips N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips N.V. filed Critical Koninklijke Philips N.V.
Publication of WO2016091645A1 publication Critical patent/WO2016091645A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/031Protect user input by software means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • the invention relates to a method, apparatus and system for receiving and processing a user input.
  • the user input is vulnerable to attackers.
  • An attacker that intercepts the user input at the user interface before it has reached the encrypted domain is able to obtain the user input.
  • output from the encrypted domain that is sent to the user interface can also be obtained by attacker interception.
  • the attacker is able to intercept the user input and/or output, it is possible that the attacker will obtain enough information to allow a determination to be made of the encryption that is used. For example, the attacker may intercept and modify the user input. This leaves the private data vulnerable to attack as well.
  • SVM Secure Virtual Machine
  • computation is performed using encrypted values instead of operators that would reveal their functionality.
  • the operators are hidden through use of tables comprising anonymous operators and are applied to encrypted data to provide an encrypted result.
  • the approach still requires data input by the user to be processed and, ultimately, some result is output to the user.
  • the input and the output are plain (i.e. the input and the output are not encrypted) and can thus be intercepted by an attacker.
  • This same problem arises in many other approaches outside the SVM context that require user input.
  • the problem described is particularly apparent on devices that do not have an exclusive purpose. For example, a smart phone may host many applications from arbitrary origins that may be allowed to subscribe to keyboard or touch screen events. This provides an attacker with an easy way to intercept user input obtained from such events. The same problem is also apparent on many other devices.
  • An existing method that aims to overcome these disadvantages involves the user entering a certain input on a separate device which then performs encryption and presents the user with a secure result that can then be input by the user into the user interface itself.
  • This method is currently popular in banking applications.
  • the method requires the user to carry a separate device with them since the user is unable to access their private information without this separate device.
  • EP 2597590 A2 discloses a method for processing a user input, that comprises rendering a randomised initial state on a user interface, and authenticating the user when the user has rearranged it to match a previously set authentication arrangement.
  • the aim of this method is to protect against "shoulder surfing", EP 2597590A2 is not concerned with protecting against attackers that run their own applications on the device to try to intercept the user input.
  • the invention provides this by obtaining a user input from a user interface in an indirect way that is not easily intercepted or interpreted by an attacker (whether that be a person or a machine).
  • a method for processing a user input comprising the steps of: a) rendering a randomised initial state on a user interface;
  • Statement 2 A method as defined in statement 1, wherein steps (a), (b) and (c) are performed in a first environment and wherein step (d) is performed in a second environment different to the first environment.
  • Statement 3 A method as defined in statement 2, the method further comprising the step of: providing a randomised initial state prior to the step of rendering said randomised initial state on the user interface;
  • step of providing the randomised initial state is performed in the second environment.
  • Statement 4 A method as defined in statement 2 or 3, wherein the second environment is more secure than the first environment.
  • Statement 5 A method as defined in statement 2, 3 or 4, wherein the first environment and the second environment are located in a single device.
  • Statement 6 A method as defined in statement 2, 3 or 4, wherein the first environment is located in a first device and the second environment is located in a second device different to the first device.
  • Statement 7 A method as defined in statement 5 or 6, wherein the single device, the first device or the second device is a mobile terminal, a personal computer, an automated teller machine, a payment terminal or a server.
  • Statement 8 A method as defined in any of statements 2 to 7, the method further comprising the step of:
  • Statement 11 A method as defined in statement 10, wherein the predetermined user input comprises a password or a personal identification number (PIN).
  • Statement 12 A method as defined in statement 10 or 11, the method further comprising the step of:
  • Statement 13 A method as defined in any preceding statement, wherein the randomised initial state and the new state each comprise a random arrangement of input options for the user.
  • Statement 14 A method as defined in statement 13, wherein the input options comprise one or more characters, numerical digits, symbols, pictures, film and/or blanks.
  • Statement 15 A method as defined in any preceding statement, wherein the randomised initial state is unconventional, disordered and/or incomplete.
  • Statement 16 A method as defined in any preceding statement, wherein the user interface comprises at least one physical component and/or at least one software component for receiving the user input.
