The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

A system and method for facilitating transactions utilizing phrase tokens are provided. Individual entities can be associated with unambiguous transaction phrase tokens, such as multiple word phrases. The transaction phrase tokens are associated with transaction accounts by a service provider such that the entities can complete a transaction without having to exchange transaction account information. In a transaction, a transaction phrase token is offered to an accepting party, which tenders the offered transaction phrase token to the service provider. The service provider processes the offered transaction phrase token according to configuration information specified for the transaction phrase token. The service provider can automatically process the transaction request or request additional information.

A system for performing electronic transaction includes: a payment terminal including a human interface module, a first processor, and an internal bus for connecting these elements; a host terminal connectable to the human interface module through a connection; and a security module. The human interface module includes a keyboard, a display, a card reader for reading and authenticating a bank card or credit card. The host terminal includes a second processor, a memory, and a power supply. A transaction terminal task manager is included in the first security module, the first security module being hosted in the host terminal. The human interface module executes transaction phases under control of the security module, and executes security treatments, totally autonomously from the host terminal. The security treatments include presentation of a PIN code to the bank card or credit card.

The invention provides a solution for secure input of a user's input into an electronic device. The invention comprises methods and apparatus for secure input of a user's identifier e.g. password or other code. An image of a keyboard is superimposed over a scrambled, operable keyboard within a display zone of a screen associated with an electronic device. The keyboard image depicts a non-scrambled keyboard, in that the keys depicted in the image are in an expected or standardised format or order eg QWERTY keyboard arrangement. The difference in positions of the keys depicted in the image, and those in the operable keyboard, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keyboard which is standard for the device which it is being displayed on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keyboard, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.

A server receives a transaction request message of a pending transaction user card from a first terminal, and determines whether the server receives a first message of a second terminal when a personal identification number (PIN) verification for the pending transaction user card fails. The first message is a PIN-free request message or a transaction response message. The server permits, based on the first message of the second terminal, the pending transaction user card to be used for a transaction when receiving the first of the second terminal.

A charging system for charging an electric vehicle includes a charging station and a charging network server, with the charging network server in network communication with the charging station and a mobile device application. The charging station and the charging network server include computing devices programmed to: store an authorization code at each of the network server and the charging station for authorizing charging of the electric vehicle when the charging station is off-line from the charging network server, process a charging authorization request at the charging network server sent from the mobile device application, transmit the authorization code from the network server to the mobile device application responsive to the charging authorization request and when the charging station is off-line, and authorize or deny charging of the electric vehicle based on whether an authorization code input to the charging station matches the authorization code stored on the charging station.

A settlement terminal includes a card reader, a settlement processing unit including a processor programmed to carry out a settlement process using information acquired through the card reader and a tampering detection process, a storage device in which a first set of programs is stored after encryption by a first key and a second set of programs is stored after encryption by a second key, each set of programs including a first program for operating the card reader, and a second program for carrying out the settlement process. Upon detection of tampering, the processor of the settlement processing unit notifies an external terminal of the tampering and upon receiving an update instruction from the external terminal, updates a current set of programs used for operating the card reader and carrying out the settlement process from the first set to the second set.

A charging system for charging an electric vehicle includes a charging station and a charging network server, with the charging network server in network communication with the charging station and a mobile device application. The charging station and the charging network server include computing devices programmed to: store an authorization code at each of the network server and the charging station for authorizing charging of the electric vehicle when the charging station is off-line from the charging network server, process a charging authorization request at the charging network server sent from the mobile device application, transmit the authorization code from the network server to the mobile device application responsive to the charging authorization request and when the charging station is off-line, and authorize or deny charging of the electric vehicle based on whether an authorization code input to the charging station matches the authorization code stored on the charging station.

The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.