A pass-set is a form of secret authentication data that is used to control access to a resource, thereby providing security. Each time a user wishes to use the resource the user is asked to enter the pass-set. If the entered pass-set is valid, the user is permitted to access the resource, otherwise access is denied.
Pass-set entry requirements are used in a variety of applications. For example, a typical computer user if required to enter pass-sets for a wide variety of purposes, such as logging in to a computer account, retrieving e-mail from servers, accessing certain files, databases, networks, web sites, etc. In banking applications, a bank account holder is required to enter a personal identification number (PIN), in order to access an automated teller machine (ATM) to conduct a banking transaction.
Pass-sets generally contain a string of data including numerical digits, upper/lower case alphabetical characters, and other typeable symbols. Preferably, from a security perspective, the string of data for any given pass-set contains as random a sequence of digits, characters and symbols as possible. While random like sequences are more secure, they are often difficult for users to remember, and users often change the pass-set to something that is easier to remember, for example, the name or other descriptive characteristic of a family member (e.g., a birth date). Unfortunate consequences of simplifying the pass-set, however, are that the pass-set becomes more susceptible to being cracked by a hacker, and the security of the resource becomes compromised.
A pass-set should be kept secret by those who are entitled to access the resource so that secure access of the resource can be maintained. This is easy while users are not accessing the resource. However, the users must reveal the pass-set, to some degree, when requesting access to a resource. While revealing the pass-set may only be for a brief moment in time, it does, nevertheless, render the pass-set vulnerable to being stolen. One of the typical methods to enter the pass-set before accessing the resource is to type in the pass-set from a device such as a keyboard, a number pad, push buttons on a telephone, or the like. Another method is to enter the pass-set verbally into a system that recognizes human voices. A problem with both of these approaches is that an eavesdropper may steal the pass-set by watching or listening to the pass-set being entered. The stolen password then allows the resource to be accessed illegitimately. These problems are compounded by the availability of state-of-the-art keystroke recording and voice recording virus software on computers, since they provide perpetrators the means to pick up the pass-set even if a user is very careful when entering the pass-set. For example, typing in with a shield covering the keyboard or speaking with a low voice would not be a defense against such virus software.
As a result, systems and methods are needed that allow users to securely enter pass-sets for accessing resources without the risk of revealing the pass-sets to others.
The present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements.
Methods and apparatuses for pass-set entry are disclosed. The following description is presented to enable any person skilled in the art to make and use the invention. Descriptions of specific embodiments and applications are provided only as examples and various modifications will be readily apparent to those skilled in the art. The general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the invention. Thus, the present invention is to be accorded the widest scope encompassing numerous alternatives, modifications and equivalents consistent with the principles and features disclosed herein. For purpose of clarity, details relating to technical material that is known in the technical fields related to the invention have not been described in detail so as not to unnecessarily obscure the present invention.
The present invention generally relates to authentication of users for access to resources protected by passwords (i.e., more generally pass-sets), and more particularly to systems and methods for securely entering pass-sets. In one example, an exemplary authenticator device includes an authentication application, an output interface and a user-controls interface. The authentication application is configured to generate aural, visual, audiovisual or tactile messages containing one or more pass-set entry menus, in response to a request to access a pass-set-protected resource by a user of the I/O device. Each of the one or more pass-set entry menus includes one or more items. In one example, the order of the items may be randomized when generated. In a further example, the order of the items is fixed and the start point of the item presented to the user is randomized.
In one example, one output interface at the authenticator device is a display configured to present a generated visual menu for the user to view. The generated visual menu may be a matrix of items, or alternatively, a series of pass-set entry menus. In conjunction with the visual matrix displayed at the authenticator device, the authenticator device transmits audio corresponding to the visual matrix choices to the I/O device for private output to the I/O device user. One exemplary I/O device output interface is a headphone of a headset, in which only a wearer of the headset can hear presented pass-sent entry menu items. In one example, a user-controls interface is configured at the I/O device to assist the user in making a selection from the matrix, or alternatively, each of the one or more pass-set entry menus. Then selections from the user-controls interface are then assembled into a user entered pass-set for authenticating the user's identity by authenticators that control pass-set-protected resources. Since audio messages representing pass-set entry menus displayed on the authenticator device are securely presented to the user via the I/O device headphone, and the user can make selections from the menus by the item number without revealing the matrix selection being made, the problems and shortcomings of prior art approaches are overcome.