  • Statement 17 A method as defined in statement 16, wherein the at least one physical component comprises at least one of a keyboard, mouse, camera, microphone, handle, slider and button and wherein the at least one software component comprises at least one of a touchpad, keypad, keyboard, a scroll bar, a scroll wheel, a rotating dial, a reel, or
  • Statement 18 A method as defined in any preceding statement, wherein the user input comprises one or more instructions and wherein the difference between the initial state and the new state comprises at least one of a particular instruction, a total number of instructions and/or a particular order of instructions.
  • Statement 19 A method as defined in statement 18, wherein the one or more instructions comprise at least one of a gesture on a touch screen, a gesture in front of a camera and a voice control into a microphone.
  • Statement 20 A method as defined in statement 19, wherein the gesture on the touch screen comprises at least one of an upward movement, a downward movement, a movement to the left, a movement to the right, a dragging operation, a swiping operation, a tapping operation, and a tracking operation.
  • Statement 21 A method as defined in statement 19, wherein the gesture in front of the camera comprises at least one of an upward movement, a downward movement, a movement to the left, a movement to the right.
  • Statement 22 A method as defined in any preceding statement, wherein the step of receiving a user input to change the randomised initial state to a new state comprises receiving a plurality of user inputs to change the randomised initial state to a new state.
  • Statement 23 A method as defined in statement 22, wherein steps (b) to (d) are repeated for each of the plurality of user inputs.
  • Statement 24 A method as defined in any preceding statement, wherein the step of rendering a randomised initial state on a user interface comprises rendering a randomised initial state on a plurality of user interfaces.
  • Statement 26 A method as defined in statement 25, the method further comprising the step of: for each of said at least one user inputs received, rendering a different randomised initial state until receipt of a user input indicating acceptance of the randomised initial state.
  • Statement 27 A method as defined in statement 26, wherein the user input indicating acceptance of the randomised initial state is a user input to change the randomised initial state to a new state.
  • An apparatus for processing a user input comprising a user interface and one or more processors configured to:
  • Statement 29 An apparatus as defined in statement 28, the apparatus comprising a first processor configured according to (a), (b) and (c) and a second processor configured according to step (d).
  • Statement 30 An apparatus as defined in statement 29, wherein the second processor is further configured to provide the randomised initial state for rendering by the first processor on the user interface.
  • Statement 31 An apparatus as defined in statement 29 or 30, wherein the second processor is more secure than the first processor.
  • Statement 32 An apparatus as defined in statement 29, 30 or 31, wherein the first processor and the second processor are located in a single device.
  • Statement 33 An apparatus as defined in statement 29, 30 or 31, wherein the first processor is located in a first device and the second processor is located in a second device different to the first device.
  • Statement 34 An apparatus as defined in statement 32 or 33, wherein the single device, the first device or the second device is a mobile terminal, a personal computer, an automated teller machine, a payment terminal or a server.
  • Statement 35 An apparatus as defined in any of statements 29 to 34, the apparatus further comprising:
  • a communication unit configured to transmit the determined difference between the initial state and the new state from the first environment to the second environment.
  • Statement 36 An apparatus as defined in any of statements 28 to 35, the apparatus further comprising:
  • a storage unit configured to store the determined difference between the initial state and the new state.
  • Statement 37 An apparatus as defined in any of statements 28 to 35, wherein the processor configured to process the user input based on the determined difference is configured to:
  • Statement 38 An apparatus as defined in statement 37, wherein the predetermined user input comprises a password or a personal identification number (PIN).
  • PIN personal identification number
  • Statement 39 An apparatus as defined in statement 37 or 38, the apparatus further comprising:
  • an authentication unit configured to authenticate the user based on the comparison.
  • Statement 40 An apparatus as defined in any of statements 28 to 39, wherein the randomised initial state and the new state each comprise a random arrangement of input options for the user.
  • Statement 41 An apparatus as defined in statement 40, wherein the input options comprise one or more characters, numerical digits, symbols, pictures, film and/or blanks.
  • Statement 42 An apparatus as defined in any of statements 28 to 41, wherein the randomised initial state is unconventional, disordered and/or incomplete.
