This invention relates generally to the field of user authentication, and more particularly to the field of PIN-based verification. The invention is suited for use in situations where a user is required to enter a code, such as a Personal Identification Number (PIN), which is validated prior to completing an operation. The operation might be any type of operation.
Authentication is a technique used in a variety of situations where an individual's identity and/or authorisation needs to be verified prior to being allowed to perform an act or gain access to some controlled or managed resource such as a device, building, a computer system, a financial account, a service etc.
One common approach to authentication is to record some pre-selected identifier (such as a code or combination of symbols) which is then maintained in secrecy in a secure location and available only to authorised parties. The identifier is stored in association with a particular user or group of users, and may sometimes be stored and/or used in conjunction with another pre-determined identifier such as a username, for example. The identifier is often selected by the user himself although sometimes it may be the resource manager or owner who determines it. The user may, in many cases, be able to change their previously selected identifier. Often, the identifier is chosen when the user initially joins an organisation; for example, when he begins employment at a certain company, or registers with a provider for a certain service. After the identifier has been selected and assigned to an authorised individual, that user is required to supply the pre-determined identifier each time he requests permission to perform the controlled act or gain access to the resource or service. The user's inputted identifier is compared with the stored version. If the user is able to supply the correct identifier then his identity is deemed to have been verified and access is granted. If, on the other hand, the correct identifier is not supplied then access is denied.
In this document such an identifier may be referred to as a Personal Identification Code (PIC). One common example of a PIC is a 4 digit numeric code typically referred to as a Personal Identification Number (PIN). The term ‘PIC’ is intended to include the term ‘PIN’ (Personal Identification Number). However, other codes of different lengths and containing different types of characters or symbols may be used. The present invention is not intended to be limited with regard to the length of the identifier used, or the type of characters it contains. For example, it may contain numeric digits, alphabetical characters, pictures, punctuation or any other kind of symbol, or a mixture thereof. The term ‘PIN’ or TIC′ may be used hereinafter to refer to the user's identifier for the sake of convenience but should not be construed as being limiting in any way as to the length, type or format of the identifier.
PIN-based verification systems typically comprise a keypad which enables the user to enter their pre-selected PIN. A typical keypad layout known in the art is shown in
The indicia on the keys are usually arranged in an ordered manner, such as a sequential series. For example, numeric digits would typically be ordered in ascending order. In this document, the term ‘keypad’ may be used interchangeably with the term ‘pinpad’.
Keypads are often found on alphanumeric keyboards connected to computing devices. Other devices such as calculators, push-button telephones, combination locks, and digital door locks are also known to comprise a keypad. The advent of portable telecommunications and computing devices has also seen keypads introduced into mobile devices such as mobile (cellular) telephones, tablet computers, PDAs and so on.
Many electronic devices now include computer processing capabilities and a touch screen interface capable of displaying a keypad. These may be used for a variety of purposes, including allowing an authorised user to ‘unlock’ the device by entering a passcode comprising a combination of pre-selected symbols, or entering a telephone number so as to make a call. Card-reading terminals used in financial transactions also have keypads to allow the user to enter his PIN via the keypad.
Each type of smart phone (e.g. brand and/or model) may have a particular style of keypad associated with it as its ‘default’ keypad. For example, the keys may be arranged in a particular format or layout, or a particular font may be used for the indicia. Therefore, the user of an electronic device may become familiar with a certain ‘look and feel’ with respect to the keypad on that device. An example of a typical keypad generated and displayed on a widely known smart phone is shown in
In contrast to conventional keypads which have depressible (physically movable) keys, a touch screen can be used to display an image of a keypad having numbered or otherwise indicated ‘hot spots’ corresponding to the physical keys of the conventional counterpart. The user touches the hotspots corresponding to the keys of his choice instead of pressing a moveable key. Sensors placed below the surface of the screen sense which area(s) have been selected by the user, thus ‘reading’ the user's input.
Perhaps the most common use of keypads and PIN-based technology is in relation to financial transactions e.g. automated teller machines (known as ‘ATMs’ or ‘cashpoint machines’) and point of sale devices for banking cards (i.e. debit cards and credit cards).
Prior to the introduction of PIN-based authentication, if a customer wished to make a purchase for goods or services, he would be required to provide a signature which would be compared to the signature on the back of the card. However, signatures can be forged with relative ease.
In order to address this problem, smartcard technology has been introduced in many countries for credit, debit and ATM cards. This payment system (sometimes known as the ‘chip and pin’ system) is based on a global standard known as the EMV standard. Using this approach, credit and debit cards are provided with an embedded microchip. When a customer wishes to pay for goods using this system, the card is placed into a “Point of Sale” terminal or a modified swipe-card reader, which accesses the chip on the card. Once the card has been verified as authentic, the customer enters a 4-digit PIN, which is submitted to the chip on the smartcard; if the two match, the chip tells the terminal the PIN was correct, otherwise it informs it the PIN was incorrect. The inputted PIN matches the stored PIN if each symbol in the input is also found in the stored version, and in the same order and number.
In certain situations financial transactions may be carried out by swiping the magnetic stripe on the card so as to read the card's data, or by manual entry of the card details, rather than by inserting the card into a dedicated card-reading device.
It should be noted that as the PIN is sent back to the host for verification, security considerations become relevant because the PIN can be intercepted during the transmission process.
Since the introduction of PIN-based verification, fraud arising from face-to-face transactions (where the card and the customer are physically present at the retail site where the transaction takes place) has been drastically reduced because it is significantly more difficult to fraudulently obtain or guess a PIN than it is to forge a signature.
Moreover, prior to the advent of PIN-based authentication, if a customer's signature was forged, the card provider was usually held legally liable for any ensuing fraud and was compelled to reimburse the customer. With the introduction of smartcard technology, however, the onus has typically shifted to the customer to prove that they had acted “with reasonable care” to protect their PIN, rather than on the card provider being required having to prove that the signature provided during the transaction matched that on the card. This transfer of liability provides very significant financial benefits for card providers.
Another drawback of signature-based verification is that it does not lend itself to transactions where the card (and the customer) is not present at the retail premises when the transaction is performed—for example, transactions made over the telephone or internet. Such transactions are usually known as ‘card not present’ (CNP) transactions. CNP transactions are now commonplace in today's retail environment, with many customers choosing to conduct financial operations without being at the retail location. However, while PIN-based technology provides a relatively secure authentication solution for ‘card present’ face-to-face transactions, fraud arising from CNP transactions is rising.
In addition, mobile (cellular) telephone technology has opened new opportunities for retailers and consumers alike. So-called ‘smart’ phones comprising sophisticated computing capabilities and have become extremely popular, offering the user facilities such as the ability to surf the web and view retailers' web sites. Customers and retailers alike are often not tied to one physical geographical location but are ‘on the move’. For example, customers may wish to make a purchase via a web site being viewed on a mobile phone while waiting at a bus stop; or a parking attendant may wish to take payment from a driver in a car park. In such cases, dedicated Point-of-Sales terminals are not available for use.
However, despite the enormous popularity of mobile computing technology, in particular telephones, its use in respect of CNP transactions has been limited due to security concerns as data (such as the user's PIN) can be intercepted during transmission from the device to/from the card provider's server, or whilst residing in the phone's internal memory.
Some PIN related technology has been designed with mobility in mind and is known in the prior art.
For example, CardEase Mobile® is a mobile payment app which, in conjunction with a mobile card reader, enables a retailer to take Chip and PIN mobile card payments from a customer. The retailer enters the amount of the purchase into an app downloaded and installed on his mobile phone (or tablet device). The retailer then gives the card reader device to the customer who swipes or inserts his credit/debit card into the reader, and enters his PIN via the keypad on the reader device. The reader then connects via Bluetooth to the app on the retailer's mobile device, which then connects to the service provider via the phone's internet connection for payment authorisation. Once the payment has been approved, the customer removes his card from the reader and the retailer emails or texts a receipt to the customer.
However, this known arrangement requires the use of the card reader. In effect, it uses the mobile phone to play the role of the point-of-sale terminal which would usually be located within the store/shop. The merchant taking the payment still needs to be at the same location as the customer making the payment because he must hand the card reader to the customer for use with his credit or debit card. The system does not eliminate the need for a dedicated (i.e. purpose built) card-reading device.
Another example of the prior art is disclosed in WO/2012/004395 A1 (‘iZettle’). The iZettle arrangement comprises a portable card reader device for reading a smart card, a portable reader device and a payment server. The aim of the disclosed method is to eliminate the unsecure keyboard in a mobile phone used for entering a PIN, and instead use a separate PIN entry device which fulfills the EMV level specification. In essence, the disclosed approach uses an external PIN pad provided with all the required secure chips and components and which simply communicates with the mobile phone via a Bluetooth connection. Thus, as above, the iZettle disclosure does not solve the problem of using unsecure mobile devices for PIN entry, it simply circumvents it by using a separate PIN entry device.
Indeed, the iZettle document states (lines 6 to 19) that:
Another known arrangement (also from the applicant of WO/2012/004395 A1) comprises a device (‘dongle’) and associated software which fits into the charging port of a smart phone. When a transaction is to be made, the customer's card is inserted into the dongle. The customer is then asked to sign the phone's touch screen with their finger in order to authorise the transaction. Using this approach, the user does not need to enter a PIN. Therefore, the problem of PIN entry on an insecure portable device is avoided rather than solved.
