Software pin entry
First Claim
1. A method for providing security during passcode entry on a mobile device, comprising:
- displaying an interface for receiving a passcode, where the interface includes one or more objects;
receiving user input on a display of the mobile device;
preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects;
determining the passcode based on the user input;
receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server;
encrypting the passcode in the mobile device by using the cryptographic key received from the server;
sending the encrypted passcode from the mobile device to the card reader connected to the mobile device;
receiving encrypted data from the card reader;
decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader;
processing the decrypted data; and
continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key.
2 Assignments
0 Petitions
Accused Products
Abstract
A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions.
Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server.
A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.
-
Citations
22 Claims
-
1. A method for providing security during passcode entry on a mobile device, comprising:
-
displaying an interface for receiving a passcode, where the interface includes one or more objects; receiving user input on a display of the mobile device; preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects; determining the passcode based on the user input; receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server; encrypting the passcode in the mobile device by using the cryptographic key received from the server; sending the encrypted passcode from the mobile device to the card reader connected to the mobile device; receiving encrypted data from the card reader; decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader; processing the decrypted data; and continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a card reader; a mobile device having a processor and being connected to the card reader; and computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising; displaying, on the mobile device, an interface for receiving a passcode, where the interface includes one or more objects; receiving user input on a display of the mobile device; preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects; determining the passcode based on the user input; receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of the card reader to the server; encrypting the passcode in the mobile device by using the cryptographic key received by the mobile device from the server; sending the encrypted passcode from the mobile device to the card reader; receiving encrypted data from the card reader; decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader; processing the decrypted data; and continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor, cause the processor to perform operations comprising:
-
displaying, on a mobile device, an interface for receiving a passcode, where the interface includes one or more objects; receiving user input on a display of the mobile device; preventing unauthorized software executing on the mobile device from taking a screenshot to capture the user input, including disabling at least a portion of a visual feedback on the user input, where the mobile device does not display feedback in each of the one or more objects; determining the passcode based on the user input; receiving, by the mobile device, a cryptographic key from a server in response to sending, by the mobile device, a unique identification code of a card reader to the server; encrypting the passcode in the mobile device by using the cryptographic key received by the mobile device from the server; sending the encrypted passcode from the mobile device to the card reader connected to the mobile device; receiving encrypted data from the card reader; decrypting, by the mobile device and using the cryptographic key, the encrypted data received from the card reader; processing the decrypted data; and continuing secure communication between the card reader and the mobile device, wherein said continuing the secure communication includes encrypting and decrypting using the cryptographic key. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
Specification