In one implementation, the user is presented visually with all the menu choices on their handset or PC with an associated identifier. For example, the identifier may be a letter, number, or combination thereof. Optionally each menu item is put in a random order or has a randomized index number beside it. The user keys in the choices on a headset by scrolling through an audio list of numbers/letters, with a random starting place after each selection, and scrolls and selects the menu items when the identifier is reached. After each selection, the start point is randomized.
In another method, the user uses one or more scroll bars on their handset or PC to traverse through a matrix menu of audio choices, again resetting after each selection and randomizing the start. For example, if the password is {HORSE, HORSE, TIGER, TIGER}, the user scrolls horizontally on a vertical scroll bar on their handset or hearing “insect, animals, vegetables” and stops at the “animals” line. Then using a vertical scroll bar, the user traverses until they hear “HORSE” and hits the select button. This is repeated with the choices on the vertical and horizontal bars randomized. An observer has no idea what was selected as they cannot hear the menu choices.
Advantageously, these methods are easier for users to navigate as complicated menu traversal on a headset is simplified to a linear choice. In one method, headset controls are not even used. Users are much more comfortable making traversals on a handset, or using a mouse and keyboard on a PC typically with an associated control displayed on the screen.
In one example, a system for secure pass-set entry includes an authenticator device including a processor, a display, and a memory storing an authentication application configured to generate a pass-set menu to output in visual format on the display. The system includes a headset device including an output interface configured to securely output audio to a user, the audio including a plurality of identifiers corresponding to the pass-set menu. The headset device further includes a user input interface configured to receive user actions to navigate the plurality of identifiers and receive user selections, and a data interface for transmitting user selections to the authenticator device.
In one example, a system for secure pass-set entry includes an authenticator device and a headset device. The authenticator device includes a processor, a display, and a memory storing an authentication application configured to generate a pass-set menu to output in visual format on the display. The authentication application is further configured to output audio corresponding to the pass-set menu. The headset device is configured to receive the audio corresponding to the pass-set menu from the authenticator device. The headset device includes an output interface configured to securely output audio corresponding to the pass-set menu to the user, a user input interface configured to receive user actions to navigate the pass-set menu and receive user menu selections, and a data interface for receiving audio corresponding to the pass-set menu from the authentication device and transmitting user menu selections to the authenticator device.
In one example, a method for secure pass-set entry includes generating a pass-set menu at an authenticator device, outputting the pass-set menu in a visual format on an authenticator device display, and securely outputting an audio associated with the pass-set menu at a headset device. The method further includes receiving user actions at the headset device to navigate the pass-set menu and receive user menu selections, where the user actions are responsive to the pass-set menu in the visual format in conjunction with the audio securely output at the headset device. The user actions are transmitted from the headset device to the authenticator device. In one example, the method further includes assembling the user actions into a user-entered pass-set.
In one example, a system for secure pass-set entry includes an authenticator device and a headset device. The authenticator device includes a processor and a memory storing an authentication application configured to generate a pass-set menu and configured to transmit audio corresponding to the pass-set menu to a device remote from the authenticator device. The authenticator device also includes a user interface configured to receive user actions to navigate the pass-set menu and receive user menu selections, where responsive to the user actions audio corresponding to a new menu position or a new menu is transmitted to the device remote from the authenticator device. The headset device is configured to receive the audio corresponding to the pass-set menu from the authenticator device. The headset device includes a user output interface configured to securely output audio corresponding to the pass-set menu to the user.
In one example, a method for secure pass-set entry includes generating a pass-set menu at an authenticator device and securely outputting an audio associated with the pass-set menu at a headset device. User actions are received at the authenticator device to navigate the pass-set menu and receive user menu selections, where the user actions at the authenticator device are responsive to the audio securely output at the headset device. The method further includes responsively transmitting audio to the headset device from the authenticator device.
In one example, a method for secure pass-set entry includes generating a pass-set menu having a fixed order of items, randomizing a start point of menu item output, and securely outputting an audio associated with the pass-set menu corresponding to a next menu item at a headset device. User actions are received corresponding to a next item command, a previous item command, or an item selection command, the user actions responsive to the audio securely output at the headset device. User actions are tracked corresponding to the next item command and the previous item commands. The method further includes deter mining a selected item using the start point and the tracked user actions corresponding to the next item command and the previous item commands.
