WO2000057262A1 - System for securing entry of encrypted and non-encrypted information on a touch screen - Google Patents

System for securing entry of encrypted and non-encrypted information on a touch screen Download PDF

Info

Publication number
WO2000057262A1
WO2000057262A1 PCT/US2000/007215 US0007215W WO0057262A1 WO 2000057262 A1 WO2000057262 A1 WO 2000057262A1 US 0007215 W US0007215 W US 0007215W WO 0057262 A1 WO0057262 A1 WO 0057262A1
Authority
WO
WIPO (PCT)
Prior art keywords
touch
encrypted
touch screen
encryption
toggling
Prior art date
Application number
PCT/US2000/007215
Other languages
French (fr)
Inventor
Aaron Bilger
Michael Dudgeon
Michael C. Finley
John Wade
Original Assignee
Radiant Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Radiant Systems, Inc. filed Critical Radiant Systems, Inc.
Priority to AU38982/00A priority Critical patent/AU3898200A/en
Publication of WO2000057262A1 publication Critical patent/WO2000057262A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • G06F21/87Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/041Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates to a method and system for securing and using a touch screen as a conventional touch screen and also as a cryptographic Personal Identification Number (PLN) Entry Device (PED).
  • PPN Personal Identification Number
  • PPN pad personal identification number
  • touch screens include information kiosks, custom greeting card do-it-yourself terminals, fast food self-order terminals, etc.
  • PLN pads may be used anywhere a debit card may be used such as grocery store checkout lane terminals, Automatic Teller Machines (ATM), and gasoline dispensers.
  • ATM Automatic Teller Machines
  • PLN pads are configured like a telephone key pad and the user enters an access code that is packaged and sent to a remote processor for validation. Choosing one type of public device over the other means sacrificing functionality to the user.
  • a touch screen If a touch screen is selected, a debit card or any other payment method requiring an encrypted digital signature such as passive debit cards cannot be accepted for payment at the terminal. The reason for this is security. Any machine that requires an encrypted digital signature such as a user's personal identification code must include security measures to prevent unauthorized access to the code. On the other hand, if a PLN pad is chosen, the user must translate a request for input from a screen to input on a numeric keypad. This type of interface is non- intuitive to the user as it diverges from the familiar point-and-click interaction model of modern applications.
  • the present invention is directed to a system and method that coalesces a touch screen and a PLN pad into a single secure device that meets the requirements of both.
  • the system and method includes advantages of each system with a small cost increase and requires low maintenance.
  • the system and method selectively generates encrypted and non -encrypted data within a touch screen device and transmits the data to a remote processor.
  • the system and method comprises a sensing means for detecting the coordinates of a touch on the touch screen device, a toggling means for toggling between an encryption and non-encryption mode, and a processing means for encrypting data associated with the coordinates of the touch and transmitting the encrypted data to a remote processor, if the toggling means is in the encryption mode, or transmitting data associated with the coordinate of the touch in an unencrypted format to the remote processor, if the toggling means is in the non-encryption mode. Resident encryption keys are used to encrypt data when the processing means is in encrypted mode. Therefore, the sensing means, toggling means and processing means may be housed in a tamper resistant housing.
  • a switch means is provided that detects if the tamper resistant housing is intact.
  • FIG. 1 is a block diagram illustrating the components of a PLN Entry Device
  • FIG. 2 is a block diagram illustrating the components of a touch screen.
  • FIG. 3 is a block diagram illustrating the components of the present invention.
  • FIG. 4 is a schematic illustrating a secure touch controller with a touch screen that utilizes resistive technology.
  • FIG. 5 is a schematic illustration of the switch mechanism.
  • FIG. 6A is a schematic illustration of the switch mechanism when opened.
  • FIG. 6B is a schematic illustration of the switch mechanism when closed.
  • PIN entry devices typically consist of a keypad 105 of twelve keys (0-9, ENTER, CLEAR) in a three by four key grid, similar to a phone keypad.
  • the PED typically also has a small auxiliary display 110 (usually less than four lines by twenty characters), an auxiliary beep speaker 115, and a connection port 140 to a computer where the application program resides.
  • the PED has a microprocessor 120 that connects all of these together, taking input from the keypad 105, providing feedback on the display 110, and sending it to the computer 125 for processing.
  • the microprocessor 120 may also operate in an encrypted mode whereby it accumulates several keystrokes without sending these to the application program. Instead, it waits for the ENTER key to be pressed and then performs an encryption algorithm on the accumulated inputs.
  • the data sent to the application program is an encrypted PLN block that can only be deciphered by a remote payment authorization computer.
  • FIG. 2 is a block diagram illustrating the components of a touch screen.
  • Touch screens allow a user to interface with a machine by touching an electronic touch target on the glass itself.
  • Touch screens generally comprise of a glass with a series of emitters and sensors 205, and a touch controller 210.
  • the touch is electronically located through emitters that are connected to horizontal and vertical sensors located along a horizontal side and a vertical side of the glass.
  • the finger block emitters opposite the sensors record where the glass was touched as well as the type of interaction (new interaction, continued interaction, concluded interaction).
  • touch technology such as resistive, capacitive, acoustic, and the infra red example is only given for illustrative purposes and is not intended to limit the scope of this invention.
  • the touch controller 210 may determine the coordinates of where the screen was touched from the vertical and horizontal sensor that recorded the touch. The touch controller 210 then outputs the coordinates and the type of interaction to the computer 215.
  • the application program typically performs a calibration step that translates the output from the touch controller 210 (coordinates and type of interaction) into the screen display coordinate system. The application program then uses the screen display coordinate system with what is displayed on the screen at those coordinates to determine the user's input.
