Data device including OFN functionality

Abstract

A data entry device including a housing, data entry circuitry located within the housing, a keypad mounted in the housing and having a plurality of movable key elements which, when depressed, are displaced to at least a predetermined extent from a first location within the housing to a second location within the housing and Optical Finger Navigation (OFN) circuitry mounted inside the housing, being operative for sensing at least some of the plurality of movable key elements when depressed and displaced to at least the predetermined extent from the first location within the housing to the second location within the housing and providing a key displacement output indicating key displacement to the data entry circuitry.

Claims

1. A device, comprising: a device housing defining an enclosed space; a light source disposed in the device housing operative to illuminate the enclosed space; an optical sensor disposed in the device housing and operative to generate first and second outputs based on different optical conditions from within the device housing when the light source illuminates the enclosed space; the first output corresponds to quiescent background noise when the device is in a known untampered state; anti-tampering detection circuitry operative to detect a tampering event based on the first and second outputs from the optical sensor; and wherein a first optical condition of the different optical conditions is based on light reflected from an optically identifiable marking within the device housing, and wherein a second optical condition of the different optical conditions sensed by the optical sensor is based on light reflected from the optically identifiable marking within the device housing.

2. The device of claim 1, wherein the second optical condition of the different optical conditions sensed by the optical sensor is based on light reflected from a location within the device housing.

3. The device of claim 1, wherein the first output is generated during boot up of the device; and the anti-tampering detection circuitry is further operative to compare the first output against the second output after boot up of the device.

4. The device of claim 1, wherein the tampering event is detected based on a detected change between the first and second outputs, wherein the second output has changed beyond a predetermined threshold amount.

5. The device of claim 1, wherein the different optical conditions comprise an image.

6. The device of claim 1, wherein the first or second output generated by the optical sensor is encrypted.

7. A data entry device, comprising: a device housing defining an enclosed space; a light source disposed within the device housing and operative to illuminate the enclosed space; an optical sensor operative to generate first and second outputs based on different optical conditions received from a plurality of locations within the enclosed space when the light source illuminates the enclosed space; an image-based tamper detection unit operative to compare the first and second outputs to detect a tampering event; wherein the first output corresponds to quiescent background noise when the device is in a known untampered state; and wherein a first optical condition of the different optical conditions is based on light reflected from an optically identifiable marking within the device housing, and wherein a second optical condition of the different optical conditions sensed by the optical sensor is based on light reflected from the optically identifiable marking within the device housing.

8. The data entry device of claim 7, wherein the optical sensor is operative to sense the optically identifiable marking within the device housing.

9. The data entry device of claim 7, wherein the different optical conditions are based on light reflected from a location within the device housing.

10. The data entry device of claim 7, wherein the tampering event is based on determining that the second output has changed beyond a predetermined threshold amount.

11. The data entry device of claim 7, wherein the first output of the different optical conditions is generated during boot up of the device; and the image-based tamper detection unit is further operative to detect the tampering event by comparing the second output against the first output after boot up of the device.

12. The data entry device of claim 7, wherein the first or second output generated by the optical sensor is encrypted.

13. A method of detecting a tampering event in a device, comprising: illuminating an enclosed space defined by a device housing with a light source disposed in the device housing; generating, with an optical sensor disposed in the device housing, first and second outputs based on different optical conditions from within the device housing when the light source illuminates the enclosed space, wherein the first output corresponds to quiescent background noise when the device is in a known untampered state; and detecting, with anti-tampering detection circuitry, the tampering event based on the first and second outputs from the optical sensor; wherein a first optical condition of the different optical conditions is based on light reflected from an optically identifiable marking within the device housing; and wherein a second optical condition of the different optical conditions sensed by the optical sensor is based on light reflected from the optically identifiable marking within the device housing.

14. The method of claim 13, wherein the second optical condition of the different optical conditions sensed by the optical sensor is based on light reflected from a location within the device housing.

15. The method of claim 13, wherein the first output is generated during boot up of the device; and the method further comprises comparing, with the anti-tampering detection circuitry, the first output against the second output after boot up of the device.

16. The method of claim 13, wherein detecting the tampering event is based on a detected change between the first and second outputs, wherein the second output has changed beyond a predetermined threshold amount.

