WO2013089717A1 - Systems and methods for secured entry of user authentication data - Google Patents

Systems and methods for secured entry of user authentication data Download PDF

Info

Publication number
WO2013089717A1
WO2013089717A1 PCT/US2011/065018 US2011065018W WO2013089717A1 WO 2013089717 A1 WO2013089717 A1 WO 2013089717A1 US 2011065018 W US2011065018 W US 2011065018W WO 2013089717 A1 WO2013089717 A1 WO 2013089717A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
pattern
virtual keypad
keypad
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2011/065018
Other languages
French (fr)
Inventor
Arupratan Gupta
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to EP11877287.0A priority Critical patent/EP2792207A4/en
Priority to CN201180075484.0A priority patent/CN104024988A/en
Priority to US13/977,579 priority patent/US9860224B2/en
Priority to PCT/US2011/065018 priority patent/WO2013089717A1/en
Publication of WO2013089717A1 publication Critical patent/WO2013089717A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • G06F3/0233Character input methods
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • G06F3/0238Programmable keyboards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • G06F3/04886Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures by partitioning the display area of the touch-screen or the surface of the digitising tablet into independently controllable areas, e.g. virtual keyboards or menus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1033Details of the PIN pad
    • G07F7/1041PIN input keyboard gets new key allocation at each use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • PIN personal identification number
  • Fig. 1 illustrates a block diagram of a contactless mobile financial transaction system.
  • Fig. 2 is a block diagram illustrating additional details of a mobile device described with reference to Fig. 1.
  • the illustrated portions implement tools and techniques to improve security of receiving user authentication data described herein.
  • Fig. 3 is a block diagram illustrating additional details of a financial transaction computer (FTC) described with reference to Fig. 1.
  • the illustrated portions implement tools and techniques to improve security of receiving user authentication data described herein.
  • Fig.'s 4A, 4B, 4C, and 4D are a series of displays that illustrate additional details of a GUI to randomize a layout pattern for keys of a virtual keypad described with reference to Fig's. 1, 2 and 3.
  • Fig. 5 a flow diagram illustrating a process to implement the techniques described herein for securely receiving user authentication data.
  • the keypad display emulates a physical keypad used for data entry of the user authentication data.
  • a predictable co-relationship exists between a finger position and a fixed numeric value associated with a key.
  • the keypad display that changes randomly eliminates the predictability of the co- relationship between the key position and key value.
  • the position of a key having a particular numeric value or a numeric value associated with a key placed in a particular position may be changed randomly.
  • a finger positioned, for example, in a left-hand-corner of the keypad may be associated with a numeric value of 1 in a first instance of display of the keypad.
  • the finger positioned in the same left- hand-corner of the keypad may be associated, for example, with a randomly generated numeric value of 7 in a second instance of display of the keypad.
  • the security of the keypad for receiving user authentication data may be further enhanced by incorporating additional display controls, such as lower brightness, lower contrast, blinking, and others, of a keypad display to make it more challenging for thieves to read displayed numeric values from a distance.
  • additional display controls such as lower brightness, lower contrast, blinking, and others.
  • a user may use a mobile device to process a contactless financial transaction with a smart keypad application solution (simply referred to as a SmartKeypad App).
  • the SmartKeypad App is similar to an App program developed for an Apple or Android or Windows cellular phone that may be purchased from an Internet App Store web site or may be pre-loaded into the mobile device by the manufacturer.
  • the mobile device is configurable to perform wireless communications for: 1) contacting other mobile phone users or accessing Internet based services, and 2) authorizing a financial transaction between the mobile device and a POS terminal that is located within a close proximity such as cash withdrawal, or making a purchase with mobile payment.
  • the SmartKeypad App uses the same intuitive, graphical user interface (GUI) display available on a mobile device to manage user interaction related tasks. The GUI improves the security of receiving user authentication data entered by a user by randomizing the layout or arrangement of a keypad displayed on a screen of the mobile device.
  • GUI graphical user interface
  • a computer system such as an ATM or a POS terminal, typically operable by a vendor, may be used to process a contact based financial transaction.
  • a contact based financial transaction may include cash withdrawals with an ATM card or purchases made with a debit card that require swiping of the card and an entry of user authentication data to complete the transaction.
  • the computer system includes an interactive display device for generating displays on a display screen and an input device to receive user authentication data.
  • a graphical user interface (GUI) display is configured to manage user interaction related tasks. The GUI improves the security of receiving user authentication data entered by a user by randomizing the layout or arrangement of a keypad displayed on the screen of the computer system.
  • Fig. 1 illustrates a block diagram of a contactless mobile financial transaction system 100 configured to process a financial transaction between two computing devices, e.g., a buyer's computer and a seller's computer, using contactless wireless communications there between.
  • the contactless mobile financial transaction system 100 includes a mobile device 110 operated by a user to wirelessly communicate with a financial transaction computer (FTC) 120 such as an ATM or a POS terminal that may be operated by the vendor.
  • FTC financial transaction computer
  • the mobile device 110 is configured to provide secured entry of user authentication data that may be requested by the vendor's FTC 120 to authorize a financial transaction.
  • FTC financial transaction computer
  • any communication network or device described herein may be implemented as a wired or wireless network or device.
  • the mobile device 110 is configurable to wirelessly communicate with: 1) FTC 120 using an interface 132 for short distance communications, and 2) web sites via the Internet and with other wireless cellar phone users using interface 134 for communications with one or more communication networks 136.
  • the interface 132 includes two components, one component, which is included in the mobile device 110, and another component which is included in the FTC 120.
  • the interface 132 may utilize a communications standard that may be designed for short distance communications such as an encrypted near field communications (NFC) standard or a Bluetooth standard.
  • the interface 134 may be based on IEEE 802.XX family of standards for wireless communications. Additional details of the mobile device 110 are described with reference to Fig. 2.
  • a SmartKeypad App 150 is a software program that may be configured to randomize the position of keys displayed on a keypad (may also be referred to as a keyboard) for receiving a secured user input.
  • the SmartKeypad App 150 may purchased from an App store hosted on the Internet (similar to App stores marketed by Apple, Google, and Microsoft), downloaded to the mobile device 110, and launched (or executed or activated) automatically upon startup of the mobile device 110.
  • the SmartKeypad App 150 may be provided as a standard, pre-loaded feature of the mobile device 110 by its manufacturer.
  • the SmartKeypad App 150 leverages the intuitive and easy-to-use graphical user interface (GUI) 160 of the mobile device 110 for user interaction.
  • GUI graphical user interface
  • the SmartKeypad App 150 customizes the GUI 160 for improving security of data entry tasks or operations by randomizing the position of keys displayed on a keypad. Additional details of the GUI 160 to perform various keypad display related tasks or operations are described with reference to Fig's. 4A, 4B, 4C, and 4D.
  • the mobile device 110 and FTC 120 are both computing devices (or computer systems) that may include hardware, firmware, and/or software, which are configured to perform, at least in part, the techniques described herein.
