The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over an operable keypad within a display zone of a screen associated with an electronic device. The keypad image and/or the operable keypad are generated by the device using a scrambled or randomised keypad configuration generated on or at the electronic device. The configuration or order of keys depicted in the image may or may not be scrambled or randomised. Thus, the order of keys depicted in the image do not correspond to the order of the keys in the operable keypad, so that when the user selects a ‘key’ depicted in the image on the screen, the underlying operable keypad is caused to operate and an encoded version of the user's input is received into memory on the device. The encoded input can be sent for decoding on a remote computer. The keypad configurations used for generation of the operable keypad(s) and/or keypad image(s) are generated using an input. The input could be a true or pseudo random number or biometric data relating to a user of the device. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen.

An authentication method and system are provided that is particularly suited for verifying the identity of an individual prior to permitting access to a controlled resource. This may or may not be a financial resource. Biometric data relating to a user is used to encode and decode an identifier associated with a user. Thus, the user's biometric data becomes the key for encoding and subsequently decoding the identifier. In one embodiment, the biometric data is used to generate a keypad configuration. The keypad configuration specifies the order and/or position of a plurality of keypad keys. An operable keypad and/or image of a keypad is then generated using the configuration. Thus, the individual's biometric data can be used to generate a customised keypad and/or image which can then be used to encode or decode the identifier associated with the user. A keypad or image generated from the biometric data can be used to generate a mapping between different keypad configurations. The biometric data may be captured at or on a device associated with the individual, such as a computer, mobile phone, tablet computer etc.

A point-of-sale (POS) terminal is provided for entering a PIN to enable a financial transaction. The point-of-sale terminal has a card reader for reading information from a credit card, a processor for running an operating system, with applications, a touch screen for displaying information and receiving user inputs, and a Security-Box connected between the touch screen and the processor to control the user input on the touch screen to the processor. The Security Box is configured to run in a “PIN Entry Mode” and a “Clear Text Mode.” When running in “PIN Entry Mode” the user input is not forwarded as touch coordinates to the processor and when running in “Clear Text Mode” the touch coordinates are transmitted to the processors.

Methods, apparatus and systems for upgrading an untrusted channel to a trusted channel. In an embodiment, a verifier server computer receives a request to verify an untrusted channel address from a first service component that is associated with a Consumer identifier, retrieves a trusted channel address from a verifier database, and then generates a one-time password witness value. The verifier server computer then splits the one-time password witness value into a first portion and a second portion, and transmits the first portion to the first service component and transmits the second portion to the second service component. The process includes receiving a recomposed value from the first service component, splitting the recomposed value into a first recomposed value and a second recomposed value, generating a reverted one-time password value, determining that the reverted one-time password value equals the one-time password witness value, and then transmitting an authentication message to the first service component confirming authentication of the consumer enabling upgrading of the untrusted channel to a trusted channel.

A communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution that is generated by the financial institution using a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code.

The invention provides an authentication method and system. It is particularly suited for verifying the identity of an individual prior to permitting access to a controlled resource. This may or may not be a financial resource. The invention uses biometric data relating to a user to encode and decode an identifier associated with a user. Thus the user's biometric data becomes the key for encoding and subsequently decoding the identifier. In one embodiment, the biometric data is used to generate a keypad configuration. The keypad configuration specifies the order and/or position of a plurality of keypad keys. An operable keypad and/or image of a keypad is then generated using the configuration. Thus, the individual's biometric data can be used to generate a customised keypad and/or image which can then be used to encode or decode the identifier associated with the user. A keypad or image generated from the biometric data can be used to generate a mapping between different keypad configurations. The biometric data may be captured at or on a device associated with the individual, such as a computer, mobile phone, tablet computer etc.

The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over an operable keypad within a display zone of a screen associated with an electronic device. The keypad image and/or the operable keypad are generated by the device using a scrambled or randomised keypad configuration generated on or at the electronic device. The configuration or order of keys depicted in the image may or may not be scrambled or randomised. Thus, the order of keys depicted in the image do not correspond to the order of the keys in the operable keypad, so that when the user selects a ‘key’ depicted in the image on the screen, the underlying operable keypad is caused to operate and an encoded version of the user's input is received into memory on the device. The encoded input can be sent for decoding on a remote computer. The keypad configurations used for generation of the operable keypad(s) and/or keypad image(s) are generated using an input. The input could be a true or pseudo random number or biometric data relating to a user of the device. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen.

A method for inputting pin blocks to a network can include receiving a first pin from a key pad with an encryption module, which is then encrypted to a first pin block with a network encryption key and transmitted to a first computing device that inputs the first pin block to a secure network. The encryption module can also receive a second pin block from a second computing device that is physically separate from the key pad. Prior to receiving the second pin block, the encryption module can transmit a certificate and a second certificate to the second computing device. The encryption module can decrypt the second pin block to a second pin and encrypt the second pin to a third pin block with the network encryption key, for inputting the third pin block to the secure network.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.