  • Statement 43 An apparatus as defined in any of statements 28 to 42, wherein the user interface comprises at least one physical component and/or at least one software component for receiving the user input.
  • Statement 44 An apparatus as defined in statement 43, wherein the at least one physical component comprises at least one of a keyboard, mouse, camera, microphone, handle, slider and button and wherein the at least one software component comprises at least one of a touchpad, keypad, keyboard, a scroll bar, a scroll wheel, a rotating dial, a reel, or
  • Statement 45 An apparatus as defined in any of statements 28 to 44, wherein the user input comprises one or more instructions and wherein the difference between the initial state and the new state comprises at least one of a particular instruction, a total number of instructions and/or a particular order of instructions.
  • Statement 46 An apparatus as defined in statement 45, wherein the one or more instructions comprise at least one of a gesture on a touch screen, a gesture in front of a camera and a voice control into a microphone.
  • Statement 47. An apparatus as defined in statement 46, wherein the gesture on the touch screen comprises at least one of an upward movement, a downward movement, a movement to the left, a movement to the right, a dragging operation, a swiping operation, a tapping operation, and a tracking operation.
  • Statement 48 An apparatus as defined in statement 46, wherein the gesture in front of the camera comprises at least one of an upward movement, a downward movement, a movement to the left, a movement to the right.
  • Statement 49 An apparatus as defined in any of statements 28 to 48, wherein the processor configure to receive a user input to change the randomised initial state to a new state is configured to receive a plurality of user inputs to change the randomised initial state to a new state.
  • Statement 50 An apparatus as defined in statement 49, wherein the one or more processors are configured to repeat steps (b) to (d) for each of the plurality of user inputs.
  • Statement 51 An apparatus as defined in any of statements 28 to 50, wherein the processor configured to render a randomised initial state on the user interface is configured to render the randomised initial state on a plurality of user interfaces.
  • Statement 52 An apparatus as defined in any of statements 28 to 51, wherein the processor configured to receive a user input to change the randomised initial state to a new state is configured to receive at least one user input to render a different randomised initial state on the user interface.
  • Statement 53 An apparatus as defined in statement 52, wherein for each of said at least one user inputs received, the processor is configured to render a different randomised initial state on the user interface until receipt of a user input indicating acceptance of the randomised initial state.
  • Statement 54 A method as defined in statement 53, wherein the user input indicating acceptance of the randomised initial state is a user input to change the randomised initial state to a new state.
  • a computer program product comprising a computer readable medium having computer readable code embodied therein, the computer readable code being configured such that, on execution by a suitable computer, processor or control unit, the computer, processor or control unit is caused to perform the method of any of statements 1 to 27.
  • Figure 1 is a schematic block diagram of a system 300 in accordance with an aspect of the invention.
  • Figure 2 is a schematic block diagram of a system 400 in accordance with an embodiment of the invention
  • Figure 3 is schematic block diagram of a system 500 in accordance with another embodiment of the invention
  • Figure 4 is a schematic block diagram of a first environment 100
  • Figure 5 is a schematic block diagram of a second environment 200
  • Figure 6 is a schematic flow chart of a method 800 in accordance with an embodiment of the invention.
  • FIGS. 7 to 9 are schematic block diagrams of a user interface 600 in accordance with various embodiments of the invention.
  • FIG. 1 is a schematic block diagram of a system 300 in accordance with an aspect of the invention.
  • the system 300 comprises a first environment 100 and a second environment 200.
  • the first environment 100 and the second environment 200 are able to communicate with one another via a communication link 302.
  • the communication link 302 may be a wireless communication link such as a Wi-Fi, Near Field Communication (NFC) or Bluetooth connection.
  • the communication link 302 may be a wired
  • the second environment 200 may be more secure than the first environment 100.
  • the first environment 100 may be an environment in which data is plain (i.e. unencrypted) and thus potentially susceptible to interception and
  • the second environment 200 may be an environment in which data is encrypted and thus more difficult or impossible for an attacker to intercept or interpret.
  • FIG. 2 is a schematic block diagram of a system 400 in accordance with an embodiment of the invention in which the first environment 100 and the second environment 200 are located in a single device 402.