17. The method of claim 13, wherein the different optical conditions comprise an image.

18. The method of claim 13, wherein the first or second output generated by the optical sensor is encrypted.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which:

(2) FIGS. 1A and 1B are simplified exploded view illustrations, taken in respective opposite directions, of a secure keypad device constructed and operative in accordance with a preferred embodiment of the present invention and including Optical Finger Navigation (OFN) circuitry operative for at least one of tamper detection and key displacement identification;

(3) FIG. 2A is a simplified, not to scale, illustration of a steady state scene as viewed by OFN circuitry in the embodiment of FIGS. 1A & 1B in the absence of key displacement to at least a predetermined extent and tampering;

(4) FIG. 2B is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry upon depression of a number 5 key in the absence of tampering;

(5) FIG. 2C is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry upon depression of a number 1 key in the absence of tampering;

(6) FIG. 2D is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry upon tampering by inserting a non-reflecting probe into the housing;

(7) FIG. 2E is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry upon tampering by removing a key;

(8) FIGS. 3A and 3B are simplified exploded view illustrations, taken in respective opposite directions, of a secure keypad device constructed and operative in accordance with another preferred embodiment of the present invention and including OFN circuitry operative for at least one of tamper detection and key displacement identification;

(9) FIG. 4A is a simplified illustration of a steady state scene as viewed by OFN circuitry in the embodiment of FIGS. 3A & 3B in the absence of key displacement to at least a predetermined extent and tampering;

(10) FIG. 4B is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry in the embodiment of FIGS. 3A & 3B upon depression of a number 5 key in the absence of tampering;

(11) FIG. 4C is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry in the embodiment of FIGS. 3A & 3B upon depression of a number 1 key in the absence of tampering;

(12) FIG. 4D is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry in the embodiment of FIGS. 3A & 3B upon tampering by inserting a non-reflecting probe into the housing;

(13) FIG. 4E is a simplified, not to scale, illustration of a scene as viewed by OFN circuitry in the embodiment of FIGS. 3A & 3B upon tampering by removing a key;

(14) FIGS. 5A and 5B are simplified, not to scale, sectional illustrations showing detection of key displacement to at least a predetermined extent in a data entry device including OFN circuitry;

(15) FIGS. 6A and 6B are simplified, not to scale, sectional illustrations showing detection of insertion of a probe in a data entry device including OFN circuitry;

(16) FIGS. 7A and 7B are simplified, not to scale, sectional illustrations showing detection of key removal in a data entry device including OFN circuitry;

(17) FIGS. 8A and 8B are, not to scale, simplified sectional illustrations showing detection of opening of a data entry device including OFN circuitry; and

(18) FIG. 9 is a simplified functional block diagram illustrating operation of the secure keypad device constructed and operative in accordance with a preferred embodiment of the present invention and including OFN circuitry operative for at least one of tamper detection and key displacement identification of FIGS. 1A-8B.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

(19) Reference is now made to FIGS. 1A and 1B, which partially illustrate a secure keypad device constructed and operative in accordance with a preferred embodiment of the present invention.

(20) As seen in FIGS. 1A and 1B, there is provided a secure keypad device 100 including a top housing element 102 and a bottom housing element (not shown), which together define a keypad device housing. Housing element 102 includes, on a top surface 104 thereof, a display aperture 106, through which a display (not shown) may be viewed, and an array 108 of key apertures 110.

(21) An optional anti-tamper circuit board 112, which preferably includes an anti-tampering grid 114 formed of a multiplicity of interconnected anti-tampering electrical conductors 116, underlies top surface 104 and is provided with key apertures 120 in registration with key apertures 110. Fixedly and electrically coupled to anti-tamper circuit board 112 is a peripheral anti-tamper keypad enclosure 122, which preferably includes an anti-tampering grid 124 formed of a multiplicity of interconnected anti-tampering electrical conductors.

(22) A key mat 132, preferably formed of a resilient plastic or rubber, defines a plurality of depressible keys 134, preferably integrally formed with mat 132, which partially extend through key apertures 110 and 120 and preferably have readily optically identifiable markings 136 formed on corresponding bottom facing surfaces 138 thereof. Additional optically identifiable markings 139 may be provided on other interior surfaces, such as inner surfaces of the housing.

