The invention provides a solution for secure input of a user's input into an electronic device. The invention comprises methods and apparatus for secure input of a user's identifier e.g. password or other code. An image of a keyboard is superimposed over a scrambled, operable keyboard within a display zone of a screen associated with an electronic device. The keyboard image depicts a non-scrambled keyboard, in that the keys depicted in the image are in an expected or standardised format or order eg QWERTY keyboard arrangement. The difference in positions of the keys depicted in the image, and those in the operable keyboard, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keyboard which is standard for the device which it is being displayed on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keyboard, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.

In some examples, a wireless card reader detects insertion of a chip card at a chip card reader interface that includes electrical contacts positioned in the wireless card reader to contact contacts of the chip card when inserted into the wireless card reader. The wireless card reader may send, to a mobile computing device, a wireless communication request to send a PIN to the card reader. The card reader may receive, from the mobile computing device, a wireless communication including the PIN entered by a user on the mobile computing device. The card reader may send the PIN for authentication of the PIN. The card reader may receive a confirmation that the PIN has been authenticated. The card reader may send, to the mobile computing device, via the communication component, an indication of the confirmation that the PIN has been authenticated.

A method for securing entry of sensitive data, the method being implemented by a communications terminal having a processor, an entry touchpad screen on which the entry of sensitive data is carried out. Such a method includes: displaying a random keypad for the entry of a confidential code; receiving, by the processor, a reference pad display signal; and displaying the reference keypad, the reference keypad being inactive.

A communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution that is generated by the financial institution using a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code.

The present disclosure describes techniques that facilitate a Secure Data Processing (SDP) Network that is configured isolating sensitive data from exposure to a client workstation and a connected web server and application server. Specifically, a secure communications server of the SDP network is described that can interact with a secure input device or a secure plug-in component at the client workstation to receive a set of data associated with the sensitive data. The set of data may correspond to devalued data received via a secure input device or the set of data may be received as sensitive data via a hosted webpage invoked by the secure communications server. The secure communications server may establish a secure communications path with a tokenization server for receipt of a token that represents the sensitive data. The token may then be used by at least the application server to initiate the transaction.

The invention concerns a portable payment or retail terminal with jack connector and a method for secure identification of a cardholder, the terminal comprising a set of devices and arrangement for implementing said method, which comprises at least detecting if said cardholder has a mobile device, configuring the terminal for launching an accessibility mode on the mobile device of the cardholder; transmitting a request to the mobile device for sending a PIN to the terminal and; when receiving a communication from the mobile device including information, deciphering said information to obtain the PIN code and validating the transaction.

There is provided a handy terminal in which inputting of an application program and of a PIN is executed and a keyboard and a display device are commonly used thus security is secured with a simple system. A card reader control program 23b in the keyboard unit memory 23 detects an insertion state of a credit card and notifies a detected key code from the keyboard control program 23a to a payment program on the main board 2. A main CPU 12 calculates a program hash value provided to the payment program and a program hash value at the time of execution of a payment program 11b and encrypts and decrypts these hash values using a secret key, encrypted key, and public key so that these hash values are not stolen. The main CPU 12 compares the program hash value provided to the payment program 11b with the program hash value to be used at the time of the execution of the payment program 11b.

Distributed token-less authentication. In an embodiment, a partially-hashed personal identification number (PIN) is received from a terminal via at least one first network, wherein the partially-hashed PIN comprises an unhashed first portion that identifies a service-specific interface associated with the user account, and a hashed second portion. The partially-hashed PIN is relayed to the service-specific interface, identified by the first unhashed portion of the partially-hashed PIN, via at least one second network. Subsequently, a first-level confirmation or rejection is received from the service-specific interface via the at least one second network, and the first-level confirmation or rejection is relayed to the terminal via the at least one first network.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.

A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.