In accordance with a first aspect of the present disclosure, a user authentication system is provided, comprising: a user authentication token, said user authentication token comprising a fingerprint sensor and a secure element; an assistance device configured to be coupled to the user authentication token through an interface of said user authentication token; wherein the assistance device is configured to request the secure element to verify a personal unlock key to be captured by the secure element through the fingerprint sensor; wherein the secure element is configured to capture the personal unlock key through the fingerprint sensor, to verify the captured personal unlock key and to enroll, upon or after a positive verification of the personal unlock key, fingerprint reference data captured through the fingerprint sensor. In accordance with a second aspect of the present disclosure, a corresponding method for enrolling fingerprint reference data in a user authentication token is conceived. In accordance with a third aspect of the present disclosure, a corresponding computer program is provided.

Systems and methods for point-to-point encryption compliance are disclosed. In one embodiment, in a point of interaction device comprising at least one computer processor, a method for point-to-point encryption compliance may include: (1) receiving card data from a card reading device; (2) determining an error with the card data; (3) generating substitute data by replacing at least a portion of the card data with substitute data; and (4) communicating the substitute data to a payment server. The card data may be received from a magnetic stripe reader, from an EMV card reader, or from a contactless card reader. The error may include comprises the card data not being compliant with ISO-7813.

A credential reader update system includes a server operable to provide a credential reader update via a cellular telephone interface, and a plurality of credential readers. Each credential reader communicates with a presented credential at a credential reader frequency, wherein each credential reader has a credential reader interface having a range. A portable update device is movable into and out of the range, and is operable to receive the credential reader update via the cellular telephone interface. A credential reader update application is included in the portable update device, and is operable to uniquely identify the particular credential reader to be updated. The portable update device transfers the credential reader update to the credential reader via the credential reader interface, and the credential reader update includes firmware instructions that cause the credential reader to perform communications with the presented credential at a second frequency different than the credential reader frequency.

An electronic device, such as a payment reader, may include a physically unclonable function (PUF) source to generate a plurality of PUF values. The electronic device may also include circuitry to compare the plurality of PUF values from the PUF source to determine a degree of randomness of the at least one PUF source in generating the plurality of PUF values. The circuitry can then determine, based on the determined degree of randomness, whether to use the PUF values from the PUF source to perform a secure operation for the electronic device.

A system for accepting the input of a PIN comprises a first device receiving a randomized PIN layout derived on a fourth device. The randomized PIN layout is displayed on a display of the first device. A second device comprises an input for accepting a series of key presses to produce a PIN token. The PIN token indicating each of the series of key presses. A third device is in communication with the second device. The third device derives the randomized PIN layout and receives the PIN token from the second device without the PIN token being present on the first device. The third device combines the PIN layout and the PIN token to produce a PIN. The PIN is used to authenticate a transaction. The fourth and third devices each store a shared secret used to independently derive the randomized PIN layout on the fourth and third devices.

An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

A system for accepting the input of a PIN comprises a first device receiving a randomized PIN layout derived on a fourth device. The randomized PIN layout is displayed on a display of the first device. A second device comprises an input for accepting a series of key presses to produce a PIN token. The PIN token indicating each of the series of key presses. A third device is in communication with the second device. The third device derives the randomized PIN layout and receives the PIN token from the second device without the PIN token being present on the first device. The third device combines the PIN layout and the PIN token to produce a PIN. The PIN is used to authenticate a transaction. The fourth and third devices each store a shared secret used to independently derive the randomized PIN layout on the fourth and third devices.

An electronic device may include circuitry and an anti-tamper device having a physical characteristic that changes in response to a tamper attempt. The circuitry is configured to determine physically unclonable function (PUF) data based on the physical characteristic and to perform at least one secure operation based on the PUF data. The circuitry is further configured to detect the tamper attempt based a change to the physical characteristic and to perform at least one action in response to detection of the tamper attempt for protecting the electronic device from the tamper attempt.

An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

A system for accepting the input of a PIN comprises a first device receiving a randomized PIN layout derived on a fourth device. The randomized PIN layout is displayed on a display of the first device. A second device comprises an input for accepting a series of key presses to produce a PIN token. The PIN token indicating each of the series of key presses. A third device is in communication with the second device. The third device derives the randomized PIN layout and receives the PIN token from the second device without the PIN token being present on the first device. The third device combines the PIN layout and the PIN token to produce a PIN. The PIN is used to authenticate a transaction. The fourth and third devices each store a shared secret used to independently derive the randomized PIN layout on the fourth and third devices.