  • the device 402 may be, for example, a mobile terminal, a personal computer, an automated teller machine, a payment terminal, a server, etc.
  • the first environment 100 of the device 400 is the potentially unsecure environment in that data is plain (i.e. unencrypted) and the second environment 200 of the device 400 is the secure environment in that data is encrypted.
  • the device 400 may be a mobile terminal where the first environment 100 represents the application level and the second environment 200 represents the secure element (SE) level.
  • SE secure element
  • Figure 3 is a schematic block diagram of a system 500 in accordance with an alternative embodiment of the invention in which the first environment 100 is located in a first device 502 and the second environment 200 is located in a second device 504, which is different from the first device 502.
  • the first device 502 and the second device 504 may be, for example, a mobile terminal, a personal computer, an automated teller machine, a payment terminal, a server, etc.
  • the first device 502 is a mobile terminal and the second device 504 is a server.
  • the first device 502 and the second device 504 are different mobile terminals.
  • any mobile terminal for example, a mobile terminal, a personal computer, an automated teller machine, a payment terminal, a server, etc.
  • the first device 502 is a mobile terminal and the second device 504 is a server.
  • the first device 502 and the second device 504 are different mobile terminals.
  • any combination of the first device 502 and the second device 504 are different mobile terminals.
  • FIG 4 is a schematic block diagram of the first environment 100 in accordance with an embodiment of the invention.
  • the first environment 100 comprises a user interface 600 for receiving a user input and a first processor 602 for processing the user input.
  • the first environment 100 also optionally comprises a storage unit 604 and a communication unit 606 for communicating with the second environment 200 via the communication link 302.
  • FIG. 5 is a schematic block diagram of the second environment 200 in accordance with an embodiment of the invention.
  • the second environment 200 comprises a second processor 702 for processing a user input.
  • the second environment 200 also optionally comprises a storage unit 704, an authentication unit 706 for authenticating a user and a communication unit 708 for communicating with the first environment 100 via the communication link 302.
  • FIG 6 is a schematic flow chart of a method 800 in accordance with an embodiment of the invention.
  • the method 800 will be described with reference to the first environment 100 illustrated in Figure 5 and the second environment 200 illustrated in Figure 6. It will be understood that the method 800 is applicable to any of the systems 300, 400 and 500 shown in Figures 1, 2 and 3. However, for the purposes of this description, the method will be described generally. Any references to the first environment 100 will be understood to apply to the first environment 100 in the single device 402 of Figure 2 or the first device 502 of Figure 3. Similarly, any references to the second environment 200 will be understood to apply to the second environment 200 in the single device 402 of Figure 2 or the second device 504 of Figure 3.
  • the second processor 702 in the second environment 200 provides a randomised initial state to be rendered on the user interface 600 in the first environment 100 (step 802).
  • the randomised initial state may comprise a random arrangement of options or functions.
  • the random arrangement may comprise one or more characters, numerical digits, symbols, pictures, films and/or a blank (i.e. where there is no option or function rendered).
  • the randomised initial state may be unconventional, disordered and/or incomplete.
  • the randomised initial state may be unconventional in the fact that it does not directly correlate with a standard arrangement of options or functions (such as the arrangement presented on a standardised keyboard).
  • the randomised initial state may be disordered in the fact that one option may not logically follow on from the next.
  • the randomised initial state may provide the characters in a non-sequential order (such as A... F... B... T... etc, as opposed to A... B... C... D... etc).
  • the randomised initial state may be incomplete in the fact that there may be certain options or functions missing (i.e. options or functions that do not appear). Furthermore, it is
  • the randomized initial state is described in a format that is not easily interpretable, such that any difference to this state is not easily interpretable.
  • the character "A” may be presented as a bitmap instead of an ASCII character, or it may be described by a CAPTCHA - a image or animation that is designed to be human readable, but hard to analyse using computer programs.
  • the storage unit 704 in the second environment 200 may optionally store the provided randomised initial state (step 804).
  • the storage unit 704 may store the randomised initial state securely through encryption by any suitable cryptographic protocol.
