[go: up one dir, main page]

GB2397680A - Computer security device - Google Patents

Computer security device Download PDF

Info

Publication number
GB2397680A
GB2397680A GB0400850A GB0400850A GB2397680A GB 2397680 A GB2397680 A GB 2397680A GB 0400850 A GB0400850 A GB 0400850A GB 0400850 A GB0400850 A GB 0400850A GB 2397680 A GB2397680 A GB 2397680A
Authority
GB
United Kingdom
Prior art keywords
user
computer system
access
computer
display
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0400850A
Other versions
GB2397680B (en
GB0400850D0 (en
Inventor
Howard Williams
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0400850D0 publication Critical patent/GB0400850D0/en
Publication of GB2397680A publication Critical patent/GB2397680A/en
Application granted granted Critical
Publication of GB2397680B publication Critical patent/GB2397680B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

To restrict access to a computer system the computer system is responsive to entry of identification data to generate a display (X). The user overlays on the display a security device (Y) that, in combination with the display (X), discloses an access code (Z) to the user.

Description

COMPUTER SECURITY DEVICE
Field of the Invention
This invention relates to a computer security device and to a method for restricting the access to a computer system. The invention further relates to a computer system that includes such a device.
Backaround to the Invention
It is often necessary to control user access to a computer system. At a basic level this is typically achieved by issuing an authorised user with a login name and a password or PIN (personal identification number). A user will only be able to gain access to such a computer system by entering the correct login name and password.
The computer system checks that the login and password combination is correct before allowing access.
The problem with this approach is that, if an unauthorized user obtains the login and password of an authorised user, then the unauthorized user can gain access. There are many ways that user login names and passwords can be discovered. For example, one such way is to have a mechanism in the background monitoring user input thereby ascertaining a valid login name and password combination.
It is accordingly an object of the present invention to provide improved security to a computer system through a method for varying the authorization process each time a user tries to gain access to the computer system.
It is a further object of the present invention to have a physical device that needs to be used by the user in order to gain access to the protected computer system.
It is still a further object of the present invention to provide a device that is user specific such that it cannot be used inadvertently by another individual.
A still further object of the present invention is the provision of a computer system restricting user access by the improved method.
Summarv of the Invention According to a first aspect of the present invention there is provided a method of restricting access to a computer system, the method comprising: a) providing a user with identification data, b) providing the computer system with means responsive to entry of the identification data and for generation of a display, and c) providing the user with a security device that, in combination with the display, discloses an access code to the user.
According to a second aspect of the present invention there is provided a computer access system that includes a computer system having means responsive to entry of identification data by a user for generation of a display, and a security device that, in combination with the display, discloses an access code to the user.
The security device is preferably in the form of an overlay that can be placed on the display to generate the access code.
The overlay is preferably in the form of a transparent sheet on which an array of indicia is printed. The indicia conveniently comprise letters and numbers.
In order for a user to gain access to the computer system, the user would first identify himself or herself to the computer system.
This can be achieved in a number of ways but it would typically be achieved by entering a predefined user specific name. The computer system, having prior knowledge of the user, would generate one of a number of possible images that are specific to the user concerned and present the image to the user through a display or other suitable output device. The user then uses his or her user specific security device, which preferably consists of an overlay or that creates an overlay image or a method for creating an overlay.
When overlaid on the displayed image, the overlay reveals an access code that is specific to both the user and the image displayed.
The user then enters the access code into the computer system through a suitable input device or method. The computer system marries up the received code with the user specific image previously sent to the user concerned and, if it is deemed to be a valid combination, access to the computer system is granted.
The security device of the present invention can be used on its own or in conjunction with other security devices and methodologies.
For the purpose of this application, a computer system is deemed to be one or more computers in which processing and storage can be carried out on one or more of the computers in the system. Examples include computers on the Internet and computers on an Intranet or a stand-alone computer. For the purpose of this application, a computer system can also mean a subset of a larger computer system. For example, having accessed a computer system such as the Internet, the security facility could be used to control access to a particular section such as e-mail or a database or a computer program or similar or part thereof. It may further include any intelligent device or part thereof with suitable characteristics. -s -
The term "computer system" may also include any suitable device(s) that can give access to a computer system directly or indirectly. For example, a mobile phone can be used to gain access to computer-based services such as phone banking.
Brief Description of the Drawing
The single figure of the drawing shows a representation of an image on a computer monitor or other display device, a physical overlay and a representation of the combined image seen by a user when the image is viewed through the physical overlay.
Description of the Preferred Embodiment
The single figure of the drawing shows an image X displayed on a computer monitor or other display device, an overlay Y and a representation Z of the combined image seen by a user when the image X is viewed through the physical overlay Y. In the following description, the term pseudo-random should be taken to mean something that appears to a user as a random pattern or sequence but, in fact, can be recreated at anytime using a known algorithm and starting seed condition.