Yet another known approach is disclosed in WO 2011/093998 A1. Again, the disclosed approach uses a dongle-based card reader which is plugged into the device. It does not provide a secure technique for enabling PIN-based authorisation.
GB 2416058 A discloses an approach for verifying a request for access to a server. In response to an access request, a random string of characters is generated by a ‘combination generator’ in a security server. It then uses this random string to generate ‘image data’ which is sent from the server to the user's computer. The keypad on the user's computer is then modified in accordance with the image data. The user then enters his PIN using the modified keypad displayed on the computer. Positional data relating to the user's selection within the grid of keys (e.g. first-row-first-column) is stored as a record of the user's PIN. The positional data is then converted by the user's machine into character data such as a string of digits to form an encoded PIN which is then sent to the server for verification. However, the encoded PIN can be ‘decoded by knowing the image data’—lines 22, 23 of page 10. Therefore, as the image data is stored on the user's computer, if the security of the user's machine is compromised (e.g. hacked into, or is infected with malware) access may be gained to the image data, therefore enabling a third party to decode the user's PIN.
Thus, it is desirable to provide an authentication method which does not render the PIN vulnerable to unauthorised access during transmission between devices, or when stored temporarily in an electronic device during the verification process.
Ideally, a PIN-based authentication solution which would enable a user to complete a CNP transaction using a PIN to authenticate in a secure manner. Ideally, such a solution:
Such an improved solution has now been devised which provides at least these advantages.
Thus, in accordance with the present invention there is provided a method and system as claimed in its various embodiments herein.
According to a first aspect of the invention, there may be provided a computer-implemented verification method comprising the step of:
enabling a user to input an identifier into an electronic device having:
The image may be referred to as a ‘scrambled keypad image’ for ease of reference.
The keypad is operable in that has the functionality expected of a keypad by a person skilled in the art. The skilled person would understand the term ‘keypad’ to mean an electronic or mechanical grid of keys, each having at least one indicia associated with it, which, when selected by a user, causes the associated indicia to be inputted into a device or system for storage and/or processing. In the context of the present invention, the keypad is an electronic version of a keypad. It may be thought of as a ‘virtual’ keypad in that it is a software emulation of a mechanical keypad. It provides all the functionality of a mechanical keypad, comprising labelled keys which the user can select to provide input to a computer-based system.
The keypad may be generated on or by the electronic device. It may be generated by a procedure call. The procedure may be provided within a library supplied by the manufacturer of the device.
By contrast, the scrambled keypad image is a representation of a keypad. The representation may comprise a representation of a whole keypad or at least part of a keypad. It may depict (represent, illustrate) one or more ‘keys’. The image may be electronically formed. It may be a graphical image, an optical image, a video or some other form of visual representation. It may be formed or stored in digital format in an electronic file.
This provides the advantage that the layout of the ‘keys’ in the representation may not be easily read by an unauthorised party who might intercept the representation during transmission or while it is displayed on the electronic device.
The scrambled keypad image is not a keypad per se because it is devoid of any functionality. It is merely a representation of a grid of keys. Touching, clicking on or otherwise selecting any ‘key’ depicted in the image does not, in and of itself, produce any effect or generate an input.
However, it should be noted that the scrambled keypad image may sometimes be referred to as a ‘keypad’ ‘scrambled keypad’ or an ‘overlying keypad’ purely for ease of reference because in use it appears to function as a keypad. Areas of the image may be referred to as ‘keys’, again only for ease of reference because this is what the user appears to see and use. However, it should be remembered that this is not actually the case, and that the image is not a keypad in reality.
The invention may enable the user to enter his identifier via the same device component that is used to display the scrambled keypad image (the screen). Phrased another way, the screen may serve as both the output (display) device for the scrambled keypad image and the input device via which the user's identifier may be entered. This contrasts with any prior art disclosure wherein the keypad is displayed on one device component (e.g. screen) and the user's input is received via another device component (e.g. keyboard).
An advantage of this feature is that it may enable the user's input from the image to be mapped to the electronic keypad which may be at least partially hidden from the user's view such that the user's input is automatically encoded upon entry by the user. The input is automatically encoded in the sense that the electronic device may not need to convert, encode or in any way process the user's input. The keypad may be generated by a procedure call executed on the electronic device. The operable, electronic keypad may be referred to as a ‘reference’ or ‘underlying’ keypad for ease of reference.
Preferably, the user's operation of the keypad key via the image generates an encoded version of the user's intended input. Preferably, the image is displayed within the keypad zone such that as the user touches, clicks on or otherwise identifies a location within the image, an operable keypad key at that location is activated to provide an encoded version of the user's input.
Thus, the user's identifier is input via the image. The user may select a portion of the image in order to enter the identifier. The image portion may resemble or depict a keypad key. Thus, the user may operate the keypad through the image.
Preferably, the image functions as a mask or cover superimposed over the keypad such that when the user touches, clicks on or otherwise identifies a location within the image it operates or activates the keypad key positioned at that location within the keypad zone.
Preferably, the keypad zone and/or the image remains in a fixed position on the screen during input of the user's identifier. This differentiates the invention from those known systems wherein the keys or entire keypad move on the screen during the verification process. As the image of the present invention remains in a fixed location, this provides a solution which is easier to use and requires less processing by the electronic device.
Thus, in one sense the invention may be viewed as enabling a scrambled keypad image to be ‘superimposed’ over an ‘underlying’ keypad such that when the user enters his input via the overlaid scrambled keypad image it is encoded in accordance with the layout of the underlying (preferably unseen) keypad.
The ‘underlying’ keypad may be viewed as an object generated and residing in the device's volatile memory at run-time to provide a model of a conventional mechanical keypad.
Thus, the invention provides the advantage that the user's ‘real’ identifier is never stored within the device and is not transmitted for verification. Therefore, the user's identifier cannot be derived by any potential interceptor without knowledge of the mapping between the overlaid image and underlying, functional keypad.
Preferably, the mapping between the overlaid image and underlying keypad is not stored in the electronic device, or derivable by the electronic device. The mapping (or correlation) between the positions of the two sets of ‘keys’ may be stored on a server remote from the electronic device.
Preferably, the scrambled keypad image may be sent from a remotely located computer-based resource to the electronic device. The resource may be a server. Thus, the scrambled keypad image may not be generated on the electronic device. A version of the scrambled keypad image may be stored on the server. The version may be a record of the order of the symbols (“keys”) in the scrambled keypad image.
The keypad zone may be a defined area or portion of the screen. Thus, the keypad zone may occupy the entire screen area or a portion of the screen. The scrambled keypad image may be displayed such that it covers the keypad zone completely, exactly or partially. Preferably, the underlying keypad is at least partially hidden from view so that the user is not able to see at least some of the keys of the keypad.
The identifier may be a Personal Identification Code. It may be a PIN (Personal Identification Number). It may comprise any number, type or combination of symbols or indicia (as explained above). The identifier may have been pre-selected by the user prior to executing the presently claimed method. The identifier may be stored remotely from the electronic device e.g. on a server. The scrambled keypad image and/or keypad may comprise numeric digits, alphabetical characters, punctuation, symbols or any other indicia, or a combination thereof. One or more symbols may be associated with each key.
Preferably, the user may be able to select a plurality of “keys” in the scrambled keypad image to input an identifier comprising more than one symbol.
The scrambled keypad image may be scrambled with respect to a reference keypad. The keypad image may depict a block or grid comprising a plurality of adjacent keys. It may be ‘scrambled’ in the sense that the symbols on the “keys” are not in sequential order and/or not in the order which one would expect, perhaps with reference to the reference keypad. The scrambling may be in accordance with a random generation process, or a process that approximates to a random process. The reference keypad may be the keypad operable within the keypad zone, or a default keypad associated as standard with a make, model, type of electronic device.
Thus, the same indicia may be present in both the underlying keypad and the scrambled keypad image but they are provided in different positions. Put yet another way, the order of the keys in the reference keypad is different from that of the scrambled image. The scrambled keypad image may provide the same ‘look and feel’ as the default keypad associated with the electronic device, but with the “keys” in different relative positions.
The respective positions of one, some or all “key(s)” in the scrambled keypad image may be different from the position of the same key(s) in the underlying keypad.
The user may operate the keys of the underlying keypad via the scrambled keypad image by interacting with the “keys” displayed on the screen. For example, the user's input may be entered by the user touching the screen (with a finger or other device) or by selecting the desired “key(s)” using a pointing device such as a mouse or tracker ball. Other selection methods may be used to similar effect, thus falling within the scope of the invention.
The position and/or dimensions of the keypad zone may be specified by a procedure or method call.
Preferably, the keypad zone comprises a plurality of sub-zones or ‘hot spots’. The position of at least one ‘key’ in the scrambled keypad image and/or keypad may correspond to the position of a sub-zone such that there may be a mapping between the “keys” of the scrambled keypad and the keys of the keypad and/or the plurality of sub-zones. It is desirable that the mapping is not derivable from or by the electronic device. The hotspots may underlie the keys of the scrambled keypad image.
The (underlying) keypad may be scrambled after each of the user's key selections. Thus, a different scrambled underlying keypad may be used for each keystroke of the user's input.
Preferably, the scrambled keypad image is received by the electronic device from a computer-based resource (e.g. a server) located remotely from the electronic device. It may be sent to the electronic device from the server in respect to a request for an image, the request being sent from the device to the server. The scrambled keypad image may be generated by the server.