In one example, a method for secure pass-set entry includes generating a pass-set menu at headset device, transmitting the pass-set menu to an authenticator device, outputting the pass-set menu in a visual format on an authenticator device display, and securely outputting an audio associated with the pass-set menu at the headset device. The method further includes receiving user actions at the headset device to navigate the pass-set menu and receive user menu selections, the user actions responsive to the pass-set menu in the visual format in conjunction with the audio securely output at the headset device. The user actions are transmitted from the headset device to the authenticator device.
Referring first to
According to one embodiment, data communication between the I/O device 104 and the authenticator 102 is transmitted via a wired link 108 (e.g., a Universal Serial Bus (USB)) as shown in
In the systems 11 and 12, an authentication application is installed on either or both of the authenticator 102 and the I/O device 104. While the term “headset” has various definitions and connotations, for the purposes of this disclosure, the term is meant to refer to either a single headphone (e.g., a monaural headset) or a pair of headphones (e.g., a binaural headset capable of outputting audio in a private manner directly into the user ear), which include(s) or does not include, depending on the application and/or user-preference, a microphone that enables voice recognition.
Referring now to
In a more complex form, elements of a pass-set may include words instead of characters. For example, there are three positions with respective elements: “small”, “yellow”, and “apple” in an exemplary pass-set 206 as shown in
According to one example, the authentication application allows a user of the I/O device to enter pass-set securely by generating one or more pass-set entry menus. Each of the menus includes at least one item for the user to make a selection. In one example, the order of the items in each menu can be randomized when generated to improve security. In a further example, the order of the items in each menu remains fixed, but the start point within the menu in presenting the menu items to the user is randomized. The user selection (e.g., item number of the selected item) is then assembled to form a user entered pass-set. In one example, a single menu is generated consisting of a menu matrix of all the possible choices and presented visually to the user.
In one implementation, menu or menus are presented to the user in visual format on a display at the authenticator device. As the user manipulates a control on the I/O device, choices corresponding to the menus are securely presented to the user via audio messages in the I/O device, so that the menu choices being presented and selected cannot be overheard or seen by others. In one example, the user navigates the menus or matrix and makes selections with the user controls interface at the I/O device. In this manner, security of the pass-set entry is improved by dividing presentation and selection/navigation between the authenticator device and I/O device.
In a further implementation, the menus are securely presented to the user via aural, visual or audiovisual messages in the I/O device, so that the menus cannot be overheard or seen by others. In one example, the user navigates the menus or matrix and makes selections with the user controls interface at the authenticator device. In this manner, ease of menu navigation and item selection is improved since the user controls interface at the authenticator device may be larger and/or offer more features as it is on a larger device.
Referring to
Assuming the pass-set 206 of
Advantageously, visual choices are presented without necessarily requiring privacy. Furthermore, pass-set system components are distributed between the handset and headset, providing increased security to overcome malware such as keystroke recording or voice recording virus software.
To generate pass-set entry menus from an authentication application, the authenticator possesses all of the information for the authentication. In one example where menus are displayed visually on the authenticator device, the pass-set menus are typically on the authenticator device, and the I/O device communicates encoded (and preferably encrypted) numbers/letters to the authenticator device as PIN entries. Alternative based on the above would be to send menus first to the authenticator device from the I/O device (preferably after a mutual authentication) and then send the appropriate code. The advantage of this alternative is that the domain of possibilities is unknown to the system until logon time which makes guessing even harder. Furthermore, easily remembered menus are transported on the portable I/O device and the local system I/O device providing the user interface does not have to download them from the authenticator device if it is different.
In a further example, menus are sent from the host/authenticator device as audio, which is preferably encrypted. The I/O device may store a fixed set of menus, and the host/authenticator device sends (preferably encrypted and after mutual authentication) code that causes the I/O device to play the custom audio menus generated in the I/O device.
In one example, meta-data or meta-information for generating each of the one or more pass-set entry menus are transmitted to the I/O device. The meta-data comprises the relationship between pass-set entry menus and the position of the pass-set, how many items, order of the items, item data. The item data may be directly or indirectly referenced. The number of items in a pass-set entry menu may be varied and the order of the items is optionally randomized when the authentication application creates the menu. As a result, the menu presented to the user may be different each time, even if the menu is meant for entering a selection of a same position in a pass-set. These features may render the overseen or heard user's selection useless because the menu may be presented with different number of items in a totally different order.
In one example, because item data in each of the menus are securely presented to the user with aural, visual or audiovisual messages, each of the item data must be in a playable format (e.g., waveform audio format (“.wav file”), QuickTime movie file (“.mov file”)). One technique is to store the item data in the playable format (i.e., directly referenced) on the authenticator then transmitting to the I/O device. Alternatively, the item data may be stored as non-playable forms (e.g., text file, phoneme file, etc. The playable format of the item data is then generated in the I/O device from the received corresponding text file (e.g., text-to-speech (TTS)).