  • the contactless mobile financial transaction system 100 shown in Fig. 1 may be easily adapted to process contact based financial transactions that use a computer readable card and an associated PIN entry for authorizing the transaction. Examples of contact based financial transactions may include cash withdrawals using ATM cards and purchases made with debit cards at a POS terminal.
  • a user may enter PIN data on a display of the FTC 120 instead of entering the PIN data on a display of the mobile device 110.
  • Fig. 2 is a block diagram illustrating additional details of a mobile device described with reference to Fig. 1.
  • the mobile device 110 which is a type of a computing device or a computer system, includes a processor 210 coupled to a bus 220, a memory device 230 coupled to the processor via the bus 220, a first communications module (COM) 240 coupled to the processor 210 via the bus 220, a second COM 250 coupled to the processor 210 via the bus 220, and a user interaction device 260 coupled to the processor 210 via the bus 220.
  • COM communications module
  • the user interaction device 260 may include a display 270 and an input device 280 such as a touch screen, a mouse, a trackball, or similar other cursor positioning peripheral configured to receive user input.
  • the display 270 is configured to provide the GUI 160 for user interaction.
  • the input device 280 may include a smaller sized QWERTY type fixed keypad for user input.
  • the display 270 and the input device 280 may be configured as separate components that may be directly coupled to the bus 220. It should be understood that depending on the computing load more than one processor may be included in the mobile device 110.
  • the memory device 230 is operable to store instructions or commands 232 that are executable by the processor 210 to perform one or more functions.
  • the term "computer system” is intended to encompass any device having a processor that is capable of executing program instructions from a memory medium.
  • the processor 210 is operable to execute the instructions 232 associated with the SmartKeypad App 150 for randomizing the position of keys displayed on a keypad for receiving a secured user input via the input device 280.
  • the components of the mobile device 110 may be modules of computer-executable instructions, which are instructions executable on a computer, computing device, or the processors of such devices. While shown here as modules, the components may be embodied as hardware, firmware, software, or any combination thereof. The techniques described herein may be performed, as a whole or in part, by hardware, software, firmware, or some combination thereof.
  • the first COM 240 which forms one of the two components of the interface 132, is configured to wirelessly communicate over short distances using a first communication standard.
  • the first communication standard may include a near field communications (NFC) standard configured to provide encrypted communications between any two NFC compliant devices located in very close proximity or a Bluetooth standard.
  • NFC near field communications
  • NFC Near Field Communication
  • the ISO 14443 Type A and Type B standards + FeliCa is a four-part international standard for contact-less smart cards operating at 13.56 MHz in close proximity with a reader antenna.
  • the ISO 18092 standard defines communication modes for NFC Interface and Protocol.
  • the NFC standard enables data transactions, data exchange, and wireless communications between two NFC compliant devices in close proximity to each other, e.g., located approximately within 20 centimeters.
  • the NFC standard compliant devices may be configured to automatically discover one another.
  • the mobile device 110 may be configured to query the FTC 120 and establish the wireless link.
  • Set up time for automatically pairing two NFC compliant devices is typically less than 1 millisecond.
  • the Bluetooth standard typically supports communication over longer distances (e.g., up to 30 meters) and requires a longer set up time (e.g., about 5-6 seconds).
  • the second COM 250 is configurable to wirelessly communicate with the communication network(s) 136 using a second communication standard.
  • the second communication standard may be based on IEEE 802.11 family of standards for wireless local area network (WLAN).
  • the mobile device 110 may also be configured to support IEEE 802.16 family of standards for wireless broadband devices such as 3G and 4G cell phones with WiMAX capability.
  • the mobile device 110 is configured to provide secured entry of user authentication data to authorize a financial transaction.
  • the user authentication data may be requested by the FTC 120.
  • the SmartKeypad App 150 may be activated in response to receiving a request from the FTC 120 via the interface 132.
  • the SmartKeypad App 150 incorporates a degree of randomness in a virtual keypad display generated by the GUI 160. Randomness in displaying positions of keys on a keypad or randomness in associating functionality of a key in a particular position on a virtual keypad eliminates a predictable co-relationship that exists in a fixed keypad design, e.g., between a keypad position (and hence a finger position) and a fixed functional value associated with a key in that position.
  • the keys of the virtual keypad display may be arranged in a pattern and displayed on the display 270. The pattern is configurable to be randomly changed at each instance of displaying the virtual keyboard. Additional details of the pattern of keys displayed on a virtual keypad are described with reference to Fig's. 4A, 4B, 4C, and 4D.
  • a virtual keypad is a display emulating a physical keypad (not shown). Like the physical keypad, the virtual keypad is configurable to receive user input via the input device 280. Unlike the physical keypad, the pattern (which may also be referred to as an arrangement or a layout) of the keys of the virtual keypad may be randomly changed per application needs. In addition, unlike the physical keypad, a function associated with a particular key or with a key position may also be randomly changed in the virtual keypad. Additional details of the GUI 160 that randomizes the position of keys displayed on a virtual keypad are described with reference to Fig's. 4A, 4B, 4C, and 4D.
  • the tools and techniques for randomizing patterns of keys for improved security are described with reference to a virtual keypad, the same tools and techniques may also be applied to fixed keys on a keypad if the visible identification on the fixed key may be changed by electronic techniques, e.g., by selecting fixed keys that are backlight by a LED or LCD device that is configurable to display changing values.
  • Fig. 3 is a block diagram illustrating additional details of a financial transaction computer (FTC) 120 described with reference to Fig. 1.
  • the FTC 120 and the mobile device 110 are both computing devices that may be configured to have substantially the same computer system components (e.g., hardware, firmware, software, or any combination thereof) except for types of peripheral devices and loading/performance specifications for the components.
  • the FTC 120 includes a processor 310 coupled to a bus 320, a memory device 330 coupled to the processor via the bus 320, an optional third communications module (COM) 340 coupled to the processor 310 via the bus 320, an optional fourth COM 350 coupled to the processor 310 via the bus 320, and a user interaction device 360 coupled to the processor 310 via the bus 320.
  • the user interaction device 360 may include a display 370 and an input device 380 such as a touch screen, a mouse, a trackball, or similar other cursor positioning peripheral configured to receive user input.
  • the display 370 is configured to provide the GUI 160 for user interaction.
  • the input device 380 may include a card reader to read an ATM card or debit card information, and a QWERTY type fixed keypad for user input.
  • the display 370 and the input device 380 may be configured as separate components that may be directly coupled to the bus 320.
  • the FTC 120 and the mobile device 110 may also be configured to provide substantially similar functionality such as launching the SmartKeypad App 150 to randomize a layout pattern for keys of a virtual keypad displayed on the display 370.
  • the optional third COM 340 may be configured to wirelessly communicate over very short distances, e.g., within a close proximity of about 20 centimeters, using the first communication standard described with reference to Fig. 2.
  • the first communication standard may include a near field communications (NFC) standard configured to provide encrypted communications between any two NFC compliant devices.
