METHOD AND APPARATUS FOR MANAGING A PERSONAL IDENTIFICATION NUMBER

This invention relates to a method and apparatus for managing a personal identification number (PIN) . In particular this relates to a method and apparatus for increasing security during authentication of a PIN.

BACKGROUND

Presently in automated telephony and other authentication environments users are required to provide numeric passwords. These passwords, being numeric, can often be difficult to remember and can encourage people to write them down. This is not a secure way of maintaining this information and can result in possible security breaches. US patent publication 5721765 discloses a personal identification number security system incorporating a time dimension to enhance its security yet maintain the familiar and simple to use PIN system. The alpha-numeric digits comprising the PIN are separated into two or more digit groups that must be entered into the system according to a pre-defined sequence in order to positively identify the user and provide security clearance. The time sequence can include time delays between the entry of digit groups or time periods during which the digit groups must be entered.

SUMMARY OF INVENTION

According to a first aspect of the present invention there is provided a system for managing a personal identification number (PIN) comprising: a first output interface for prompting a user for a PIN; a first input interface for recording input; a converter for extracting an input PIN and an input form from the input; and a first comparator for authenticating the user if the input PIN matches a stored PIN and the input form matches a stored input form.

When a user provides numeric security information, numerical grouping of the PIN conveys form information and provides an extra signature to further identify the correct user. This solution allows backward compatibility with current standards so that a user that does not wish to use a combined PIN and input form would simply specify their password as normal.

This solution allows backward compatibility with current standards so that a user that did not wish to use a combined PIN and input form would simply specify their password as normal.

Advantageously the system further comprises: a second output interface for further prompting the user for a password if the input PIN matches a stored PIN but the input form does not match a stored form; a second input interface triggered by the second output interface for recording further user input; and a second comparator triggered by the second input interface for authenticating the user if the further user input matches a stored password.

More advantageously the system further comprises: a third output interface for prompting the user to accept or reject form authentication; a third input interface for accepting the user response and setting a PIN flag according to the user's acceptance or rejection of form authentication, said PIN flag being associated with a user.

The PIN flag is set once per user PIN when the password is PIN only. The flag is set according to the status of the password: on creation of the PIN the status flag is PIN ONLY; the flag is set to ACCEPTED if the user accepts form authentication; the flag is set to REJECTED if the user rejects form authentication.

Suitably the converter parses the input to delimit numbers in the input and to remove any delimiters within digits of the numbers in the text input whereby the only delimiters in the input separate numbers and the form of the PIN is represented by the spacing of the delimiters and the digits.

More suitable, the input is speech input; a speech recognition engine converts the speech input to text input; and the converter parses the text input.

Alternatively the user beneficially enters text input directly. This solution allows keypad input.

According to a second aspect of the invention there is provided a method of managing personal identification numbers (PINs) comprising: prompting a user for a PIN; recording an input; extracting an input PIN and an input form from the input; and authenticating the user if the input PIN matches a stored PIN and the input form matches a stored input form.

According to a third aspect of the present embodiment there is provided a computer program product comprising computer readable recording medium having computer readable code stored thereon for managing personal identification numbers (PINs) , said computer readable code which when loaded onto a computer system and executed performs the following steps: prompting a user for a PIN; recording an input; extracting an input PIN and an input form from the input; and authenticating the user if the input PIN matches a stored PIN and the input form matches a stored input form.

DESCRIPTION OF DRAWINGS

Embodiments of the invention will now be described, by means of example only, with reference to the accompanying drawings in which:

Figure 1 is a schematic of the interactive voice response system of the present embodiment; and

Figure 2 is a schematic method of the present embodiment.

DESCRIPTION OF THE EMBODIMENTS

The preferred embodiment is an interactive voice response system (IVR) 2 comprising: VXML application 3; VXML browser 4; speech recognition engine 5; and personal identification number (PIN) manager 10.

IVR 8 is modelled on IBM WebSphere Voice Response v3.2 although any

IVR can be used with a PIN manager based on that of the embodiment. A user communicates with the IVR 8 through user interface 6 which can be a telephone or an intercom.

Business application 3 is an application written in Voice XML (VXML) that requires authentication. For example, the business application may locate a bank balance but first identifies a user (by identifying the user account for instance) and then requests authentication of that user account .

VXML browser 4 interprets the business application 3. A request for authentication includes a user account number and is passed to the PIN manager 10.

Speech recognition engine 5 is modelled on IBM WebSphere Voice Server v5 although any speech recognition engine providing plain text output could be used. However, the speech recognition engine preferably is configured to include delimiters between numbers if it does not do so as a default. Speech recognition engine receives requests from VXML browser 5 to translate speech data and passes back text data to VXML browser 5. Speech recognition engine 5 uses a Markov model 7 to work about the most likely phonetic match to the speech data and then uses a numerical grammar 8 to estimate the most likely text match to the phonemes.