Alternatively, the item data may stored as numerical indices 223 (i.e., indirectly referenced) in the pass-set entry menus 218 as shown in
When more than one pass-set entry menus are presented to a user, the menus can be order independent or dependent. The order dependent pass-set entry menus are explained using an example in
Referring to
Another exemplary pass-entry method is shown in
While the exemplary methods shown in
In one example, the user-controls interface 538 is configured to facilitate a user to traverse each of the pass-set entry menus presented in the display 540 and/or at the I/O device 41 to confirm a selection of an item from the menu. The user-controls interface 538 may comprise a variety of switches, buttons and other controls, for example, mechanical button, slide switch, touch sense control, mouse, keyboard, voice recognition system with a microphone, or other interfaces that recognize user's intention to make a selection from a pass-set entry menu.
The data communication interface 432 is configured to provide data transmission to and from an authenticator. The processor 434 together with a pass-set authentication application installed thereon and the memory device 436 are configured to generate output messages containing the one or more pass-set entry menu. The output messages may be aural, visual or audiovisual. The output interface 440 is configured to securely present the generated output messages in such way that only the user of the I/O device 41 can see or hear. For example, a headphone of a headset allows aural messages only for a user to listen to. A personal heads-up display may be incorporated in a visor or helmet only for the wearer to view. One or more haptic devices may also or alternatively be used to present pass-entry choices or menus in tactile form to the user (e.g., by vibrating the I/O device).
In one example, the user-controls interface 438 is configured to facilitate a user to traverse each of the pass-set entry menus presented in the output interface 440 and to confirm a selection of an item from the menu. The user-controls interface 438 may comprise a variety of switches, buttons and other controls, for example, mechanical button, slide switch, touch sense control, mouse, keyboard, voice recognition system with a microphone, motions sensor (nodding head for yes), or other interfaces that recognize user's intention to make a selection from a pass-set entry menu.
In a further example, instead of audio transmission from authenticator device 51 to I/O device 41, audio is stored at the I/O device 41 corresponding to a plurality of selectable choices. For example, the audio stored at the I/O device 41 may be simple universal numerical identifiers such as numerals 0-9. Such universal numerals 0-9 may correspond to choices available for selection from the pass-set menu viewed on display 540.
In one example, the pass-set menu is a matrix of images as shown in
The I/O device 41 includes an output interface configured to securely output audio corresponding to the pass-set menu to the user 606, a user input interface configured to receive user actions/selections to navigate the pass-set menu and receive user menu selections, and a data interface for receiving audio corresponding to the pass-set menu from the authentication device 51 and transmitting encrypted user menu selections to the authenticator device 51. In one example, the output interface of the I/O device 41 is a headphone allowing the user to listen to the audio corresponding to the pass-set menu securely. In one example, the user input interface of the I/O device 41 is an interface configured to navigate a list of menu items in a forward and reverse direction. The authenticator application is configured to receive user menu selections from the I/O device 41 and assemble the user menu selections into a user-entered pass-set.
In one example, each of the one or more pass-set entry menus is independent to each other and are not stored at the I/O device 41. The meta-data for generating all of the menus is encoded and sent from the authenticator device 51 to the I/O device 41 at once. The user 506 makes a selection (e.g., item number of the selected item) in each of the menus until a user entered pass-set is assembled in the I/O device 41. Then the user entered selections are optionally encoded before being sent back to the authenticator device 51.
In one example, the pass-set entry menus are order dependent (e.g.,
In a further example, pass-set entry menus are generated at I/O device 41 and then transmitted to authenticator device 51. The pass-set entry menus are presented visually to the user at display 540 of the authenticator device 51. Audio is output at the I/O device 41 corresponding to a plurality of selectable choices. User menu selections are received at the I/O device 41 and transmitted to authenticator device 51.
The authenticator device 51 also includes a user-controls interface 538 configured to receive user actions from user 606 to navigate the pass-set menu and receive user menu selections, where responsive to the user actions audio corresponding to a new menu position or a new menu is transmitted to the I/O device 41 from the authenticator device 51. In one example, the user-controls interface 538 is a scroll wheel.
The I/O device 41 is configured to receive the audio corresponding to the pass-set menu from the authenticator device 51. The I/O device 41 includes a user output interface configured to securely output audio corresponding to the pass-set menu to the user 606. In one example, the user output interface is a headphone allowing the user to listen to the audio corresponding to the pass-set menu securely.
