Patent Issued for Systems And Methods For Key Logger Prevention Security Techniques (USPTO 10,785,256)
2020 OCT 05 (NewsRx) -- By a
The patent’s assignee for patent number 10,785,256 is
News editors obtained the following quote from the background information supplied by the inventors: “Identity theft and fraud pose threats to information security in today’s electronic age. Having one’s identity stolen or credit destroyed can be a traumatic event and take years of phone calls and paperwork to reestablish one’s credit. In addition, financial institutions suffer losses because of the fraud committed by those who steal innocent victims’ identities. Generally, in order to protect personal information, a user sets a password known only to her, so that access to a system and to her personal information is only accepted when the preset password is correctly input.
“However, malware such as key loggers may be implemented in hardware or software to log user keystrokes and/or mouse clicks for later retrieval. Key loggers are dangerous because they can be installed remotely without the knowledge of the user of a computing device. At some future time, the person who installed the key logger may retrieve information captured by the key logger and download the key strokes and/or mouse clicks. From this information, usernames and passwords may be determined for websites accessed by those who have used the keyboard and/or mouse.
“Efforts to defeat key loggers include the use of one-time passwords, biometric devices, and rotating ‘secret’ information (e.g., high school attended, favorite color, etc.) that is entered by a user. However, these mechanisms require the user to enter information that is known about the user, thus the key logger is still effective at gathering useful information about the user. Other mechanisms, such as graphically entered information through number pads, etc. that are displayed on a web page, may be defeated by key loggers taking screen shots at each mouse click, which may enable the reconstruction of the graphically entered information.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer only the actual user data that may be communicated to a remote site accessed by the user.
“In an implementation, user-input data received in an input field in a user interface may be protected by executing an applet within the user interface and generating random data associated with the input field. The random data and the input data may be provided to a client device in which the applet is executing, while only the input data is communicated to the remote computing device.
“In an implementation, electronic transactions between a client device and a remote server over a network connection are protected. A user input area is presented in a user interface, and when a focus event is received in the user input area, random data is generated that is associated with a type of user input area. User input data is received within the user input area and the random data and user input data are queued in the input buffer of a computing device. However, only the user input is communicated to the remote server.
“This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.”
The claims supplied by the inventors are:
“The invention claimed is:
“1. A method of obfuscating input data received from a user in a user interface on a computer by loading an applet within the user interface, the method performed by the applet and comprising: receiving user input data in an input field from a user; generating additional obfuscatory data in the input field combined with the user input data while the user input data is being input in the input field, the obfuscatory data representing one or more keystroke events; retrieving, from the input field that stores the user input data combined with the generated additional obfuscatory data, at least the user input data; and presenting only the retrieved user input data to a remote server for processing a user transaction.
“2. The method according to claim 1, said generating step further comprises the step of generating the additional obfuscatory data in accordance with a type of the input field.
“3. The method according to claim 2, said generating step further comprises the steps of: generating numeric additional obfuscatory data in response to determining that the input field is adapted to receive numeric input data; and generating alphanumeric additional obfuscatory data in response to determining that the input field is adapted to receive alphanumeric input data.
“4. The method according to claim 1, said generating step further comprises the step of generating the additional obfuscatory data at a frequency similar to that of a user entering data.
“5. The method according to claim 1, wherein the additional obfuscatory data comprises randomly generated data.
“6. The method according to claim 1, said generating step comprises generating one or more random sequences of keystroke events in the input field.
“7. The method according to claim 1, said user input data comprises data representing at least one keystroke event.
“8. A non-transitory computer-readable medium encoded with computer-readable instructions for obfuscating input data received from a user in a user interface on a computer by loading an applet within the user interface, said computer-readable instructions comprising instructions that: receive user input data in an input field from a user; generate additional obfuscatory data in the input field combined with the user input data while the first input data is being input in the input field, the obfuscatory data representing one or more keystroke events; retrieve, from the input field that stores the user input data combined with the generated additional obfuscatory data, at least the user input data; and present only the retrieved user input data to a remote server for processing a user transaction.