Preferably, the scrambled keypad image is pre-generated. In one embodiment this may mean that it is generated prior to, not in response to, the request from the electronic device. The image may be generated prior to execution of the verification method.
The encoded version of the user's input (identifier) may be sent from the electronic device to a remote computer-based resource. This resource may be a server. Preferably, the server receives the encoded version of the user's input and processes it. The processing may provide a decoded version of the user's inputted identifier.
Thus, the user's ‘real’ identifier may not be transmitted. Only the encoded version may be transmitted, which may be meaningless to an unauthorised party who does not know the mapping between the “keys” in the scrambled keypad image and the keys in the underlying keypad.
The decoding may be performed using a stored version or form of the scrambled keypad image. The stored version or form of the configuration of the keys may be a filename. The decoding step may provide a decoded version of the user's input. Thus, the user's ‘real’ identifier may be generated by translating each symbol in the encoded version into its corresponding counterpart in the scrambled keypad image.
The user's decoded input may be compared with a stored version of the identifier. The user's input may be deemed to be correct if the input matches the stored identifier.
Preferably, the method further comprises the steps:
The method may further comprise the step of:
removing at least one scrambled keypad image from the plurality prior to performing the selection.
The method may further comprise the step of:
removing the selected scrambled keypad image from the plurality after sending the copy to the electronic device.
The method may further comprise the step of:
removing from the plurality any scrambled keypad image which has at least one key in the same position as the same key in a reference keypad.
Preferably, the positions of the keys in the scrambled keypad image remain unchanged relative to one another during input of the user's identifier. This is in contrast to prior art arrangements in which the position and/or order of the keys displayed to the user may scramble or rearrange or move on the screen after each of the user's key selections and/or after each verification session.
Preferably, the symbol of at least one key in the scrambled keypad image is at least partially obscured or obfuscated but remains readable to the user. This may have benefits in making the representation difficult to read using OCR software. This enhances the security of the system and method.
The electronic device may be a mobile telephone, a PC, a tablet computer, a laptop, a PDA, a card-reading terminal or other electronic device having a screen. The electronic device may be able to support a communications protocol such as TCP/IP, either over a wireless or fixed line, although other protocols may be supported, such as Bluetooth, RS232 etc.
The communication between the device (e.g. mobile phone) and the computer-based resource (e.g. server) may be via a fixed telecommunications line or via a mobile telecommunications/wifi etc. connection—essentially any IP-based device may be used.
The scrambled keypad image may be displayed via a web browser, or an application embedded within a browser, or a standalone software application, and/or an application providing a graphical user interface to allow the user to interact with the scrambled keypad image.
It is preferred that the mapping correlation between the indicia positioning of the scrambled keypad image and the underlying keypad is stored remotely from the device, typically at the computer based resource remote from the device.
In order to enhance security, the scrambled keypad image may be renamed and/or encrypted prior to being sent to the electronic device. This provides the benefit that 3rd parties (such as malware) are prevented or at least impeded from intercepting and decoding the identifier.
The method may further comprise the step of delivering an indicator to the user to confirm that the scrambled keypad image has been provided by a legitimate source. The indicator may be a ‘watermark’. The indicator may be a textual message, image, video, sound, vibration or other tactile indication. The indicator may have been chosen by the user.
Preferably, the scrambled keypad image is erased from the electronic device following the user's input, or following a specified period of time.
A new (i.e. different) scrambled keypad image may be sent to the device if the user makes a mistake when inputting the identifier.
Also in accordance with the invention there may be provided a computer-implemented method for verifying a pre-stored Personal Identification Code (PIC), the method comprising the steps:
According to a second aspect, there is provided a computer-implemented method for verifying a pre-stored Personal Identification Code (PIC), the method comprising the steps:
According to a further aspect, there is provided a computer-implemented method for verifying a pre-stored Personal Identification Code (PIC), the method comprising the steps:
According to another aspect of the invention there is provided a computer-implemented verification method comprising the step of:
enabling a user to input an identifier by selecting at least one key via a scrambled keypad presented to the user within a keypad zone of a screen associated with an electronic device.
According to another aspect of the invention there is provided a computer-implemented system arranged and configured to perform any embodiment of the method described above.
The benefits of the invention include:
These and other aspects of the present invention will be apparent from and elucidated with reference to, the illustrative embodiment described herein.
An embodiment of the present invention will now be described, by way of example, and with reference to the accompanying drawings.
Turning to the Figures, an exemplary embodiment is now described in relation to use with a mobile phone. However, the invention may be used to perform PIN verification on a variety of different types of device, assuming that the device has some processing capabilities and a screen for the display of a keypad.
The exemplary embodiment also relates to use in respect of financial transactions. One application for which the invention is suited is that of on-line banking. However, the skilled addressee will readily understand that the invention may be employed in other settings and for non-financial purposes. It is not limited to business or commercial applications.
Importantly, the invention can be used in any situation where verification of an individual's identity is required before allowing that individual to have access to some controlled resource. That controlled resource may be any type of resource. It may be funds sitting in a financial account. Equally, it could be a building, a computer system, a patient's medical records, a service and so on. For example, it may be used for the verification of a passcode on a door lock to establish authentication prior to allowing entry to a building.
It is important to note that the financially-oriented application described below is only one purpose to which this invention may be put. It has been selected for exemplary purposes because chip and PIN verification is perhaps the most widely known use of code-based verification and therefore most readily recognised by readers of this document. However, the skilled addressee will understand that the invention is not limited in respect of the environment or context in which the invention may ultimately be put to use.
It is also important to note that the invention does not constitute a means for performing a transaction per se. It is a verification tool useful for authenticating the identity of an individual who has requested access to a controlled resource. It does not dictate how that access is performed after authorisation is established, neither does it dictate how any other operation or possible transaction is conducted following successful verification.
The exemplary embodiment described below essentially operates by creating an image of a scrambled version of a keypad (which may alternatively be called a ‘PIN pad’). The scrambled keypad image is sent for presentation or display on the target electronic device 1 for the user to view. In this example, the target device is a mobile phone 1, as shown in
The scrambled keypad image is arranged to resemble the standard, default keypad for the device. Each brand and/or model of device typically has its own style of default keypad which might be different in layout, symbols, size, colour etc. from the default keypads associated with other devices. The default keypad is usually generated and displayed on the mobile phone by a procedure call, which specifies the format of the keypad for that device and where it is to be displayed on the screen. The default keypad is a grid which occupies a specific area on the screen i.e. it is displayed at a specified location. It is a pre-defined area or portion (referred to herein as a ‘keypad zone’) within the phone's screen. The keypad zone is divided up into sub-zones wherein each sub-zone represents a key in the default key pad. Another way of saying this is to say that each sub-zone is associated with a particular symbol. The symbol for each key is displayed for the user to see on the screen within the location of its respective sub-zone. Therefore, if the user selects (e.g. touches or clicks on) an area designated to a particular sub-zone, the symbol for that associated key is recorded. In this way, the keypad serves as a virtual version of a mechanical keypad, generated electronically by software, detecting the location of the user's input within a defined screen area and using that to generate the input data rather than using physically pressable keys.
In such virtual keypads, each subzone is essentially a ‘hotspot’ on the screen, and a plurality of hotspots are combined adjacent one another to form a keypad. In the present example, the default keypad 2 of the phone is arranged as a 3×4 grid of keys, each key 4 having a symbol associated with it. In this case, the symbols include numeric digits. Each key 4 is a ‘hotspot’ area of the screen, each hotspot being associated with a symbol in the virtual keypad.
An example of a well-known style of default keypad 2 used with smart phones is shown in
This standard keypad 2 is then ‘overlaid’ with the scrambled keypad image 3 which is sent to the phone and is displayed on the screen at the keypad zone. This superimposition is achieved by displaying the image of the scrambled keypad within the keypad display zone such that the positions of the scrambled ‘keys’ correspond to the positions of the hotspots in the default keypad. The alignment of the two keypads is such that only the scrambled keypad image is seen by the user and the underlying, operable keypad is hidden, at least partially but preferably entirely, by the image. Therefore, as far as the user is concerned, there is only one keypad, which looks exactly like the keypad the user expects, except with the keys in different positions relative to one another.
As the default keypad for the mobile phone is the ‘norm’ against which the scrambled keypad is referenced, it may be referred to as a ‘reference keypad’.
The scrambled keypad is sent to the phone as an image. Alternatively, it could be sent as a video file, to be discussed in more detail further below. This picture, video or image 3 may be referred to as a ‘representation’ because in one sense it represents a physical (depressible) keypad.
The scrambled keypad image 3 has been pre-generated (i.e. prior to the initialisation of the verification process). It is randomly selected from a set of pre-generated scrambled keypad representations and then sent over a telecommunications network to the handset (i.e. mobile phone) 1. The scrambled keypad image of
This keypad representation 3 has been generated to have exactly the same dimensions as the default keypad so that it can perfectly superimpose it. Thus, the mobile phone user (customer) views only one seamless keypad. The user is unaware that there is an underlying keypad 2 which has been generated in the background, behind the one that he sees and uses for entering his input. The image is sent to the user's device together with one or more instructions to invoke or call the necessary procedure for generating the underlying keypad.
