Software PIN entry

US 10,083,442 B1
Filed: 04/24/2015
Issued: 09/25/2018
Est. Priority Date: 06/12/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of passcode-based authorization of a transaction on a mobile device, the method comprising:

generating, by a remote computer server, a digital rights management (DRM) encoded media file that specifies a visual depiction of a passcode entry interface having input buttons, wherein said generating includes randomly assigning locations of the input buttons within the passcode entry interface and encoding the media file with DRM encryption to generate the DRM encoded media file for preventing the mobile device from taking a screenshot of the passcode entry interface when displayed on a touchscreen of the mobile device, wherein the DRM encoded media file is an image or video file;

storing, in the remote computer server, associations between the assigned locations and inputtable values represented by the input buttons;

causing the mobile device to use a DRM controller to decrypt the DRM encoded media file to present the passcode entry interface on the touchscreen to prompt a user to input a password thereon, without sending data indicating the associations between the assigned locations and the inputtable values represented by the input buttons, the DRM controller preventing the mobile device from taking a screenshot during presentation of the passcode entry interface based on the DRM encoding of the DRM encoded media file;

receiving, by the remote server, data associated with a coordinate corresponding to a touch event that occurs on the touchscreen of the mobile device while the passcode entry interface is presented on the touch screen;

determining, by the remote computer server, the passcode entered by the user by comparing coordinates, including the coordinate, received from the mobile device relative to the assigned locations of the input buttons and identifying the inputtable values represented by the input buttons from the stored associations; and

sending the determined passcode to the mobile device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Several embodiments include a mobile device that uses a media file to render a passcode entry interface. The passcode entry interface can have an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface. The media file can include a visual depiction having the input element at the assigned location. In several embodiments, the media file does not store the association between the assigned location and the inputtable value. The assigned location corresponding to the inputtable value can be separately stored. The mobile device can receive a coordinate of a touch event on the passcode entry interface. To determine a passcode entry based on the touch event, the coordinate can be compared against the separately stored assigned location to determine a corresponding input value to the coordinate.

Citations

20 Claims

1. A method of passcode-based authorization of a transaction on a mobile device, the method comprising:
- generating, by a remote computer server, a digital rights management (DRM) encoded media file that specifies a visual depiction of a passcode entry interface having input buttons, wherein said generating includes randomly assigning locations of the input buttons within the passcode entry interface and encoding the media file with DRM encryption to generate the DRM encoded media file for preventing the mobile device from taking a screenshot of the passcode entry interface when displayed on a touchscreen of the mobile device, wherein the DRM encoded media file is an image or video file;
  
  storing, in the remote computer server, associations between the assigned locations and inputtable values represented by the input buttons;
  
  causing the mobile device to use a DRM controller to decrypt the DRM encoded media file to present the passcode entry interface on the touchscreen to prompt a user to input a password thereon, without sending data indicating the associations between the assigned locations and the inputtable values represented by the input buttons, the DRM controller preventing the mobile device from taking a screenshot during presentation of the passcode entry interface based on the DRM encoding of the DRM encoded media file;
  
  receiving, by the remote server, data associated with a coordinate corresponding to a touch event that occurs on the touchscreen of the mobile device while the passcode entry interface is presented on the touch screen;
  
  determining, by the remote computer server, the passcode entered by the user by comparing coordinates, including the coordinate, received from the mobile device relative to the assigned locations of the input buttons and identifying the inputtable values represented by the input buttons from the stored associations; and
  
  sending the determined passcode to the mobile device.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the passcode is determined by matching the coordinates from the mobile device to the assigned locations associated with the inputtable values.
  - 3. The method of claim 1, further comprising sending the single media file from the remote computer server to the mobile device without notifying the mobile device of the assigned locations associated with the inputtable values in the passcode entry interface.

4. A method comprising:
- accessing, by a remote computer server, a media file that specifies a visual depiction of a passcode entry interface, the visual depiction having an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface, wherein the media file is an image or video file;
  
  storing an association between the assigned location and the inputtable value in the remote computer server;
  
  sending the media file from the remote computer server to a mobile device for presentation as the passcode entry interface, wherein the mobile device includes access control software executable to control access to data on the mobile device during presentation of the passcode entry interface;
  
  receiving, at the remote computer server, a coordinate of a touch event on the passcode entry interface from the mobile device;
  
  determining, by the remote computer server, at least a portion of a passcode entry from a user based on the coordinate by comparing the coordinate relative to the assigned location of the input element and determining a corresponding input value of the coordinate based at least on the stored association; and
  
