Technical Field:
This invention relates to systems where user authentication is required to access the system with the help of a password or security code only or along with the user ID. It provides the immunity to unauthorized keystroke logging of original password’s characters or observation issues while entering the password.

Summary of the Invention:
The present invention is quite useful and easy to implement to overcome any kind of observation vulnerability, say over-the-shoulder or shoulder surfing, cam recording, remote monitoring etc, while entering password. It gives the user peace of mind to just concentrate on entering the password instead of thinking that someone is trying to see his password, this kind of hesitation usually causes him to press wrong keystrokes and to make him enter the password again and again. Even this invention is immune to other kinds of keystroke logging techniques like use of specific key-logging hardware, software or their combination to capture the user keystrokes, or passive monitoring by capturing electronic signals emitted by computer systems while entering the password as user never enters the original password’s characters but merely their respective positions displayed on the display wall. Moreover, this invention is quite useful in a situation where an authorized user required to take someone’s help to enter his password then he may do it without worrying about stealing/misuse of the original password as he just need to tell the positions of the mask keys of the mask block that correspond to the original password’s characters on the display wall.

Description of the Invention:
The present invention aimed to create a procedure or a system where users at least have the peace of mind while entering his password that no one can know what the password he entered even if someone is observing him doing so. Though this invention also provides immunity from the use of key-logging hardware or software or both to steal the user’s password as even if any imposter succeed in doing so he will just get the combination of numbers equals to the length of original password but not the original password’s characters that of no use of him to use it for malicious purposes against the authorized user.

Before understanding the working of this invention we have to get aware ourselves through some terminology and their meaning which are used further while describing it.

CHAR POLICY: This is the heart of the invention and it is described by the institution/organization/company (say Policyholder) who wants to use this invention for its end-users.
The Policyholder will decide the following:
Total number of characters as per their requirement
Kind of characters they require like Alphabets (upper case, lower case), Numerals (0-9) and the special characters (like !,@,$ etc) or their combination
Size of the BLOCK
The selected characters by the policyholder displayed in the BLOCKS to the end-user
A BLOCK is always have more than one char
A particular BLOCK always show the same characters but in a random order every time the user try to sign up or sign. If a BLOCK has three chars, say 234, whenever the display wall is shown to the end-user then that particular BLOCK show those chars to the end-user in a random order, sometimes 432 or 324 or any other combination without repetition that three chars can have.
The right usage of these blocks is necessary to present more difficulty to an imposter to guess the original password. Generally, blocks with one row with many columns are better than blocks with more rows and more columns as they are less spacious and increase the probability level to guess the original password.
Even the BLOCKS positions on the display wall are not fixed; they are arranged in random fashion every time a user tries to sign in.
A BLOCK can be of varying size depending upon the policyholder’s requirement as shown below in the fig 1:

Above shown BLOCKS are the building blocks/elementary blocks of the display wall that are presented to the end-user to set his password, one of such display wall is shown below in the fig 2:

Said display wall is a random combination of all the blocks with all the characters in random fashion to display to the end-user.
Said MASK BLOCK which is used only to enter the password and is always one in number and has the same number of masked chars as the number of chars in the basic building/elementary block like as shown above in the fig 2 with red outlines. Where the basic building block is having nine chars so the mask block.
And this mask block is used by the end-user to enter his password for verification purpose.
Mask block is represented by char X, which is taken from the concept of X-Rays, means rays which were ‘unknown’ to his inventor, similarly X in mask block gives a feeling of ‘unknown’ to the unauthorized person or an imposter while trying to observe or record the keys pressed by the end-user.

The Policyholder also decides which blocks have which chars, like, as shown above in fig 3 there are 13 elementary blocks to display all the required characters to the end-user. Every elementary block has always the same chars irrespective of their position on the display wall. Referring the fig 3, suppose the policyholder sets the red outlined block as B1 which is having EFGH chars but in the random order (GEHF). Now, at the time of sign/login in the same block B1 is shown at another random position on the display wall with its chars in the random order (GFEH), but B1 always has EFGH chars irrespective of its position on the display wall.

Working Theory:
Every system or the data that needs to be protected for unauthorized access always goes through at least two steps, first is the sign up step and second is the login step for the authorized user. At the time a user signs up besides collecting his details to provide him a unique user ID we create and store the one extra field for this user named coPwd, pronounced as co-password. Its length is equal to the length of the original password and it plays a crucial role in determining the blocks of the characters belonging to the original password at the time of user verification step. The process of generation of coPwd is explained with the help of table 1 and 2 shown below.