The randomly-selected, scrambled keypad image 3 is effectively overlaid onto the phone's default keypad 2 so that when the user enters his PIN, a different result is generated within the device other than that which the user intended to enter, or at least thought he was entering. This is achieved as a result of the relationship (mapping) between the differently positioned keys 4 in the two keypads 2, 3. The user touches the screen at a particular location to enter a digit shown in the overlying scrambled keypad image 3, but this is interpreted as being the digit in the underlying keypad 2 at that sub-zone. As the user enters a subsequent input its corresponding, underlying symbol is concatenated to the previous input to construct a complete PIN.
In this way, an encoded version of the user's PIN is produced based upon the position of the hidden keys 4 which the user selects via the scrambled keypad representation 3. If the user makes a mistake, a new (different) keypad representation 3 is sent to the device 1.
Thus, the PIN that the user thinks he is entering is not the PIN recorded by the software residing on the user's phone. The user's ‘real’ PIN is never stored on the insecure phone 1, and is not transmitted over any (insecure) network. Only the encoded version is stored, transmitted. The encoded version of the PIN may be encrypted prior to transmission to further enhance security. Thus, any interceptor would be unable to decode, guess or re-translate the real PIN without knowing how the positions of the keys in each keypad map to one another.
In the present embodiment, the decoding process is handled by a component of the invention which ‘knows’ the layout of the keys in both keypads and is, therefore, able to map the encoded digits back to their original counterparts, thus arriving back at the user's intended input. This deciphered PIN can then be compared against the user's previously stored PIN for verification purposes.
In the exemplary embodiment, the scrambled keypad image 3 is encrypted before it is sent to the phone 1. Upon arrival at the phone 1 it is loaded into a secure or protected portion of memory on the device 1 (or at least as protected as it can be). In other words, all of the usual security features are used by the invention as if the customer's real PIN has been entered (rather than a translated version). This provides another layer of security and protection.
These aspects of the invention are now discussed in greater detail in relation to one way in which the invention can be put into use.
Pin Pad Production
The ‘PIN Pad Production Program’ 6 is responsible for generating all of the scrambled keypad images 3 used throughout the system. An overview of this aspect of the invention is shown in
If simply randomly scrambled keypads are used, there is a risk that one or more keys may not be positionally scrambled. This could resort in one or more keys of the users input PIN corresponding positionally on the standard and scrambled PIN. This is not ideal.
Consequently, during PIN pad (image) generation, scrambled key pad images that would have one or more keys positionally corresponding to the standard keypad are discarded. The PIN pad production is therefore preferably not purely random, but is subjected to a selection process to select/discard according to a specific criteria.
The PIN pad (image) generation takes place in a secure environment, typically complaint with payment card industry data security standard.
The output resolution and file type must be initially set up before use on a particular target device 1 (in this case the type of mobile phone). This ensures that outputted images are generated to the optimum resolution for that device e.g. 256×184.
A master ‘Background Image’ 7 is then selected which matches the resolution as set above, and a ‘Permutations File’ 5 selected containing all the required permutations of digits (keys) for the final keypad images. In one implementation, this file 5 must be a comma separated text file with each permutation on a new line. However, a variety of implementations may be devised to the same effect. For example, each permutation could be separated by a # or *.
The ‘Permutations File’ 5 is then merged with the ‘Background Image’ 7 using the user's selection of Font Type, Size and Colour to produce the completed keypad image 3. The completed keypad image 3 is then optimized and reduced in size to be as small as possible for optimum transmission speed.
In addition to standard monochrome keypads as shown in
In some embodiments, advertisements, educational messages or other content may be incorporated in the presented imagery.
These keypad images may employ special fonts or colours to enable any specific regional characters e.g. Arabic to be used, and also to ensure that the images cannot be read by unauthorised Optical Character Recognition programs (thus enhancing security).
Each keypad image that is produced is also given a unique filename and a master index is created for all keypad images that have been generated. When a scrambled keypad image is sent to the device, a copy of the filename of that image is temporarily stored. This filename contains the order of the keys within the keypad image. This enables the mapping between the scrambled keypad image and the reference keypad to be recorded.
For security purposes, the scrambled keypad image 3 is renamed before it is encrypted and sent to the remote device 1; this prevents malware or other unauthorised parties from possibly intercepting and decoding the PIN.
By way of example,
On suitably powerful devices, a video overlay may be used instead of a static image to further decrease the potential that OCR software could be used to read the keypad. This feature could also be used for advertising purposes.
It is important that, in order to provide a necessary level of security, malware and unauthorised parties are not able to read the data contained in the scrambled keypad image displayed to the user. As described above, this is achieved by the invention by providing the scrambled keypad in a single image or picture format. While it is possible to OCR images on a microcomputer, mobile telephones do not have the capabilities to do this, and it would be almost impossible for hidden malware to possess the required level of sophistication without attracting detection.
This issue can, at least in part, be addressed by using random backgrounds and fonts which cannot be understood by OCR technologies. The problem could also be addressed by delivering the keypad image as a video file. While video files do not lend themselves to being read by OCR technologies it is technically possible for a third party to ‘grab’ a single screen from a video file and read it.
One solution which may be incorporated into various embodiments of the invention would be to combine the two afore-mentioned systems into one. Thus, the scrambled keypad image is presented to the user in a plain format (ie non special fonts are used and the background is ‘normal’) but the file itself is a small video file which, when played, tricks the eye into thinking that the image is solid and static. In reality no single frame contains enough information for it to be reverse engineered back into understandable, useable content.
The system can be achieved in as little as 3 frames, each played quickly and in succession so as to appear static. An example is given in
Registration Process
This aspect of the invention is illustrated in
In certain embodiments, a device 1 must be registered before it can be used with the system of the present invention and a small application 8 downloaded to the target device 1. If the device being used is a mobile phone 1 then the update process can occur ‘Over The Air’ automatically; if the device is a fixed terminal then the software 8 may be downloaded over a fixed line, although it may alternatively be built into the device at the time of manufacture and simply updated if required.
To register a mobile phone 1 with the system the user would need to undertake a registration process comprising the following steps:
To register onto the system with a fixed device the user would complete a similar process as follows:
Consider
It should be noted that in certain embodiments user registration may not be a requirement. This may be the case where the software is integrated into a 3rd party application. In such embodiments, the required registration method may have been put in place by the third party.
Transaction Process
This aspect of the invention is illustrated in
Upon successful registration of the user and device, transactions can be performed. An authentication (PIN request) can be initiated by several methods depending on the manner in which the system has been integrated with 3rd party applications.
Typically integration occurs with 3rd parties who:
However, the invention is not intended to be limited in this regard and the nature of service or resources provided by the 3rd party is not a limiting feature of the invention.
In all cases described above there is a common trigger for the PIN application to load and perform the subsequent PIN entry process.
Once a request for an image has been received by the server (which may be referred to as the ‘computer-based resource’) the incoming device 1 is identified and authenticated and, if successful, the next keypad image from the device's ‘Index’ 13 is encrypted and transmitted to the device 1. The keypad images are sent sequentially as per the devices ‘index 2’ as shown in item 13 of
Once the encrypted keypad image 3 is received by the device 1 it is decrypted and passed to the ‘Secure Terminal Application’.
Secure Terminal Application
This aspect of the invention is illustrated in
The ‘Secure Terminal Application’ is the program that resides on the target device/phone 1 or the fixed terminal and is responsible for the secure input and transmission of the user's inputted PIN back to the server.
As described above, a keypad 2 is created on the device in a 3×4 grid. Each hotspot is assigned a numerical character. The application then ‘overlays’ this reference keypad 2 with the randomised keypad representation 3 that has been pre-generated and sent down to the handset 1. This scrambled keypad representation 3 has been generated to exactly the same dimensions as the keypad 2 underneath and perfectly overlays it, as described above.
Thus, when the user enters their PIN number 14 using the scrambled representation 3, a different, encoded output is generated. In the example below, if the user's PIN was ‘6725’ then the output from the keypad would be ‘0476’. It is the keypad output of ‘0476’ that is encrypted and sent back to the server's ‘Decryption Engine’.
Once the keypad has been pressed four times the scrambled keypad image 3 is securely wiped using a secure deletion algorithm from the protected memory where it resides.
The Decryption Engine
Once the central server (‘computer-based resource’) receives the incoming encoded and encrypted PIN from the handset 1 it must be converted back into the original user PIN.
This is done by the ‘Decryption Engine’ which is held on a separate secure server solely for this purpose. As described earlier, when the device 1 identifies itself to the server and requests a keypad image 3 the unique filename for the keypad image that was sent to the device 1 is temporarily stored. This filename contains the order of the keys within the keypad i.e. for the keypad image shown in
When the encrypted PIN arrives the message is firstly decrypted using the shared key used for the handset/device (this may be Triple DES or Public Private Key, or whatever is deemed appropriate during development according to the handset).
Once the message has been decrypted the encoded PIN that was generated by the user input must be decrypted. To do this the filename of the keypad image that was sent is copied into a temporary array and then for each number that was generated by the user input the number in the corresponding array position is substituted, thus revealing the actual PIN number.
So for the example above where the user's PIN was 6725, the handset generated and transmitted an encrypted PIN of 0476.
Now when the filename of the keypad image that was sent is copied into the array ‘0347152986’ we get the data shown in
For each number in the generated PIN the ‘Array Position’ is located and the corresponding ‘Filename Character’ is substituted.