The numerical grammar 8 is restricted to numerical utterances to improve the recognition. For instance: zero; one; two; three; four; five; six; seven; eight; nine; ten; eleven; twelve; thirteen; fourteen; fifteen; sixteen; seventeen; eighteen; nineteen; twenty; thirty; forty; fifty; sixty; seventy; eighty; ninety, hundred; thousand; million. This grammar constitutes 32 utterances. Currently recognisers have trouble with an alphabetic grammar (containing 26 utterances) but many numerical utterances for this grammar are longer than one syllable (20 out of 32) so it is easier to recognise than an alphabetic one. A further restriction of the grammar can split out the teens, thereby saving 4 utterances by making the grammar. Fourteen, sixteen, seventeen eighteen and nineteen would then be expressed by two utterances each.

In this embodiment the PIN manager 10 is an application written in

VXML. PIN manager 10 comprises: a controller 12; output interfaces 14A, 14B, 14C (first, second, third); input interfaces 16A, 16B, 16C (first, second and third) ; comparators 18A, 18B, 18C, 18D, 18E (first; second; third; fourth; and an optional comparator) ; a converter 20; and PIN memory 22.

The controller 12 controls the process of authenticating the user and the flow between the PIN manager components.

The PIN memory 22 is for storing PINs and associating each one with the user. The PIN memory stores a record 23 for each registered user. Each record comprises a field for: a user account; a user PIN; a PIN form; a PIN flag; and a password for an addition authentication.

Output and input interfaces are application program interfaces

(APIs) for the IVR 2. The first output interface 14A is for prompting a

user for a PIN. The second output interface 14B is for prompting the user for the password if the input PIN matches a stored PIN but the input form does not match a stored form. The third output interface 14C is for prompting the user to accept or reject combined PIN authentication of the embodiment; combined PIN authentication comprises authenticating of both input PIN and input form.

The first input interface 16A is for recording a user input. The second input interface 16B is triggered by the second output interface and is for recording further user input. The third input interface 16C is for setting the PIN flag according to the user's acceptance or rejection of the combined PIN authentication.

The first comparator 18A is for checking a PIN match. The second comparator 18B is for checking that a form is stored. The third comparator 18C is for checking form match; the user will be authenticated if the input PIN matches a stored PIN and the input form matches a stored form. The fourth comparator 18D is an additional authentication for checking a password match and authenticates the user if the user input password matches a stored password. The optional comparator 18E is for checking the PIN flag to see if the user has accepted or rejected form authorization.

The converter 20 is for extracting an input PIN and an input form from user text input from the speech recognition engine 5. The user input text includes the linguistic grouping of the PIN as the speech recognition engine provides the user text input as is. Therefore a PIN number such as 1234 may be supplied in various forms including "one, two three, four"; "twelve, thirty four"; and "one thousand, two hundred and thirty four". Prior art authentication systems will remove the extra linguistic information but the present embodiment uses it to its advantage. A composite PIN comprises the text output of the speech recognition engine. The composite PIN includes digits of the voice input spaced with delimiters to indicate the grouping of the digits. The speech recognition engine is configured to include delimiters if it does not do so as a default. Normal voice entry of a PIN comprises three delimiters and a fourth if a last delimiter to indicate the end of a PIN is included, for instance "one, two, three, four.'. Grouping the digits into two digit numbers reduces the number of delimiters to two, for instance, "twelve, thirty four.". Grouping the digits into a single four digit number reduces the number of delimiters to one, for instance. "One thousand two hundred and thirty four.". The composite PINs for these three example are respectively: "1#2#3#4#", "12#34#" and "1234#". However, it will be noted

that "One thousand two hundred and thirty four" contains an internal delimiter "and". The composite PIN is parsed to put in the correct format so that all digit groups have internal delimiters removed. Internal delimiters are defined to include commas and "and"s inside the text of a number over 100, for instance: "a hundred and one", "one thousand^ two hundred and thirty four" where the internal delimiters are underlined. Similarly a delimiter between two numbers in the range 100 to 999 or two numbers in the range 1000 to 9999 is not internal. Conversely, where there is no delimiter between two numbers then a delimiter is inserted, for instance: "one two three, four" becomes "one, two, three, four ." or "1#2#3#4#". The PIN is extracted from the parsed composite PIN by filtering the digits and in all three examples the PIN is "1234". The form is extracted by replacing all digits in the parsed composite PIN with a digit indicator, for instance "0", and all delimiters by a delimiter symbol, for instance, "#". In the three examples therefore, the forms are respectively: "0#0#0#0#", "00#00#" and "0000#".

The method 200 of authenticating a PIN in the preferred embodiment will be described.

Step 202, the first output interface 14A prompts a user for a PIN.

Step 204, the first input interface 16A records user speech input and passes the speech recording to the speech recognition engine 5.

Step 205, the speech recognition engine 5 converts the speech recording into user text input.

Step 206, the converter 20 extracts an input PIN and an input form from the user text input.

Step 208, the first comparator 18A checks for the input PIN with the stored PIN and rejects the user at step 210 if there is no match. If there is a match the method passes on to the second comparator 18B at step 212.

Step 210, the controller 12 rejects the user and the user is not allowed to access the business application requiring authentication.

Step 212, the second comparator 18B has the form stored at step 214 if the user record 23 does not contain a PIN form. If there is a stored PIN form then the process passes to optional step 217 or step 219.

