Software pin entry

US 9,367,842 B2
Filed: 03/13/2013
Issued: 06/14/2016
Est. Priority Date: 06/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method for providing security during passcode entry on a mobile device, comprising:

displaying an interface for receiving a passcode, where the interface includes one or more objects;

receiving user input on a display of the mobile device;

preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects;

determining the passcode based on the user input;

receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server;

encrypting the passcode in the mobile device by using the cryptographic key received from the server;

sending the encrypted passcode from the mobile device to the card reader connected to the mobile device;

receiving encrypted data from the card reader;

decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader;

processing the decrypted data; and

continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions.

Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server.

A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Citations

22 Claims

1. A method for providing security during passcode entry on a mobile device, comprising:
- displaying an interface for receiving a passcode, where the interface includes one or more objects;
  
  receiving user input on a display of the mobile device;
  
  preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects;
  
  determining the passcode based on the user input;
  
  receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server;
  
  encrypting the passcode in the mobile device by using the cryptographic key received from the server;
  
  sending the encrypted passcode from the mobile device to the card reader connected to the mobile device;
  
  receiving encrypted data from the card reader;
  
  decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader;
  
  processing the decrypted data; and
  
  continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the encrypted data received by the mobile device from the card reader comprises an acknowledgement that the card reader has verified a passcode match.
  - 3. The method of claim 1, where the processing comprises submitting a payment transaction to a payment processing system.
  - 4. The method of claim 1, where the one or more objects include a keypad and a passcode field, and where the mobile device displays, on the passcode field, a symbol for each user entry from the user, and where the mobile device does not display, on the keypad, the visual feedback based on the user input.
  - 5. The method of claim 1, comprising, prior to the encrypting:
    - receiving, at the mobile device, a certificate from the card reader;
      
      sending the certificate from the mobile device to the server, where the server verifies a signature of the certificate; and
      
      receiving, at the mobile device, a verification of the certificate from the server.
  - 6. The method of claim 1, where the secure communication between the card reader and the mobile device is performed through an audio jack of the mobile device.
  - 7. The method of claim 1, where said determining the passcode is based on locations of the user input on the display.

8. A system comprising:
- a card reader;
  
  a mobile device having a processor and being connected to the card reader; and
  
  computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising;
  
  displaying, on the mobile device, an interface for receiving a passcode, where the interface includes one or more objects;
  
  receiving user input on a display of the mobile device;
  
  preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects;
  
  determining the passcode based on the user input;
  
  receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of the card reader to the server;
  
  encrypting the passcode in the mobile device by using the cryptographic key received by the mobile device from the server;
  
  sending the encrypted passcode from the mobile device to the card reader;
  
  receiving encrypted data from the card reader;
  
  decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader;
  
  processing the decrypted data; and
  
  continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, where the encrypted data received from the card reader comprises an acknowledgement that the card reader has verified a passcode match.
  - 10. The system of claim 8, where the processing comprises submitting a payment transaction to a payment processing system.
  - 11. The system of claim 8, where the one or more objects include a keypad and a passcode field, and where the mobile device displays, on the passcode field, a symbol for each user entry from the user, and where the mobile device does not display, on the keypad, the visual feedback based on the user input.
  - 12. The system of claim 8, where the secure communication between the card reader and the mobile device is performed wirelessly.
  - 13. The system of claim 8, where the secure communication between the card reader and the mobile device is performed through an audio jack of the mobile device.
  - 14. The system of claim 8, further comprising, prior to the encrypting:
    - receiving, at the mobile device, a certificate from the card reader;
      
      sending the certificate from the mobile device to the server, where the server verifies a signature of the certificate;
      
      receiving, at the mobile device, a verification of the certificate from the server; and
      
      disabling an ability of the one or more objects to change visual state.

15. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor, cause the processor to perform operations comprising:
- displaying, on a mobile device, an interface for receiving a passcode, where the interface includes one or more objects;
  
  receiving user input on a display of the mobile device;
  
  preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects;
  
  determining the passcode based on the user input;
  
  receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server;
  
  encrypting the passcode in the mobile device by using the cryptographic key received by the mobile device from the server;
  
  sending the encrypted passcode from the mobile device to the card reader connected to the mobile device;
  
  receiving encrypted data from the card reader;
  
  decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader;
  
  processing the decrypted data; and
  
  continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The non-transitory computer-readable medium of claim 15, where the encrypted data received from the card reader comprises an acknowledgement that the card reader has verified a passcode match.
  - 17. The non-transitory computer-readable medium of claim 15, where said processing the decrypted data comprises submitting a payment transaction to a payment processing system.
  - 18. The non-transitory computer-readable medium of claim 15, where the secure communication between the card reader and the mobile device is performed through an audio jack of the mobile device.
  - 19. The non-transitory computer-readable medium of claim 15, where the feedback is not displayed in any of the one or more objects.
  - 20. The non-transitory computer-readable medium of claim 15, where the secure communication between the card reader and the mobile device is performed wirelessly.
  - 21. The non-transitory computer-readable medium of claim 15, further comprising, prior to the encrypting:
    - receiving, at the mobile device, a certificate from the card reader;
      
      sending the certificate, from the mobile device to the server, where the server verifies a signature of the certificate; and
      
      receiving, at the mobile device, a verification of the certificate from the server.
  - 22. The non-transitory computer-readable medium of claim 15, where said determining the passcode is based on locations of the user input on the display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Square Inc (Block, Inc. (f/k/a Square, Inc.))
Inventors
Quigley, Oliver S. C., McCauley, Nathan, Lee, Bob
Primary Examiner(s)
ALUNKAL, THOMAS D

Application Number

US13/800,920
Publication Number

US 20130328801A1
Time in Patent Office

1,189 Days
Field of Search

345/173, 705/44, 705/18, 705/71, 713/168, 713/176
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/326   Payment applications instal...

G06Q 20/353   Payments by cards read by M...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

G06Q 2220/00   Business processing using c...

G07F 19/211   Software architecture withi...

G07F 7/1041   PIN input keyboard gets new...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Software pin entry

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Software pin entry

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links