First Digit of PIN=0 (GOTO array position 0); First digit of user's PIN number=6 as shown in
Second Digit of PIN=4 (GOTO array position 4) Second digit of user's PIN number=7 as shown in
Third Digit of PIN=7 (GOTO array position 7) Third digit of user's PIN number=2 as shown in
Fourth Digit of PIN=6 (GOTO array position 6) Fourth digit of user's PIN number=5 as shown in
After the decryption process has been completed the user's ‘real’ input of 6725 is revealed. This PIN number 6725 is then encrypted using standard banking encryption and passed to the Acquirer or banking partner for processing. It should be noted that this is only further encrypted and passed to the acquirer in embodiments relating to a financial transaction. The data may or may not be further encrypted depending upon the nature and requires of the specific application.
The array is then securely erased to ensure security, along with any other temporary data.
It should be noted that in certain alternative embodiments, 12 smaller key pictures (one for each number or hotspot) may be provided. The phone or other device may be arranged to to select a random number and rearrange the individual pictures into a 3×4 array (and thus making up a virtual keypad on demand). However, such embodiments present potential security loopholes and may provide several access points for malware to obtain the user's PIN (as the handset/device would have to transmit the random number and thus the order of the PIN pad back to the server). Therefore, such an embodiment is suitable for applications where required security levels are somewhat relaxed.
It should also be noted that although the invention has been described above in respect of a mobile phone having a touch screen, other embodiments may comprise a different type of device. For example, in another embodiment the device could be a personal computer, or a laptop, or a tablet computer. The embodiment would function essentially as described above except that as general purpose computing devices, such as PCs, do not typically comprise a standard procedure call for generating a keypad as mobile phones do, the keypad zone and hotspots are specified by a purpose-built software component executing on the device. The software specifies the portion of the screen which makes up the keypad zone, and the locations of the sub-zones (keys) and their associated symbols within the keypad zone. The scrambled keypad image is displayed at that location to provide the superimposition technique described above. The underlying keypad is generated using the same (or substantially the same) procedure call used by the smart phone implementation.
In another embodiment, a terminal could be provided which resembles the known card-reading terminals used in retail environments. The terminal may comprise a touch screen and comprise internal components replicating those of a mobile telephone. Thus, the terminal can receive and send data as a phone can, and the terminal can function is accordance with the invention as described above in with reference to the target device being a mobile phone.
Thus, the invention can be configured for use with a variety of computing-related devices to equal effect.
In addition, the invention can be configured to include various features which further enhance the security of the user's data.
Watermarking
For example, so-called ‘man in the middle attacks’ are a known problem. This can be addressed in the present invention using a ‘watermark’ feature to demonstrate to the user (i.e. a retailer or possibly the end customer) that the input device is communicating with a legitimate party (e.g. the appropriate bank) and therefore that the scrambled keypad image has been sent by that legitimate party and not an imposter.
Such a feature may be implemented in a variety of ways. For example, when a retailer registers to use the system they choose and store a secret indicator (word, phrase, number, name, image etc.) that only they and the trusted party knows. Then, when a transaction is required the following process is performed:
When the PIN entry screen is displayed the merchant must physically check that the pre-selected secret word etc that they registered is displayed on the screen before handing the terminal to the customer for their PIN entry. This is essentially the same principle which is employed in ssl technology wherein one looks for the small yellow lock icon as confirmation of the site's legitimacy.
By doing this, the responsibility is placed onto the merchant to ensure that the device is talking securely to a legitimate party. If a different indicator (watermark) is displayed from that which the merchant expects, or no indicator is shown at all, it can be assumed that the process has been compromised.
This watermark may stay on the screen for duration of the PIN entry by the consumer. However, it is preferable that it is only displayed for a short period of time (e.g. the region of a few seconds) and then disappears before it may be seen by any other person, such as the customer. If the watermark is seen by another person, this could allow them to perform a man in the middle attack.
Upon registration the user may also choose where to have the watermark displayed e.g. right, left, centre, top etc. A keypad image having the watermark in the bottom left corner is shown in
Moreover, the watermark does not have to be in textual form. In some embodiments, the user may upload a photograph or other file (for example, a family photo or a photo of the shop etc.) so that this picture is displayed in the background. This is illustrated in
This watermarking feature is suitable for employment with all embodiments of the invention, irrespective of the context in which the invention is used or the nature of the device used to display the keypad (e.g. online through a browser, via a terminal arranged for use with the invention, or a mobile phone etc.)
Additional PinPad Encryption
In order to further enhance the security of the system, the invention may employ one or more techniques for making it more difficult for an unauthorised party to figure out, discern or calculate the mapping between the displayed keypad image (i.e. the one that the user uses to enter his PIN) and the underlying keypad.
For example, if the user has selected a PIN which contains the same digit more than once (e.g. 1223) this may make it easier to compute the correlation between the input and the ‘underlying’ keypad.
One possible approach to overcoming this could be to create more than one underlying keypad. For example, a virtual keypad could be generated for each key press. An example is given below.
However, if 4 different ‘underlying’ keypads are used instead of one, this problem is overcome. Thus, a sequence of digits can be sent to the target device (e.g. terminal, phone, PC) and the sequence is used by the target device to form the keypad. For the keypad in
Thus, the top pin pad as per
Suppose now that the user's input is 1111. Instead of 9999 being produced, the code 9857 is produced and sent back to the server for decryption. As the server ‘knows’ which scrambled keypad image was sent, and which sequences of digits, the resulting encoded PIN appears to be much more random and is therefore much harder to decipher by an interceptor. The decryption process at the server end remains as set out above.
Moreover, in order to enhance security further it is possible to use combinations of other characters in the generation of the keypads, not just characters. For example, the sequence Jg6KrBjoJ6 could be sent. This would generate the underlying keypad shown in
In such an embodiment, the use of randomly generated strings of characters in the bottom keypad reduces the need to ‘filter’ the underlying keypads (as described above) to remove potentially unsuitable keypads which might provide an attacker with a possible starting point for an attack.
However in a preferred embodiment only 1.6 m scrambled (‘top’) keypad images are used rather than the possible 3.6 m and a check is still performed to ensure that no mapping is the same ie. 1=1 between the superimposed and the underlying keypads.
System Level Architecture
Device app: an app that runs on a terminal or mobile phone to manage user interaction and technical process flow including initiating a payment transaction, interacting with card reader, requesting an oPinPad (i.e. scrambled keypad image), encrypting the entered oPin and sending the transaction online for authorization.
OPinPad Management Module: a stand-alone application module that runs in a central secure data center on a dedicated server. It holds a database of all oPinPad TIF images and manages distribution of the oPinPad TIFs on demand.
Auth Client: a stand-alone application module that runs in a central secure data center, possibly on the same server as the oPinPad Management Module (or, in some embodiments on its own dedicated server). It receives the message from the Device and prepares it to be sent to the Payments Switch for Authorisation.
HPSAM Appliance: a stand-alone application module that runs in central secure data centre on a dedicated server. In some embodiments the server may be security hardened.
In
Referring to the numeric references in
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word “comprising” and “comprises”, and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, “comprises” means “includes or consists of” and “comprising” means “including or consisting of”. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Number | Date | Country | Kind |
---|---|---|---|
1212878 | Jul 2012 | GB | national |
1306053 | Apr 2013 | GB | national |
The present application is a continuation of U.S. Non-Provisional patent application Ser. No. 15/197,086, filed on Jun. 29, 2016, which is a continuation of U.S. Non-Provisional patent application Ser. No. 15/094,383, filed on Apr. 8, 2016, now U.S. Pat. No. 10,366,215, which is a continuation of U.S. Non-Provisional patent application Ser. No. 14/416,054, filed on Jan. 20, 2015, now U.S. Pat. No. 9,552,465, which is a national stage of International Patent Application No. PCT/GB2013/051913 filed on Jul. 17, 2013, and which claims priority to UK Patent Applications No. GB1306053.8 filed on Apr. 4, 2013, and No. GB1212878.1 filed on Jul. 20, 2012, all of which are herein incorporated by reference in their entireties.