(23) An electrical circuit board 140, which functions, inter alia, as a mounting board for an OFN module 142, is disposed in predetermined spaced relationship with key mat 132. OFN module 142 is preferably a Model ADBS-A350 commercially available from Pixart Imaging Inc., No. 5, Innovation Road 1, HsinChu Science Park, Hsin-Chu, Taiwan, R.O.C. The arrangement of key mat 132 and of electrical circuit board 140 is such that depression of a key 134 by the finger of a user is detected and identified by OFN module 142. It is noted that the OFN module 142 is operative to sense changes in the level of light received by it from various locations within its field of view.

(24) In the illustrated embodiment of FIGS. 1A-2E, the OFN module 142 is generally centered with respect to the plurality of depressible keys 134 and lies therebelow so as to be in a line of sight with readily optically identifiable markings 136 formed on corresponding bottom facing surfaces 138 of all of depressible keys 134 and preferably also in a line of sight with other regions within the housing and more particularly with features and/or markings, such as optically identifiable markings 139 which can be sensed by the OFN module 142.

(25) A spacer 143, preferably formed of a transparent material or defining open side walls, is provided between electrical circuit board 140 and key mat 132 in order to enhance the ability of the OFN module 142 to view not only all of the markings on all of the keys but also as much as possible of the interior of the housing and the markings and features thereof.

(26) Circuit board 140 preferably includes an anti-tampering grid 144 formed of a multiplicity of interconnected anti-tampering electrical conductors.

(27) It is appreciated that the anti tampering grids 144, 114 and 124 and enclosure 122 are preferably interconnected so as to define a keyboard anti-tampering enclosure, which is coupled to anti-tampering detection circuitry 160. Anti-tampering detection circuitry 160 is typically enclosed in an anti-tampering enclosure (not shown). Alternatively, anti-tampering detection circuitry 160 may itself be secure against tampering.

(28) It is appreciated that the anti-tampering grids can be interconnected in numerous ways using various types of connectors.

(29) In accordance with a preferred embodiment of the present invention, the OFN module 142 functions, inter alia, as a case-open switch which senses physical tampering with and opening of the housing. The output of the OFN module is preferably provided to anti-tampering detection circuitry 160 to enable the output of the OFN module to be used for detection of tampering. Upon detection of tampering one or both of the following actions may take place:

(30) registration of a tampered condition and prevention of data entry, such as PIN entry.

(31) It is appreciated that not all key displacements need be sensed by the OFN module. For example, the key displacements of one or more function keys, such as keys 162, 164, 166 and 168, may be sensed by engagement thereof with corresponding conventional electrical contacts, such as contacts 174, 176 and 178.

(32) Preferably, the secure keypad device 100 includes a main microprocessor 180 which preferably includes, inter alia, encryption/decryption capabilities. Such a main microprocessor may beneficially be included in the secure keypad devices and data entry devices described hereinbelow with reference to FIGS. 5A-8B. It is appreciated that the functionality of anti-tampering detection circuitry 160 may be carried out by main microprocessor 180.

(33) Reference is now made to FIG. 2A, which is a simplified, not to scale, illustration of an image captured by the OFN module 142, located generally below the 5 key, in the embodiment of FIGS. 1A & 1B, in the absence of key displacement beyond a predetermined extent and tampering. It is appreciated that the dark spots represent light reflected from readily optically identifiable markings 136 formed on corresponding bottom facing surfaces 138 of keys 134. FIG. 2A shows a state in which none of the keys is displaced. It is appreciated that angular optical distortions in the shape of the spots are generally not shown in FIGS. 2A-2E. The grid shown in FIGS. 2A-2E represents a pixel grid, with each block representing a single pixel or an X by Y array of pixels.

(34) Reference is now made to FIG. 2B, which is a simplified illustration of a scene as viewed by the OFN module 142 upon displacement of a number 5 key from a first location within the housing to a second location within the housing in the absence of tampering. It is seen that the spot corresponding to the reflected light from marking 136 on the bottom facing surface of the number 5 key is enlarged. It is further appreciated that normally displacement of a key causes the intensity of the reflected light received by the OFN module 142 to increase.

