3.4 KiB
Proposed high-risk technical innovation:
nKode is an observation-resistant “something-you-know” authentication method that replaces direct entry of a static secret (a PIN or password). The user’s long-term secret is a short sequence of memorable attributes (for example four icons). At each authentication, the terminal displays a shuffled layout that groups many attributes into a small number of selectable keys. The user does not enter their secret attributes directly. Instead, they enter the key IDs that currently contain their secret attributes.
Example: Secret attributes: 😍🤢🤐🥸
_key1_ _key2_
| 😃😍 | | 🥸🤩 |
| 😇😎 | | 🤓🥳 |
----- -----
_key3_ _key4_
| 🥺🤯 | | 🫥🤥 |
| 😡🥶 | | 🤢🤐 |
----- -----
enter: 1,4,4,2
After authentication, the keypad is shuffled.
_key1_ _key2_
| 🫥😍 | | 🥸🤥 |
| 😇🤐 | | 🤢🥳 |
----- -----
_key3_ _key4_
| 😃🤯 | | 🥺🤩 |
| 😡😎 | | 🤓🥶 |
----- -----
enter: 1,2,1,1
The user experience remains “type four digits,” but the meaning of those digits changes each time based on the on-screen challenge.
Why this is materially different from prior studied approaches: We recognize that observation-resistant PIN entry and graphical password systems have been studied extensively. nKode’s novelty is not “using pictures,” and not merely “shuffling a keypad.” The core difference is the combination of (a) a stable, memorable secret defined over attributes, (b) randomized grouping of a larger displayed attribute set into a small fixed input alphabet (key IDs), and (c) parametrizable resistance to capture and inference via repeated sessions, while remaining compatible with high-throughput PoS and ATM constraints (small screens, fast entry, minimal user training, no extra sensors).
Security motivation and threat model fit for PoS: Today’s PoS skimmers typically steal card data and capture a static ZIP code or PIN. With nKode, a simple tap-and-log skimmer that records key presses is insufficient because the key press sequence is only meaningful when paired with the corresponding on-screen challenge. An attacker would need to add a camera (or equivalent screen capture) and then solve an inference problem across multiple observations of the same user to recover the underlying attributes. Based on our work with McCrary, we target configurations where an attacker needs on the order of 5 or more sequential observations to reliably recover a user’s nKode. comparied to static data....
High-risk, high-reward R&D: The technical risk is achieving a strong security–usability frontier concurrently: fast entry time, low error rate, accessibility variants, and quantified resistance to recording and inference attacks. Our Phase I work will produce (1) formal parameterization of layouts, group sizes, and session policies, (2) empirical usability results on realistic PoS/ATM workflows, and (3) measured attack resistance against key-logging, shoulder surfing, and screen-recording plus inference baselines.
Defensible competitive advantage: Our patent claims cover a broad design space of attribute types (images/emojis, alphanumeric symbols, audio cues for visually impaired users, tactile patterns such as braille-like textures) and the grouping/shuffling mechanism across spatial, auditory, tactile, or label-based key groupings. This makes “simple re-skins” and modality pivots harder for fast followers.