Number | Name | Date | Kind |
---|---|---|---|
2819067 | Dusenbury | Jan 1958 | A |
3176324 | Birgbauer, Sr. | Apr 1965 | A |
3201732 | Olsen | Aug 1965 | A |
3255323 | Austin | Jun 1966 | A |
3270720 | Ehrhardt | Sep 1966 | A |
3347103 | High | Oct 1967 | A |
3364601 | Korenek | Jan 1968 | A |
3375428 | Mitchell | Mar 1968 | A |
3392846 | Getzin | Jul 1968 | A |
3413071 | Chester | Nov 1968 | A |
3621242 | Ferguson | Nov 1971 | A |
3762876 | Koehler | Oct 1973 | A |
3965066 | Sterman | Jun 1976 | A |
5193152 | Smith | Mar 1993 | A |
5209102 | Wang | May 1993 | A |
5219794 | Satoh | Jun 1993 | A |
5234389 | Goates | Aug 1993 | A |
5257486 | Holmwall | Nov 1993 | A |
5363449 | Bestock | Nov 1994 | A |
5434702 | Byron | Jul 1995 | A |
5504808 | Hamrick, Jr. | Apr 1996 | A |
5549194 | Dag | Aug 1996 | A |
5715078 | Shiraishi | Feb 1998 | A |
5754652 | Wilfong | May 1998 | A |
5949348 | Kapp | Sep 1999 | A |
5990586 | Milano, Jr. | Nov 1999 | A |
6193152 | Fernando | Feb 2001 | B1 |
6209102 | Hoover | Mar 2001 | B1 |
6219794 | Soutar | Apr 2001 | B1 |
6234389 | Valliani | May 2001 | B1 |
6257486 | Teicher | Jul 2001 | B1 |
6434702 | Maddalozzo, Jr. | Aug 2002 | B1 |
6549194 | McIntyre | Apr 2003 | B1 |
6630928 | McIntyre | Oct 2003 | B1 |
6671405 | Savakis | Dec 2003 | B1 |
6715078 | Chasko | Mar 2004 | B1 |
6990586 | Tresser | Jan 2006 | B1 |
7003316 | Elias | Feb 2006 | B1 |
7010806 | Bender | Mar 2006 | B2 |
7047222 | Bush | May 2006 | B1 |
7091845 | Midland | Aug 2006 | B2 |
7092915 | Best | Aug 2006 | B2 |
7243237 | Peinado | Jul 2007 | B2 |
7305565 | Lungaro | Dec 2007 | B1 |
7395506 | Tan | Jul 2008 | B2 |
7698563 | Shin | Apr 2010 | B2 |
7735121 | Madani | Jun 2010 | B2 |
7992007 | Lazzaro | Aug 2011 | B2 |
8117458 | Osborn, III | Feb 2012 | B2 |
8176324 | Krishnamurthy | May 2012 | B1 |
8201732 | Kropf | Jun 2012 | B1 |
8255323 | Casey | Aug 2012 | B1 |
8270720 | Ladd | Sep 2012 | B1 |
8297173 | Teetzel | Oct 2012 | B1 |
8347103 | Jones | Jan 2013 | B2 |
8364601 | Dewan | Jan 2013 | B2 |
8375428 | Won | Feb 2013 | B2 |
8392846 | Carapelli | Mar 2013 | B2 |
8413071 | Kim | Apr 2013 | B2 |
8453027 | Bartz | May 2013 | B2 |
8453207 | White | May 2013 | B1 |
8621242 | Brown | Dec 2013 | B2 |
8762876 | Puppin | Jun 2014 | B2 |
8965066 | Derakhshani | Feb 2015 | B1 |
9082253 | Harty | Jul 2015 | B1 |
9235967 | Magee | Jan 2016 | B1 |
9552465 | Pike | Jan 2017 | B2 |
9576411 | Kim | Feb 2017 | B2 |
10108796 | Lo | Oct 2018 | B2 |
10366215 | Pike | Jul 2019 | B2 |
20020016918 | Tucker | Feb 2002 | A1 |
20020023215 | Wang | Feb 2002 | A1 |
20020029342 | Keech | Mar 2002 | A1 |
20020046185 | Villart | Apr 2002 | A1 |
20020082962 | Farris | Jun 2002 | A1 |
20020123972 | Hodgson | Sep 2002 | A1 |
20020129250 | Kimura | Sep 2002 | A1 |
20020188872 | Willeby | Dec 2002 | A1 |
20030002667 | Gougeon | Jan 2003 | A1 |
20030004877 | Kasasaku | Jan 2003 | A1 |
20030120612 | Fujisawa | Jun 2003 | A1 |
20030120936 | Farris | Jun 2003 | A1 |
20030132918 | Fitch | Jul 2003 | A1 |
20030212327 | Wang | Nov 2003 | A1 |
20030229597 | De Jong | Dec 2003 | A1 |
20030229598 | De Jong | Dec 2003 | A1 |
20030229791 | De Jong | Dec 2003 | A1 |
20040010690 | Shin | Jan 2004 | A1 |
20040039933 | Martin | Feb 2004 | A1 |
20040044739 | Ziegler | Mar 2004 | A1 |
20040073809 | Wing | Apr 2004 | A1 |
20040122768 | Creamer | Jun 2004 | A1 |
20040122771 | Celi | Jun 2004 | A1 |
20040182921 | Dickson | Sep 2004 | A1 |
20050010786 | Michener | Jan 2005 | A1 |
20050012715 | Ford | Jan 2005 | A1 |
20050036611 | Seaton | Feb 2005 | A1 |
20050043997 | Sahota | Feb 2005 | A1 |
20050075973 | Yousofi | Apr 2005 | A1 |
20050127156 | Yoo | Jun 2005 | A1 |
20050127158 | Figueras | Jun 2005 | A1 |
20050140832 | Goldman | Jun 2005 | A1 |
20050144449 | Voice | Jun 2005 | A1 |
20050146447 | Na | Jul 2005 | A1 |
20050177522 | Williams | Aug 2005 | A1 |
20050193208 | Charrette, III | Sep 2005 | A1 |
20050212763 | Okamura | Sep 2005 | A1 |
20060003706 | Welland | Jan 2006 | A1 |
20060017691 | Cruz-Hernandez | Jan 2006 | A1 |
20060018467 | Steinmetz | Jan 2006 | A1 |
20060026440 | Sauvebois | Feb 2006 | A1 |
20060032705 | Isham | Feb 2006 | A1 |
20060037067 | Morris | Feb 2006 | A1 |
20060053301 | Shin | Mar 2006 | A1 |
20060104446 | Varghese | May 2006 | A1 |
20060133597 | Song | Jun 2006 | A1 |
20060136334 | Atkinson | Jun 2006 | A1 |
20060146169 | Segman | Jul 2006 | A1 |
20060149845 | Malin | Jul 2006 | A1 |
20060155619 | Rhiando | Jul 2006 | A1 |
20060182715 | Sandrock | Aug 2006 | A1 |
20060206919 | Montgomery | Sep 2006 | A1 |
20060221059 | Choi | Oct 2006 | A1 |
20060224523 | Elvitigala | Oct 2006 | A1 |
20060247533 | Abe | Nov 2006 | A1 |
20070005500 | Steeves | Jan 2007 | A1 |
20070014415 | Harrison | Jan 2007 | A1 |
20070073937 | Feinberg | Mar 2007 | A1 |
20070089164 | Gao | Apr 2007 | A1 |
20070101150 | Oda | May 2007 | A1 |
20070110224 | Gumpel | May 2007 | A1 |
20070182715 | Fyke | Aug 2007 | A1 |
20070209014 | Youmtoub | Sep 2007 | A1 |
20070213090 | Holmberg | Sep 2007 | A1 |
20070279391 | Marttila | Dec 2007 | A1 |
20070282756 | Dravenstott | Dec 2007 | A1 |
20080011098 | Herremans | Jan 2008 | A1 |
20080014818 | Privitera | Jan 2008 | A1 |
20080110981 | DeLine | May 2008 | A1 |
20080148186 | Krishnamurthy | Jun 2008 | A1 |
20080165035 | Bhella | Jul 2008 | A1 |
20080168546 | Almeida | Jul 2008 | A1 |
20080172735 | Gao | Jul 2008 | A1 |
20080184036 | Kavsan | Jul 2008 | A1 |
20080209223 | Nandy | Aug 2008 | A1 |
20080251969 | Isham | Oct 2008 | A1 |
20080280652 | Marry | Nov 2008 | A1 |
20080289035 | Delia | Nov 2008 | A1 |
20080306995 | Newell | Dec 2008 | A1 |
20080319902 | Chazan | Dec 2008 | A1 |
20090033522 | Skillman | Feb 2009 | A1 |
20090044282 | Govindaraju | Feb 2009 | A1 |
20090066660 | Ure | Mar 2009 | A1 |
20090067627 | Hogl | Mar 2009 | A1 |
20090077383 | De Monseignat | Mar 2009 | A1 |
20090106827 | Cerruti | Apr 2009 | A1 |
20090183098 | Casparian | Jul 2009 | A1 |
20090193210 | Hewett | Jul 2009 | A1 |
20090213132 | Kargman | Aug 2009 | A1 |
20090235199 | Mastie | Sep 2009 | A1 |
20090254986 | Harris | Oct 2009 | A1 |
20090270078 | Nam | Oct 2009 | A1 |
20090277968 | Walker | Nov 2009 | A1 |
20090328197 | Newell | Dec 2009 | A1 |
20100036783 | Rodriguez | Feb 2010 | A1 |
20100049768 | Robert | Feb 2010 | A1 |
20100098300 | Otto | Apr 2010 | A1 |
20100109920 | Spradling | May 2010 | A1 |
20100117792 | Faith | May 2010 | A1 |
20100121737 | Yoshida | May 2010 | A1 |
20100125509 | Kranzley | May 2010 | A1 |
20100138666 | Adams | Jun 2010 | A1 |
20100149100 | Meiby | Jun 2010 | A1 |
20100153270 | Hawkes | Jun 2010 | A1 |
20100174653 | Tian | Jul 2010 | A1 |
20100175016 | Tian | Jul 2010 | A1 |
20100180336 | Jones | Jul 2010 | A1 |
20100182244 | Onda | Jul 2010 | A1 |
20100186076 | Ali | Jul 2010 | A1 |
20100215270 | Manohar | Aug 2010 | A1 |