In
The process holds an idle state until the authenticator device detects a user request at block 802. At block 804, a pass-set entry menu is generated. At block 806, the pass-set menu is output in visual format at an authentication device display. At block 808, the authenticator device encodes and sends audio associated with the generated pass-set menu to an I/O device configured for secure pass-set entry. This is an optional step and is only needed if the I/O device does not have the menu choices already. At block 810, the received audio is securely output at the I/O device for the user to make a selection. As described previously, in a further example audio presenting the user with selectable choices corresponding to the pass-set menu is generated and output directly at the I/O device and need not be sent from authenticator device.
At decision block 812, the authenticator device waits for receiving the user selection within a pre-defined time period. If no at decision block 812, the process moves to another decision block 814. If the user has attempted pass-entry more than the allowable failed attempts, and the result of decision block 814 is yes and the user is denied access until an authorized agency clears the situation at block 818. Otherwise, the authenticator device issues a time out message to the I/O device at block 816 and the process goes back to the idle state waiting for another request.
If yes is the result of decision block 812, the authenticator device decodes the received user selection if required at block 820. Next at decision block 822, it is determined whether selections for the pass-set are complete. If no, the process returns to block 804 to create the subsequent pass-set entry menu until decision block 822 becomes no. If yes at decision block 822, at block 824 the user selections are assembled into a user entered pass-set.
At decision block 826, it is determined whether the user enter pass-set is valid (i.e., the received user pass-set is compared to the correct pass-set in a database). If yes at decision block 826, at block 834 permission to access the resource is granted to the user and the counter for the number of allowable pass-set entry attempts is reset. The process goes back to the idle state.
Otherwise if decision block 826 is no, the process moves to decision block 828. At decision block 828, it is determined whether the number of pass-set entry attempt has exceeded the number of allowed attempts. If yes, the user is denied access until the situation can be cleared by an authorized agency at block 832 and the process goes back to the idle state thereafter. Otherwise, the process moves to block 830 in which the authenticator device allows the user another pass-set entry attempt. As a result, the process moves back to block 804 to repeat the authentication procedure until either the permission is granted or denied.
At block 908, the received audio is securely output at the I/O device for the user to make a selection. At decision block 910, the authenticator device waits for receiving the user selection within a pre-defined time period, where the user selection is made at a user-controls interface at the authenticator device. If no at decision block 910, the process moves to another decision block 912. If the user has attempted pass-entry more than the allowable failed attempts, and the result of decision block 912 is yes, the user is denied access until an authorized agency clears the situation at block 916. Otherwise, the authenticator device issues a time out message to the I/O device at block 914 and the process goes back to the idle state waiting for another request.
If yes is the result of decision block 910, at decision block 918 it is determined whether there is an additional menu to present to the user. If yes at decision block 918, the process returns to block 904. If no at decision block 918, at decision block 920 is determined whether the user enter pass-set is valid (i.e., the received user pass-set is compared to the correct pass-set in a database). If yes at decision block 920, at block 928 permission to access the resource is granted to the user and the counter for the number of allowable pass-set entry attempts is reset. The process goes back to the idle state.
Otherwise if decision block 920 is no, the process moves to decision block 922. At decision block 922, it is determined whether the number of pass-set entry attempt has exceeded the number of allowed attempts. If yes, the user is denied access until the situation can be cleared by an authorized agency at block 926 and the process goes back to the idle state thereafter. Otherwise, the process moves to block 924 in which the authenticator device allows the user another pass-set entry attempt. As a result, the process moves back to block 904 to repeat the authentication procedure until either the permission is granted or denied.
In certain examples, instead of randomizing the items on a given menu, the menu order is retained, only the starting point of the menu list is randomized. For example, assume the user PIN is {PEACH, FLY, IRON}. The user navigates through each item in a menu using up/down buttons (up takes the user forward in the menu, down takes the user backwards). At each position, the menu item is heard as an audible prompt.
The menu collection is as follows:
When the menus are played for user selection, the first item they hear is randomized. For example, menu #1 starts on item 4, menu #2 starts on item 2, and menu #3 starts on 4. The menus can wrap, whereby a down action on the last item takes you to the first item, and up action on first item takes you to the last item. The user item selected for each menu is captured by the application software (by keeping track of up/downs and the starting location to control navigation) and sent to the PIN/password authenticator (encrypted or not as desired). For example, the application would report {2,4,3} as the items selected from the collection of menus.