  • the first communication standard may also include the Bluetooth standard.
  • the optional fourth COM 350 may be used to communicate with other computing devices via the communication network(s) 136.
  • the memory device 330 is operable to store instructions 332 that are executable by the processor 310 to perform one or more functions.
  • the processor 310 of the FTC 120 is operable to execute instructions or commands 332 received from the user or ATM/POS terminal operator and perform actions to process financial transactions including SmartKeypad App 150 to securely obtain user authentication data.
  • the components of the FTC 120 may be modules of computer-executable instructions, which are instructions executable on a computer, computing device, or the processors of such devices. While shown here as modules, the components may be embodied as hardware, firmware, software, or any combination thereof. The techniques described herein may be performed, as a whole or in part, by hardware, software, firmware, or some combination thereof.
  • FIG.'s 4A, 4B, 4C, and 4D are a series of displays that illustrate additional details of the
  • GUI 160 of the mobile device 110 to randomize a layout pattern for keys of a virtual keypad.
  • the series of displays are described with reference to the mobile device 110, it is understood that the FTC 120 may also be configured to provide substantially the same series of displays.
  • the SmartKeypad App 150 which may be stored in the memory device 230 of the mobile device 110, may be launched or activated in response to receiving a request for providing user authentication data.
  • the SmartKeypad App 150 may launch the GUI 160 for displaying the virtual keypad on the display 270.
  • a virtual keypad display 410 is shown to include a first pattern or arrangement of the keys.
  • the first pattern shown includes the virtual keypad display 410 emulating a physical keypad having at least 12 keys, e.g., a 12-digit numeric arranged in a 4x3 matrix. It is understood that the virtual keypad display 410 may be configured to include MxN number of keys arranged in a MxN matrix, M and N being integers.
  • the first pattern which may be described as a standard pattern, is often used as a default pattern for arranging the numeric keys of the physical keypad included on many landline based telephones and some cellular phones.
  • a virtual keypad display 420 is shown to include a second pattern or arrangement of the keys.
  • the second pattern shown in the virtual keypad display 420 is different from the first pattern shown in the virtual keypad display 410, although both patterns conform to a 4x3 matrix arrangement of the 12 keys. That is, a left-hand-corner key position of the keypad in the first pattern may be associated with a particular function, e.g., a numeric value of 1, in a first instance of display of the virtual keypad.
  • the same left-hand-corner key position of the keypad in the second pattern may be associated with a randomly generated function, e.g., a numeric value of 7, in a second instance of display of the virtual keypad.
  • the first and second patterns are shown to conform to the 4x3 matrix arrangement of the 12 keys, it is understood that the randomized pattern may be configured to display the 12 keys arranged in a 3x4 matrix.
  • the randomized pattern for the arrangement of the keys e.g., the first pattern and the second pattern, may be configured to be randomly generated by the SmartKeypad App 150 at each instance of receiving a request from the FTC 120 for providing user authentication data to the FTC 120.
  • the second pattern shown in the virtual keypad display 420 may be randomly generated from the first pattern shown in the virtual keypad display 410 by randomly swapping positions of any two sets of elements of the 4x3 matrix aligned in one direction, e.g., by simply swapping rows 1 and 3 of the 4x3 matrix.
  • a virtual keypad display 430 is shown to include a third pattern or arrangement of the keys.
  • the third pattern shown in the virtual keypad display 430 may be randomly generated from the first pattern shown in the virtual keypad display 410 by swapping positions of any two sets of elements of the 4x3 matrix aligned in one direction, e.g., by simply swapping columns 1 and 3 of the 4x3 matrix. It is understood that numerous permutations and combinations for generating other randomized patterns for the arrangements of the keys are contemplated.
  • a random number generator may be used to select a randomized pattern from a library of randomized patterns stored in the memory device 230.
  • a virtual keypad display 440 is shown to include a fourth pattern or arrangement of the keys.
  • the fourth pattern shown in the virtual keypad display 440 may be randomly generated from the first pattern shown in the virtual keypad display 410 by clockwise or counter-clockwise rotation of the elements of the 4x3 matrix.
  • the virtual keypad display 440 also includes a key 442 for changing the display controls. A user may select the key 442 for selecting additional display control options, such as lower brightness, lower contrast, blinking, and others.
  • the added display controls improve the security of receiving user authentication data by making it more challenging for others to read keypad values displayed on the virtual keypad display 440 from a distance.
  • Additional tools and techniques to further improve security of receiving user authentication data may include use of N-digit PIN numbers (N being an integer), use of alphanumeric PIN numbers, use of biometric data, and similar others.
  • Example Process Fig. 5 is a flow diagram illustrating a process 500 that implements the techniques described herein for securely receiving user authentication data.
  • the process is illustrated as a collection of blocks in a logical flow graph, which represents a sequence of operations that may be implemented in hardware, software, or a combination thereof.
  • the blocks represent computer instructions that, when executed by one or more processors of such a computer, perform the recited operations.
  • Note that the order in which the process is described is not intended to be construed as a limitation, and any number of the described process blocks may be combined in any order to implement the process, or an alternate process. Additionally, individual blocks may be deleted from the process without departing from the spirit and scope of the subject matter described herein.
  • a request for user authentication is received, e.g., from FTC 120 for processing a financial transaction.
  • a virtual keypad that has keys arranged in a randomly generated pattern is displayed.
  • user authentication data that is entered by a user via the virtual keypad is received.
  • the user authentication data is communicated to the FTC 120 using NFC communications standard.
  • the randomly generated pattern is changed at each instance of displaying the virtual keypad.
  • computer-readable media includes computer-storage media.
  • computer-storage media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, and magnetic strips), optical disks (e.g., compact disk (CD) and digital versatile disk (DVD)), smart cards, flash memory devices (e.g., thumb drive, stick, key drive, and SD cards), and volatile and non-volatile memory (e.g., random access memory (RAM), readonly memory (ROM)).
  • magnetic storage devices e.g., hard disk, floppy disk, and magnetic strips
  • optical disks e.g., compact disk (CD) and digital versatile disk (DVD)
  • smart cards e.g., compact disk (CD) and digital versatile disk (DVD)
  • smart cards e.g., compact disk (CD) and digital versatile disk (DVD)
  • flash memory devices e.g., thumb drive, stick, key drive, and SD cards
  • volatile and non-volatile memory e.g., random
  • logic used herein includes hardware, software, firmware, circuitry, logic circuitry, integrated circuitry, other electronic components and/or a combination thereof that is suitable to perform the functions described for that logic.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Telephone Function (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Techniques for improving security of transactions requesting user authentication data entry via mobile devices are described herein. The mobile device is configured to wirelessly communicate using a near field communications (NFC) standard used to communicate over very short distances. The mobile device includes a graphical user interface (GUI) configured to display a virtual keypad arranged in a randomly generated pattern, the pattern being configured to be changed in a random manner at each instance of displaying the virtual keypad. Security of transaction is improved by randomly changing positions of virtual keys of the virtual keypad configured to receive the user authentication data.