  • a touch screen and a PED are similar at the high level.
  • a sensor to detect the user's input
  • a processor to detect the user's input
  • an application program for example, a user presses ENTER
  • the keypad sensor detects that ENTER was pressed
  • the processor detects the end of cryptographic input
  • the computer receives the PLN block and displays "PLEASE WAIT" to the user.
  • a touch screen In a touch screen, the user removes their finger from the screen, the touch sensor changes the signal to indicate that no interaction is taking place, the touch controller detects end of interaction and uses the last coordinate before the interaction ended, the computer receives the last coordinate with touch type of "end of interaction" and calibrates the coordinates, cross-references to current contents of screen and determines that the user has ended his interaction. The computer then displays the next menu option based on the user's selection.
  • touch screen the user removes their finger from the screen
  • the touch sensor changes the signal to indicate that no interaction is taking place
  • the touch controller detects end of interaction and uses the last coordinate before the interaction ended
  • the computer receives the last coordinate with touch type of "end of interaction” and calibrates the coordinates, cross-references to current contents of screen and determines that the user has ended his interaction.
  • the computer displays the next menu option based on the user's selection.
  • FIG. 3 is a block diagram of the present invention that combines a PED and touch screen components.
  • a sensor To combine the technologies of a PED and a touch screen, a sensor must first be chosen. Since an advantage of the touch screen is the flexibility of its sensor, the touch sensor 305 is the desired sensor for a combined device. To meet the secu ⁇ ty requirements of a PED, the connection 318 between the sensor and the touch controller must be physically secure such that an attack to monitor the signal between the sensor and the touch controller is deterred.
  • the touch controller 405 may be securely mounted directly on the touch sensor 410 and 'potted' with a substance such as epoxy to form a solid physical block Since the sensor 410 and controller 405 are a single block, their interconnection is not exposed for tampenng Any attempt to tamper with the device would result in destruction of the sensor or the electronics
  • the sensor to controller connection is intrinsically tamper resistant because the signal is a reflection of the earner pioduced by the controller Any tampenng or tapping of the connections would sufficiently modify the signal or the earner such that the sensor would cease to operate.
  • the cable end may be bonded to prevent unauthonzed replacement of the touch glass, but not directly bonded to the glass Note that for non-resistive touch technologies, although the touch controller is not bound to the touch glass, the touch controller would still be encased in epoxy or potted to form a solid tamper proof block
  • the touch sensor 410 with the potted touch controller 405 makes touch screen 520.
  • Touch screen 520 may be mounted on a frame 510.
  • a switch 530 may be placed between the frame 510 and the touch screen 520.
  • the switch 530 may be designed to be an integral part of the potted touch controller 405 and touch sensor 410. The switch should be housed in a secure section so that it may not be removed.
  • the installation of the touch screen 520 into the mounting frame 510 activates the switch 530 and completes that portion of a circuit that provides an indication to the encryption electronics that the screen is in place and that infusion of encryption key(s) can take place or that the encryption key(s) may remain in memory.
  • the switch 530 opens and the resident encryption keys may be immediately flushed from memory.
  • Any attempt to remove the screen to actively or passively obtain the encryption key destroys the current encryption key and disables the touch screen 520 Further, once the key is destroyed, information regarding the tampenng is available remotely at the site and can be transferred via up-link to remote locations such as the home office, maintenance depots, or other places. Note that there may be one or more than one encryption keys.
  • the mechanical design of the mounting frame 510 should both visibly hide and physically shield the switch 530. The reason for this is to prevent someone from removing the touch screen 520 while keeping the switch 530 closed either manually or with the assistance of a tool.
  • the preferred embodiment may include a microprocessor that is able to perform the combinatorial and cryptographic functions. Since the touch screen sensor is used, the preferred embodiment must also include a touch controller.
  • the microprocessor and the touch controller are similar devices that can be combined into a single general purpose unit that performs the functions of both, saving cost and complexity in the system while raising the level of physical security.
  • the combined microprocessor and touch controller is called the 'Encrypting Touch Controller' or ECT 310. Because the ECT includes the touch controller, it may have to be physically secure to the touch sensor if the sensor is resistive or infrared, as discussed earlier.
  • the ECT 310 contains the microprocessor, it must be resistent to tampering.
  • resistence to tampering is achieved through the use of fit-for-purpose microprocessors that are standard in the industry such as an 8051 -based microcontroller using address encryption and self-descruting circuitry.
  • These standard devices may have metalic layers built into the microprocessor that cause destruction of the microprocessor when mechanically violated.
  • these devices include memory-zeroing circuitry that is enabled when physical access to the overall package is detected.
  • some of these devices include encrypted programming instructions and encrypted bus addresses as a further deterrent. If the touch sensor technology and electronics availability does not allow the sensor to be completely contained within the die of the microprocessor, potting of the assembly will serve to protect its contents from probing or violation
  • the ECT may also include an encryption engine and key storage 320
  • the encryption engine 320 may utilize any encryption algonthms, some of which include the Data Encryption Standard (DES) and the Derived Unique Key Per Transaction (DUKPT)
  • DES Data Encryption Standard
  • DKPT Derived Unique Key Per Transaction
  • PPN Personal Identification Number
  • fleet card number such as that used by a truck dnver m a fleet.
  • the ECT may be connected to a remote computer 325 that may contain a mam display 330 and a mam speaker 325
  • the computer 325 may be a remote processor that controls a pay terminal or an entry order terminal.