The navigation control could also be a linear or circular slider, or rotating wheel, or a linear or circular collection of buttons representing each choice. For the rotating wheel or linear button navigation controls, the menu order is maintained but the choices are distributed circularly-rotated among the buttons based on starting point. On sliders and wheels, the number of menu items traversed can agree with the speed of the finger on the control allowing for large quantities of choices to be bypassed as the user searches for the desired item. As they narrow in on their choices and move the finger more slowly, the resolution can increase.
The actual location of a menu item is still randomized. An observer cannot detect which item is selected because the relative starting location is not known. In another aspect, the menu items are part of an ordered set (numerical, alphabetical, or some other property of the items).
If the PIN is numerical, a randomized collection of numbers is often more difficult to sort through. Advantageously, if the menu items are numbers, and presented in increasing or decreasing value, the user can more easily navigate to the correct choice. This is significant when there are a significant number of choices on each menu. If the user can tell “where they are” in the set of selections by being aware of a inherent order of the choices and listening to a sampling of choices, they can skip more quickly (on a slider for example) to the region of interest for their selection. An example of this might be entering a social security number, and having 1000 choices on the first menu, 100 choices on the second, and 10,000 choices on the last one. With large numerical choices for each menu, having only 3 menus is many times stronger than a standard 4-digit PIN. Non-numerical menus can also take advantage of this by having alphabetized categories for animals, flowers, etc. and achieve very large user choice spaces (and therefore security).
The process holds an idle state until the authenticator device detects a user request at block 1002. At block 1004, a pass-set entry menu is generated having a fixed order of items. At block 1006, the authenticator or I/O device randomizes the start point of the menu at which to begin presenting items to the user. The start point of the menu is recorded for use in determining the user item selection. At block 1008, in one embodiment, the authenticator device encodes and sends audio corresponding to the next menu item to the I/O device. In a further example, the menus are not originated at the authenticator. At block 1010, the received audio corresponding to the next menu item or previous menu item is securely output at the I/O device.
At block 1012, it is determined whether a user next/previous item command has been received or an item selection command has been received at the authenticator device. If a next/previous item command has been received, at block 1014 a next/previous item command counter is updated as appropriate based on whether the user has selected next item or previous item. The next/previous item command counter is utilized in determining where the user is within the menu of items relative to the recorded randomized start point. Following block 1014, the process returns to block 1010. If an item selection command has been received at block 1012, at block 1016 the selected item is determined using the recorded start point and the next/previous item command counter.
At decision block 1018 it is determined whether there is an additional menu to present to the user. If yes at decision block 1018, the process returns to block 1004. If no at decision block 1018, at decision block 1020 is determined whether the user enter pass-set is valid (i.e., the received user pass-set is compared to the correct pass-set in a database). If yes at decision block 1020, at block 1028 permission to access the resource is granted to the user and the counter for the number of allowable pass-set entry attempts is reset. The process goes back to the idle state.
Otherwise if decision block 1020 is no, the process moves to decision block 1022. At decision block 1022, it is determined whether the number of pass-set entry attempt has exceeded the number of allowed attempts. If yes, the user is denied access until the situation can be cleared by an authorized agency at block 1026 and the process goes back to the idle state thereafter. Otherwise, the process moves to block 1024 in which the authenticator device allows the user another pass-set entry attempt. As a result, the process moves back to block 1004 to repeat the authentication procedure until either the permission is granted or denied.
Although the present invention has been described with reference to specific embodiments thereof, these embodiments are merely illustrative, and not restrictive of, the present invention. Various modifications or changes to the specifically disclosed exemplary embodiments will be suggested to persons skilled in the art. For example, while the I/O device has been shown and described as a headset comprising a binaural headphone having a headset top that fits over a user's head, other headset types including, without limitation, monaural, earbud-type, canal-phone type, etc. may also be used. Depending on the application, the various types of headsets may include or not include a microphone for enabling voice recognition. Moreover, while some of the exemplary embodiments have been described in the context of a headset, those of ordinary skill in the art will readily appreciate and understand that the methods, system and apparatus of the invention may be adapted or modified to work with other types of head-worn electronic devices such as personal heads-up display device or a haptic device that vibrates choices. In summary, the scope of the invention should not be restricted to the specific exemplary embodiments disclosed herein, and all modifications that are readily suggested to those of ordinary skill in the art should be included within the spirit and purview of this application and scope of the appended claims.