(35) Reference is now made to FIG. 2C, which is a simplified illustration of a scene as viewed by OFN module 142 upon displacement of a number 1 key from a first location within the housing to a second location within the housing in the absence of tampering. It is seen that the spot corresponding to the reflected light from marking 136 on the bottom facing surface of the number 1 key is enlarged. Here a general approximation of the angular optical distortion in the shape of the enlarged spot corresponding to the displaced number 1 key is shown, not necessarily to scale.

(36) Reference is now made to FIG. 2D, which is a simplified illustration of a scene as viewed by OFN module 142 upon tampering by inserting a non-reflecting probe into the housing. Here it is seen that the probe blocks the reflected light from the optically identifiable markings 136 on the bottom surfaces of number 8 and 9 keys.

(37) Reference is now made to FIG. 2E, which is a simplified illustration of a scene as viewed by OFN module 142 upon tampering by removing a key. In this example, where ambient light is present, removal of a key, such as the number 5 key, allows a flood of light into the housing, such that the OFN module sees an image which may be similar to what is shown in FIG. 2E.

(38) Reference is now made to FIGS. 3A and 3B, which partially illustrate a secure keypad device constructed and operative in accordance with another preferred embodiment of the present invention. In this embodiment, an OFN module is not centered below the number 5 key as in the embodiment of FIGS. 1A-2E, but rather is located at a side of the housing outwardly from all of the keys. Accordingly, FIGS. 4A-4E show, in a simplified, not to scale, manner, an overall angular distortion resulting from the non-centered position of the OFN module.

(39) As seen in FIGS. 3A and 3B, there is provided a secure keypad device 300 including a top housing element 302 and a bottom housing element (not shown), which together define a keypad device housing. Housing element 302 includes, on a top surface 304 thereof, a display aperture 306, through which a display (not shown) may be viewed, and an array 308 of key apertures 310.

(40) An anti-tamper circuit board 312, which preferably includes an anti-tampering grid 314 formed of a multiplicity of interconnected anti-tampering electrical conductors 316, underlies top surface 304 and is provided with key apertures 320 in registration with key apertures 310. Fixedly and electrically coupled to anti-tamper circuit board 312 is a peripheral anti-tamper keypad enclosure 322, which preferably includes an anti-tampering grid 324 formed of a multiplicity of interconnected anti-tampering electrical conductors.

(41) A key mat 332, preferably formed of a resilient plastic or rubber, defines a plurality of depressible keys 334, preferably integrally formed with mat 332, which partially extend through key apertures 310 and 320 and preferably have readily optically identifiable markings 336 formed on corresponding bottom facing surfaces 338 thereof. Additional optically identifiable markings 339 may be provided on other interior surfaces, such as inner surfaces of the housing.

(42) An electrical circuit board 340, which functions, inter alia, as a mounting board for an OFN module 342, is disposed in predetermined spaced relationship with key mat 332. OFN module 342 is preferably a Model ADBS-A350 commercially available from Pixart Imaging Inc., No. 5, Innovation Road 1, HsinChu Science Park, Hsin-Chu, Taiwan, R.O.C. The arrangement of key mat 332 and of electrical circuit board 340 is such that depression of a key 334 by the finger of a user is detected and identified by OFN module 342. In the illustrated embodiment of FIGS. 3A-4E, the OFN module 342 is generally not centered with respect to the plurality of depressible keys 334 but lies therebelow so as to be in a line of sight with all of depressible keys 334 and preferably also in a line of sight with other regions within the housing. A spacer 343, preferably formed of a transparent material or defining open side walls, is provided between electrical circuit board 340 and key mat 332 in order to enhance the ability of the OFN module to view not only all of the keys but also as much as possible of the interior of the housing.

(43) Circuit board 340 preferably includes an anti-tampering grid 344 formed of a multiplicity of interconnected anti-tampering electrical conductors.

(44) It is appreciated that the anti tampering grids 344, 314 and 324 and enclosure 322 are preferably interconnected so as to define a keyboard anti-tampering enclosure, which is coupled to anti-tampering detection circuitry 360. Anti-tampering detection circuitry 360 is typically enclosed in an anti-tampering enclosure (not shown). Alternatively, anti-tampering detection circuitry 360 may itself be secure against tampering.