  • Pay terminals and entry order terminal may be a gasoline dispenser, a public access terminal, a food ordenng terminal or a ticket purchasing terminal.
  • the ECT 310 communicates with the application program residing on the computer. This allows the ECT 310 to perform interactions as needed by both PED and touch screen devices.
  • the ECT 310 therefore performs the following functions:
  • the preferred embodiment must operate both as a conventional touch screen device and as a PED device (T-PED). This dual role requires that the preferred embodiment of the T-PED operate modally under the control of the application program or computer. Sometimes the desired behavior of the T-PED is to operate as a secure PED device, while other times it is desirable that it act as a simple touch screen pointer device. This is achieved through a protocol that the T-PED uses to communicate with the application program. This protocol supports the transfer of information related to touch input and cryptographic entry.
  • the protocol command that instructs the type of functionality the touch screen will perform is the "Input Mode Select" command. This command bridges the gap between the two input device types that the T-PED replaces.
  • the "Input Mode Select” may be set to "select PLN mode” or "Select Clear Mode”.
  • the Input Mode Select command from the computer must contain enough information to allow the T-PED to begin processing touch inputs independently until the end of a PLN entry sequence is found. This means that the T-PED is provided with the following information:
  • Calibration parameters that translate the touch screen coordinate system to the display coordinate system of the image displayed on the screen.
  • these parameters may be downloaded in advance under a secure authentication protocol just after the calibration procedure is performed as an additional layer of security;
  • Desired mode of touch activation either activate target on select or on release
  • the application program Since the application program is in control of the screen, it must display an image of a PIN entry pad and immediately send the T-PED a command to enter PLN mode that corresponds to the displayed image.
  • the parameter information that must be included would be the location where each key is displayed.
  • the T-PED will begin processing touches in PED mode. As touches are determined by the touch controller, they are calibrated within the T-PED using the values specified in the "Input Mode Select" command.
  • the T-PED will send requests to the computer using protocol commands, described below, for the following: • Request to sound 'good' tone or 'bad' tone. This allows the T-PED to indicate an en-or to the user such as too many digits pressed, too few digits entered, c rent selection is not a digit, etc.
  • T-PED • Request to inform the user that the CLEAR key has been successfully pressed.
  • the T-PED will remain in PLN input mode until one of the following conditions is met:
  • the T-PED will send an abort message to the computer.
  • the TPED At the conclusion of PEN entry mode, the TPED will return to the computer a successful encrypted PLN block or an indication of an unsucessful PLN entry. Once the application acknowledges the conclusion of PLN mode, the T-PED will return to default touch screen mode, returning coordinates (relative or absolute) of each user interaction.
  • the following is an example of an application program utilizing a touch screen as a conventional touch screen and as a PED.
  • Computer displays on the touch screen a menu of choices, such as 'Exit', 'Buy Flowers', or 'More Choices'. 3. Computer waits for user input
  • the computer plays a tone to the user.
  • the computer determines the coordinate pressed is the 'Buy Flowers' key (based on application programming).
  • the 'Buy Flowers' button is highlighted on the screen for feedback.
  • Inputs B and C have no effect on the screen, though the application program monitors them to insure that the user is not performing a 'drag' operation in which the touch is changing coordinates or that the 'Buy Flowers' button is released.
  • the computer then informs the T-PED to enter encrypted PLN mode.
  • the computer displays an industry standard PLN pad including colors and keys as required.
  • the T-PED enters encrypted mode and the following coordinates are received:
  • the T-PED determines that the user is selecting a valid key (because the calibrated coordinates are inside a rectangle described in the 'Input Mode Select' command). Based on this, the T-PED sends the computer a request to sound a 'good tone'. 13. After input C, the T-PED determines that the user has released a touch on a valid digit. Based on this, it sends the value of the digit to the encryption system within the T-PED secure enclosure. It also sends the computer a request to provide feedback of a good digit, but it does not send the actual digit value outside of the secure T-PED enclosure.
  • the T-PED completes the encryption of all the inputs from the user and forwards the encrypted data back to the application program. 16. The application program is then free to forward this information as needed to secure a financial transaction. 17. The application program displays the next menu for the user (encrypted or otherwise), asks the T-PED to operate in the appropriate mode, and so on. In addition to the operation of the T-PED as an input device, it must also support the protocols for encryption initialization that are required for PED operation. This can be achieved through programming on the T-PED. Encryption initialization requires the T-PED to be provided a master key to derive session keys or a sequence of derived unique keys and a unit serial number.
  • T-PED input port is programmed to understand key data commands. Once programmed, the key transfer process can be perfromed thus initializing the device with the needed encryption keys.
  • the T-PED system described in FIG. 3 is programmable to perform many different applications. This is an advantage, but may also be a disadvantage and liability. Due to the ECT's 310 ability to operate in encrypted and unencrypted modes, it would be possible for a fraudulent party to introduce a software program on the computer that would ask a user to input a secret PLN number without engaging the encrypting mode of the T-PED.
  • the system would be protected by removing all access to the computer except for a cryptographically secure upgrade communication channel.
  • This channel would allow new applications and content to be loaded on to the computer, but these could only be loaded from a known authenticated source that would by definition be protected through policy.
  • a large set of systems could be centrally controlled by a bank or other institution through the use of the industry standard Secure Sockets Layer (SSL) communication that would guarantee that any updates to the computer would be certified and secure to use the T-PED in its proper modes of operation.
  • SSL Secure Sockets Layer