  • the storage unit 704 may only store the randomised initial state for a predetermined amount of time for added security.
  • the storage unit 704 may be a temporal storage, say a volatile memory, such as RAM.
  • the user interface 600 in the first environment 100 renders the randomised initial state for the user (step 806).
  • the user provides an input to change the randomised initial state rendered on the user interface 600 to a new state.
  • the user input may be provided in a number of ways, some of which will be described here. However, it will be understood that any suitable user input device could be used to provide the user input.
  • the user interface may comprise one or more components that the user is able to operate to provide a user input.
  • the one or more components will have a different semantic meaning depending on a particular option or function to which they relate.
  • the particular option or function to which the one or more components relate is determined by the randomised initial state.
  • Each component is temporarily mapped to a particular option or function that is determined by the randomised initial state.
  • a user input is received to change the randomised initial state rendered on the user interface 600 to a new state
  • one or more of the components will be provided with a different semantic meaning and thus relate to a different option or function than they did in the randomised initial state. This different option or function is determined by the new state.
  • the user interface 600 may include software components that the user accesses to provide the user input.
  • the user interface 600 may be a touch screen and the user input could be provided directly to the touch screen by way of virtually displayed operation tools such as one or more touchpads, keypads, keyboards, scroll bars, scroll wheels, rotating dials, reels, buttons, sliders, and/or predetermined locations on the screen, etc.
  • the user interface 600 may include physical components that the user operates to provide the user input.
  • the user input could be provided to one or more of a physical keyboard, mouse, camera, microphone, handle, slider, and/or button, etc.
  • more than one user interface 600 may be provided to render the randomised initial state.
  • the user interface 600 may comprise a combination of one or more software and/or physical components.
  • the user is able to provide one or more instructions to the user interface 600 to change the randomised initial state to a new state.
  • the user may provide one or more instructions by providing a gesture on a touch screen, a gesture in front of a camera, a voice control into a microphone, or a change in the orientation of the user interface.
  • the gesture on the touch screen may be an acceleration detected in any direction.
  • the gesture may comprise an upward movement, a downward movement, a movement to the left, a movement to the right, a dragging operation, a swiping operation, a tapping operation, a tracking operation, etc, or any combination of gestures.
  • the gesture in front of the camera may be an acceleration detected in any direction.
  • the gesture may comprise an upward movement, a downward movement, a movement to the left, a movement to the right, etc, or any combination of gestures.
  • the voice control into the microphone may, for example, be the user speaking instructions to implement the change from the randomised initial state to the new state that they require.
  • the change in orientation of the user interface may involve one or more actions such as tilting, shaking, flipping, etc.
  • this may be achieved by performing the action on the device 402 or 502 comprising the interface 600.
  • certain examples for the type of user input are provided, it will be understood that the input is not limited to these examples and that any other suitable input may be used.
  • the change from the randomised initial state to the new state could involve any number of changes.
  • some possible examples are a change in the order of the options or functions rendered, an addition of an option or function to those rendered, the removal of an option or function from those rendered, entering a blank (i.e. where there is no option or function rendered), or similar.
  • the user input may simply be an input to render a different randomised initial state.
  • the user may request a different randomised initial state where the option or function that the user requires is not present in the current randomised initial state.
  • the user input to render a different randomised initial state may be received by any suitable form of input device. For example, there may be a designated button that the user can operate to instruct that the initial state is randomised again.
  • a different randomised initial state may be provided to and rendered on the user interface 600 until receipt of a user input indicating acceptance of the randomised initial state.
  • the user input indicating acceptance of the randomised initial state may, for example, be a user input to change the randomised initial state rendered on the user interface 600 to a new state (which will be explained in more detail below).
  • the user input indicating acceptance of the randomised initial state may simply be the user selecting an input that indicates that the state is to be used.
  • the user input indicating acceptance of the randomised initial state may involve a separate command.
  • the first processor 602 in the first environment 100 receives the user input to change the randomised initial state rendered on the user interface 600 to a new state (step 808). Example embodiments of the change in the randomised initial state to the new state will also be provided later.
  • the first processor 602 in the first environment 100 determines the difference between the initial state and the new state following receipt of the user input to change the initial state to the new state (step 810).
