System, device, and method of secure entry and handling of passwords

US 10,491,379 B2
Filed: 05/23/2018
Issued: 11/26/2019
Est. Priority Date: 05/08/2012
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a secure execution environment (SEE) to securely execute code;

a secure video path (SVP) to securely exchange, between the SEE and a touch-screen of the electronic device, payment-related information to enable a payment transaction through said electronic device;

wherein the SEE comprises a secure password entry module to generate a scrambled on-screen interface, and to send the scrambled on-screen interface to the touch-screen through the SVP in order to enable said payment transaction via said mobile electronic device;

a secure operations module, (a) to securely receive, from the secure password entry module, a password entered by a user via said touch-screen in order to enable said payment transaction via said electronic device, said password transported securely via said SVP from said touch-screen to said secure password entry module of the SEE;

(b) to encrypt said password; and

(c) to send the encrypted password for verification at a verification module that is external to said electronic device in order to enable said payment transaction via said electronic device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

31 Citations

20 Claims

1. An electronic device comprising:
- a secure execution environment (SEE) to securely execute code;
  
  a secure video path (SVP) to securely exchange, between the SEE and a touch-screen of the electronic device, payment-related information to enable a payment transaction through said electronic device;
  
  wherein the SEE comprises a secure password entry module to generate a scrambled on-screen interface, and to send the scrambled on-screen interface to the touch-screen through the SVP in order to enable said payment transaction via said mobile electronic device;
  
  a secure operations module, (a) to securely receive, from the secure password entry module, a password entered by a user via said touch-screen in order to enable said payment transaction via said electronic device, said password transported securely via said SVP from said touch-screen to said secure password entry module of the SEE;
  
  (b) to encrypt said password; and
  
  (c) to send the encrypted password for verification at a verification module that is external to said electronic device in order to enable said payment transaction via said electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The electronic device of claim 1,wherein the secure password entry module comprises:
    - a touch-event recognizer to securely identify within the SEE a character which corresponds to a virtual key that a user selected via the touch-screen on the scrambled on-screen interface.
  - 3. The electronic device of claim 1, comprising:
    - a secure content channel to transport the scrambled on-screen interface, securely against interception, from the SEE to the touch-screen.
  - 4. The electronic device of claim 1, comprising:
    - a secure content channel to transport the scrambled on-screen interface, from the SEE to the touch-screen, as an encoded Digital Rights Management (DRM) protected video.
  - 5. The electronic device of claim 4, comprising:
    - a DRM-enabled playback module to playback the encoded DRM-protected video representing the scrambled on-screen interface.
  - 6. The electronic device of claim 1,wherein the scrambled on-screen interface comprises at least one of:
    - an on-screen scrambled virtual keyboard;
      
      an on-screen scrambled virtual keypad;
      
      an on-screen representation of wheels of digits, wherein each wheel is rotatable in response to a user gesture on the touch-screen.
  - 7. The electronic device of claim 1,wherein the scrambled on-screen interface comprises a user-specific authenticity reassurance image;
    - wherein the user-specific authenticity reassurance image comprises a user-uploaded image captured by the user through a camera of the electronic device;
      
      wherein the user-specific authenticity reassurance image comprises at least one of;
      
      an image overlaid as a watermark on top of the scrambled on-screen interface;
      
      an image overlaid as a watermark under the scrambled on-screen interface;
      
      an image displayed in proximity to the scrambled on-screen interface.
  - 8. The electronic device of claim 7,wherein the SEE comprises code to securely modify, based on a user command, one or more visible properties of the user-specific authenticity reassurance image, prior to an upload of said image or subsequent to selection of the user-specific authenticity reassurance image from a collection of images.
  - 9. The electronic device of claim 1,wherein the SVP comprises a uni-directional SVP to send information securely only in a direction from the SEE to the touch-screen of the electronic device.
  - 10. The electronic device of claim 1,wherein the electronic device comprises a device selected from the group consisting of:
    - a laptop computer, a tablet, a smartphone, a portable computing device, a portable gaming device, a portable multimedia player, and a portable payment terminal.
  - 11. The electronic device of claim 1, comprising:
    - a secure storage unit to securely store a cryptographic key, wherein the cryptographic key is unique to a particular task to be performed by said electronic device; and
      
      a cryptographic operations module to release the cryptographic key from the secure storage unit based on a user gesture, received through said touch screen and indicating confirmation, and to utilize the cryptographic key for performing a cryptographic operation associated with said particular task;
      
      wherein the cryptographic key is also unique to a user of said electronic device;
      
      wherein the cryptographic operation is transparent to said particular task on said electronic device;
      
      wherein said particular task, for which said cryptographic key is unique comprises a task of unlocking access to an entirety of a storage unit of said electronic device.
  - 12. The electronic device of claim 1, further comprising:
    - a payment card reader to read a payment card swiped therethrough; and
      