Abstract

The present invention is directed to a touch screen system and method for entry of encrypted and non-encrypted information. The system and method comprise a sensing means (305) for detecting the coordinates of a touch screen device, a toggling means (310, 315) for toggling between encrypted and non-encrypted mode, a processing means (310) for encrypting data associated with the coordinates of the touch and transmitting the encrypted or non-encrypted data to a remote processor (325), a tamper resistant housing and a switch means for detecting if the tamper resistant housing is intact.

Description

SYSTEM FOR SECURING ENTRY OF ENCRYPTED AND NON-ENCRYPTED INFORMATION ON A TOUCH SCREEN
CROSS-REFERENCE TO RELATED APPLICATION This application is a continuation-in-part of now pending United States
Patent Application Serial No. 09/220,215 filed December 23, 1998, the contents of which are hereby incorporated by this reference.
BACKGROUND OF THE INVENTION 1. Field of the Invention
The present invention relates to a method and system for securing and using a touch screen as a conventional touch screen and also as a cryptographic Personal Identification Number (PLN) Entry Device (PED).
2. Description of the Prior Art
There are two defacto industry standards for user input in public access devices. The use of each standard depends on the application as each has a specific purpose. The two technologies are touch screen and a keyboard for entry of a personal identification number (PLN pad). Examples of touch screens include information kiosks, custom greeting card do-it-yourself terminals, fast food self-order terminals, etc. PLN pads may be used anywhere a debit card may be used such as grocery store checkout lane terminals, Automatic Teller Machines (ATM), and gasoline dispensers. Usually PLN pads are configured like a telephone key pad and the user enters an access code that is packaged and sent to a remote processor for validation. Choosing one type of public device over the other means sacrificing functionality to the user. If a touch screen is selected, a debit card or any other payment method requiring an encrypted digital signature such as passive debit cards cannot be accepted for payment at the terminal. The reason for this is security. Any machine that requires an encrypted digital signature such as a user's personal identification code must include security measures to prevent unauthorized access to the code. On the other hand, if a PLN pad is chosen, the user must translate a request for input from a screen to input on a numeric keypad. This type of interface is non- intuitive to the user as it diverges from the familiar point-and-click interaction model of modern applications.
To overcome the shortcomings of each, many systems include both a touch screen and a keypad. This combination of an interface is also non-intuitive to the user as some input is entered on the touch screen and other input is entered on the keypad.
SUMMARY OF THE INVENTION
The present invention is directed to a system and method that coalesces a touch screen and a PLN pad into a single secure device that meets the requirements of both. The system and method includes advantages of each system with a small cost increase and requires low maintenance. The system and method selectively generates encrypted and non -encrypted data within a touch screen device and transmits the data to a remote processor. The system and method comprises a sensing means for detecting the coordinates of a touch on the touch screen device, a toggling means for toggling between an encryption and non-encryption mode, and a processing means for encrypting data associated with the coordinates of the touch and transmitting the encrypted data to a remote processor, if the toggling means is in the encryption mode, or transmitting data associated with the coordinate of the touch in an unencrypted format to the remote processor, if the toggling means is in the non-encryption mode. Resident encryption keys are used to encrypt data when the processing means is in encrypted mode. Therefore, the sensing means, toggling means and processing means may be housed in a tamper resistant housing. In addition there is a need to physically insure that the removal of a touch screen from its frame will destroy the local encryption key. A switch means is provided that detects if the tamper resistant housing is intact. BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS
FIG. 1 is a block diagram illustrating the components of a PLN Entry Device
(PED). FIG. 2 is a block diagram illustrating the components of a touch screen. FIG. 3 is a block diagram illustrating the components of the present invention.
FIG. 4 is a schematic illustrating a secure touch controller with a touch screen that utilizes resistive technology. FIG. 5 is a schematic illustration of the switch mechanism. FIG. 6A is a schematic illustration of the switch mechanism when opened. FIG. 6B is a schematic illustration of the switch mechanism when closed.
DETAILED DESCRIPTION OF THE INVENTION
To understand the invention, each system, a touch screen and a PLN entry device must first be explained. As shown in FIG. 1, PIN entry devices (PED) typically consist of a keypad 105 of twelve keys (0-9, ENTER, CLEAR) in a three by four key grid, similar to a phone keypad. The PED typically also has a small auxiliary display 110 (usually less than four lines by twenty characters), an auxiliary beep speaker 115, and a connection port 140 to a computer where the application program resides. The PED has a microprocessor 120 that connects all of these together, taking input from the keypad 105, providing feedback on the display 110, and sending it to the computer 125 for processing. The microprocessor 120 may also operate in an encrypted mode whereby it accumulates several keystrokes without sending these to the application program. Instead, it waits for the ENTER key to be pressed and then performs an encryption algorithm on the accumulated inputs. The data sent to the application program is an encrypted PLN block that can only be deciphered by a remote payment authorization computer.
There are many industry, government, and international regulations that govern the design of PEDs. These regulations govern how the keys are arranged, the color of the keys, how the keys must be displayed, how the components are physically housed, etc. These regulations are aimed at preventing an unauthorized user from accessing information that would allow theft or fraud. In general, a PED must be designed and manufactured to have a standard level of physical security, it must meet cryptographic requirements, and it must be handled under strict policies at all times. FIG. 2 is a block diagram illustrating the components of a touch screen.
Touch screens allow a user to interface with a machine by touching an electronic touch target on the glass itself. Touch screens generally comprise of a glass with a series of emitters and sensors 205, and a touch controller 210. For example, in the touch technology typically called "infra red" due to the nature of the light emitted by the sensors, the touch is electronically located through emitters that are connected to horizontal and vertical sensors located along a horizontal side and a vertical side of the glass. When the user's finger touches the glass, the finger block emitters opposite the sensors record where the glass was touched as well as the type of interaction (new interaction, continued interaction, concluded interaction). There are other types of touch technology such as resistive, capacitive, acoustic, and the infra red example is only given for illustrative purposes and is not intended to limit the scope of this invention.
The touch controller 210 may determine the coordinates of where the screen was touched from the vertical and horizontal sensor that recorded the touch. The touch controller 210 then outputs the coordinates and the type of interaction to the computer 215. The application program typically performs a calibration step that translates the output from the touch controller 210 (coordinates and type of interaction) into the screen display coordinate system. The application program then uses the screen display coordinate system with what is displayed on the screen at those coordinates to determine the user's input.