  • the difference may comprise a particular instruction (such as dragging operation), a total number of instructions (such as three upwards movements) and/or a particular order of instructions (such as an upward movement followed by a dragging operation).
  • the difference may include a sequence of indicated changes.
  • the storage unit 604 in the first environment 100 may optionally store the determined difference between the initial state and the new state (step 812).
  • the stored determined difference between the initial state and the new state may be encrypted by any suitable cryptographic protocol to increase security.
  • the storage unit 704 may only store the determined difference between the initial state and the new state for a predetermined amount of time for added security.
  • the storage unit 704 may be a temporal storage, say a volatile memory, such as RAM.
  • the communication unit 606 in the first environment 100 may transmit the determined difference between the initial state and the new state to the second environment 200 via the communication link 302 (step 814).
  • the communication unit 708 in the second environment 200 then receives the determined difference between the initial state and the new state from the first environment 100 (step 816).
  • the storage unit 704 in the second environment 200 may optionally store the determined difference between the initial state and the new state (step 818).
  • the stored determined difference between the initial state and the new state may be encrypted by any suitable cryptographic protocol to increase security.
  • the storage unit 704 may only store the determined difference between the initial state and the new state for a predetermined amount of time for added security.
  • the second processor 702 in the second environment 200 processes the user input based on the determined difference to determine intended user information (step 820). For example, the second processor 702 in the second environment 200 may processes the user input by comparing the determined difference between the initial state and the new state to a difference between the randomised initial state and a predetermined user input.
  • the predetermined user input may, for example, be a password, a personal identification number (PIN) or the like.
  • the second processor 702 in the second environment 200 may use the determined difference between the initial state and the new state to determine an amount that the user wishes to pay in a transaction or a telephone number that the user wishes to communicate.
  • intended user information that the user wishes to securely pass to a selected system or application (here, in the second environment 200) is obtained from the user interface and provided to the system or application in an indirect way that is not easily intercepted or interpreted by an attacker (whether that be a person or a machine). It is the determined difference that is processed at the selected system or application to determine the intended user information and thus it is not necessary to construct the intended user information prior to this, meaning that the intended user information is kept private and provided securely to the selected system or application.
  • an initial state consisting of a number of preferably hard to interpret bitmaps is rendered to a user in a first environment.
  • the user rearranges the bitmaps, and the rearranging steps (the difference) are provided to a second environment.
  • the bitmaps are not interpreted, and differences to the randomized initial states carry no information without this interpretation, an attacker that observes the first environment does not learn the intended user information that is provided to the second environment without obtaining and interpreting the bitmaps.
  • the authentication unit 706 in the second environment 200 authenticates the user based on the comparison of the determined difference between the initial state and the new state and the difference between the randomised initial state and a predetermined user input (step 822).
  • the authentication unit 706 in the second environment 200 may transmit a notification to the first environment 100 to be provided to the user indicating whether the authentication has been successful or has failed (step 824). For example, if the authentication unit 706 in the second environment 200 determines from the comparison that the determined difference between the initial state and the new state and the difference between the randomised initial state and a predetermined user input are consistent, the authentication unit 706 will indicate that authentication has been successful.
  • the authentication unit 706 in the second environment 200 determines from the comparison that the determined difference between the initial state and the new state and the difference between the randomised initial state and a predetermined user input are inconsistent, the authentication unit 706 will indicate that authentication has failed.
  • the authentication procedure may be repeated for each user input that is received and thus each corresponding difference between the initial state and the new state that is determined.
  • the communication unit 606 in the first environment 100 may receive the notification from the second environment 200 via the communication link 302 (step 826).
  • the notification may be, for example, a message for display on a screen, an audio sound for rendering by a speaker, or similar.
  • the use of the invention in authentication is merely one example of its application and is not restrictive in any way. It will be understood that the invention also has application in other areas. Other examples may include, a payment system in which the determined difference between the initial state and the new state is used to determine an amount that the user wishes to pay, a messaging system in which the determined difference between the initial state and the new state is used to determine a telephone number that the user wishes to communicate.
