An indication is obtained of interaction of a putative human user with a computing device. Responsive to the indication, presentation of a haptic pattern to the putative human user is facilitated; the pattern is not amenable to machine perception. Prompting of the putative human user to input information indicative of human perception of the pattern is facilitated. Information input by the putative human user is obtained responsive to the prompting. When the information input by the putative human user indicates that the putative human user is an actual human user, the interaction is permitted to continue. Haptic techniques are also provided for access control and/or to defend against malevolent web sites which masquerade as legitimate web sites.

A cryptographic system includes a host device and a cryptographic device. For encryption, the host includes an application that is configured to enable a user to compose an unencrypted message on a user interface and transmit the unencrypted message. The cryptographic device is configured to receive the unencrypted message, encrypt the unencrypted message with RCPs on a non-volatile storage to create an encrypted message, and send the encrypted message to the host, which then transmits the encrypted message through a communication channel. For decryption, the host receives an encrypted message through the communication channel and sends it to the cryptographic device. The cryptographic device decrypts the encrypted message with the RCPs and sends the decrypted message back to the host, which presents the decrypted message on a display. The cryptographic device may be configured to destroy RCPs that have been used up.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.

Distributed token-less authentication. In an embodiment, a partially-hashed personal identification number (PIN) is received from a terminal via at least one first network, wherein the partially-hashed PIN comprises an unhashed first portion that identifies a service-specific interface associated with the user account, and a hashed second portion. The partially-hashed PIN is relayed to the service-specific interface, identified by the first unhashed portion of the partially-hashed PIN, via at least one second network. Subsequently, a first-level confirmation or rejection is received from the service-specific interface via the at least one second network, and the first-level confirmation or rejection is relayed to the terminal via the at least one first network.

The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over a scrambled, operable keypad within a display zone of a screen associated with an electronic device. The keypad image depicts a non-scrambled keypad, in that the keys depicted in the image are in an expected or standardised format or order. The difference in positions of the keys depicted in the image, and those in the operable keypad, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keypad which is standard for the device which it is being shown on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keypad, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.

Methods, apparatus and systems for upgrading an untrusted channel to a trusted channel. In an embodiment, a verifier server computer receives a request to verify an untrusted channel address from a first service component that is associated with a Consumer identifier, retrieves a trusted channel address from a verifier database, and then generates a one-time password witness value. The verifier server computer then splits the one-time password witness value into a first portion and a second portion, and transmits the first portion to the first service component and transmits the second portion to the second service component. The process includes receiving a recomposed value from the first service component, splitting the recomposed value into a first recomposed value and a second recomposed value, generating a reverted one-time password value, determining that the reverted one-time password value equals the one-time password witness value, and then transmitting an authentication message to the first service component confirming authentication of the consumer enabling upgrading of the untrusted channel to a trusted channel.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

A Personal Identification Number (PIN) pad includes a secure processor and is operated in two modes: 1) a secure mode during which key data associated with depressed keys are encrypted by the secure processor and provided to a transaction manager that executes on a processor of a transaction terminal in encrypted format, and 2) a non-secure mode during which key data associated with depressed keys are not encrypted and are received by the transaction manager in a clear format. The transaction manager activates the secure mode based on transaction processing for a transaction at the terminal. When secure mode is activated, the secure processor causes one or more integrated lights/speakers of the PIN pad and/or of other integrated peripherals of the terminal to illuminate or play a sound, providing an indication to a user that key entry is secure and safe for entry on the PIN pad during the transaction.