In general, a touch screen and a PED are similar at the high level. There is a user, a sensor to detect the user's input, a processor, an application program, and a subsequent action. For example, using a PED, a user presses ENTER, the keypad sensor detects that ENTER was pressed, the processor detects the end of cryptographic input, performs encryption and sends the PIN block to the computer, the computer receives the PLN block and displays "PLEASE WAIT" to the user. In a touch screen, the user removes their finger from the screen, the touch sensor changes the signal to indicate that no interaction is taking place, the touch controller detects end of interaction and uses the last coordinate before the interaction ended, the computer receives the last coordinate with touch type of "end of interaction" and calibrates the coordinates, cross-references to current contents of screen and determines that the user has ended his interaction. The computer then displays the next menu option based on the user's selection. There are also dissimilarities between a PED and a touch screen. Whereas a
PED is typically connected to a display device as well as to a sensor, the touch screen controller has no display connection. Whereas the PED returns the user's input to the computer (such as a specific key), the touch controller returns a set of numbers that must then be calibrated, cross-referenced to screen contents and processed by the computer in the context of what is currently displayed on the screen. Whereas the PED operates under many standards and controls at every level, there are no touch screen standards or controls at any level. Finally, whereas the PED can accumulate several user events, combine them, and encrypt them, the touch controller returns input in the most basic granular form possible for the computer to process. FIG. 3 is a block diagram of the present invention that combines a PED and touch screen components. To combine the technologies of a PED and a touch screen, a sensor must first be chosen. Since an advantage of the touch screen is the flexibility of its sensor, the touch sensor 305 is the desired sensor for a combined device. To meet the secuπty requirements of a PED, the connection 318 between the sensor and the touch controller must be physically secure such that an attack to monitor the signal between the sensor and the touch controller is deterred.
As shown m FIG. 4, in the preferred embodiment, for resistive and infrared sensors that have easily decoded sensor connections, the touch controller 405 may be securely mounted directly on the touch sensor 410 and 'potted' with a substance such as epoxy to form a solid physical block Since the sensor 410 and controller 405 are a single block, their interconnection is not exposed for tampenng Any attempt to tamper with the device would result in destruction of the sensor or the electronics For other technologies such as acoustic wave, capacitive, or any other wave analog form technology, the sensor to controller connection is intrinsically tamper resistant because the signal is a reflection of the earner pioduced by the controller Any tampenng or tapping of the connections would sufficiently modify the signal or the earner such that the sensor would cease to operate. This is an acceptable mode of protection in the industry. For non-resistive touch technologies, the cable end may be bonded to prevent unauthonzed replacement of the touch glass, but not directly bonded to the glass Note that for non-resistive touch technologies, although the touch controller is not bound to the touch glass, the touch controller would still be encased in epoxy or potted to form a solid tamper proof block
As shown in FIG. 5 and FIGS. 6A and 6B, the touch sensor 410 with the potted touch controller 405 makes touch screen 520. Touch screen 520 may be mounted on a frame 510. To detect the removal of the touch screen 520 from its mounting frame 510 a switch 530 may be placed between the frame 510 and the touch screen 520 In the preferred embodiment, the switch 530 may be designed to be an integral part of the potted touch controller 405 and touch sensor 410. The switch should be housed in a secure section so that it may not be removed. As shown in FIG 6B, the installation of the touch screen 520 into the mounting frame 510 activates the switch 530 and completes that portion of a circuit that provides an indication to the encryption electronics that the screen is in place and that infusion of encryption key(s) can take place or that the encryption key(s) may remain in memory. As shown in FIG 6A, if the touch screen 520 is removed from the frame 510, the switch 530 opens and the resident encryption keys may be immediately flushed from memory. Any attempt to remove the screen to actively or passively obtain the encryption key destroys the current encryption key and disables the touch screen 520 Further, once the key is destroyed, information regarding the tampenng is available remotely at the site and can be transferred via up-link to remote locations such as the home office, maintenance depots, or other places. Note that there may be one or more than one encryption keys.
In the preferred embodiment, the mechanical design of the mounting frame 510 should both visibly hide and physically shield the switch 530. The reason for this is to prevent someone from removing the touch screen 520 while keeping the switch 530 closed either manually or with the assistance of a tool.
To meet the operational requirements of a PED, the preferred embodiment may include a microprocessor that is able to perform the combinatorial and cryptographic functions. Since the touch screen sensor is used, the preferred embodiment must also include a touch controller. The microprocessor and the touch controller are similar devices that can be combined into a single general purpose unit that performs the functions of both, saving cost and complexity in the system while raising the level of physical security. In the preferred embodiment, the combined microprocessor and touch controller is called the 'Encrypting Touch Controller' or ECT 310. Because the ECT includes the touch controller, it may have to be physically secure to the touch sensor if the sensor is resistive or infrared, as discussed earlier. Also, because the ECT 310 contains the microprocessor, it must be resistent to tampering. In the preferred embodiment, resistence to tampering is achieved through the use of fit-for-purpose microprocessors that are standard in the industry such as an 8051 -based microcontroller using address encryption and self-descruting circuitry. These standard devices may have metalic layers built into the microprocessor that cause destruction of the microprocessor when mechanically violated. Furthermore, these devices include memory-zeroing circuitry that is enabled when physical access to the overall package is detected. In addition, some of these devices include encrypted programming instructions and encrypted bus addresses as a further deterrent. If the touch sensor technology and electronics availability does not allow the sensor to be completely contained within the die of the microprocessor, potting of the assembly will serve to protect its contents from probing or violation
In the preferred embodiment the ECT may also include an encryption engine and key storage 320 The encryption engine 320 may utilize any encryption algonthms, some of which include the Data Encryption Standard (DES) and the Derived Unique Key Per Transaction (DUKPT) The encrypted data that is stored may be a Personal Identification Number (PLN) or a fleet card number such as that used by a truck dnver m a fleet.
In the preferred embodiment, the ECT may be connected to a remote computer 325 that may contain a mam display 330 and a mam speaker 325 The computer 325 may be a remote processor that controls a pay terminal or an entry order terminal. Pay terminals and entry order terminal may be a gasoline dispenser, a public access terminal, a food ordenng terminal or a ticket purchasing terminal.
As in both the touch screen and PED implementations, the ECT 310 communicates with the application program residing on the computer. This allows the ECT 310 to perform interactions as needed by both PED and touch screen devices. The ECT 310 therefore performs the following functions:
• Decoding touch sensor signal 318 into coordiantes;
• Securely stonng cryptographic keys;
• Securely performing encryption; and • Interacting with computer 325.
The preferred embodiment must operate both as a conventional touch screen device and as a PED device (T-PED). This dual role requires that the preferred embodiment of the T-PED operate modally under the control of the application program or computer. Sometimes the desired behavior of the T-PED is to operate as a secure PED device, while other times it is desirable that it act as a simple touch screen pointer device. This is achieved through a protocol that the T-PED uses to communicate with the application program. This protocol supports the transfer of information related to touch input and cryptographic entry.
The protocol command that instructs the type of functionality the touch screen will perform is the "Input Mode Select" command. This command bridges the gap between the two input device types that the T-PED replaces. The "Input Mode Select" may be set to "select PLN mode" or "Select Clear Mode".