(45) It is appreciated that the anti-tampering grids can be interconnected in numerous ways using various types of connectors.

(46) In accordance with a preferred embodiment of the present invention, the OFN module functions, inter alia, as a case-open switch which senses physical tampering and opening of the housing. The output of the OFN module is preferably provided to anti-tampering detection circuitry 360 to enable the output of the OFN module to be used for detection of tampering.

(47) It is appreciated that not all key displacements need be sensed by the OFN module. For example, the key displacements of one or more function keys, such as keys 362, 364, 366 and 368, may be sensed by engagement thereof with corresponding conventional electrical contacts, such as contacts 374, 376 and 378.

(48) Preferably, the secure keypad device 300 includes a main microprocessor 380 which preferably includes, inter alia, encryption/decryption capabilities. Such a main microprocessor may beneficially be included in the secure keypad devices and data entry devices described hereinbelow with reference to FIGS. 5A-8B. It is appreciated that the functionality of anti-tampering detection circuitry 360 may be carried out by main microprocessor 380.

(49) Reference is now made to FIG. 4A, which is a simplified, not to scale, illustration of an image captured by OFN module 342 in the embodiment of FIGS. 3A & 3B in the absence of key displacement beyond a predetermined extent and tampering. It is appreciated that the dark spots represent light reflected from readily optically identifiable markings 336 formed on corresponding bottom facing surfaces 338 of keys 334. FIG. 4A shows a state in which none of the keys is depressed. It is appreciated that angular optical distortions in the shape of the spots are generally not shown in FIGS. 4A-4E. The grid shown in FIGS. 4A-4E represents a pixel grid, with each block representing a single pixel or an X by Y array of pixels.

(50) Reference is now made to FIG. 4B, which is a simplified illustration of a scene as viewed by OFN module 342 upon depression of a number 5 key from a first location within the housing to a second location within the housing in the absence of tampering. It is seen that the spot corresponding to the reflected light from marking 336 on the bottom facing surface of the number 5 key is enlarged. It is further appreciated that normally depression of a key causes the intensity of the reflected light received by OFN module 342 to increase.

(51) Reference is now made to FIG. 4C, which is a simplified illustration of a scene as viewed by OFN module 342 upon depression of a number 1 key from a first location within the housing to a second location within the housing in the absence of tampering. It is seen that the spot corresponding to the reflected light from marking 336 on the bottom facing surface of the number 1 key is enlarged. Here a general approximation of the angular optical distortion in the shape of the enlarged spot corresponding to the depressed number 1 key is shown, not necessarily to scale.

(52) Reference is now made to FIG. 4D, which is a simplified illustration of a scene as viewed by OFN module 342 upon tampering by inserting a non-reflecting probe into the housing. Here it is seen that the probe blocks the reflected light from the optically identifiable markings 336 on the bottom surfaces of number 8 and 9 keys.

(53) Reference is now made to FIG. 4E, which is a simplified illustration of a scene as viewed by OFN module 342 upon tampering by removing a key. In this example, where ambient light is present, removal of a key, such as the number 5 key, allows a flood of light into the housing, such that OFN module 342 seems an image which may be similar to what is shown in FIG. 4E.

(54) Reference is now made to FIGS. 5A and 5B, which are simplified, not to scale, sectional illustrations showing detection of a key displacement beyond a predetermined extent in a data entry device 500 including OFN circuitry, typically in the form of an OFN module 502, such as a Model 27903 commercially available from Parallax Inc. FIG. 5A shows three keys 504, 506 and 508, none of which is depressed and all of which are sensed by the OFN module 502, as indicated schematically by respective beam designations 514, 516 and 518. FIG. 5B shows key 508 being depressed and this key displacement beyond a predetermined extent being optically sensed by the OFN module 502.

(55) Reference is now made to FIGS. 6A and 6B, which are simplified, not to scale, sectional illustrations showing detection of insertion of a probe in a data entry device 600 including OFN circuitry, typically in the form of an OFN module 602, such as a Model 27903 commercially available from Parallax Inc., having a lens 603, which may be provided to widen the field of view of the OFN module 602. FIG. 6A shows three keys 604, 606 and 608, all of which are sensed by the OFN module 602, as indicated schematically by respective beam designations 614, 616 and 618. Here it is seen that additional features, such as interior housing mounted reflective surfaces 620 and 622, are also sensed by the OFN module 602, as indicated schematically by respective beam designations 630 and 632.