20100223663 | Morimoto | Sep 2010 | A1 |
20100242104 | Wankmueller | Sep 2010 | A1 |
20100259561 | Forutanpour | Oct 2010 | A1 |
20100287097 | Treadwell | Nov 2010 | A1 |
20100287382 | Gyorffy | Nov 2010 | A1 |
20100306283 | Johnson | Dec 2010 | A1 |
20100323617 | Hubinak | Dec 2010 | A1 |
20110004769 | Won | Jan 2011 | A1 |
20110018033 | Takenaka | Jan 2011 | A1 |
20110020414 | Kunin | Jan 2011 | A1 |
20110055084 | Singh | Mar 2011 | A1 |
20110090097 | Beshke | Apr 2011 | A1 |
20110109567 | Kim | May 2011 | A1 |
20110144586 | Michaud | Jun 2011 | A1 |
20110180336 | Kurata | Jul 2011 | A1 |
20110185313 | Harpaz | Jul 2011 | A1 |
20110185319 | Carapelli | Jul 2011 | A1 |
20110191591 | Cheng | Aug 2011 | A1 |
20110191856 | Keen | Aug 2011 | A1 |
20110199387 | Newton | Aug 2011 | A1 |
20110204140 | Hart | Aug 2011 | A1 |
20110246369 | De Oliveira | Oct 2011 | A1 |
20110281630 | Omar | Nov 2011 | A1 |
20110310019 | Wilson | Dec 2011 | A1 |
20110313871 | Greenwood | Dec 2011 | A1 |
20110321138 | Kruger | Dec 2011 | A1 |
20120042365 | Shoval | Feb 2012 | A1 |
20120047564 | Liu | Feb 2012 | A1 |
20120079273 | Bacchiaz | Mar 2012 | A1 |
20120095867 | McKelvey | Apr 2012 | A1 |
20120096277 | Perez Soria | Apr 2012 | A1 |
20120098750 | Allen | Apr 2012 | A1 |
20120132705 | Golueke | May 2012 | A1 |
20120158672 | Oltean | Jun 2012 | A1 |
20120159160 | Poisner | Jun 2012 | A1 |
20120159582 | Griffin | Jun 2012 | A1 |
20120159583 | Griffin | Jun 2012 | A1 |
20120159592 | Griffin | Jun 2012 | A1 |
20120159593 | Griffin | Jun 2012 | A1 |
20120159594 | Griffin | Jun 2012 | A1 |
20120159609 | Griffin | Jun 2012 | A1 |
20120159613 | Griffin | Jun 2012 | A1 |
20120159614 | Griffin | Jun 2012 | A1 |
20120159616 | Griffin | Jun 2012 | A1 |
20120162086 | Rhee | Jun 2012 | A1 |
20120185398 | Weis | Jul 2012 | A1 |
20120222100 | Fisk | Aug 2012 | A1 |
20120222102 | Hirose | Aug 2012 | A1 |
20120249295 | Yeung | Oct 2012 | A1 |
20120253971 | Bansal | Oct 2012 | A1 |
20120256723 | Grover | Oct 2012 | A1 |
20120260326 | Steigmann | Oct 2012 | A1 |
20120291120 | Griffin | Nov 2012 | A1 |
20120305648 | Sondhi | Dec 2012 | A1 |
20120311723 | Britt, Jr. | Dec 2012 | A1 |
20120313858 | Park | Dec 2012 | A1 |
20120323788 | Keresman, III | Dec 2012 | A1 |
20130018800 | Devaraju | Jan 2013 | A1 |
20130019320 | Ericsson | Jan 2013 | A1 |
20130020389 | Barnett | Jan 2013 | A1 |
20130021233 | Umminger | Jan 2013 | A1 |
20130023240 | Weiner | Jan 2013 | A1 |
20130026513 | Aurongzeb | Jan 2013 | A1 |
20130029824 | De Koning | Jan 2013 | A1 |
20130042318 | Thatha | Feb 2013 | A1 |
20130047237 | Ahn | Feb 2013 | A1 |
20130050088 | Smith | Feb 2013 | A1 |
20130060739 | Kalach | Mar 2013 | A1 |
20130078951 | Mun | Mar 2013 | A1 |
20130086382 | Barnett | Apr 2013 | A1 |
20130091583 | Karroumi | Apr 2013 | A1 |
20130106690 | Lim | May 2013 | A1 |
20130117573 | Harbige | May 2013 | A1 |
20130148044 | Ohyama | Jun 2013 | A1 |
20130154937 | Park | Jun 2013 | A1 |
20130154981 | Park | Jun 2013 | A1 |
20130159196 | DiZoglio | Jun 2013 | A1 |
20130198459 | Joshi | Aug 2013 | A1 |
20130207902 | Showering | Aug 2013 | A1 |
20130232549 | Hawkes | Sep 2013 | A1 |
20130265136 | Wadia | Oct 2013 | A1 |
20130298246 | Cragun | Nov 2013 | A1 |
20130301830 | Bar-El | Nov 2013 | A1 |
20140002558 | Ramesh | Jan 2014 | A1 |
20140013252 | Ehrler | Jan 2014 | A1 |
20140025580 | Bacastow | Jan 2014 | A1 |
20140096201 | Gupta | Apr 2014 | A1 |
20140162598 | Villa-Real | Jun 2014 | A1 |
20140168083 | Ellard | Jun 2014 | A1 |
20140173492 | Yoon | Jun 2014 | A1 |
20140195429 | Paulsen | Jul 2014 | A1 |
20140201831 | Yi | Jul 2014 | A1 |
20140283022 | Beloncik | Sep 2014 | A1 |
20140310531 | Kundu | Oct 2014 | A1 |
20140324698 | Dolcino | Oct 2014 | A1 |
20140324708 | McCauley et al. | Oct 2014 | A1 |
20150095241 | Edwards | Apr 2015 | A1 |
20150116225 | Luo | Apr 2015 | A1 |
20150154414 | Pike | Jun 2015 | A1 |
20150154598 | Forte | Jun 2015 | A1 |
20150261968 | Polyachenko | Sep 2015 | A1 |
20150332038 | Ramsden | Nov 2015 | A1 |
20150347774 | Krstic | Dec 2015 | A1 |
20150350163 | Brander | Dec 2015 | A1 |
20150371213 | Pike | Dec 2015 | A1 |
20150379288 | Kubik | Dec 2015 | A1 |
20160006718 | Huxham | Jan 2016 | A1 |
20160034718 | Mizrachi | Feb 2016 | A1 |
20160042190 | Adderly | Feb 2016 | A1 |
20160063230 | Alten | Mar 2016 | A1 |
20160065546 | Krishna | Mar 2016 | A1 |
20160125193 | Dai Zovi | May 2016 | A1 |
20160154980 | Neumann | Jun 2016 | A1 |
20160224771 | Pike | Aug 2016 | A1 |
20160246955 | Jiang | Aug 2016 | A1 |
20160253508 | Song | Sep 2016 | A1 |
20160283013 | Engstrom | Sep 2016 | A1 |
20160314293 | Pike | Oct 2016 | A1 |
20160314468 | Smith | Oct 2016 | A1 |
20160320965 | Chung | Nov 2016 | A1 |
20160337857 | Carron | Nov 2016 | A1 |
20170006140 | Park | Jan 2017 | A1 |
20170061138 | Lambert | Mar 2017 | A1 |
20170061408 | Choi | Mar 2017 | A1 |
20170140354 | Jenkins | May 2017 | A1 |
20170192670 | Raman | Jul 2017 | A1 |
20170235926 | Fyke | Aug 2017 | A1 |
20170270764 | Riedel | Sep 2017 | A1 |
20180032831 | Kim | Feb 2018 | A1 |
20180150623 | Pike | May 2018 | A1 |
20180150628 | Pike | May 2018 | A1 |
20180150629 | Pike | May 2018 | A1 |
20180150630 | Pike | May 2018 | A1 |
20180374392 | Ollivier | Dec 2018 | A1 |
20200005273 | Pike | Jan 2020 | A1 |
20200201960 | Pike | Jun 2020 | A1 |
20200210557 | Pike | Jul 2020 | A1 |
20200226235 | Pike | Jul 2020 | A1 |
Number | Date | Country |
---|---|---|
100583113 | Mar 2005 | CN |
101082948 | Dec 2007 | CN |
101126967 | Feb 2008 | CN |
201035502 | Mar 2008 | CN |
201111222 | Sep 2008 | CN |
202150070 | Feb 2012 | CN |
105956857 | Sep 2016 | CN |
106022172 | Oct 2016 | CN |
4129202 | Mar 1993 | DE |
4129202 | Mar 1993 | DE |
19803339 | Aug 1999 | DE |
10100188 | Jul 2002 | DE |
10306352 | Sep 2004 | DE |
102008050609 | Oct 2009 | DE |
102008056605 | May 2010 | DE |
102009022845 | Sep 2010 | DE |
102009022845 | Sep 2010 | DE |
102009023925 | Dec 2010 | DE |
102010022368 | Dec 2011 | DE |
0432409 | Jun 1991 | EP |
0662665 | Jul 1995 | EP |
0870222 | Oct 1998 | EP |
1161060 | Dec 2001 | EP |
1161060 | Dec 2001 | EP |
1599786 | Nov 2005 | EP |
1600847 | Nov 2005 | EP |
1615181 | Jan 2006 | EP |
1742450 | Jan 2007 | EP |
1840778 | Oct 2007 | EP |
2141647 | Jan 2010 | EP |
2141647 | Jan 2010 | EP |
2365469 | Sep 2011 | EP |
2400426 | Dec 2011 | EP |
2458491 | May 2012 | EP |
2458491 | May 2012 | EP |
2466512 | Jun 2012 | EP |
2466513 | Jun 2012 | EP |
2466514 | Jun 2012 | EP |
2466515 | Jun 2012 | EP |
2466516 | Jun 2012 | EP |
2466517 | Jun 2012 | EP |
2466518 | Jun 2012 | EP |
2466519 | Jun 2012 | EP |
2466520 | Jun 2012 | EP |
2466521 | Jun 2012 | EP |
2487620 | Aug 2012 | EP |
2512090 | Oct 2012 | EP |
2523137 | Nov 2012 | EP |
2775421 | Sep 2014 | EP |
3163926 | May 2017 | EP |
3176722 | Jun 2017 | EP |