If the desired mode of operation is PIN entry, the Input Mode Select command from the computer must contain enough information to allow the T-PED to begin processing touch inputs independently until the end of a PLN entry sequence is found. This means that the T-PED is provided with the following information:
• Calibration parameters that translate the touch screen coordinate system to the display coordinate system of the image displayed on the screen. Optionally, these parameters may be downloaded in advance under a secure authentication protocol just after the calibration procedure is performed as an additional layer of security;
• Location and size of the keys 0-9 ENTER and CLEAR;
• Desired maximum and minimum number of PLN input digits; • Desired maximum elapsed time before input is aborted;
• Desired maximum number of CLEAR presses before input is aborted;
• Desired mode of touch activation, either activate target on select or on release;
• Desired cryptographic algorithm;
• Any additional data that corresponds to the required cryptographic algorithm (session keys, sequence numbers, etc.)
Since the application program is in control of the screen, it must display an image of a PIN entry pad and immediately send the T-PED a command to enter PLN mode that corresponds to the displayed image. The parameter information that must be included would be the location where each key is displayed. Once the T-PED receives this command, the T-PED will begin processing touches in PED mode. As touches are determined by the touch controller, they are calibrated within the T-PED using the values specified in the "Input Mode Select" command. During PED mode, the T-PED will send requests to the computer using protocol commands, described below, for the following: • Request to sound 'good' tone or 'bad' tone. This allows the T-PED to indicate an en-or to the user such as too many digits pressed, too few digits entered, c rent selection is not a digit, etc.
• Request to inform user of successful entry of a digit. This allows the T-PED to provide feedback to the user without revealing any secure data. The reason for this feedback is to provide the user with some confidence that the system is accepting their input, otherwise, the user may think that the system has malfunctioned.
• Request to inform the user that the CLEAR key has been successfully pressed. The T-PED will remain in PLN input mode until one of the following conditions is met:
• A successful sequence of digits has been entered, followed by the ENTER key being pressed; or
• Timeout without successful entry of an allowable number of digits followed by ENTER; or
• Too many retries pressing the CLEAR key.
If a timeout or too many retries pressing the CLEAR key is detected by the T- PED, the T-PED will send an abort message to the computer.
At the conclusion of PEN entry mode, the TPED will return to the computer a successful encrypted PLN block or an indication of an unsucessful PLN entry. Once the application acknowledges the conclusion of PLN mode, the T-PED will return to default touch screen mode, returning coordinates (relative or absolute) of each user interaction.
The following is an example of an application program utilizing a touch screen as a conventional touch screen and as a PED.
1. Computer sends T-PED the "Input Mode Select" command set to "Select Clear Mode".
2. Computer displays on the touch screen a menu of choices, such as 'Exit', 'Buy Flowers', or 'More Choices'. 3. Computer waits for user input
4. When the T-PED receives a touch, the following is returned to the computer:
A. Touch down at 45,305 B. Touch continued at 45,305
C. Touch continued at 45,305
D. Touch release at 45,305
5. After input A, the computer plays a tone to the user.
6. The computer determines the coordinate pressed is the 'Buy Flowers' key (based on application programming). The 'Buy Flowers' button is highlighted on the screen for feedback.
7. Inputs B and C have no effect on the screen, though the application program monitors them to insure that the user is not performing a 'drag' operation in which the touch is changing coordinates or that the 'Buy Flowers' button is released.
8. Once input D is received, the computer determines that the user wants to buy flowers. This requires input of an encrypted PLN.
9. The computer then informs the T-PED to enter encrypted PLN mode.
10. The computer displays an industry standard PLN pad including colors and keys as required.
11. The T-PED enters encrypted mode and the following coordinates are received:
A. Touch down at 100,67
B. Continued touch at 100,67 C. Touch release at 100,67
12. After input A, the T-PED determines that the user is selecting a valid key (because the calibrated coordinates are inside a rectangle described in the 'Input Mode Select' command). Based on this, the T-PED sends the computer a request to sound a 'good tone'. 13. After input C, the T-PED determines that the user has released a touch on a valid digit. Based on this, it sends the value of the digit to the encryption system within the T-PED secure enclosure. It also sends the computer a request to provide feedback of a good digit, but it does not send the actual digit value outside of the secure T-PED enclosure.
14. This process repeats for each digit, with the T-PED processing touches until the ENTER key is pressed at a valid time.
15. The T-PED completes the encryption of all the inputs from the user and forwards the encrypted data back to the application program. 16. The application program is then free to forward this information as needed to secure a financial transaction. 17. The application program displays the next menu for the user (encrypted or otherwise), asks the T-PED to operate in the appropriate mode, and so on. In addition to the operation of the T-PED as an input device, it must also support the protocols for encryption initialization that are required for PED operation. This can be achieved through programming on the T-PED. Encryption initialization requires the T-PED to be provided a master key to derive session keys or a sequence of derived unique keys and a unit serial number. There are ANSI and ISO standards that define command and framing for key data transfer to a device. In the preferred embodiment, the T-PED input port is programmed to understand key data commands. Once programmed, the key transfer process can be perfromed thus initializing the device with the needed encryption keys.
The T-PED system described in FIG. 3 is programmable to perform many different applications. This is an advantage, but may also be a disadvantage and liability. Due to the ECT's 310 ability to operate in encrypted and unencrypted modes, it would be possible for a fraudulent party to introduce a software program on the computer that would ask a user to input a secret PLN number without engaging the encrypting mode of the T-PED. This would render the system in a mode where touch coordinates for each digit would be sent from the T-PED to the computei (because the T-PED was not put in to encryption mode) thus making the users' secret code subject to fraudulent disclosure This approach is known in the art as a 'Trojan Horse' attack on the secunty provided by the inherently safe T-PED design. To secure the system from a Trojan Horse attack, the industry accepts two methods of overcoming the attack cryptography and policy Where policy is used, an implementor of the system would be responsible for securing access to the computer and thus insure that no fraudulent content is introduced. The policy would be that the system should be carefully guarded and penodically reviewed for integnty. Where cryptography is used, the system would be protected by removing all access to the computer except for a cryptographically secure upgrade communication channel. This channel would allow new applications and content to be loaded on to the computer, but these could only be loaded from a known authenticated source that would by definition be protected through policy. A large set of systems, for example, could be centrally controlled by a bank or other institution through the use of the industry standard Secure Sockets Layer (SSL) communication that would guarantee that any updates to the computer would be certified and secure to use the T-PED in its proper modes of operation.
The above-descnbed embodiments are given as illustrative examples only. It will be readily appreciated that many deviations may be made from the specific embodiments disclosed in this specification without departing from the scope of the invention. Accordingly, the scope of the invention is to be determined by the claims below rather than being limited to the specifically descnbed embodiments above.