  • the first processor 602 in the first environment 100 may receive multiple user inputs to change the randomised initial state rendered on the user interface 600 to a new state and that one or more of the steps 802 to 826 of the method 800 would then be repeated for each of the multiple user inputs that are received.
  • FIG. 7a illustrates an example user interface 600 in a randomised initial state comprising a keyboard type of arrangement.
  • the user interface 600 comprises a display 900 that displays intended user input, a plurality of operator buttons 902, 906 associated with different options for selection by the user and a randomisation button 910 to randomise the interface 600.
  • Some of the operator buttons are blank 902, some of the operator buttons comprise a number 906 and some operator buttons include the same option as another operator button.
  • a user may select an option by dragging the associated operator button 902, 906 into the required position 904, 908. For example, by dragging the blank operator button 902 into the first position 904, the number two on the display 900 may be replaced with a zero.
  • the number two may on the display 900 may be completely removed and the number 3 shifted into that position.
  • the operator button 906 By dragging the operator button 906 into the second position 908, the number three associated with that option 906 will be inserted between the number two and the zero on the display 900.
  • Figure 7b illustrates the example user interface 600 in a new state following receipt of a user input to change the randomised initial state to the new state.
  • This user input may be the user input received to select one of the operator buttons 902, 906 as described above.
  • the user input was to drag the operator button 906 into the first position 902 such that the two on the display 900 was replaced with the three associated with the operator button 906 and the randomised initial state was changed to the new state.
  • the user input may be selection of the randomisation button 910 to randomise the interface 600, i.e. to provide a different randomised initial state.
  • the display 900 would remain unchanged.
  • the operator buttons 902 and 906 are associated with different options in the new state.
  • Figure 8a illustrates an example user interface 600 in a randomised initial state comprising a scroll bar type of arrangement.
  • the user interface 600 comprises a plurality of predetermined locations 913 associated with different options for selection by the user and operator buttons 912, 914 for use by the user to change the randomised initial state to a new state.
  • a user may select an option by tapping the predetermined location 913 associated with the intended option. For example, by tapping the predetermined location 913, the letter A would be selected.
  • Figure 8b illustrates the example user interface 600 in a new state following receipt of a user input to change the randomised initial state to the new state.
  • the randomised initial state was changed to the new state as a result of the user selecting the left operator button 912 once.
  • Figure 8c illustrates the example user interface 600 in a further new state following receipt of another user input to change the current randomised initial state of Figure 8b to a new state.
  • the current randomised initial state is changed to the new state as a result of the user selecting the left operator button 912 three times.
  • there the predetermined locations 913 are associated with different options in each new state. The user may continually use the operator buttons 912, 914 until an intended user input becomes available for selection.
  • Figure 9a illustrates an example user interface 600 in a randomised initial state comprising a reel type of arrangement.
  • the user interface 600 comprises a plurality of reels 926 associated with different options for selection by the user, a plurality of operator buttons 924 that each operate a particular reel 926 and a randomisation button 922 to randomise the interface 600.
  • a user may select an option by tapping the associated reel 926. For example, by tapping the reel 926, the number 4 would be selected.
  • Figure 9b illustrates the example user interface 600 in a new state following receipt of a user input to change the randomised initial state to the new state.
  • the randomised initial state is changed to the new state as a result of the user selecting the operator button 924 that corresponds to the reel 926.
  • the reel 926 is associated with a different option (i.e. the number 7) in the new state.
  • Figure 9c illustrates the example user interface 600 in a further new state following receipt of another user input to change the current randomised initial state of Figure 9b to a new state.
  • the current randomised initial state is changed to the new state as a result of the user selecting the randomisation button 922 to randomise the interface 600, i.e. to provide a different randomised initial state.
  • each of the reels 926 are associated with different options in this new state. The user may continually use the operator buttons 924 and/or the randomisation button 922 until an intended user input becomes available for selection.
  • a method according to the invention may be executed using software, which comprises instructions for causing a processor system to perform the method.
  • Software may only include those steps taken by a particular sub-entity of the system.
  • the software may be stored in a suitable storage medium, such as a hard disk, a floppy, a memory etc.