3355512 | Aug 2018 | EP |
2622322 | Apr 1989 | FR |
2810067 | Dec 2001 | FR |
2812423 | Feb 2002 | FR |
2819067 | Jul 2002 | FR |
2923034 | May 2009 | FR |
2961330 | Dec 2011 | FR |
2969342 | Jun 2012 | FR |
2387702 | Oct 2003 | GB |
2388229 | Nov 2003 | GB |
2389693 | Dec 2003 | GB |
2402649 | Dec 2004 | GB |
2416058 | Jan 2006 | GB |
2416058 | Jan 2006 | GB |
2427059 | Dec 2006 | GB |
2438886 | Dec 2007 | GB |
2454459 | May 2009 | GB |
2457733 | Aug 2009 | GB |
2457733 | Aug 2009 | GB |
2520207 | May 2015 | GB |
2542512 | Mar 2017 | GB |
2556474 | May 2018 | GB |
1995271884 | Oct 1995 | JP |
2000099801 | Apr 2000 | JP |
2000165378 | Jun 2000 | JP |
2003346098 | Dec 2003 | JP |
2003346098 | Dec 2003 | JP |
2004102460 | Apr 2004 | JP |
2005107678 | Apr 2005 | JP |
2006243938 | Sep 2006 | JP |
2008506198 | Feb 2008 | JP |
2008204409 | Sep 2008 | JP |
2008537210 | Sep 2008 | JP |
2009199581 | Sep 2009 | JP |
2009237774 | Oct 2009 | JP |
2010126913 | Jun 2010 | JP |
2010533925 | Oct 2010 | JP |
2012138011 | Jul 2012 | JP |
2012194648 | Oct 2012 | JP |
20090130455 | Dec 2009 | KR |
101520803 | May 2015 | KR |
20180056116 | May 2018 | KR |
9311551 | Jun 1993 | WO |
9705578 | Feb 1997 | WO |
0025474 | May 2000 | WO |
0146922 | Jun 2001 | WO |
0146922 | Jun 2001 | WO |
02071177 | Sep 2002 | WO |
03058947 | Jul 2003 | WO |
03058947 | Jul 2003 | WO |
03058947 | Jul 2003 | WO |
2005104428 | Nov 2005 | WO |
2005104428 | Nov 2005 | WO |
2006010058 | Jan 2006 | WO |
2006064241 | Jun 2006 | WO |
2006095203 | Sep 2006 | WO |
2007056746 | May 2007 | WO |
2007143740 | Dec 2007 | WO |
2007143740 | Dec 2007 | WO |
2009000223 | Dec 2008 | WO |
2009009788 | Jan 2009 | WO |
2009009788 | Jan 2009 | WO |
2009012326 | Jan 2009 | WO |
2009130985 | Oct 2009 | WO |
2010131218 | Nov 2010 | WO |
2010131218 | Nov 2010 | WO |
2010134808 | Nov 2010 | WO |
2011093998 | Aug 2011 | WO |
2011155915 | Dec 2011 | WO |
2011155915 | Dec 2011 | WO |
12009334 | Jan 2012 | WO |
2012004395 | Jan 2012 | WO |
2012077098 | Jun 2012 | WO |
2012131420 | Oct 2012 | WO |
2012146587 | Nov 2012 | WO |
2013013192 | Jan 2013 | WO |
2013021233 | Feb 2013 | WO |
2013148044 | Oct 2013 | WO |
2014013252 | Jan 2014 | WO |
2014111689 | Jul 2014 | WO |
2014132193 | Sep 2014 | WO |
2015055973 | Apr 2015 | WO |
2015063474 | May 2015 | WO |
2016046458 | Mar 2016 | WO |
2016048236 | Mar 2016 | WO |
2016189325 | Dec 2016 | WO |
2017065576 | Apr 2017 | WO |
2017190561 | Nov 2017 | WO |
Entry |
---|
EyeDecrypt—Private Interactions in plain Sight, Forte et al., Proc. 9th Conference on Security and Cryptography for Networks (SCN 2014). |
GlobalPlatform Device Technology Trusted User Interface API, Version 1.0, Jun. 2013, Document Reference: GPD_SPE_020. |
PCI Mobile Payment Acceptance Security Guidelines for Developers, Version 1.0, Emerging Technologies, PCI Security Standards Council, Sep. 2012. |
PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.0, Emerging Technologies, PCI Security Standards Council, Feb. 2013. |
Secure Mobile Payment on NFC-Enabled Mobile Phones Formally Analysed Using CasperFDR, S. Abughazalah et al, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 422-431. |
Thales e-Security mPOS Secure Mobile Card Acceptance White Paper, Nov. 2013. |
Anonymous, “Fujitsu Develops World's First Authentication Technology to Extract and Match 2,048-bit Feature Codes from Palm Vein Images”, Fujitsu Global, Kawasaki, Japan, (Aug. 5, 2013), URL: http://www.fujitsu.com/global/about/resources/news/press-releases/2013/0805-01.h tml, (Aug. 1, 2016), XP055292505, 4 pages. |
Decision to Grant for related GB2520207dated Dec. 8, 2015. 2 pages. |
Examination Report of Application No. GB1619853.3 dated Mar. 8, 2017. 3 pages. |
Examination Report of Indian Application No. 2301/KOLNP/2015 dated Oct. 18, 2019. 5 pages. |
https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2011116570&tab=PCTBIBL IO&maxRec=1000 (Year: 2010), 4 pages. |
https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2016188127&tab=PCTBIBL IO&maxRec=1000 (Year: 2015), 6 pages. |
International Search Report and Written Opinion of International Application No. PCT/GB2016/051548 dated Aug. 8, 2016, 10 pages. |
International Search Report and Written Opinion of International Application No. PCT/GB2016/051549 dated Aug. 10, 2016, 11 pages. |
International Search Report and Written Opinion of International Application No. PCT/GB2016/051550 dated Aug. 8, 2016, 10 pages. |
International Search Report and Written Opinion of International Application No. PCT/GB2016/051553 dated Aug. 4, 2016, 9 pages. |
International Search Report in related PCT Application No. PCT/GB2013/051913 dated Feb. 6, 2014. 6 pages. |
Roos, “Automatically Downloading My ING Direct Transactions—Chris Roos”, Jun. 23, 2007, XP055085833. 7 pages. |
Search and Examination Report of Application No. GB1906165.4 dated Aug. 23, 2019, 5 pages. |
Search Report cited in Office Action dated Nov. 26, 2019 of Russian Application No. 2017141194/08, 2 pages. |
Search Report in related GB Application No. GB1212878.1 dated Dec. 3, 2012. 4 pages. |
Search Report issued by United Kingdom Intellectual Property Office dated Oct. 6, 2017 for Application No. GB1321505.8, 3 pages. |
The Usability of Picture Passwords, FRASER, Jul. 23, 2014, 11 pages. |
Translation of Office Action dated Nov. 26, 2019 of Russian Application No. 2017141194/08, 6 pages. |
Using Biometrics to Generate Public and Private Keys, Satrugna Pakala, (May 31, 2006) Retrieved from internet; URL: http://www.sci.tamucc.edu/˜cams/GraduateProjects/view. php?view=266, 50 pages. |
Written Opinion of the Intl Searching Authority in related PCT Application No. PCT/GB2013/051913, 201 , Jan. 20, 2015, 11 pages. |
Ciphercard: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen Devices Authors: Teddy Seyed; Xing-Dong Yang; Anthony Tang; Saul Greenberg; Jiawei Gubin; Zhuxiang Cao. |
Japanese Office Action dated Sep. 8, 2020 of application No. 2017-561754. |
Scramblepad, Scrambleprox, Scramblesmart, Scramblesmartprox Author: Hirsch Electronics Date: Jul. 27, 2013. |
Search Report dated Jul. 22, 2020 of GB application No. GB1916441.7, 2 pages. |
Touch Screen Remote Arming Station (RAS) Author: Tecom Date: Mar. 18, 2015. |
Chinese Office Action dated Dec. 3, 2020 of Application No. 201680039203.9. |
Australian Office Action dated Jan. 18, 2021 of application No. 2016269268. |
Indian Office Action dated Feb. 1, 2021 of application No. 20173704209. |
Indian Office Action dated Jan. 21, 2021 of application No. 201737042169. |
Number | Date | Country | |
---|---|---|---|
20200210557 A1 | Jul 2020 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15197086 | Jun 2016 | US |
Child | 16730017 | US | |
Parent | 15094383 | Apr 2016 | US |
Child | 15197086 | US | |
Parent | 14416054 | US | |
Child | 15094383 | US |