Each user that is allowed to access the protected computer system is allocated two seed codes that are stored in the computer system in readiness for user identification. In conjunction with a suitable computer algorithm, the first code is used as the seed to generate a pattern consisting of a number of non-overlapping circles pseudo-randomly placed within a bounding rectangle that, for user convenience, has the same aspect ratio as a credit card. In conjunction with a suitable computer algorithm, the second code is used to pseudo-randomly label each circle with an alphanumeric character or symbol. The pattern of labelled circles is then, for user convenience, reproduced on a transparent creditcard-sized card and issued to the user. This transparent card forms the overlay Y. When the user requires access to the protected computer system, the user first identifies himself or herself to the computer system by entering his or her user identification. The user identification is used by the computer system to retrieve the user's seed codes. From the first seed code and the appropriate algorithm, a user specific pattern consisting of a number of non-overlapping circles is reconstructed. From the full compliment of circles, a reduced number are arbitrarily selected by the computer system. The computer system creates an image that differentiates the selected circles from the other circles and presents the image to the user through the computer display or other appropriate output device. This is the image X indicated in the drawing and the differentiation process in this instance is used to hide the other circles.
The user overlays his or her issued credit-card-sized transparency (indicated by Figure 1 item Y) onto the image presented through the display device. By superimposing the two images, the user can identify the alphanumeric character or symbol labels of the differentiated circles (indicated as Z in the drawing). The user enters the identified alphanumeric character or symbol labels into the computer system. By using the second seed code and appropriate algorithm, the computer system also determines the alphanumeric character or symbol labels of the differentiated circles. If the character or symbol labels entered by the user correspond to the character or symbol labels for the differentiated circles identified by the computer system, then access to the computer system will be granted to the user.
Other embodiments of the invention can include the following: a) the controlling of access to any intelligent device that has a suitable display device and input and processing capabilities, b) the overlay can have aspect ratios suitable to other needs, c) the image generated on the display device by the computer system and the corresponding overlay can contain any combination of patterns and colours such that, once combined (that is to say the display device image as viewed by the user through the overlay), it will reveal to the user a response that the computer system is expecting in order to grant access to the user, d) in the preferred embodiment, a single seed code or multiple seed codes or other methodologies can be used in conjunction with suitable algorithms to produce the required output device and overlay images, e) the overlay can be incorporated into or made an integral part of another object such as a CD (Compact Disk) / DVD (Digital Versatile Disk) / other media cases, f) the overlay can be incorporated into optical or other devices which would allow the image on the display device (which is then viewed through the overlay) to be viewed from a distance, g) the image displayed on the display device (which is then viewed through the overlay) can have random elements such as a random background to make cause and effect harder to monitor. That is to say, any background monitoring process could not easily match up an image on the display device with a response as the image would always be different - two images could display the same information but would be physically different, and h) the overlay device could be designed so as to create a changing overlay which would need to correspond to a similarly changed image on the display device. For example, the overlay could be made out of an LCD (Liquid Crystal Display) which could generate a variety of overlay images which would need to be used in conjunction with a correspond variety of display device images (which are then viewed through the overlay).

Claims (11)

  1. Claims: 1. A method of restricting access to a computer system, the method
    comprising: d) providing a user with identification data, e) providing the computer system with means responsive to entry of the identification data and for generation of a display, and f) providing the user with a security device that, in combination with the display, discloses an access code to the user.
  2. 2. A method as claimed in Claim 1, in which the security device is in the form of an overlay that can be placed on the display to generate the access code.
  3. 3. A method as claimed in Claim 2, in which the overlay is in the form of a transparent sheet on which an array of indicia is printed.
  4. 4. A method as claimed in Claim 3, in which the indicia comprise letters and numbers.
  5. 5. A method of restricting access to a computer system substantially as hereinbefore described with reference to the accompanying drawing.
  6. 6. A computer access system that includes a computer system having means responsive to entry of identification data by a user for generation of a display, and a security device that, in combination with the display, discloses an access code to the user.
  7. 7. A computer access system as claimed in Claim 6, in which the security device is in the form of an overlay that can be placed on the display to generate the access code.
  8. 8. A computer access system as claimed in Claim 7, in which the overlay is in the form of a transparent sheet on which an array of indicia is printed.
  9. 9. A computer access system as claimed in any one of Claims 6 to 8, which includes means whereby, in order for a user to gain access to the computer system, the user must first identify himself or herself to the computer system by entering a predefined user specific name.
  10. 10. A computer access system as claimed in Claim 9, in which the computer system includes means for generating one of a number of possible images that are specific to the user concerned and presenting the image to the user.
  11. 11. A computer access system substantially as hereinbefore described with reference to the accompanying drawing.
GB0400850A 2003-01-21 2004-01-15 Computer security device Expired - Fee Related GB2397680B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0301299A GB0301299D0 (en) 2003-01-21 2003-01-21 Computer security device