Description

SYSTEMS AND METHODS FOR SECURED ENTRY OF USER
AUTHENTICATION DATA
BACKGROUND
With proliferation of the use of contact based payment devices such as ATM cards and debit cards, and newer electronic contactless payment devices such as mobile devices equipped with mobile payment technology, there is a growing security concern about theft of personal and confidential data such as a personal identification number (PIN).
Shoulder surfing performed to observe finger movements of unsuspecting consumers has become a common occurrence at public places of processing business transactions, e.g., at an automated teller machine (ATM), a vending machine, or a point-of-sale (POS) terminal. Professional criminals, thieves, and hackers may easily guess a typical 4-digit PIN number used for a transaction by simply observing finger positions and movements made by a user to enter PIN data. In situations where shoulder surfing may not be practical, surveillance may be performed remotely. These professionals may set up electronic surveillance equipment such as cameras with powerful zoom lenses that may be located far away from the ATM or POS terminal to record finger positions and capture PIN data without the knowledge of the user.
BRIEF DESCRIPTION OF THE DRAWINGS
The Detailed Description references the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and components.
Fig. 1 illustrates a block diagram of a contactless mobile financial transaction system.
Fig. 2 is a block diagram illustrating additional details of a mobile device described with reference to Fig. 1. The illustrated portions implement tools and techniques to improve security of receiving user authentication data described herein.
Fig. 3 is a block diagram illustrating additional details of a financial transaction computer (FTC) described with reference to Fig. 1. The illustrated portions implement tools and techniques to improve security of receiving user authentication data described herein. Fig.'s 4A, 4B, 4C, and 4D are a series of displays that illustrate additional details of a GUI to randomize a layout pattern for keys of a virtual keypad described with reference to Fig's. 1, 2 and 3.
Fig. 5 a flow diagram illustrating a process to implement the techniques described herein for securely receiving user authentication data.
DETAILED DESCRIPTION
Applicants recognize that secured entry of user authentication data for processing a financial transaction is improved by incorporating a degree of randomness in a keypad display that is generated by an interactive display device. The keypad display emulates a physical keypad used for data entry of the user authentication data. In a fixed keypad design, a predictable co-relationship exists between a finger position and a fixed numeric value associated with a key. The keypad display that changes randomly eliminates the predictability of the co- relationship between the key position and key value.
The position of a key having a particular numeric value or a numeric value associated with a key placed in a particular position may be changed randomly. By incorporating randomness in the layout (may also be referred to as a pattern or an arrangement) of a keypad, a finger positioned, for example, in a left-hand-corner of the keypad may be associated with a numeric value of 1 in a first instance of display of the keypad. The finger positioned in the same left- hand-corner of the keypad may be associated, for example, with a randomly generated numeric value of 7 in a second instance of display of the keypad.
The security of the keypad for receiving user authentication data may be further enhanced by incorporating additional display controls, such as lower brightness, lower contrast, blinking, and others, of a keypad display to make it more challenging for thieves to read displayed numeric values from a distance. Tools and techniques described herein such as a randomly changing keypad layout offer solutions to improve security and retain the integrity of user authentication data.
In one application, a user may use a mobile device to process a contactless financial transaction with a smart keypad application solution (simply referred to as a SmartKeypad App). The SmartKeypad App is similar to an App program developed for an Apple or Android or Windows cellular phone that may be purchased from an Internet App Store web site or may be pre-loaded into the mobile device by the manufacturer. The mobile device is configurable to perform wireless communications for: 1) contacting other mobile phone users or accessing Internet based services, and 2) authorizing a financial transaction between the mobile device and a POS terminal that is located within a close proximity such as cash withdrawal, or making a purchase with mobile payment. The SmartKeypad App uses the same intuitive, graphical user interface (GUI) display available on a mobile device to manage user interaction related tasks. The GUI improves the security of receiving user authentication data entered by a user by randomizing the layout or arrangement of a keypad displayed on a screen of the mobile device.
In one application, a computer system such as an ATM or a POS terminal, typically operable by a vendor, may be used to process a contact based financial transaction. Examples of a contact based financial transaction may include cash withdrawals with an ATM card or purchases made with a debit card that require swiping of the card and an entry of user authentication data to complete the transaction.
The computer system includes an interactive display device for generating displays on a display screen and an input device to receive user authentication data. A graphical user interface (GUI) display is configured to manage user interaction related tasks. The GUI improves the security of receiving user authentication data entered by a user by randomizing the layout or arrangement of a keypad displayed on the screen of the computer system.
This brief introduction, including section titles and corresponding summaries, is provided for the reader's convenience and is not intended to limit the scope of the claims, nor the proceeding sections.
The word "example" is used herein to mean serving as an example, instance, or illustration. As used in this application, the term "or" is intended to mean an inclusive "or" rather than an exclusive "or". That is, unless specified otherwise, or clear from context, "X employs A or B" is intended to mean any of the natural inclusive permutations. That is, if X employs A; X employs B; or X employs both A and B, then "X employs A or B" is satisfied under any of the foregoing instances. In addition, the articles "a" and "an" as used in this application and the appended claims should generally be construed to mean "one or more" unless specified otherwise or clear from context to be directed to a singular form. Contactless Mobile Financial Transaction System
Fig. 1 illustrates a block diagram of a contactless mobile financial transaction system 100 configured to process a financial transaction between two computing devices, e.g., a buyer's computer and a seller's computer, using contactless wireless communications there between. The contactless mobile financial transaction system 100 includes a mobile device 110 operated by a user to wirelessly communicate with a financial transaction computer (FTC) 120 such as an ATM or a POS terminal that may be operated by the vendor. The mobile device 110 is configured to provide secured entry of user authentication data that may be requested by the vendor's FTC 120 to authorize a financial transaction. It is understood that, unless otherwise stated, any communication network or device described herein may be implemented as a wired or wireless network or device.
The mobile device 110 is configurable to wirelessly communicate with: 1) FTC 120 using an interface 132 for short distance communications, and 2) web sites via the Internet and with other wireless cellar phone users using interface 134 for communications with one or more communication networks 136. The interface 132 includes two components, one component, which is included in the mobile device 110, and another component which is included in the FTC 120. The interface 132 may utilize a communications standard that may be designed for short distance communications such as an encrypted near field communications (NFC) standard or a Bluetooth standard. The interface 134 may be based on IEEE 802.XX family of standards for wireless communications. Additional details of the mobile device 110 are described with reference to Fig. 2.
A SmartKeypad App 150 is a software program that may be configured to randomize the position of keys displayed on a keypad (may also be referred to as a keyboard) for receiving a secured user input. The SmartKeypad App 150 may purchased from an App store hosted on the Internet (similar to App stores marketed by Apple, Google, and Microsoft), downloaded to the mobile device 110, and launched (or executed or activated) automatically upon startup of the mobile device 110. In some applications, the SmartKeypad App 150 may be provided as a standard, pre-loaded feature of the mobile device 110 by its manufacturer.