“9. The non-transitory computer-readable medium according to claim 8, further comprising computer-readable instructions that generate the additional obfuscatory data in accordance with a type of the input field.
“10. The non-transitory computer-readable medium according to claim 9, further comprising computer-readable instructions that: generate numeric additional obfuscatory data in response to a determination that the input field is adapted to receive numeric input data; and generate alphanumeric additional obfuscatory data in response to a determination that the input field is adapted to receive alphanumeric input data.
“11. The non-transitory computer-readable medium according to claim 8, further comprising computer-readable instructions that generate the additional obfuscatory data at a frequency similar to that of a user entering data.
“12. The non-transitory computer-readable medium according to claim 8, wherein the additional obfuscatory data comprises randomly generated data.
“13. A system for obfuscating input data received from a user in a user interface on a computer by loading an applet within the user interface, comprising: a user computer accessible by a user, said user computer having a user interface; an applet loaded within said user interface, said user interface including an input field adapted to receive user input data from the user, said applet: generating additional obfuscatory data in said input field combined with the user input data while the user input data is being input in the input field, the obfuscatory data representing one or more keystroke events; and retrieving, from the input field that stores the user input data combined with the generated additional obfuscatory data, at least the user input data; and a remote server, in communication with said applet, said applet presenting only the retrieved user input data to said remote server for processing a user transaction.
“14. The system according to claim 13, wherein said applet generates said additional obfuscatory data in accordance with a type of said input field.
“15. The system according to claim 14, wherein said additional obfuscatory data generated by said applet comprises numeric additional obfuscatory data in response to determining that said input field is adapted to receive numeric input data, and wherein said additional obfuscatory data generated by said applet comprises alphanumeric additional obfuscatory data in response to determining that said input field is adapted to receive alphanumeric input data.
“16. The system according to claim 13, wherein said applet generates said additional obfuscatory data at a frequency similar to that of a user entering data.
“17. The system according to claim 13, wherein said additional obfuscatory data comprises randomly generated data.”
For additional information on this patent, see: Voutour,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Special town election set for Tuesday in Eastham
Advisor News
- Economic pressure makes boomerang living a new normal
- Millennials ready to bring their advisor to the family table
- The gap between policy awareness and investor conversations
- Younger investors turn to ‘finfluencers’
- Using digital retirement modeling to strengthen client understanding
More Advisor NewsAnnuity News
- Most employers support embedding guaranteed lifetime income options into DC Plans
- InspereX Partners with AuguStar Retirement for Strategic Expansion into Annuity Market
- FACC and DOL enter stipulation to dismiss 2020 guidance lawsuit
- Zinnia’s Zahara policy admin system adds FIA chassis to product library
- The Standard and Ignite Partners Announce Launch of Thrive Plus Fixed Indexed Annuity
More Annuity NewsHealth/Employee Benefits News
- BILL TO EXPAND PREVENTIVE HEALTHCARE COVERAGE AND SAVE LIVES PASSES SENATE
- ‘No gap’ private health insurance can save you money. But there’s a catch
- Researchers from New York University (NYU) Langone Health Provide Details of New Studies and Findings in the Area of Radius Fracture (Investigating the Impact of Health Insurance on the Treatment of Distal Radius Fractures in New York State): Radius Fracture
- Insurance Commissioner working to provide short-term health policy options to Mississippians
- How this local health plan CEO navigates challenges of providing care
More Health/Employee Benefits NewsLife Insurance News
- NCOIL tackles packed agenda at spring meeting
- Unum Group Reports First Quarter 2026 Results
- Foresters Financial revamps accelerated underwriting, raises limits to $2M
- National Life Group Appoints Matthew Frazee as Chief Financial Officer to Support Continued Organizational Growth
- Protective to Acquire Obsidian from Genstar Capital, Expanding into Specialty Property & Casualty Insurance
More Life Insurance News