  • the software may be sent as a signal along a wire, or wireless, or using a data network, e.g., the Internet.
  • the software may be made available for download and/or for remote usage on a server.
  • a computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

L'invention concerne un procédé, un appareil et un système pour le traitement d'une entrée d'utilisateur. Un état initial aléatoire est rendu (806) sur une interface utilisateur (600). Une entrée d'utilisateur est reçue (808) pour changer l'état initial aléatoire en un nouvel état. La différence entre l'état initial et le nouvel état est déterminée (810) et l'entrée de l'utilisateur est traitée (820) sur la base de la différence déterminée.
PCT/EP2015/078134 2014-12-08 2015-12-01 Procédé, appareil et système de traitement d'une entrée d'utilisateur WO2016091645A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP14196758.8 2014-12-08
EP14196758 2014-12-08

Publications (1)

Publication Number Publication Date
WO2016091645A1 true WO2016091645A1 (fr) 2016-06-16

Family

ID=52101064

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/078134 WO2016091645A1 (fr) 2014-12-08 2015-12-01 Procédé, appareil et système de traitement d'une entrée d'utilisateur

Country Status (1)

Country Link
WO (1) WO2016091645A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120272311A1 (en) * 2009-11-06 2012-10-25 Christoph Althammer Method for authenticating a user on a computing unit
WO2012152995A1 (fr) * 2011-05-06 2012-11-15 Nokia Corporation Procédé et appareil d'authentification basée sur la navigation
EP2597590A2 (fr) 2011-11-28 2013-05-29 Samsung Electronics Co., Ltd Procédé d'authentification de mot de passe et dispositif portable correspondant

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120272311A1 (en) * 2009-11-06 2012-10-25 Christoph Althammer Method for authenticating a user on a computing unit
WO2012152995A1 (fr) * 2011-05-06 2012-11-15 Nokia Corporation Procédé et appareil d'authentification basée sur la navigation
EP2597590A2 (fr) 2011-11-28 2013-05-29 Samsung Electronics Co., Ltd Procédé d'authentification de mot de passe et dispositif portable correspondant

Similar Documents

Publication Publication Date Title
US9760707B2 (en) Unlocking electronic devices using touchscreen input gestures
EP3443724B1 (fr) Mots de passe d'image de service web
KR101175042B1 (ko) 사용자 단말기의 패스워드 인증 방법 및 그 장치
US7149899B2 (en) Establishing a secure channel with a human user
EP3252637B1 (fr) Procédé de protection de la confidentialité d'un terminal mobile, appareil de protection, et terminal mobile
CN106888202B (zh) 授权登录方法及装置
US9430144B1 (en) Unlocking electronic devices with touchscreen input gestures
US10075430B2 (en) Method and system for efficient password input
EP2443579A1 (fr) Dispositif informatique pourvu d'une interface d'authentification graphique
CN108229956A (zh) 网银交易方法、装置、***以及移动终端
EP3132621B1 (fr) Procédé, appareil et système de commande de terminal mobile
US10846412B2 (en) Electronic device including display and method of encrypting and decrypting information
GB2599057A (en) Terminal for conducting electronic transactions
CN107194268A (zh) 一种信息处理方法、装置、计算机装置及可读存储介质
CN108027853B (zh) 多用户强认证令牌
EP2466513B1 (fr) Saisie de mot de passe visuelle ou tactile
US20190377863A1 (en) Password input method, computer device and storage medium
US9667784B2 (en) Methods and devices for providing information in voice service
CN111679781A (zh) 一种验证处理方法、装置、设备及介质
CN104346161A (zh) 一种信息处理的方法及电子设备
US10803155B2 (en) Method and system for preventing unauthorized computer processing
WO2016091645A1 (fr) Procédé, appareil et système de traitement d'une entrée d'utilisateur
CN111279339B (zh) 一种应用锁定的方法、终端设备及计算机可读介质
KR101648779B1 (ko) 정보단말기에서의 문자입력 보안방법
CN111125742A (zh) 文件管理方法、智能终端以及具有存储功能的装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15802106

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15802106

Country of ref document: EP

Kind code of ref document: A1