Publications (3)

Publication Number Publication Date
GB0400850D0 GB0400850D0 (en) 2004-02-18
GB2397680A true GB2397680A (en) 2004-07-28
GB2397680B GB2397680B (en) 2004-12-15

Family

ID=9951479

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0301299A Ceased GB0301299D0 (en) 2003-01-21 2003-01-21 Computer security device
GB0400850A Expired - Fee Related GB2397680B (en) 2003-01-21 2004-01-15 Computer security device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0301299A Ceased GB0301299D0 (en) 2003-01-21 2003-01-21 Computer security device

Country Status (1)

Country Link
GB (2) GB0301299D0 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840778A1 (en) * 2006-03-29 2007-10-03 Laurent Busser Single-use identification device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection
WO2001063545A1 (en) * 2000-02-24 2001-08-30 Kohut Michael L Authorized user verification by sequential pattern recognition and access code acquisition
GB2378297A (en) * 2001-04-13 2003-02-05 Nec Corp A voice responsive system for identifying a user
WO2003060674A1 (en) * 2002-01-17 2003-07-24 Koninklijke Philips Electronics N.V. Secure data input dialogue using visual cryptography
GB2387702A (en) * 2002-04-17 2003-10-22 Cellectivity Ltd Method of access control using PIN codes

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection
WO2001063545A1 (en) * 2000-02-24 2001-08-30 Kohut Michael L Authorized user verification by sequential pattern recognition and access code acquisition
GB2378297A (en) * 2001-04-13 2003-02-05 Nec Corp A voice responsive system for identifying a user
WO2003060674A1 (en) * 2002-01-17 2003-07-24 Koninklijke Philips Electronics N.V. Secure data input dialogue using visual cryptography
GB2387702A (en) * 2002-04-17 2003-10-22 Cellectivity Ltd Method of access control using PIN codes

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840778A1 (en) * 2006-03-29 2007-10-03 Laurent Busser Single-use identification device

Also Published As

Publication number Publication date
GB2397680B (en) 2004-12-15
GB0301299D0 (en) 2003-02-19
GB0400850D0 (en) 2004-02-18

Similar Documents

Publication Publication Date Title
KR100292547B1 (en) Personal Identification Device and Access Control System
US11308724B2 (en) Optical character recognition technique for protected viewing of digital files
US5509692A (en) Monetary instrument
US4972476A (en) Counterfeit proof ID card having a scrambled facial image
US6209104B1 (en) Secure data entry and visual authentication system and method
US20060018467A1 (en) Device for authentication and identification for computerized and networked systems
GB2434472A (en) Verification using one-time transaction codes
US20080258940A1 (en) Apparatus and method for preventing password theft
WO2001077792A2 (en) System and method for authenticating a user
US20120104090A1 (en) Card-reader apparatus
JP2007264929A (en) User authentication system, user authentication method, operation terminal and server or the like
Still et al. Human-centered authentication guidelines
US20060098841A1 (en) Method and system for enabling remote message composition
EP0097110B1 (en) Method of testing the use of reserved documents
US10733308B2 (en) Tags for unlocking digital content
JPS5910680A (en) Safe securing system
US9033245B2 (en) Device and method for obfuscating visual information
Caponi et al. Feature-selective adaptation of numerosity perception
US20080037842A1 (en) Smart Card That Stores Invisible Signatures
GB2397680A (en) Computer security device
AU2005228907C1 (en) Method for safely logging onto a technical system
US20080279374A1 (en) Pixel-Based Method for Encryption and Decryption of Data
US20070016940A1 (en) Identification and password management device
GB2398270A (en) Document with user authentication.
EP1840778A1 (en) Single-use identification device

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20200115