Claims

1. A system for selectively generating encrypted or non-encrypted data within a touch screen device and transmitting the data to a remote processor, comprising:
(A) sensing means for detecting the coordinates of a touch on the touch screen device;
(B) toggling means for toggling between an encryption and non-encryption mode;
(C) processing means for:
(i) encrypting data associated with the coordinates of the touch using an encryption key and transmitting the encrypted data to the remote processor, if the toggling means is in the encryption mode; and
(ii) transmitting data associated with the coordinate of the touch in an unencrypted format to the remote processor, if the toggling means is in the non-encryption mode;
(D) tamper resistant housing for containing the sensing means, toggling means and processing means; and
(E) switch means for detecting if the tamper resistant housing is intact.
2. The system of claim 1, wherein the tamper resistant housing includes the sensing means, the toggling means, the processing means and the switch means mounted on each other.
3. The system of claim 1, wherein if the switch means detects that the resistant housing is not intact the encryption key is deleted.
4. A system for selectively generating encrypted or non-encrypted data within a touch screen device and transmitting the data to a remote processor, comprising:
(A) sensor for detecting the coordinates of a touch on the touch screen device;
(B) toggle switch for toggling between an encryption and non-encryption mode;
(C) processing means for:
(i) encrypting data associated with the coordinates of the touch using an encryption key and transmitting the encrypted data to the remote processor, if the toggling means is in the encryption mode; and
(ii) transmitting data associated with the coordinate of the touch in an unencrypted format to the remote processor, if the toggling means is in the non-encryption mode;
(D) tamper resistant housing for containing the sensing means, toggling means and processing means; and
(E) switch for detecting if the tamper resistant housing is intact.
5. The system of claim 4, wherein the tamper resistant housing includes the sensor, the toggle switch, the processing means and the switch mounted on each other.
6. The system of claim 4, wherein if the switch detects that the resistant housing is not intact the encryption key is deleted.
7. A method for selectively generating encrypted and non-encrypted data within a touch screen device and transmitting the data to a remote processor, comprising the steps of:
(A) detecting the coordinates of a touch on the touch screen device; (B) toggling between an encryption and non-encryption mode,
(C) encrypting data associated with the coordinates of the touch using an encryption key and transmitting the encrypted data to the remote processor, if the toggling means is in the encryption mode,
(D) transmitting data associated with the coordinate of the touch in an unencrypted format to the remote processor, if the toggling means is in the non-encryption mode, and
(E) detecting tampenng with the touch screen device, if tampenng is detected deleting the encryption key
The system of claim 7 wherein step (E) includes transmitting information regarding the tampenng to the remote processor
PCT/US2000/007215 1999-03-24 2000-03-17 System for securing entry of encrypted and non-encrypted information on a touch screen WO2000057262A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU38982/00A AU3898200A (en) 1999-03-24 2000-03-17 System for securing entry of encrypted and non-encrypted information on a touch screen

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US27546899A 1999-03-24 1999-03-24
US09/275,468 1999-03-24

Publications (1)

Publication Number Publication Date
WO2000057262A1 true WO2000057262A1 (en) 2000-09-28

Family

ID=23052420

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/007215 WO2000057262A1 (en) 1999-03-24 2000-03-17 System for securing entry of encrypted and non-encrypted information on a touch screen

Country Status (2)

Country Link
AU (1) AU3898200A (en)
WO (1) WO2000057262A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002042891A2 (en) * 2000-11-21 2002-05-30 @Pos.Com, Inc. A touch pad that confirms its security
WO2002054216A2 (en) * 2001-01-05 2002-07-11 Inqucor Limited Data entry device
FR2857113A1 (en) * 2003-07-01 2005-01-07 Tokheim Services France Secured keyboard enclosing case for electronic payment system, has tactile capacitive matrix that is linked to printed circuit board, and is held between front glass protection plate and rear glass support plate
NL1030421C2 (en) * 2005-11-14 2007-05-15 Tokheim Netherlands B V Device for verifying an identification code.
CN101813992A (en) * 2010-05-07 2010-08-25 深圳视融达科技有限公司 Touch screen and password-inputting method thereof
WO2011085985A1 (en) * 2010-01-13 2011-07-21 Tyco Electronics Services Gmbh Noise reduction in electronic device with touch sensitive surface
WO2012166613A1 (en) * 2011-05-27 2012-12-06 Qualcomm Incorporated Secure input via a touchscreen
CN103729605A (en) * 2014-01-13 2014-04-16 深圳市中航软件技术有限公司 Password input method based on touch screen, and touch terminal
CN103853991A (en) * 2012-11-29 2014-06-11 王基旆 Method and device for preventing computer device screen keyboard from being laterally recorded
EP2775421A1 (en) * 2013-03-05 2014-09-10 Wincor Nixdorf International GmbH Trusted terminal platform
CN104063649A (en) * 2013-03-19 2014-09-24 Nxp股份有限公司 Security Token, Data Processing System And Method Of Processing Data
WO2014204499A1 (en) * 2013-06-17 2014-12-24 Microsoft Corporation Interaction device corrective parameters
CN105760741A (en) * 2016-02-19 2016-07-13 北京智能果技术有限公司 Code input method, security chip and system
FR3056370A1 (en) * 2016-09-22 2018-03-23 Ingenico Group SUPPORT PART OF A COMPONENT OF A SECURE ELECTRONIC DEVICE
CN107993062A (en) * 2017-11-27 2018-05-04 百富计算机技术(深圳)有限公司 POS terminal method of commerce, device, computer equipment and readable storage medium storing program for executing
CN108205617A (en) * 2016-12-19 2018-06-26 北京小米移动软件有限公司 Defend the method and device of password theft
CN109032063A (en) * 2018-09-06 2018-12-18 君泰创新(北京)科技有限公司 Photovoltaic production equipment and its maintenance and detection method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4634807A (en) * 1984-08-23 1987-01-06 National Research Development Corp. Software protection device
US5970146A (en) * 1996-05-14 1999-10-19 Dresser Industries, Inc. Data encrypted touchscreen

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4634807A (en) * 1984-08-23 1987-01-06 National Research Development Corp. Software protection device
US5970146A (en) * 1996-05-14 1999-10-19 Dresser Industries, Inc. Data encrypted touchscreen

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002042891A2 (en) * 2000-11-21 2002-05-30 @Pos.Com, Inc. A touch pad that confirms its security
WO2002042891A3 (en) * 2000-11-21 2003-11-13 Pos Com Inc A touch pad that confirms its security
WO2002054216A2 (en) * 2001-01-05 2002-07-11 Inqucor Limited Data entry device
WO2002054216A3 (en) * 2001-01-05 2003-09-18 Inqucor Ltd Data entry device
FR2857113A1 (en) * 2003-07-01 2005-01-07 Tokheim Services France Secured keyboard enclosing case for electronic payment system, has tactile capacitive matrix that is linked to printed circuit board, and is held between front glass protection plate and rear glass support plate
WO2005013219A1 (en) * 2003-07-01 2005-02-10 Tokheim Holding Bv Secure housing containing a keyboard for inserting confidential data
NL1030421C2 (en) * 2005-11-14 2007-05-15 Tokheim Netherlands B V Device for verifying an identification code.
EP1801723A2 (en) * 2005-11-14 2007-06-27 Tokheim Netherlands B.V. Device for verifying an identification code
EP1801723A3 (en) * 2005-11-14 2007-10-10 Tokheim Netherlands B.V. Device for verifying an identification code
WO2011085985A1 (en) * 2010-01-13 2011-07-21 Tyco Electronics Services Gmbh Noise reduction in electronic device with touch sensitive surface
US9046959B2 (en) 2010-01-13 2015-06-02 Elo Touch Solutions, Inc. Noise reduction in electronic device with touch sensitive surface
CN101813992A (en) * 2010-05-07 2010-08-25 深圳视融达科技有限公司 Touch screen and password-inputting method thereof
WO2012166613A1 (en) * 2011-05-27 2012-12-06 Qualcomm Incorporated Secure input via a touchscreen
US9183373B2 (en) 2011-05-27 2015-11-10 Qualcomm Incorporated Secure input via a touchscreen
CN103853991A (en) * 2012-11-29 2014-06-11 王基旆 Method and device for preventing computer device screen keyboard from being laterally recorded
EP2775421A1 (en) * 2013-03-05 2014-09-10 Wincor Nixdorf International GmbH Trusted terminal platform
CN104063649A (en) * 2013-03-19 2014-09-24 Nxp股份有限公司 Security Token, Data Processing System And Method Of Processing Data
CN104063649B (en) * 2013-03-19 2017-08-01 Nxp股份有限公司 The method of security token, data handling system and processing data
WO2014204499A1 (en) * 2013-06-17 2014-12-24 Microsoft Corporation Interaction device corrective parameters
US9644957B2 (en) 2013-06-17 2017-05-09 Microsoft Technology Licensing, Llc Interaction device corrective parameters
CN103729605A (en) * 2014-01-13 2014-04-16 深圳市中航软件技术有限公司 Password input method based on touch screen, and touch terminal
CN105760741A (en) * 2016-02-19 2016-07-13 北京智能果技术有限公司 Code input method, security chip and system
FR3056370A1 (en) * 2016-09-22 2018-03-23 Ingenico Group SUPPORT PART OF A COMPONENT OF A SECURE ELECTRONIC DEVICE
WO2018055076A1 (en) * 2016-09-22 2018-03-29 Ingenico Group Support part for a component of a secure electronic device
US11099415B2 (en) 2016-09-22 2021-08-24 Ingenico Group Support part for a component of a secured electronic device
CN108205617A (en) * 2016-12-19 2018-06-26 北京小米移动软件有限公司 Defend the method and device of password theft
CN107993062A (en) * 2017-11-27 2018-05-04 百富计算机技术(深圳)有限公司 POS terminal method of commerce, device, computer equipment and readable storage medium storing program for executing
CN109032063A (en) * 2018-09-06 2018-12-18 君泰创新(北京)科技有限公司 Photovoltaic production equipment and its maintenance and detection method

Also Published As

Publication number Publication date
AU3898200A (en) 2000-10-09

Similar Documents

Publication Publication Date Title
US6317835B1 (en) Method and system for entry of encrypted and non-encrypted information on a touch screen
WO2000057262A1 (en) System for securing entry of encrypted and non-encrypted information on a touch screen
US6715078B1 (en) Methods and apparatus for secure personal identification number and data encryption
KR100377464B1 (en) An improved method and system for encrypting input from a touch screen
US6087955A (en) Apparatus and method for providing an authentication system
EP2706699B1 (en) User terminal and payment system
US6630928B1 (en) Method and apparatus for touch screen data entry
US7882361B2 (en) Method and system for accepting a pass code
CN104094276B (en) fuel dispenser user interface system architecture
US9990797B2 (en) User terminal system and method
US20040182921A1 (en) Card reader module with account encryption
US20040024710A1 (en) Secure input pad partition
US20080258940A1 (en) Apparatus and method for preventing password theft
CA2105404A1 (en) Biometric token for authorizing access to a host system
US20090199006A1 (en) Method and Device for Secure Mobile Electronic Signature
EP1139200A2 (en) Access code generating system including smart card and smart card reader
WO2006034713A1 (en) Secure display for atm
JPH11195102A (en) Ic card with sensor
FI117216B (en) Protected keyboard device
JP2003032237A (en) Cipher key injection system, cipher key injecting method, password number input unit, dealing terminal and host apparatus
NO180507B (en) Device for handling transactions with high security
EP2183716A1 (en) System and method for encrypting interactive voice response application information
RU2260840C2 (en) Protection means
JP2002055772A (en) Inputting device and information processor
WO1998048390A1 (en) Device for transmitting and receiving information connectable to an electronic computer

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase