Patent Issued for Systems and methods for key logger prevention security techniques (USPTO 11979429): United Services Automobile Association
2024 MAY 23 (NewsRx) -- By a
The assignee for this patent, patent number 11979429, is
Reporters obtained the following quote from the background information supplied by the inventors: “Identity theft and fraud pose threats to information security in today’s electronic age. Having one’s identity stolen or credit destroyed can be a traumatic event and take years of phone calls and paperwork to reestablish one’s credit. In addition, financial institutions suffer losses because of the fraud committed by those who steal innocent victims’ identities. Generally, in order to protect personal information, a user sets a password known only to her, so that access to a system and to her personal information is only accepted when the preset password is correctly input.
“However, malware such as key loggers may be implemented in hardware or software to log user keystrokes and/or mouse clicks for later retrieval. Key loggers are dangerous because they can be installed remotely without the knowledge of the user of a computing device. At some future time, the person who installed the key logger may retrieve information captured by the key logger and download the key strokes and/or mouse clicks. From this information, usernames and passwords may be determined for websites accessed by those who have used the keyboard and/or mouse.
“Efforts to defeat key loggers include the use of one-time passwords, biometric devices, and rotating “secret” information (e.g., high school attended, favorite color, etc.) that is entered by a user. However, these mechanisms require the user to enter information that is known about the user, thus the key logger is still effective at gathering useful information about the user. Other mechanisms, such as graphically entered information through number pads, etc. that are displayed on a web page, may be defeated by key loggers taking screen shots at each mouse click, which may enable the reconstruction of the graphically entered information.”
In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer only the actual user data that may be communicated to a remote site accessed by the user.
“In an implementation, user-input data received in an input field in a user interface may be protected by executing an applet within the user interface and generating random data associated with the input field. The random data and the input data may be provided to a client device in which the applet is executing, while only the input data is communicated to the remote computing device.
“In an implementation, electronic transactions between a client device and a remote server over a network connection are protected. A user input area is presented in a user interface, and when a focus event is received in the user input area, random data is generated that is associated with a type of user input area. User input data is received within the user input area and the random data and user input data are queued in the input buffer of a computing device. However, only the user input is communicated to the remote server.
“This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.”
The claims supplied by the inventors are:
“1. A method of obfuscating input data received from a user in a user interface on a computer by loading an applet within the user interface, the method performed by the applet and comprising: receiving user input data in an input field from a user; generating, using the applet within the user interface, a random sequence of input events in the input field while the user input data is being input in the input field, wherein the random sequence of input events and the user input data are queued in an input buffer of the computer, the random sequence preventing malicious software from obtaining the user input data; and communicating only the user input data to a remote server for processing a user transaction.
“2. The method according to claim 1, said generating step further comprises the step of generating the random sequence of input events in accordance with a type of the input field.
“3. The method according to claim 2, said generating step further comprises the steps of: generating numeric obfuscatory data in response to determining that the input field is adapted to receive numeric input data; and generating alphanumeric obfuscatory data in response to determining that the input field is adapted to receive alphanumeric input data.
“4. The method according to claim 1, said generating step comprises generating additional random sequences of input events in the input field.
“5. The method according to claim 1, said generating step further comprises the step of generating the random sequence of input events at a frequency similar to that of a user entering data.
“6. The method according to claim 1, wherein the random sequence of input events comprises one or more mouse click events.
“7. The method according to claim 1, wherein any key logging malware active on the computer would receive the combined user input data and the random sequence of input events.
“8. A non-transitory computer-readable medium encoded with computer-readable instructions for obfuscating input data received from a user in a user interface on a computer by loading an applet within the user interface, said computer-readable instructions comprising instructions that: receive user input data in an input field from a user; generate a random sequence of input events in the input field while the user input data is being input in the input field, wherein the random sequence of input events and the user input data are queued in an input buffer of the computer, the random sequence preventing malicious software from obtaining the user input data; and communicate only the user input data to a remote server for processing a user transaction.