(56) FIG. 6B shows that the insertion of a probe 634 blocks sensing of reflective surface 622, which, in accordance with a preferred embodiment of the present inventions, results in a tamper alarm indication.

(57) Reference is now made to FIGS. 7A and 7B, which are simplified, not to scale, sectional illustrations showing detection of a key displacement beyond a predetermined extent in a data entry device 700 including OFN circuitry, typically in the form of an OFN module 702, such as a Model 27903 commercially available from Parallax Inc. FIG. 7A shows three keys 704, 706 and 708, all of which are sensed by the OFN module 702, as indicated schematically by respective beam designations 714, 716 and 718. Keys 704, 706 and 708 preferably have readily optically identifiable markings similar to readily optically identifiable markings 136 (FIG. 1B) formed on corresponding bottom facing surfaces thereof, one of which is designated by reference number 736. FIG. 7B shows key 708 having been removed and this key removal being optically sensed by the OFN module 702, resulting in a tamper alarm indication.

(58) Reference is now made to FIGS. 8A and 8B, which are simplified, not to scale, sectional illustrations showing detection of opening of a data entry device 800 including OFN circuitry, typically in the form of an OFN module 802, such as a Model ADBS-A350 commercially available from Pixart No. 5, Innovation Road 1, HsinChu Science Park, Hsin-Chu, Taiwan, R.O.C. (HQ) having a lens 803, which may be provided to widen the field of view of the OFN module 802. FIG. 8A shows typically four reflecting panels 804, 806, 808 and 810 mounted onto an interior surface of a housing portion 812, all of which are sensed by the OFN module 802, as indicated schematically by respective beam designations 814, 816 and 818 and 820.

(59) FIG. 8B shows that opening of the data entry device and removal of housing portion 812 eliminates sensing of the four reflecting panels 804, 806, 808 and 810 mounted onto an interior surface of a housing portion 812, as sensed by the OFN module 802, resulting in a tamper alarm indication.

(60) Reference is now made to FIG. 9, which is a simplified functional block diagram illustrating operation of the a secure keypad device constructed and operative in accordance with a preferred embodiment of the present invention and including OFN circuitry operative for at least one of tamper detection and key displacement beyond a predetermined extent identification of FIGS. 1A-8B.

(61) As seen in FIG. 9, OFN circuitry 900, such as circuitry embodied in an OFN module of the type described hereinabove, provides an image output to at least two functional units, a key displacement analysis unit 902 and an image-based tamper detection unit 904. Preferably, the output of the OFN circuitry and or of the OFN module is encrypted by suitable encryption functionality.

(62) In accordance with one embodiment of the invention, functional units 902 and 904 may be embodied in a microprocessor included on an OFN module, such as OFN module 142 (FIGS. 1A & 1B), OFN module 342 (FIGS. 3A & 3B), OFN module 502 (FIGS. 5A & 5B), OFN module 602 (FIGS. 6A & 6B), OFN module 702 (FIGS. 7A & 7B) or OFN module 802 (FIGS. 8A & 8B). Alternatively, units 902 and 904 may be separate from the OFN Module. For example, units 902 and 904 may be embodied in anti-tampering detection circuitry 160 (FIGS. 1A & 1B) or anti-tampering detection circuitry 360 (FIGS. 3A & 3B) or in main microprocessor 180 (FIGS. 1A & 1B) or main microprocessor 380 (FIGS. 3A & 3B).

(63) The key displacement analysis unit 902 is preferably operable to ascertain which of a plurality of mechanical keys is mechanically depressed and to provide a corresponding output indication, preferably via a secure connection to a data receiver, such as a PIN data receiving module 906. The key displacement analysis unit 902 preferably employs optical information received from the OFN module including at least one of size, shape and intensity of reflected optical image elements.

(64) The image-based tamper detection unit 904 is operative, for example, as described hereinabove with respect to one or more of the embodiments shown in FIGS. 1A-8B, to detect tampering with a data entry device. The image-based tamper detection unit, upon ascertaining the existence of a tamper situation, provides a tamper output to tamper alarm circuitry 908.