The SmartKeypad App 150 leverages the intuitive and easy-to-use graphical user interface (GUI) 160 of the mobile device 110 for user interaction. The SmartKeypad App 150 customizes the GUI 160 for improving security of data entry tasks or operations by randomizing the position of keys displayed on a keypad. Additional details of the GUI 160 to perform various keypad display related tasks or operations are described with reference to Fig's. 4A, 4B, 4C, and 4D.
Although not expressly shown in Fig. 1, the mobile device 110 and FTC 120 are both computing devices (or computer systems) that may include hardware, firmware, and/or software, which are configured to perform, at least in part, the techniques described herein. In one operating scenario, the contactless mobile financial transaction system 100 shown in Fig. 1, may be easily adapted to process contact based financial transactions that use a computer readable card and an associated PIN entry for authorizing the transaction. Examples of contact based financial transactions may include cash withdrawals using ATM cards and purchases made with debit cards at a POS terminal. In this operating scenario, a user may enter PIN data on a display of the FTC 120 instead of entering the PIN data on a display of the mobile device 110.
Mobile Device with Dual Communications and SmartKeypad App
Fig. 2 is a block diagram illustrating additional details of a mobile device described with reference to Fig. 1. The mobile device 110, which is a type of a computing device or a computer system, includes a processor 210 coupled to a bus 220, a memory device 230 coupled to the processor via the bus 220, a first communications module (COM) 240 coupled to the processor 210 via the bus 220, a second COM 250 coupled to the processor 210 via the bus 220, and a user interaction device 260 coupled to the processor 210 via the bus 220.
The user interaction device 260 may include a display 270 and an input device 280 such as a touch screen, a mouse, a trackball, or similar other cursor positioning peripheral configured to receive user input. The display 270 is configured to provide the GUI 160 for user interaction. Although not shown, the input device 280 may include a smaller sized QWERTY type fixed keypad for user input. In some applications, the display 270 and the input device 280 may be configured as separate components that may be directly coupled to the bus 220. It should be understood that depending on the computing load more than one processor may be included in the mobile device 110. The memory device 230 is operable to store instructions or commands 232 that are executable by the processor 210 to perform one or more functions. It should also be understood that the term "computer system" is intended to encompass any device having a processor that is capable of executing program instructions from a memory medium. Various functions, processes, method 500, programs, and operations described herein may be implemented using the mobile device 110. For example, the processor 210 is operable to execute the instructions 232 associated with the SmartKeypad App 150 for randomizing the position of keys displayed on a keypad for receiving a secured user input via the input device 280. The components of the mobile device 110 may be modules of computer-executable instructions, which are instructions executable on a computer, computing device, or the processors of such devices. While shown here as modules, the components may be embodied as hardware, firmware, software, or any combination thereof. The techniques described herein may be performed, as a whole or in part, by hardware, software, firmware, or some combination thereof.
The first COM 240, which forms one of the two components of the interface 132, is configured to wirelessly communicate over short distances using a first communication standard. The first communication standard may include a near field communications (NFC) standard configured to provide encrypted communications between any two NFC compliant devices located in very close proximity or a Bluetooth standard.
Near Field Communication (NFC) is a very short-range wireless standard that enables encrypted, secure wireless communication between NFC compliant devices over a short distance of approximately 20 centimeters. NFC is an ISO based standard. The ISO 14443 Type A and Type B standards + FeliCa is a four-part international standard for contact-less smart cards operating at 13.56 MHz in close proximity with a reader antenna. The ISO 18092 standard defines communication modes for NFC Interface and Protocol. The NFC standard enables data transactions, data exchange, and wireless communications between two NFC compliant devices in close proximity to each other, e.g., located approximately within 20 centimeters. The NFC standard compliant devices may be configured to automatically discover one another. The mobile device 110 may be configured to query the FTC 120 and establish the wireless link. Set up time for automatically pairing two NFC compliant devices is typically less than 1 millisecond. Compared to the NFC standard, the Bluetooth standard typically supports communication over longer distances (e.g., up to 30 meters) and requires a longer set up time (e.g., about 5-6 seconds).
The second COM 250 is configurable to wirelessly communicate with the communication network(s) 136 using a second communication standard. The second communication standard may be based on IEEE 802.11 family of standards for wireless local area network (WLAN). The mobile device 110 may also be configured to support IEEE 802.16 family of standards for wireless broadband devices such as 3G and 4G cell phones with WiMAX capability.
The mobile device 110 is configured to provide secured entry of user authentication data to authorize a financial transaction. The user authentication data may be requested by the FTC 120. The SmartKeypad App 150 may be activated in response to receiving a request from the FTC 120 via the interface 132.
The SmartKeypad App 150 incorporates a degree of randomness in a virtual keypad display generated by the GUI 160. Randomness in displaying positions of keys on a keypad or randomness in associating functionality of a key in a particular position on a virtual keypad eliminates a predictable co-relationship that exists in a fixed keypad design, e.g., between a keypad position (and hence a finger position) and a fixed functional value associated with a key in that position. The keys of the virtual keypad display may be arranged in a pattern and displayed on the display 270. The pattern is configurable to be randomly changed at each instance of displaying the virtual keyboard. Additional details of the pattern of keys displayed on a virtual keypad are described with reference to Fig's. 4A, 4B, 4C, and 4D.
As described herein, a virtual keypad is a display emulating a physical keypad (not shown). Like the physical keypad, the virtual keypad is configurable to receive user input via the input device 280. Unlike the physical keypad, the pattern (which may also be referred to as an arrangement or a layout) of the keys of the virtual keypad may be randomly changed per application needs. In addition, unlike the physical keypad, a function associated with a particular key or with a key position may also be randomly changed in the virtual keypad. Additional details of the GUI 160 that randomizes the position of keys displayed on a virtual keypad are described with reference to Fig's. 4A, 4B, 4C, and 4D.
Although the tools and techniques for randomizing patterns of keys for improved security are described with reference to a virtual keypad, the same tools and techniques may also be applied to fixed keys on a keypad if the visible identification on the fixed key may be changed by electronic techniques, e.g., by selecting fixed keys that are backlight by a LED or LCD device that is configurable to display changing values.
Example SmartKeypad Appliance with Wireless Communications
Fig. 3 is a block diagram illustrating additional details of a financial transaction computer (FTC) 120 described with reference to Fig. 1. The FTC 120 and the mobile device 110 are both computing devices that may be configured to have substantially the same computer system components (e.g., hardware, firmware, software, or any combination thereof) except for types of peripheral devices and loading/performance specifications for the components.
The FTC 120 includes a processor 310 coupled to a bus 320, a memory device 330 coupled to the processor via the bus 320, an optional third communications module (COM) 340 coupled to the processor 310 via the bus 320, an optional fourth COM 350 coupled to the processor 310 via the bus 320, and a user interaction device 360 coupled to the processor 310 via the bus 320. The user interaction device 360 may include a display 370 and an input device 380 such as a touch screen, a mouse, a trackball, or similar other cursor positioning peripheral configured to receive user input. The display 370 is configured to provide the GUI 160 for user interaction. Although not shown, the input device 380 may include a card reader to read an ATM card or debit card information, and a QWERTY type fixed keypad for user input. In some applications, the display 370 and the input device 380 may be configured as separate components that may be directly coupled to the bus 320.