“9. The non-transitory computer-readable medium according to claim 8, further comprising computer-readable instructions that generate the random sequence of input events in accordance with a type of the input field.
“10. The non-transitory computer-readable medium according to claim 9, further comprising computer-readable instructions that: generate numeric obfuscatory data in response to a determination that the input field is adapted to receive numeric input data; and generate alphanumeric obfuscatory data in response to a determination that the input field is adapted to receive alphanumeric input data.
“11. The non-transitory computer-readable medium according to claim 8, further comprising computer-readable instructions that generate the random sequence of input events at a frequency similar to that of a user entering data.
“12. The non-transitory computer-readable medium according to claim 8, wherein the random sequence of input events comprises one or more mouse click events.
“13. The non-transitory computer-readable medium according to claim 8, wherein any key logging malware active on the computer would receive the combined user input data and the random sequence of input events.
“14. A system for obfuscating input data received from a user in a user interface on a user computer by loading an applet within the user interface, comprising: a user computer accessible by a user, said user computer having a user interface; an applet loaded within said user interface, said user interface including an input field adapted to receive user input data from the user, said applet: generating a random sequence of input events in the input field while the user input data is being input in the input field, wherein the random sequence of input events and the user input data are queued in an input buffer of the computer, the random sequence preventing malicious software from obtaining the user input data; and a remote server, in communication with said applet, said applet communicating only the user input data to said remote server for processing a user transaction.
“15. The system according to claim 14, wherein said applet generates said the random sequence of input events in accordance with a type of the input field.
“16. The system according to claim 15, wherein said random sequence of input events generated by said applet comprises numeric obfuscatory data in response to determining that said input field is adapted to receive numeric input data, and wherein said random sequence of input events generated by said applet comprises alphanumeric obfuscatory data in response to determining that said input field is adapted to receive alphanumeric input data.
“17. The system according to claim 14, wherein said applet generates said random sequence of input events at a frequency similar to that of user entering data.
“18. The system according to claim 14, wherein the random sequence of input events comprises one or more mouse click events.
“19. The system according to claim 14, wherein any key logging malware active on the computer would receive the combined user input data and the random sequence of input events.”
For more information, see this patent:
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Report existence monitoring (USPTO 11978114): ConsumerInfo.com Inc.
Patent Issued for Secure compartmented access infrastructure for sensitive databases (USPTO 11977652): Evernorth Strategic Development Inc.
Advisor News
- LTC: A critical component of retirement planning
- Middle-class households face worsening cost pressures
- Metlife study finds less than half of US workforce holistically healthy
- Invigorating client relationships with AI coaching
- SEC: Get-rich-quick influencer Tai Lopez was running a Ponzi scam
More Advisor NewsAnnuity News
- Trademark Application for “EMPOWER MY WEALTH” Filed by Great-West Life & Annuity Insurance Company: Great-West Life & Annuity Insurance Company
- Conning says insurers’ success in 2026 will depend on ‘strategic adaptation’
- The structural rise of structured products
- How next-gen pricing tech can help insurers offer better annuity products
- Continental General Acquires Block of Life Insurance, Annuity and Health Policies from State Guaranty Associations
More Annuity NewsHealth/Employee Benefits News
- New Managed Care Study Findings Have Been Reported by G. Martin Reinhart and Co-Researchers (Psychiatric Medication Prescribing by Nurse Practitioners and Physician Associates for Medicare Beneficiaries): Managed Care
- Data on Managed Care Reported by Researchers at American Dental Association (Early association of expanded Medicare dental benefits to dentist billing in Medicare): Managed Care
- Researchers to study universal health care, as Coloradans face $1 billion in medical debt
- Veteran speaks out on veterans mail-order drug bill
- National Life Group Selects FINEOS AdminSuite to Transform Living Benefit and Life Insurance Claims Operations
More Health/Employee Benefits NewsLife Insurance News