(65) It is appreciated that both the key displacement analysis unit 902 and the image-based tamper detection unit 904 may receive stored information from an approved key-depression database 910, which stores data, such as image data or data derived therefrom, which corresponds to depressions of predetermined keys or combinations thereof.

(66) The key displacement analysis unit 902 preferably employs the information stored in the database 910 for key displacement identification and the image-based tamper detection unit 904 preferably employs the information stored in the database 910 for eliminating false tamper alarms when actual key displacement to at least a predetermined extent is detected.

(67) It is appreciated that the OFN circuitry in any of the OFN modules, such as OFN module 142 (FIGS. 1A & 1B), OFN module 342 (FIGS. 3A & 3B), OFN module 502 (FIGS. 5A & 5B), OFN module 602 (FIGS. 6A & 6B), OFN module 702 (FIGS. 7A & 7B) or OFN module 802 (FIGS. 8A & 8B) can provide various types of tamper detection functionality.

(68) For the sake of conciseness, reference is made in the following discussion to one example, namely OFN module 142 (FIGS. 1A & 1B). It is appreciated that OFN module 142 will see optically identifiable markings 136 and 139 and will likely see many other things in its field of vision. Some of the other things seen by the OFN module 142, other than optically identifiable markings 136 and 139, may be considered as quiescent background noise, and may be very useful in detecting tampering. This background noise may be used as a thumbprint, captured upon manufacture of the device at the factory, employed for verification, typically each time that the device is booted up, that the device has not been tampered with.

(69) Turning now to the example illustrated in FIGS. 6A & 6B, it is appreciated that in the event that a tool, such as probe 634, is employed in physical tampering with a data entry device equipped with an OFN module 602 in accordance with an embodiment of the present invention, preferably one, more than one, or all of the following events is sensed:

(70) a. the tool that is inserted into the device is sensed by the OFN module as a foreign object, either by virtue of blocking a reflection from an identifiable marking, such as reflective surface 622, or by virtue of a reflection from the tool, which is not recognized as an identifiable marking;

(71) b. a hole made in the device by such a tool is sensed by the OFN module as a change in the thumbprint; and

(72) c. upon removal of the tool in a lighted environment, light enters the device via the hole, thereby flooding the interior of the device with light, which light is sensed by the OFN module.

(73) Turning now to the example illustrated in FIGS. 7A & 7B, it is appreciated that in the event that one or more keys, such as keys 704, 706 and 708, are removed from the data entry device equipped with an OFN module 702 in accordance with an embodiment of the present invention, preferably one, more than one, or all of the following events is sensed:

(74) a. upon removal of the key, such as key 708, in a lighted environment, light enters the device via the hole remaining after removal of the key, thereby flooding the interior of the device with light, which light is sensed by the OFN module;

(75) b. upon removal of the key, such as key 708, the absence of a readily optically identifiable marking, such as readily optically identifiable marking 736, formed on a bottom facing surface of the removed key is sensed by the OFN module;

(76) c. removal of the key 708 produces a change in the thumbprint, which change is sensed by the OFN module.

(77) Raw data outputted by an OFN module, such as OFN module 142 (FIGS. 1A & 1B), OFN module 342 (FIGS. 3A & 3B), OFN module 502 (FIGS. 5A & 5B), OFN module 602 (FIGS. 6A & 6B), OFN module 702 (FIGS. 7A & 7B) or OFN module 802 (FIGS. 8A & 8B) typically includes a data array of M bytes (N×N pixels), wherein the value of each byte may vary between 0 to K proportionally, or inversely proportionally, to the amount of light sensed by each given pixel.

(78) The OFN module typically includes a small on-board microcontroller and memory. The OFN module can operate in two operational modes: a Raw Data Mode and a Configurable Mode.

(79) When operating in the Raw Data Mode, the OFN module sends the data array to the on board microcontroller when requested by the on board microcontroller.

(80) When operating in the Configurable Mode, the OFN module can be programmed at the factory to sense and store in memory various alarm scenarios and to generate an alarm signal upon the occurrence of one of the pre-configured alarm scenarios. Alternatively, the OFN module can be configured to generate an alarm signal when the scene viewed by the OFN module does match a thumbprint stored in memory. Additionally, the OFN module can be configured to provide different alarm signals depending on the occurrence of different tampering scenarios as sensed by the OFN module.