The FTC 120 and the mobile device 110 may also be configured to provide substantially similar functionality such as launching the SmartKeypad App 150 to randomize a layout pattern for keys of a virtual keypad displayed on the display 370.
The optional third COM 340, may be configured to wirelessly communicate over very short distances, e.g., within a close proximity of about 20 centimeters, using the first communication standard described with reference to Fig. 2. As previously described, the first communication standard may include a near field communications (NFC) standard configured to provide encrypted communications between any two NFC compliant devices. The first communication standard may also include the Bluetooth standard. The optional fourth COM 350 may be used to communicate with other computing devices via the communication network(s) 136.
The memory device 330 is operable to store instructions 332 that are executable by the processor 310 to perform one or more functions. The processor 310 of the FTC 120 is operable to execute instructions or commands 332 received from the user or ATM/POS terminal operator and perform actions to process financial transactions including SmartKeypad App 150 to securely obtain user authentication data.
The components of the FTC 120 may be modules of computer-executable instructions, which are instructions executable on a computer, computing device, or the processors of such devices. While shown here as modules, the components may be embodied as hardware, firmware, software, or any combination thereof. The techniques described herein may be performed, as a whole or in part, by hardware, software, firmware, or some combination thereof.
SmartKeypad App Generating Random Key Patterns for a Virtual Keypad Fig.'s 4A, 4B, 4C, and 4D are a series of displays that illustrate additional details of the
GUI 160 of the mobile device 110 to randomize a layout pattern for keys of a virtual keypad. Although the series of displays are described with reference to the mobile device 110, it is understood that the FTC 120 may also be configured to provide substantially the same series of displays. The SmartKeypad App 150, which may be stored in the memory device 230 of the mobile device 110, may be launched or activated in response to receiving a request for providing user authentication data. The SmartKeypad App 150 may launch the GUI 160 for displaying the virtual keypad on the display 270.
Referring to Fig. 4A, a virtual keypad display 410 is shown to include a first pattern or arrangement of the keys. The first pattern shown includes the virtual keypad display 410 emulating a physical keypad having at least 12 keys, e.g., a 12-digit numeric arranged in a 4x3 matrix. It is understood that the virtual keypad display 410 may be configured to include MxN number of keys arranged in a MxN matrix, M and N being integers. The first pattern, which may be described as a standard pattern, is often used as a default pattern for arranging the numeric keys of the physical keypad included on many landline based telephones and some cellular phones.
Referring to Fig. 4B, a virtual keypad display 420 is shown to include a second pattern or arrangement of the keys. The second pattern shown in the virtual keypad display 420 is different from the first pattern shown in the virtual keypad display 410, although both patterns conform to a 4x3 matrix arrangement of the 12 keys. That is, a left-hand-corner key position of the keypad in the first pattern may be associated with a particular function, e.g., a numeric value of 1, in a first instance of display of the virtual keypad. The same left-hand-corner key position of the keypad in the second pattern may be associated with a randomly generated function, e.g., a numeric value of 7, in a second instance of display of the virtual keypad. Although the first and second patterns are shown to conform to the 4x3 matrix arrangement of the 12 keys, it is understood that the randomized pattern may be configured to display the 12 keys arranged in a 3x4 matrix. The randomized pattern for the arrangement of the keys, e.g., the first pattern and the second pattern, may be configured to be randomly generated by the SmartKeypad App 150 at each instance of receiving a request from the FTC 120 for providing user authentication data to the FTC 120. The second pattern shown in the virtual keypad display 420 may be randomly generated from the first pattern shown in the virtual keypad display 410 by randomly swapping positions of any two sets of elements of the 4x3 matrix aligned in one direction, e.g., by simply swapping rows 1 and 3 of the 4x3 matrix.
Referring to Fig. 4C, a virtual keypad display 430 is shown to include a third pattern or arrangement of the keys. The third pattern shown in the virtual keypad display 430 may be randomly generated from the first pattern shown in the virtual keypad display 410 by swapping positions of any two sets of elements of the 4x3 matrix aligned in one direction, e.g., by simply swapping columns 1 and 3 of the 4x3 matrix. It is understood that numerous permutations and combinations for generating other randomized patterns for the arrangements of the keys are contemplated. A random number generator may be used to select a randomized pattern from a library of randomized patterns stored in the memory device 230.
Referring to Fig. 4D, a virtual keypad display 440 is shown to include a fourth pattern or arrangement of the keys. The fourth pattern shown in the virtual keypad display 440 may be randomly generated from the first pattern shown in the virtual keypad display 410 by clockwise or counter-clockwise rotation of the elements of the 4x3 matrix. The virtual keypad display 440 also includes a key 442 for changing the display controls. A user may select the key 442 for selecting additional display control options, such as lower brightness, lower contrast, blinking, and others. The added display controls improve the security of receiving user authentication data by making it more challenging for others to read keypad values displayed on the virtual keypad display 440 from a distance.
Additional tools and techniques to further improve security of receiving user authentication data may include use of N-digit PIN numbers (N being an integer), use of alphanumeric PIN numbers, use of biometric data, and similar others.
Example Process Fig. 5 is a flow diagram illustrating a process 500 that implements the techniques described herein for securely receiving user authentication data. The process is illustrated as a collection of blocks in a logical flow graph, which represents a sequence of operations that may be implemented in hardware, software, or a combination thereof. In the context of software, the blocks represent computer instructions that, when executed by one or more processors of such a computer, perform the recited operations. Note that the order in which the process is described is not intended to be construed as a limitation, and any number of the described process blocks may be combined in any order to implement the process, or an alternate process. Additionally, individual blocks may be deleted from the process without departing from the spirit and scope of the subject matter described herein. At process 510, a request for user authentication is received, e.g., from FTC 120 for processing a financial transaction. At process 520, a virtual keypad that has keys arranged in a randomly generated pattern is displayed. At process 530, user authentication data that is entered by a user via the virtual keypad is received. At process 540, the user authentication data is communicated to the FTC 120 using NFC communications standard. At process 550, the randomly generated pattern is changed at each instance of displaying the virtual keypad.
The term "computer-readable media" includes computer-storage media. For example, computer-storage media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, and magnetic strips), optical disks (e.g., compact disk (CD) and digital versatile disk (DVD)), smart cards, flash memory devices (e.g., thumb drive, stick, key drive, and SD cards), and volatile and non-volatile memory (e.g., random access memory (RAM), readonly memory (ROM)).
Unless the context indicates otherwise, the term "logic" used herein includes hardware, software, firmware, circuitry, logic circuitry, integrated circuitry, other electronic components and/or a combination thereof that is suitable to perform the functions described for that logic.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as example forms of implementing the claims.