Step 214, the controller 12 stores the form in the user record in PIN memory and optionally passes to step 215 before step 216.

Step 215, optionally the user is given the chance to accept or reject form authentication and the user preference is stored in the PIN flag. This step operates in conjunction with step 217. The user is prompted to accept or reject form authentication and the PIN flag is set according to the status of the password. On creation of a PIN the PIN flag is PIN ONLY; this optional method is performed once per user PIN when the PIN flag is PIN ONLY. The flag is set to FORM ACCEPTED if the user accepts form authentication or the flag is set to FORM REJECTED if the user rejects form authentication. A further option could also confirm the PIN form back to the user so that the user can validate that this is the way they wish to speak or type their PIN. From step 215 the process passes to authenticate the user at step 216.

Step 216, the controller 12 authenticates the user and allows the user to access the business application 3.

Step 217, the optional comparator 18E checks the PIN flag and if the form authorization has been rejected then the process authenticates the user at step 218. If the form authorization has been accepted then the process moves to check the form at step 219.

Step 218, the controller 12 authenticates the user and allows the user to access the business application 3 requiring authentication.

Step 219, the third comparator 18C checks if the input form matches the form stored in the user record 23 and authenticates the user at step 220 if there is a match. If there is NO match a further check is made at step 222.

Step 220, the controller 12 authenticates the user and allows the user to access the business application 3 requiring authentication.

Step 222, the fourth comparator 18D initiates a further authentication process with the user, the further authentication process requests a password and if there is NO match between an input password and a stored password then the user is rejected at step 224. If there is a match the user is authenticated at step 226. The further authentication

process prompts the user for a password; records user input password speech; converts the input password speech to input password text; and authenticates the user if the user input text matches a stored password.

Step 224, the controller 12 rejects the user and the user is not allowed to access the business application 3.

Step 226, the controller 12 authenticates the user and allows the user to access application 3. In the preferred embodiment, the user input is speech and speech recognition is performed on the user input to extract the form of the PIN.

However, an alternative embodiment allows keypad input wherein the user input is a numerical expression containing the PIN digits and optionally at least one delimiter character between the digits. The delimiter "#" can be the "enter" key on a keypad and the composite PINs for the three example are directly keyed in respectively as : "1#2#3#4#", "12#34#" and

"1234#".

In summary there is described a method, system and computer program product for managing personal identification numbers (PINs) comprising: prompting a user for a PIN; recording user speech input; extracting an input PIN and an input form from the speech input by converting to text input and parsing the text input to delimit numbers in the input and to remove any delimiters within digits of the numbers in the text input whereby the only delimiters in the input separate numbers and the form of the PIN is represented by the spacing of the delimiters and the digits; and authenticating the user if the input PIN matches a stored PIN and the input form matches a stored input form.

It will be clear to one skilled in the art that the method of the present invention may suitably be embodied in a logic apparatus comprising logic means to perform the steps of the method, and that such logic means may comprise hardware components or firmware components. For instance, Figure 2 shows a logic embodiment.

It will be equally clear to one skilled in the art that the logic arrangement of the present invention may suitably be embodied in a logic apparatus comprising logic means to perform the steps of the method, and that such logic means may comprise components such as logic gates in, for example, a programmable logic array. Such a logic arrangement may further be embodied in enabling means for temporarily or permanently establishing

logical structures in such an array using, for example, a virtual hardware descriptor language, which may be stored using fixed or transmittable carrier media.

It will be appreciated that the method described above may also suitably be carried out fully or partially in software running on one or more processors (not shown) , and that the software may be provided as a computer program element carried on any suitable data carrier (also not shown) such as a magnetic or optical computer disc. The channels for the transmission of data likewise may include storage media of all descriptions as well as signal carrying media, such as wired or wireless signal media.

The present invention may suitably be embodied as a computer program product for use with a computer system. Such an implementation may comprise a series of computer readable instructions either fixed on a tangible medium, such as a computer readable medium, for example, diskette, CD-ROM, ROM, or hard disk, or transmittable to a computer system, via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications lines, or intangibly using wireless techniques, including but not limited to microwave, infrared or other transmission techniques. The series of computer readable instructions embodies all or part of the functionality previously described herein.

Those skilled in the art will appreciate that such computer readable instructions can be written in a number of programming languages for use with many computer architectures or operating systems. Further, such instructions may be stored using any memory technology, present or future, including but not limited to, semiconductor, magnetic, or optical, or transmitted using any communications technology, present or future, including but not limited to optical, infrared, or microwave. It is contemplated that such a computer program product may be distributed as a removable medium with accompanying printed or electronic documentation, for example, shrink-wrapped software, pre-loaded with a computer system, for example, on a system ROM or fixed disk, or distributed from a server or electronic bulletin board over a network, for example, the Internet or World Wide Web.

It will be further appreciated that embodiments of the present invention may be provided in the form of a service deployed on behalf of a customer to offer service on demand.

It will also be appreciated that various further modifications to the preferred embodiment described above will be apparent to a person of ordinary skill in the art.