A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

Several embodiments include a mobile device that uses a media file to render a passcode entry interface. The passcode entry interface can have an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface. The media file can include a visual depiction having the input element at the assigned location. In several embodiments, the media file does not store the association between the assigned location and the inputtable value. The assigned location corresponding to the inputtable value can be separately stored. The mobile device can receive a coordinate of a touch event on the passcode entry interface. To determine a passcode entry based on the touch event, the coordinate can be compared against the separately stored assigned location to determine a corresponding input value to the coordinate.

In certain embodiments, an ATM system validates a user having a multi-digit PIN code. During different access events, either at the same ATM machine or at different ATM machines, the ATM machine presents to the user different sequences of one or more representations of the user's PIN code that identify different subsets of digits and/or different orders of digits to be provided by the user for validation. This makes it more difficult for third parties to steal a user's PIN code because no single access event involves all of the digits in the user's PIN code and/or the proper order of the digits in the user's PIN code, and different access events involve different sequences of the PIN code. In a distributed ATM system having a centralized banking subsystem, the correct PIN code is never provided to an ATM machine for any one access event, thereby further improving system security.

Distributed token-less authentication. In an embodiment, a partially-hashed personal identification number (PIN) is received from a terminal via at least one first network, wherein the partially-hashed PIN comprises an unhashed first portion that identifies a service-specific interface associated with the user account, and a hashed second portion. The partially-hashed PIN is relayed to the service-specific interface, identified by the first unhashed portion of the partially-hashed PIN, via at least one second network. Subsequently, a first-level confirmation or rejection is received from the service-specific interface via the at least one second network, and the first-level confirmation or rejection is relayed to the terminal via the at least one first network.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (g.sup.a), the second value (g.sup.a) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (m.sub.i) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m.sub.i); generate, with the payment network, a public key (pk.sub.i) based on the second value (g.sup.a), the merchant product (M), and the random merchant number (m.sub.i) and a random key (rk.sub.i) based on the merchant product (M) and the random merchant number (m.sub.i) for each respective merchant bank; and communicate, with the payment network, the public key (pk.sub.i) and the random key (rk.sub.i) to at least one respective merchant bank.

A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

A user terminal comprises an encryption apparatus, a tamper detection system associated with the encryption apparatus and means for triggering the tamper detection system in response to tampering with the encryption apparatus, at least one further component, and further means for triggering the tamper detection system, wherein the further means for triggering the tamper detection system is configured to trigger the tamper detection system in response to tampering with the at least one further component.

The invention provides an authentication method and system. It is particularly suited for verifying the identity of an individual prior to permitting access to a controlled resource. This may or may not be a financial resource. The invention uses biometric data relating to a user to encode and decode an identifier associated with a user. Thus the user's biometric data becomes the key for encoding and subsequently decoding the identifier. In one embodiment, the biometric data is used to generate a keypad configuration. The keypad configuration specifies the order and/or position of a plurality of keypad keys. An operable keypad and/or image of a keypad is then generated using the configuration. Thus, the individual's biometric data can be used to generate a customised keypad and/or image which can then be used to encode or decode the identifier associated with the user. A keypad or image generated from the biometric data can be used to generate a mapping between different keypad configurations. The biometric data may be captured at or on a device associated with the individual, such as a computer, mobile phone, tablet computer etc.

The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over an operable keypad within a display zone of a screen associated with an electronic device. The keypad image and/or the operable keypad are generated by the device using a scrambled or randomised keypad configuration generated on or at the electronic device. The configuration or order of keys depicted in the image may or may not be scrambled or randomised. Thus, the order of keys depicted in the image do not correspond to the order of the keys in the operable keypad, so that when the user selects a key depicted in the image on the screen, the underlying operable keypad is caused to operate and an encoded version of the user's input is received into memory on the device. The encoded input can be sent for decoding on a remote computer. The keypad configurations used for generation of the operable keypad(s) and/or keypad image(s) are generated using an input. The input could be a true or pseudo random number or biometric data relating to a user of the device. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen.

The invention provides a solution for secure input of a user's input into an electronic device. The invention comprises methods and apparatus for secure input of a user's identifier e.g. password or other code. An image of a keyboard is superimposed over a scrambled, operable keyboard within a display zone of a screen associated with an electronic device. The keyboard image depicts a non-scrambled keyboard, in that the keys depicted in the image are in an expected or standardised format or order eg QWERTY keyboard arrangement. The difference in positions of the keys depicted in the image, and those in the operable keyboard, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keyboard which is standard for the device which it is being displayed on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keyboard, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.