Claims

CLAIMS What is claimed is:
1. A mobile device comprising:
a processor;
a memory device coupled to the processor; and
a display device coupled to the processor, the display device comprising a graphical user interface (GUI) configured to display a virtual keypad arranged in a pattern, the pattern being configured to be changed in a random manner.
2. The mobile device of claim 1, further comprising:
a first communications module (COM) coupled to the processor, the first COM being configured to wirelessly communicate using a near field communications (NFC) standard configured to provide encrypted communications over 20 centimeters.
3. The mobile device of claim 1, wherein the pattern of the virtual keypad emulates a numeric keypad having at least 12 keys.
4. The mobile device of claims 1 or 3, wherein the at least 12 keys are arranged in a 4x3 matrix pattern, wherein the random manner includes randomly swapping positions of any two sets of elements aligned in one direction.
5. The mobile device of claims 1 or 3, wherein the pattern is changed in the random manner by rotation of 10 keys out of the at least 12 keys.
6. The mobile device of claim 1 , wherein the change in the pattern in the random manner is enabled at each instance of user authentication data input.
7. The mobile device of claim 1, wherein the virtual keypad is configurable to be displayed at a reduced brightness level in response to receiving a user request.
8. The mobile device of claim 1 further comprising:
a fixed keypad having keys with a visual identification, wherein a pattern of keys on the fixed keypad is changed in a random manner by electronically changing the visual identification.
9. A mobile device configured to receive user authentication data, the mobile device comprising:
means for receiving a request for user authentication data;
means for displaying a virtual keypad arranged in a randomly generated pattern; and means for receiving the user authentication data input via the virtual keypad.
10. The mobile device of claim 9 further comprising:
means for changing the randomly generated pattern at each instance of displaying the virtual keypad.
11. The mobile device of claim 9 further comprising:
means for communicating using a near field communications (NFC) standard configured to provide secure communications between any two NFC compliant devices that are located within 20 centimeters.
12. The mobile device of claim 9 further comprising:
means for reducing a brightness level of a display displaying the virtual keypad.
13. The mobile device of claim 10, wherein the means for changing the randomly generated pattern includes configuring the randomly generated pattern to have at least 12 virtual keys arranged in a 4x3 matrix pattern, wherein the change includes randomly swapping positions of any two sets of matrix elements aligned in one direction.
14. The mobile device of claim 10, wherein the means for changing the randomly generated pattern includes a rotational movement of virtual keys included in the virtual keypad.
15. At least one computer-readable medium having stored thereon instructions for receiving user authentication data, the instructions being executable to cause a computer processor to:
receive a request for user authentication;
display a virtual keypad arranged in a randomly generated pattern; and
receive the user authentication data input via the virtual keypad.
16. The at least one computer-readable medium of claim 15, wherein the instructions being executable to further cause the computer processor to:
change the randomly generated pattern at each instance of displaying the virtual keypad.
17. The at least one computer-readable medium of claim 15, wherein the instructions being executable to further cause the computer processor to:
communicate using a near field communications (NFC) standard configured to provide secure communications between any two NFC compliant devices that are located within 20 centimeters.
18. The at least one computer-readable medium of claim 15, wherein the instructions being executable to further cause the compute processor to:
dim a brightness level of a display displaying the virtual keypad.
19. The at least one computer-readable medium of claim 15, wherein the randomly generated pattern includes at least 12 virtual keys arranged in a 4x3 matrix pattern, wherein the randomly generated pattern is changed by swapping positions of any two sets of matrix elements aligned in one direction.
PCT/US2011/065018 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data Ceased WO2013089717A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP11877287.0A EP2792207A4 (en) 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data
CN201180075484.0A CN104024988A (en) 2011-12-15 2011-12-15 Systems and methods for protected entry of user authentication data
US13/977,579 US9860224B2 (en) 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data
PCT/US2011/065018 WO2013089717A1 (en) 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2011/065018 WO2013089717A1 (en) 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data

Publications (1)

Publication Number Publication Date
WO2013089717A1 true WO2013089717A1 (en) 2013-06-20

Family

ID=48613006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/065018 Ceased WO2013089717A1 (en) 2011-12-15 2011-12-15 Systems and methods for secured entry of user authentication data

Country Status (4)

Country Link
US (1) US9860224B2 (en)
EP (1) EP2792207A4 (en)
CN (1) CN104024988A (en)
WO (1) WO2013089717A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016153550A1 (en) * 2015-03-25 2016-09-29 Sony Corporation Device display control for protecting sensitive data
US9557993B2 (en) 2012-10-23 2017-01-31 Analog Devices Global Processor architecture and method for simplifying programming single instruction, multiple data within a register
EP3050014A4 (en) * 2013-09-30 2017-04-05 Square, Inc. Scrambling passcode entry interface
EP3050013A4 (en) * 2013-09-30 2017-04-05 Square, Inc. Secure passcode entry user interface
US9773240B1 (en) 2013-09-13 2017-09-26 Square, Inc. Fake sensor input for passcode entry security
US9860224B2 (en) 2011-12-15 2018-01-02 Intel Corporation Systems and methods for secured entry of user authentication data
US9928501B1 (en) 2013-10-09 2018-03-27 Square, Inc. Secure passcode entry docking station
US10083442B1 (en) 2012-06-12 2018-09-25 Square, Inc. Software PIN entry
US11397903B2 (en) * 2014-08-08 2022-07-26 Live Nation Entertainment, Inc. Short-range device communications for secured resource access

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8800004B2 (en) * 2012-03-21 2014-08-05 Gary Martin SHANNON Computerized authorization system and method
US8762876B2 (en) * 2012-06-21 2014-06-24 Google Inc. Secure data entry via a virtual keyboard
GB201212878D0 (en) * 2012-07-20 2012-09-05 Pike Justin Authentication method and system
US10373149B1 (en) 2012-11-12 2019-08-06 Square, Inc. Secure data entry using a card reader with minimal display and input capabilities having a display
KR20140111790A (en) * 2013-03-12 2014-09-22 삼성전자주식회사 Method and apparatus for inputting keys using random valuable on virtual keyboard
US20140366127A1 (en) * 2013-06-06 2014-12-11 International Business Machines Corporation Touchscreen security user input interface
KR101509495B1 (en) * 2013-10-18 2015-04-09 한국전자통신연구원 The input device and method for security keypad by shifting keypad
US9613353B1 (en) 2013-12-26 2017-04-04 Square, Inc. Passcode entry through motion sensing
WO2015157295A1 (en) * 2014-04-08 2015-10-15 Capital One Financial Corporation Systems and methods for transacting at an atm using a mobile device
US10440001B2 (en) * 2014-06-18 2019-10-08 Dell Products, Lp Method to securely authenticate management server over un-encrypted remote console connection
CN105204755A (en) * 2014-06-30 2015-12-30 深圳市中兴微电子技术有限公司 Soft keyboard operation method and terminal
US9344279B2 (en) * 2014-09-12 2016-05-17 International Business Machines Corporation Mobile device-based keypad for enhanced security
US9292875B1 (en) 2014-09-23 2016-03-22 Sony Corporation Using CE device record of E-card transactions to reconcile bank record
US9317847B2 (en) 2014-09-23 2016-04-19 Sony Corporation E-card transaction authorization based on geographic location
US9378502B2 (en) 2014-09-23 2016-06-28 Sony Corporation Using biometrics to recover password in customer mobile device
US9558488B2 (en) 2014-09-23 2017-01-31 Sony Corporation Customer's CE device interrogating customer's e-card for transaction information
US9646307B2 (en) 2014-09-23 2017-05-09 Sony Corporation Receiving fingerprints through touch screen of CE device
US9202212B1 (en) * 2014-09-23 2015-12-01 Sony Corporation Using mobile device to monitor for electronic bank card communication
US10262316B2 (en) 2014-09-23 2019-04-16 Sony Corporation Automatic notification of transaction by bank card to customer device
US9367845B2 (en) 2014-09-23 2016-06-14 Sony Corporation Messaging customer mobile device when electronic bank card used
US9953323B2 (en) 2014-09-23 2018-04-24 Sony Corporation Limiting e-card transactions based on lack of proximity to associated CE device
US9355424B2 (en) 2014-09-23 2016-05-31 Sony Corporation Analyzing hack attempts of E-cards
US9483653B2 (en) * 2014-10-29 2016-11-01 Square, Inc. Secure display element
US9430635B2 (en) * 2014-10-29 2016-08-30 Square, Inc. Secure display element
US10673622B2 (en) 2014-11-14 2020-06-02 Square, Inc. Cryptographic shader in display hardware
US9746938B2 (en) * 2014-12-15 2017-08-29 At&T Intellectual Property I, L.P. Exclusive view keyboard system and method
CN104917607A (en) * 2015-04-30 2015-09-16 东方通信股份有限公司 PIN encryption equipment of touch screen key-press input and encryption method
GB201520741D0 (en) 2015-05-27 2016-01-06 Mypinpad Ltd And Licentia Group Ltd Authentication methods and systems
US9401914B1 (en) 2015-06-05 2016-07-26 International Business Machines Corporation Utilization of multiple keypads for password inputs
CN106485848B (en) * 2015-08-31 2020-05-01 崔胜辛 Key input system and method using disposable keyboard
US20180204227A1 (en) * 2015-09-21 2018-07-19 Asheesh Mohindru Golf Pace of Play
CN108475376A (en) * 2015-12-28 2018-08-31 莫比威孚公司 The system and method for certification user in equipment
TW201725546A (en) * 2016-01-11 2017-07-16 仁寶電腦工業股份有限公司 Secure payment device and secure payment method thereof
US10481786B2 (en) * 2016-01-15 2019-11-19 Qualcomm Incorporated User interface for enabling access to data of a mobile device
CN107272920B (en) * 2016-04-06 2020-10-23 创新先进技术有限公司 Method and device for changing the correspondence between keys and characters
WO2018198858A1 (en) * 2017-04-25 2018-11-01 シャープ株式会社 Control device, control method of control device, and communication device
GB201916441D0 (en) 2019-11-12 2019-12-25 Mypinpad Ltd Computer-implemented system and method
US12367323B2 (en) * 2023-04-12 2025-07-22 Dell Products, L.P. Security through randomized dynamic keyboard or keypad transformation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070002124A (en) * 2005-06-30 2007-01-05 엘지전자 주식회사 Password input method using screen of mobile communication terminal
US20070006946A1 (en) 2005-07-05 2007-01-11 Takahiro Takano Manufacturing method of martensite stainless seamless steel pipe
US20090106825A1 (en) * 2007-10-22 2009-04-23 Cerruti Julian A System and method for user password protection
US20100109920A1 (en) * 2008-11-05 2010-05-06 Michael Dennis Spradling Security - input key shuffle

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2264167A1 (en) * 1996-08-28 1998-03-05 Via, Inc. Touch screen systems and methods
US7992007B2 (en) * 2002-02-05 2011-08-02 Cardinalcommerce Corporation Dynamic pin pad for credit/debit/ other electronic transactions
US20070096946A1 (en) * 2003-04-14 2007-05-03 Jun-Sik Kim Information inputting system with a variable arrangement of keypad, and control method thereof
US8190087B2 (en) * 2005-12-31 2012-05-29 Blaze Mobile, Inc. Scheduling and paying for a banking transaction using an NFC enabled mobile communication device
US20100275266A1 (en) * 2006-07-31 2010-10-28 Gabriel Jakobson Automatically enhancing computing privacy by affecting the screen of a computing device
JP2008033747A (en) * 2006-07-31 2008-02-14 Fuji Xerox Co Ltd Input information protection system and program
CN201069559Y (en) 2007-07-27 2008-06-04 肖启冉 Peek prevention touch password input keyboard
CN101510331A (en) * 2008-02-17 2009-08-19 马泉 Intelligent keyboard input device of ATM teller machine
CN101794365B (en) * 2010-03-23 2015-08-12 中兴通讯股份有限公司 The method of safely inputting information and mobile terminal on mobile terminals
US8555355B2 (en) * 2010-12-07 2013-10-08 Verizon Patent And Licensing Inc. Mobile pin pad
US9576122B2 (en) * 2011-04-25 2017-02-21 Softlayer Technologies, Inc. System and method for secure data entry
US8978975B2 (en) * 2011-07-18 2015-03-17 Accullink, Inc. Systems and methods for authenticating near field communcation financial transactions
EP2792207A4 (en) 2011-12-15 2015-09-02 Intel Corp Systems and methods for secured entry of user authentication data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070002124A (en) * 2005-06-30 2007-01-05 엘지전자 주식회사 Password input method using screen of mobile communication terminal
US20070006946A1 (en) 2005-07-05 2007-01-11 Takahiro Takano Manufacturing method of martensite stainless seamless steel pipe
US20090106825A1 (en) * 2007-10-22 2009-04-23 Cerruti Julian A System and method for user password protection
US20100109920A1 (en) * 2008-11-05 2010-05-06 Michael Dennis Spradling Security - input key shuffle

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2792207A4

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9860224B2 (en) 2011-12-15 2018-01-02 Intel Corporation Systems and methods for secured entry of user authentication data
US10083442B1 (en) 2012-06-12 2018-09-25 Square, Inc. Software PIN entry
US11823186B2 (en) 2012-06-12 2023-11-21 Block, Inc. Secure wireless card reader
US10515363B2 (en) 2012-06-12 2019-12-24 Square, Inc. Software PIN entry
US10185957B2 (en) 2012-06-12 2019-01-22 Square, Inc. Software pin entry
US9557993B2 (en) 2012-10-23 2017-01-31 Analog Devices Global Processor architecture and method for simplifying programming single instruction, multiple data within a register
US9773240B1 (en) 2013-09-13 2017-09-26 Square, Inc. Fake sensor input for passcode entry security
EP3050013A4 (en) * 2013-09-30 2017-04-05 Square, Inc. Secure passcode entry user interface
US10540657B2 (en) 2013-09-30 2020-01-21 Square, Inc. Secure passcode entry user interface
EP3050014A4 (en) * 2013-09-30 2017-04-05 Square, Inc. Scrambling passcode entry interface
US9928501B1 (en) 2013-10-09 2018-03-27 Square, Inc. Secure passcode entry docking station
US11397903B2 (en) * 2014-08-08 2022-07-26 Live Nation Entertainment, Inc. Short-range device communications for secured resource access
WO2016153550A1 (en) * 2015-03-25 2016-09-29 Sony Corporation Device display control for protecting sensitive data

Also Published As

Publication number Publication date
US9860224B2 (en) 2018-01-02
US20140096201A1 (en) 2014-04-03
EP2792207A1 (en) 2014-10-22
CN104024988A (en) 2014-09-03
EP2792207A4 (en) 2015-09-02

Similar Documents

Publication Publication Date Title
US9860224B2 (en) Systems and methods for secured entry of user authentication data
US11037134B2 (en) System, method, and apparatus for updating an existing dynamic transaction card
US10475025B2 (en) System, method, and apparatus for updating an existing dynamic transaction card
KR102461042B1 (en) Payment processing method and electronic device supporting the same
EP3284025B1 (en) A system, method, and apparatus for a dynamic transaction card
US8662401B2 (en) Mobile payment adoption by adding a dedicated payment button to mobile device form factors
TWI591507B (en) Provisioning and authenticating credentials on an electronic device
US20170109730A1 (en) Dynamic transaction card protected by dropped card detection
US20170154328A1 (en) Dynamic transaction card protected by gesture and voice recognition
US11151562B2 (en) Secure passcode entry using mobile device with augmented reality capability
JP2021502640A (en) Graphical user interface with collectable icon animations
KR101389468B1 (en) Method for issuing mobile credit card in portable terminal using credit card and credit card for the same
WO2016172432A1 (en) One use wearable
CN108229149A (en) A kind of method and apparatus of data protection
CA2990245A1 (en) A dynamic transaction card protected by dropped card detection
US11321686B2 (en) Electronic device and control method of electronic device
KR101835685B1 (en) Apparatus and method for providing security functions using calculation of diffy sequence
KR20200039332A (en) Authentication method for a card reader and user terminal for authenticating a card reader
CA2990209A1 (en) A dynamic transaction card protected by gesture and voice recognition

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11877287

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 13977579

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE