Secure passcode entry user interface

US 9,613,356 B2
Filed: 10/09/2013
Issued: 04/04/2017
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method of operating a mobile device, the method comprising:

detecting a swipe of a payment card on a card reader coupled to the mobile device;

in response to detecting the swipe, initiating a financial transaction between a consumer and a merchant by;

identifying, on a touchscreen of the mobile device, a traffic region that experienced touch events prior to said initiating of the financial transaction, wherein identifying the traffic region includes counting historical touch events within a grid cell of the touchscreen to determine whether a count of the historical touch events exceeds a touch event count threshold;

generating a personal identification number (PIN) entry interface that includes a plurality of buttons for the consumer to compose a PIN entry, wherein the PIN entry interface is smaller than a fullscreen size of the touchscreen and wherein the buttons are repositionable to a different region the touchscreen;

in response to identifying the traffic region, positioning at least one of the buttons on the traffic region of the touchscreen of the mobile device; and

detecting a sequence of touch events on the touchscreen while the PIN entry interface is displayed on the touchscreen, wherein the sequence of touch events is indicative of a PIN entry corresponding to the payment card;

transmitting the sequence of touch events to an external computer server system to authenticate the consumer; and

in response to receiving a message from the external computer server system that authenticates the consumer, processing the financial transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure passcode entry is disclosed. The method, in one embodiment, includes: receiving a request for authenticating a user; in response to the request, generating a passcode entry interface including buttons corresponding to character options for composing a passcode entry, wherein the passcode entry interface is used to receive the passcode entry to authenticate a user of the payment card; identifying, on a touchscreen of the electronic device, a traffic region that experienced touch events prior to receiving the request; and displaying the passcode entry interface on the touchscreen such that at least a portion of the passcode entry interface is positioned in the traffic region.

Citations

21 Claims

1. A method of operating a mobile device, the method comprising:
- detecting a swipe of a payment card on a card reader coupled to the mobile device;
  
  in response to detecting the swipe, initiating a financial transaction between a consumer and a merchant by;
  
  identifying, on a touchscreen of the mobile device, a traffic region that experienced touch events prior to said initiating of the financial transaction, wherein identifying the traffic region includes counting historical touch events within a grid cell of the touchscreen to determine whether a count of the historical touch events exceeds a touch event count threshold;
  
  generating a personal identification number (PIN) entry interface that includes a plurality of buttons for the consumer to compose a PIN entry, wherein the PIN entry interface is smaller than a fullscreen size of the touchscreen and wherein the buttons are repositionable to a different region the touchscreen;
  
  in response to identifying the traffic region, positioning at least one of the buttons on the traffic region of the touchscreen of the mobile device; and
  
  detecting a sequence of touch events on the touchscreen while the PIN entry interface is displayed on the touchscreen, wherein the sequence of touch events is indicative of a PIN entry corresponding to the payment card;
  
  transmitting the sequence of touch events to an external computer server system to authenticate the consumer; and
  
  in response to receiving a message from the external computer server system that authenticates the consumer, processing the financial transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the touch events are X and Y coordinates, each indicating where on the touch screen a touch has been detected.
  - 3. The method of claim 1, further comprising encrypting the X and Y coordinates.
  - 4. The method of claim 1, further comprising sending positions of the plurality of buttons to the external computer server system to cause the external computer server system to determine the PIN entry from the sequence of touch events and the positions.
  - 5. The method of claim 1, wherein in response to the mobile device detecting a touch event on the touchscreen, the plurality of buttons is randomly re-arranged.
  - 6. The method of claim 1, wherein identifying the traffic region includes identifying the traffic region from a touch event history of the touchscreen of the mobile device.
  - 7. The method of claim 1, further comprising displaying a mobile storefront including menu items on the touchscreen prior to displaying the PIN entry interface;
    - wherein identifying the traffic region is based on positions of the menu items.

8. A method of operating a computer server system, the method comprising:
- initiating, by the computer server system, a financial transaction involving a mobile device and the server system;
  
  identifying, by the computer server system and relative to a touchscreen of the mobile device in communications with the server system, a traffic region that experienced touch events prior to said initiating of the financial transaction, wherein the touchscreen is virtually divided into multiple grid cells and wherein identifying the traffic region includes counting historical touch events within a grid cell of the touchscreen to determine whether a count of the historical touch events exceeds a touch event count threshold and adding the grid cell to be part of the traffic region in response to determining that the count exceeds the touch event count threshold;
  
  in response to identifying the traffic region, positioning, by the computer server system, a plurality of buttons of a passcode entry interface on the traffic region of the touchscreen, wherein the passcode entry interface includes the plurality of buttons for a user to compose a passcode entry, each button representing a character of a set of characters, wherein the plurality of buttons overlaps at least a portion of the traffic region, wherein the passcode entry interface is smaller than a fullscreen size of the touchscreen and the buttons are repositionable to a different region of the touchscreen; and
  
  transmitting, by the computer server system, positions of the plurality of buttons to the mobile device for displaying.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising:
    - receiving a sequence of touch events, represented as coordinates on the touchscreen from the mobile device, the sequence of touch events indicative of a passcode entry corresponding to a payment card; and
      
      composing the passcode entry by matching the sequence of touch events with said positioning of the plurality of buttons.
  - 10. The method of claim 9, further comprising receiving a card identifier of the payment card from the mobile device;
    - and transmitting the passcode entry and the card identifier to a financial system for authentication.
  - 11. The method of claim 9, further comprising transmitting the passcode entry to the mobile device to cause the mobile device to verify the passcode entry with the payment card for authentication.
  - 12. The method of claim 8, wherein identifying the traffic region includes identifying the traffic region from a touch event history of the touchscreen of the mobile device.
  - 13. The method of claim 8, further comprising positioning a mobile storefront including menu items on the touchscreen of the mobile device;
    - wherein identifying the traffic region is based on positions of the menu items.

14. A method of operating an electronic device, the method comprising:
- receiving, by the electronic device, a request for authenticating a user;
  
  in response to the request, generating, by the electronic device, a passcode entry interface including buttons corresponding to character options for composing a passcode entry, wherein the passcode entry interface is used to receive the passcode entry to authenticate a user, wherein the passcode entry interface is smaller than a fullscreen size of a touchscreen of the electronic device;
  
  identifying, by the electronic device and relative to the touchscreen of the electronic device, a traffic region that experienced touch events prior to receiving the request, wherein identifying the traffic region includes counting historical touch events within a grid cell of the touchscreen to determine whether a first count of the historical touch events exceeds a touch event count threshold and adding the grid cell as part of the traffic region in response to determining that the first count exceeds the touch event count threshold; and
  
  positioning, by the electronic device, the passcode entry interface on the traffic region on the touchscreen such that at least one of the buttons overlaps the grid cell and the passcode entry interface does not overlap at least another grid cell that has a second count of historical touch events not exceeding the touch event count threshold.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising displaying a mobile storefront including menu items on the touchscreen prior to displaying the passcode entry interface;
    - wherein identifying the traffic region is based on positions of the menu items.
  - 16. The method of claim 15, wherein displaying the mobile storefront includes randomizing the positions of the menu items.
  - 17. The method of claim 15, wherein displaying the passcode entry interface includes displaying the passcode entry interface over at least partially where the mobile storefront was previously displayed.
  - 18. The method of claim 15, further comprising swapping positions of the mobile storefront and the passcode entry interface between financial transactions on the electronic device.
  - 19. The method of claim 15, further comprising swapping positions of the mobile storefront and the passcode entry interface between user sessions on the electronic device.
  - 20. The method of claim 14, wherein identifying the traffic region includes identifying the traffic region from a touch event history of the touchscreen.

21. An electronic device comprising:
- a connector to receive a request to authenticate a user from a card reader;
  
  a touchscreen;
  
  a processor configured to generate a passcode entry interface that includes a plurality of buttons for the user to compose a passcode entry, each button representing a character of a set of characters, wherein the passcode entry interface is smaller than a fullscreen size of the touchscreen;
  
  wherein the processor is configured to count touch events in a grid cell on the touchscreen prior to receiving the request to authenticate, determine whether the count of the touch events exceeds a touch event count threshold, and, responsive to determining that the count exceeds the touch event count threshold, identify a traffic region to include the grid cell; and
  
  wherein the touchscreen is configured to position the buttons on the traffic region to maximize an overlap between the traffic region and the passcode entry interface and to detect a touch event, represented as coordinates on the touchscreen, interacting with the touchscreen while the buttons are displayed, the touch event indicative of at least a portion of a passcode entry by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Square Inc (Block, Inc. (f/k/a Square, Inc.))
Inventors
Edwards, Troy J.
Primary Examiner(s)
Subramanian, Narayanswamy
Assistant Examiner(s)
Bridges, Christopher

Application Number

US14/050,216
Publication Number

US 20150100498A1
Time in Patent Office

1,273 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

G06F 2203/04803   Split screen, i.e. subdivid...

G06F 2221/031   Protect user input by softw...

G06F 3/0482   Interaction with lists of s...

G06F 3/04883   for inputting data by handw...

G06Q 20/1085   involving automatic teller ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/382   insuring higher security of...

G06Q 20/4012   Verifying personal identifi...

G07F 7/10   together with a coded signa...

G07F 7/1033   Details of the PIN pad

H04L 9/3226   using a predetermined code,...

Secure passcode entry user interface

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure passcode entry user interface

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links