  sending the determined passcode entry to the mobile device.
- View Dependent Claims (5, 6, 7, 8, 9, 19)
- - 5. The method of claim 4, wherein the media file is sent without notifying the mobile device of the assigned location associated with the inputtable value.
  - 6. The method of claim 4, wherein the media file does not store an association between the assigned location and the inputtable value.
  - 7. The method of claim 4, further comprising encrypting the determined passcode entry;
    - and wherein sending the determined passcode entry includes sending the encrypted passcode entry.
  - 8. The method of claim 4, wherein accessing the media file includes generating the media file on the remote computer server.
  - 9. The method of claim 8, wherein the assigned location of the input element is randomly assigned by the remote computer server during said generating.
  - 19. The method of claim 4, further comprising encoding the media file with digital rights management (DRM) encryption, wherein the access control software includes a DRM controller that prevents the mobile device from taking a screen shot while the media file is presented on the mobile device as the passcode entry interface.

10. A method comprising:
- receiving, at a mobile device, a media file that specifies a visual depiction of a passcode entry interface that has input elements thereon, wherein the media file is an image or video file;
  
  generating, based on the media file, the passcode entry interface for presentation on a touch screen of the mobile device for a user to input a passcode, wherein the mobile device includes access control software executable to control access to data on the mobile device during presentation of the passcode entry interface;
  
  receiving, at the mobile device, a touch event from the touch screen while the passcode entry interface is presented on the touch screen;
  
  determining, by the mobile device, a coordinate of the touch event;
  
  sending, via a network, the coordinate of the touch event from the mobile device to a remote computer server to determine a passcode value associated with the coordinate;
  
  receiving an interpreted passcode entry from the remote computer server after sending the coordinate to the remote computer server; and
  
  sending, by the mobile device, the interpreted passcode entry to a card reader coupled to the mobile device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 20)
- - 11. The method of claim 10, wherein the visual depiction includes the input elements at randomly assigned locations.
  - 12. The method of claim 10, further comprising initiating a transaction while a payment card associated with the user is read by the card reader that is coupled to the mobile device.
  - 13. The method of claim 12, wherein, responsive to initiating the transaction, prompting the mobile device to receive the passcode from the user via the passcode entry interface to authenticate the transaction.
  - 14. The method of claim 10, further comprising encrypting the location of the touch event.
  - 15. The method of claim 10, further comprising sending an aggregate of coordinates of multiple touch events to the remote computer server, in response to receiving a trigger touch event on an interactive element in the passcode entry interface.
  - 16. The method of claim 10, wherein sending the coordinate of the touch event is responsive to receiving the touch event and determining the coordinate of the touch event.
  - 20. The method of claim 10, wherein the media file is encoded with digital rights management encryption, and wherein the access control software includes a DRM controller that prevents a screen shot from being taken on the mobile device while the passcode entry interface is generated on the touch screen based on the media file.

17. A computer server comprising:
- a processor;
  
  a computer readable storage storing one or more computer programs that are executable by the processor to perform operations comprising;
  
  accessing a digital rights management (DRM) encoded media file that specifies a visual depiction of multiple input elements of a passcode entry interface and is encoded with DRM encryption to prevent a remote mobile device from taking a screenshot, the visual depiction having an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface, wherein the DRM encoded media file is an image or video file;
  
  storing an association between the assigned location and the inputtable value in the computer readable storage;
  
  sending the DRM encoded media file to the remote mobile device for decryption by a DRM controller that presents the DRM encoded media file as the passcode entry interface on a display and, based on the DRM encoding, prevents the remote mobile device from taking a screenshot;
  
  receiving a coordinate of a touch event on the passcode entry interface from the remote mobile device;
  
  determining at least a portion of a passcode entry from a user based on the coordinate by comparing the coordinate with the assigned location of the input element and determining a corresponding input value of the coordinate based at least on the stored association; and
  
  sending at least the portion of the passcode entry to the remote mobile device.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the one or more computer programs is executable by the processor to further perform decrypting the coordinate after receiving the coordinate from the remote mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Square Inc (Block, Inc. (f/k/a Square, Inc.))
Inventors
Quigley, Oliver S. C., McCauley, Nathan, Lee, Bob
Primary Examiner(s)
Hayes, John W
Assistant Examiner(s)
Winter, John M

Application Number

US14/696,235
Time in Patent Office

1,250 Days
Field of Search

705 76
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/326   Payment applications instal...

G06Q 20/353   Payments by cards read by M...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

G06Q 2220/00   Business processing using c...

G07F 19/211   Software architecture withi...

G07F 7/1041   PIN input keyboard gets new...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Software PIN entry

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Software PIN entry

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links