TRUSTED TERMINAL PLATFORM

US 20160020906A1
Filed: 03/05/2014
Published: 01/21/2016
Est. Priority Date: 03/05/2013
Status: Active Grant

First Claim

Patent Images

1. A User-terminal for entering secure user information, comprising:

a processor configured for running an operating system with applications;

a touch screen configured for displaying information and receiving user inputs and to receive the secure user information from the user;

a Security-Box being connected between the touch screen and the processor and configured to control the user input on the touch screen to the processor, the Security-Box being configured to run in a “

Secure Mode” and

a “

Clear Text Mode”

, wherein when running in “

Secure Mode”

the user input is not forwarded as touch coordinates to the processor and when running in “

Clear Text Mode”

the touch coordinates are transmitted to the processors;

wherein the user-terminal is configured to run at least first and second applications displaying information on the touch screen and allowing an interaction with the user, the first application interacting with the Security-Box to perform security relevant financial transactions;

and the second application interacting in “

Clear Text Mode”

with the touch screen, andwherein the first application interacting with the Security-Box is configured for switching the Security-Box into “

Secure Mode” and

needs to be authenticated with the Security Box using a cryptographic method with one or more security keys.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A point-of-sale (POS) terminal is provided for entering a PIN to enable a financial transaction. The point-of-sale terminal has a card reader for reading information from a credit card, a processor for running an operating system, with applications, a touch screen for displaying information and receiving user inputs, and a Security-Box connected between the touch screen and the processor to control the user input on the touch screen to the processor. The Security Box is configured to run in a “PIN Entry Mode” and a “Clear Text Mode.” When running in “PIN Entry Mode” the user input is not forwarded as touch coordinates to the processor and when running in “Clear Text Mode” the touch coordinates are transmitted to the processors.

34 Citations

View as Search Results

43 Claims

1. A User-terminal for entering secure user information, comprising:
- a processor configured for running an operating system with applications;
  
  a touch screen configured for displaying information and receiving user inputs and to receive the secure user information from the user;
  
  a Security-Box being connected between the touch screen and the processor and configured to control the user input on the touch screen to the processor, the Security-Box being configured to run in a “
  
  Secure Mode” and
  
  a “
  
  Clear Text Mode”
  
  , wherein when running in “
  
  Secure Mode”
  
  the user input is not forwarded as touch coordinates to the processor and when running in “
  
  Clear Text Mode”
  
  the touch coordinates are transmitted to the processors;
  
  wherein the user-terminal is configured to run at least first and second applications displaying information on the touch screen and allowing an interaction with the user, the first application interacting with the Security-Box to perform security relevant financial transactions;
  
  and the second application interacting in “
  
  Clear Text Mode”
  
  with the touch screen, andwherein the first application interacting with the Security-Box is configured for switching the Security-Box into “
  
  Secure Mode” and
  
  needs to be authenticated with the Security Box using a cryptographic method with one or more security keys.
- View Dependent Claims (2, 3, 4, 5, 8, 9, 10, 12, 13, 14, 15, 16, 19)
- - 2. The User-Terminal of claim 1 wherein the security keys are stored in the Security-Box and/or in a secure area on a main board comprising the processor and/or in an unsecure area of the main board comprising the processor.
  - 3. The User-Terminal of claim 1, wherein the first application interacting with the Security-Box uses a signature or cryptogram to authenticate with the Security-Box.
  - 4. The User-Terminal of claim 3, wherein the Security-Box is configured to verify the signature or cryptogram of the application interacting with the Security-Box before allowing switching into “
    - Secure Mode”
      
      .
  - 5. The User-Terminal of claim 1, wherein the User-Terminal is a mobile device without any physical keyboard and allowing interaction via the touch screen.
  - 8. The User-Terminal of claim 1, wherein the touch screen is connected to the Security-Box and the Security-Box is connected to the processor via a USB-Channel.
  - 9. The User-Terminal of claim 8, wherein the touch coordinates and crypto commands are transmitted over the USB, and wherein two logical USB-Channels are setup to transmit the touch coordinates and the crypto commands respectively.
  - 10. The User-Terminal of claim 8, wherein the touch sensor is connected via SPI (Serial Peripheral Interface) to the Security-Box and the display is connected via an LVDS/DSI Bridge.
  - 12. The User-Terminal of claim 1, wherein the User-Terminal is a Point-of-sale (POS) terminal for entering a PIN to enable a financial transaction, and further comprising:
    - a card reader for reading information from a credit card.
  - 13. The User-Terminal of claim 12, wherein the card reader is a chip card reader that is integrated into the Security-Box, and wherein the Security-Box is configured to perform all necessary steps to process a financial transaction based on the PIN and the information of the chip card, without using the processor or applications running on the processor.
  - 14. The User-Terminal of claim 12, wherein when a virtual pin-pad is displayed on the touch screen, the Security-Box switches to a “
    - PIN-Entry-Mode” and
      
      is configured to interpret a user touch as the PIN, and to encrypt the PIN to forward the information together with credit card information to an associate service center/bank over a network controller.
  - 15. The User-Terminal of claim 1, wherein a payment application is running on the operating system switching the Security Box into “
    - Secure Mode” and
      
      displaying the virtual PIN-pad, and/or wherein the payment application forwards the card information from a card reader to the Security Box, wherein the payment application can also be responsible to forward the encrypted PIN from the Security Box to the service center/bank.
  - 16. The User-Terminal of claim 1, wherein the User-Terminal is configured to shift the PIN Pad randomly on the touch screen for every transaction and/or wherein the Security Box is informed about the coordinates of the PIN Pad, to be able to interpret the touch input.
  - 19. The User-Terminal of claim 1, wherein the Security Box and the display are connected with each other, and sensors indicate when a disconnection is performed, which leads to a deletion of keys in the Security Box.

6-7. -7. (canceled)

11. (canceled)

17-18. -18. (canceled)

20-21. -21. (canceled)

22. A User-Terminal for entering secure user information, comprising:
- a processor configured for running an operating system with applications;
  
  a touch screen configured for displaying information and receiving user inputs and also to receive the secure information from the user;
  
  a Security-Box being connected between the touch screen and the processor, and configured to control the user input on the touch screen to the processor, wherein the Security-Box and the processor are connected via a serial interface configured to provide a first and a second logical connection,wherein the Security-Box is being configured to run in a “
  
  Secure Mode”
  
  using the first logical connection and a “
  
  Clear Text Mode”
  
  using the second logical connection, wherein when running in “
  
  Secure Mode”
  
  the user input is not forwarded as touch coordinates to the processor via the second logical connection and when running in “
  
  Clear Text Mode”
  
  the touch coordinates are transmitted to the processor via the second logical connection.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 34, 36, 37, 40, 41, 42)
- - 23. The User-Terminal of claim 22, wherein the touch screen is connected to the Security-Box via a serial peripheral interface and the serial interface is a USB-Channel.
  - 24. The User-Terminal of claim 23, wherein in the “
    - Secure Mode”
      
      crypto commands are transmitted over the first logical connection.
  - 25. The User-Terminal of claim 24, wherein the USB-Channel is configured as USB Composite Device Class implementing the first logical connection as a COM USB interface and the second logical connection as a HID interface.
  - 26. The User-Terminal of claim 22, wherein the secure user information is a PIN or a Password to have access to personal account information and/or physical items, and wherein the “
    - Secure Mode”
      
      is a “
      
      PIN Entry Mode”
      
      .
  - 27. The User-Terminal of claim 22, wherein the User-Terminal is a Point-of-sale (POS) terminal for entering a PIN to enable a financial transaction, and further comprising:
    - a card reader for reading information from a credit card.
  - 28. The User-Terminal of claim 27, wherein the card reader is a chip card reader that is integrated into the Security-Box, and wherein the Security-Box is configured to perform all necessary steps to process a financial transaction based on the PIN and the information of the chip card.
  - 29. The User-Terminal of claim 27, wherein when a virtual pin-pad is displayed on the touch screen, the Security-Box switches to “
    - PIN-Entry-Mode” and
      
      is configured to interpret the user touch as the PIN, and to encrypt the PIN to forward the information together with credit card information to an associate service center/bank over a network controller.
  - 30. The User-Terminal of claim 29, wherein a payment application is running on the operating system switching the Security-Box into “
    - Secure Mode” and
      
      displaying the virtual PIN-pad, and/or wherein the payment application forwards the card information from the card reader to the Security-Box, wherein the payment application can also be responsible to forward the encrypted PIN from the Security-Box to the service center/bank.
  - 34. The User-Terminal of claim 22, wherein the Security-Box and the display are connected with each other, and sensors indicate when a disconnection is performed, which leads to a deletion of keys in the Security-Box.
  - 36. The User-Terminal of claim 30, wherein the Payment Application which starts the Secure PIN Mode needs to authenticate with the Security-Box using a cryptographic key which is generated by the Security-Box and transferred to the payment application during registration.
  - 37. The User-Terminal terminal of claim 22, wherein the Security-Box checks the status of the operation system before booting.
  - 40. The User-Terminal of claim 22, wherein the User-Terminal is configured to run at least first and second applications displaying information on the touch screen and allowing an interaction with the user, the first application interacting with the Security-Box to perform security relevant financial transactions;
    - and the second application interacting in “
      
      Clear Text Mode”
      
      with the touch-screen,wherein the first application interacting with the Security-Box is configured for switching the Security-Box into “
      
      Secure Mode” and
      
      needs to be authenticated with the Security-Box using one or more security keys.
  - 41. The User-Terminal of claim 40, wherein the first application interacting with the Security-Box uses a signature or cryptogram to authenticate with the Security-Box.
  - 42. The User-Terminal claim 41, wherein the Security-Box is configured to verify the signature or cryptogram of the first application interacting with the Security-Box before allowing switching into “
    - Secure Mode”
      
      .

31-33. -33. (canceled)

35. (canceled)

38-39. -39. (canceled)

43-44. -44. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wincor Nixdorf International GmbH (Diebold Nixdorf, Incorporated)
Original Assignee
Wincor Nixdorf International GmbH (Diebold Nixdorf, Incorporated)
Inventors
Nolte, Michael, Zavadsky, Valdemar

Granted Patent

US 11,088,840 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/83   input devices, e.g. keyboar...

G06F 21/86   Secure or tamper-resistant ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

G07F 7/1016   Devices or methods for secu...

G07F 7/1041   PIN input keyboard gets new...

G07F 7/1091   Use of an encrypted form of...

H04L 63/083   using passwords cryptograph...

H04L 9/3234   involving additional secure...

TRUSTED TERMINAL PLATFORM

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED TERMINAL PLATFORM

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links