As this display wall shown in Fig 1 has four blocks named B1, B2, B3 and B4 and each is having different characters for different users as shown in the Table 1:

You can see from the above table 1; for U1 block B1 has digits but for user U2 block B1 has capital letters and so on.

Suppose all the users have the same password G<1>. Now, for user U1 first char of password (G) belongs to block B2 so the its respective first character of coPwd would be 2, next char of password (<) belongs to B4 so the second character of coPwd would be 4 and so on as shown in the Table 2

When a user signs up then we create a coPwd corresponding to the original password that user selects from elementary blocks of the display wall, so it is subject to change whenever user changes his password. This coPwd is required to determine the original password at the time of the user verification process. So, after the signing up process except basic user’s details this coPwd is stored as well. Now, whenever a user wants to login into the system or needs to access the authorized data he must have to provide his password via the mask block keys. To select his password he has to press the mask keys corresponding to the individual password characters and those mask key positions saved in the pwdPos array. Considering the above shown display wall in the Fig 2, suppose user’s original Password is A0B1 and one BLOCK has chars BDCA and another BLOCK has chars Y1Z0 among other eleven BLOCKS (total 13 BLOCKS) then to select his password user will press or tap or select fourth char in the mask block or speak (if this kind of facility is provided by the policyholder) four as A (first char of the password) is at the fourth position in the respective BLOCK (BDCA), again press or tap or select fourth char in the mask block or speak four as 0 (second char of the password) is at the fourth position in the respective BLOCK (Y1Z0) and to enter the third char of the password user has to press or tap or select the first char in the mask block or speak one as B (third char of the password) is at the first position in the respective BLOCK (BDCA) and to enter the fourth and the last char of the password user has to press or tap or select the second char in the mask block or speak two as 1 (fourth char of the password) is at the second position in the respective BLOCK (Y1Z0). Eventually, the pwdPos array has values (4412).
As we have a total 13 blocks with four chars in each block so whenever the user presses or taps or selects the fourth key in the mask block or speak four then it corresponds to 13 characters at fourth position of the each elementary block and the imposter person can never ever know the authorized user’s corresponding intended char. If the imposter somehow record or observe the positions of the mask block keys for the password length of L which were entered by the authorized user then the probability to guess the original password would be 1 out of (B)^L where B is number of elementary blocks on the display wall otherwise it would be 1 out of (N)^L where N is total number of chars on the display wall. So, in this way this invention is purely immune to any kind of password entry observations or recording by means of hardware/software by the unauthorized person or an imposter. After entering the password by the user the collected mask keys positions in the pwdPos array sent to the backend for verification purposes along with the userID. Now, that particular userID has a coPwd, which along with the help of the rule set by the policyholder to assign specific character to the specific blocks used to determine which blocks are used at the time of creating the original password. Those blocks are determined and separated. As now we have the pwdPos array which is having the corresponding password char’s positions which are used to determine the original password’s characters from the separated blocks with the help of coPwd earlier. Once we find out the password it is matched with the stored original password for providing or denying the access to the user based on the match result.

Claims:
Said mask block, which can be part of hardware (like keys of a keypad) or software (like UI buttons), to enter the password for the authentication purpose by the end-user.
1. Which comprises the procedure being used to enter the corresponding positions of the original password’s characters with the help of mask block instead of direct usage of the chars required for the password entry which is done usually by almost all the current systems and apps that makes them vulnerable to different observation techniques which can be used by any imposter person.

Said coPwd and its usage, which determines the right blocks which are having the original password’s characters even if they display randomly every time to the end-user. Without the use of coPwd this invention lost its original purpose of being immune to the observation or recording of vulnerabilities that are faced by the end-user while entering the password.

We Claim:

Said mask block, which can be part of hardware (like keys of a keypad) or software (like UI buttons), to enter the password for the authentication purpose by the end-user.
1. Which comprises the procedure being used to enter the corresponding positions of the original password’s characters with the help of mask block instead of direct usage of the chars required for the password entry which is done usually by almost all the current systems and apps that makes them vulnerable to different observation techniques which can be used by any imposter person.

Said coPwd and its usage, which determines the right blocks which are having the original password’s characters even if they display randomly every time to the end-user. Without the use of coPwd this invention lost its original purpose of being immune to the observation or recording of vulnerabilities that are faced by the end-user while entering the password.