      a visual indicator to indicate to a user that the secure password entry module is activated and that the user can swipe the payment card through the payment card reader;
      
      wherein the payment card reader is operational when the secure password entry module is activated, and wherein the payment card reader is non-operational when the secure password entry module is non-activated.
  - 13. The electronic device of claim 12, comprising:
    - a secure operations module to securely receive, from the secure password entry module, a password entered by a user via said touch-screen;
      
      to encrypt the password; and
      
      to send the encrypted password for verification at a verification module external to the electronic device;
      
      wherein the verification module external to the electronic device is to send back to said electronic device a verification response indicating whether or not the password is verified;
      
      wherein the verification module comprises at least one of;
      
      a remote server, and a smart-card external to the electronic device.
  - 14. The electronic device of claim 12,wherein in response to a user entering a password via said scrambled on-screen interface on said touch-screen, the electronic device is to send, to a remote server, a message indicating touch coordinates to enable the remote server to determine the password and to initiate a process of verifying the password;
    - wherein the electronic device is unaware of the password entered by said user.

15. A method comprising:
- securely generating, in a Secure Execution Environment (SEE) of an electronic device, a representation of a scrambled on-screen password-entry interface;
  
  securely sending said representation of the scrambled on-screen password-entry interface, from the SEE of said electronic device, to a touch-screen of said electronic device, exclusively through a local Secure Video Path (SVP) within said electronic device that enables the SEE to securely and locally communicate with said touch-screen;
  
  securely identifying within the SEE of said electronic device, a character which corresponds to an on-screen key that a user selected via the touch-screen of said electronic device through said scrambled on-screen interface displayed on said electronic device, wherein exchange of information between the SEE of said electronic device and the touch-screen of said electronic device is performed exclusively locally via said SVP of said electronic device.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15,wherein the step of securely sending comprises:
    - securely transporting the representation of the scrambled on-screen interface, from the SEE to the touch-screen, as an encoded Digital Rights Management (DRM) protected video;
      
      initiating playback of said encoded DRM protected video representing said scrambled on-screen interface.
  - 17. The method of claim 15, further comprising:
    - securely storing in a secured storage, a cryptographic key which is unique to a particular task to be performed by said electronic device;
      
      releasing the cryptographic key from the secure storage, based on one or more user-gestures that are received through said touch-screen having said scrambled on-screen interface.

18. A server apparatus comprising:
- a secure execution environment (SEE) system to securely execute code;
  
  wherein the SEE system comprises a secure password entry module (a) to generate a scrambled on-screen interface, and (b) to send the scrambled on-screen interface, as an encoded Digital Rights Management (DRM) protected video to a remote device and is securely stored in a secure storage of said remote device;
  
  wherein the encoded DRM-protected video is delivered exclusively via a local Secure Video Path (SVP) within said remote device, from the secure storage in said remote device to a touch-screen of said remote device;
  
  wherein the encoded DRM-protected video, when played by a DRM-enabled playback module of the remote device, causes the touch-screen of the remote device to securely display said scrambled on-screen interface generated by the SEE system of said server apparatus.
- View Dependent Claims (19, 20)
- - 19. The server apparatus of claim 18,wherein the scrambled on-screen interface comprises at least one of:
    - an on-screen scrambled virtual keyboard;
      
      an on-screen scrambled virtual keypad;
      
      an on-screen representation of wheels of digits, wherein each wheel is rotatable in response to a user gesture on a touch-screen.
  - 20. The server apparatus of claim 18,wherein the scrambled on-screen interface comprises a user-specific authenticity reassurance image;
    - wherein the server apparatus comprises;
      
      a verification module to verify a user-entered password entered on said scrambled on-screen interface via a touch-screen of the remote device,wherein the verification module is to receive from said remote device a message indicating touch coordinates corresponding to touch gestures of a user on said touch-screen,wherein the verification module determines the user-entered password from said touch coordinates while the user-entered password remains unknown to the remote device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
Arm Limited (SoftBank Group Corp.)
Inventors
Bar-El, Hagai, Sella, Yaacov, Ziv, Alon, Sasson, Roni
Primary Examiner(s)
Chang, Kenneth W

Application Number

US15/986,831
Publication Number

US 20180270048A1
Time in Patent Office

552 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6281   at program execution time, ...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/84   output devices, e.g. displa...

G09C 5/00   Ciphering apparatus or meth...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless network architectu...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 9/08   Key distribution or managem...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/068   using credential vaults, e....

H04W 12/069 : using certificates or pre-s...

View All

System, device, and method of secure entry and handling of passwords

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, device, and method of secure entry and handling of passwords

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links