(81) Preferably, the encryption functionality of the OFN circuitry 900 vis a vis the main microprocessor 180 (FIGS. 1A & 1B) or main microprocessor 380 (FIGS. 3A & 3B) or the corresponding main microprocessor of any of the secure keypads or data entry devices of FIGS. 5A-8B includes the following functional features, described hereinbelow with respect to FIGS. 1A & 1B as an example:

(82) Preferably, at the factory, the main microprocessor 180 becomes aware that there is no encryption key for its OFN module 142.

(83) The main microprocessor 180 generates an encryption key, which is typically a symmetric encryption key, and transmits it to the OFN module 142 as clear text. From then on, all communication between the main microprocessor 180 and the OFN module 142 is encrypted.

(84) Upon occurrence of sensed tampering, the alarm detection circuitry 160 will cause the main microprocessor 180 to erase the encryption key and any other sensitive information and thus prevent further communication and PIN entry from taking place.

(85) Considering the overall operation of the devices described hereinabove, it is appreciated that the OFN module of each device, as appropriate, can be configured, inter alia, to carry out any one or more of the following functions: Report a valid key displacement to at least a predetermined extent; Report a combination of key displacements to at least a predetermined extent; Not report when all or most of the keys are pressed; Report that a foreign object is present within the housing of the device; Report that a key has been removed; Report that the OFN “thumbprint” of the device has changed beyond a predetermined threshold; Remain in a sleep mode, as a default, to conserve energy, thereby prolonging battery life; Exit from sleep mode, without being prompted by the main microprocessor, to read its current thumbprint; If the thumbprint matches a stored thumbprint, return to sleep mode; If the current thumbprint does not match the stored thumbprint, send an alarm signal to the main microprocessor; Respond to a request from the main microprocessor to verify the current thumbprint before allowing PIN entry; and Accept an encryption key to facilitate encrypted communication between the OFN module and the main microprocessor.

(86) When the OFN module is not in the sleep mode, the OFN module preferably verifies its current thumbprint every second and alerts the main microprocessor if the current thumbprint differs from stored thumbprint beyond a threshold amount. If requested by the main microprocessor, the OFN module verifies its current thumbprint as a condition to allowing PIN entry. When PIN entry is allowed, key displacement to at least a predetermined extent is reported by the OFN module to the main microprocessor.

(87) During times of inactivity, the main microprocessor periodically requests the status of the OFN module.

(88) When the device is in a sleep mode, the OFN module goes into deep sleep mode, and wakes up every second to validate its current thumbprint. If the current thumbprint matches the stored thumbprint, the OFN module returns to the sleep mode. If the current thumbprint does not match the stored thumbprint, the OFN module records this state in a nonvolatile memory, wakes up the main microprocessor and reports the not matching current thumbprint to the main microprocessor when the main microprocessor periodically requests the current status.

(89) It is appreciated that the system can be configured so that the OFN module determines that a tamper condition has occurred, or can be configured it only report raw data, in which configuration the main microprocessor makes all determinations of tamper conditions based, inter alia, on the raw data received from the OFN module. Additionally, any suitable combination of configurations of the OFN module and the main microprocessor is also possible.

(90) Preferably, the OFN module will also determine which PIN keys are pressed and report PIN keys to the main microprocessor.

(91) Alternatively the OFN module sends raw data to the main microprocessor, which determines whether a tamper condition exists or not.

(92) It is appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the present invention includes both combinations and subcombinations of various features described hereinabove as well as variations and modifications thereto which would occur to a person of skill in the art upon reading the above description and which are not in the prior art.

Data device including OFN functionality

Assignee

Inventors

Cpc classification

Classification Explorer

G06F1/1662

PHYSICS

Classification Explorer

G06F21/87

PHYSICS

Classification Explorer

G06F1/1626

PHYSICS

Classification Explorer

G06F3/0489

PHYSICS

Classification Explorer

G06F21/86

PHYSICS

International classification

Classification Explorer

G06F1/16

PHYSICS

Classification Explorer

G06F3/0489

PHYSICS

Classification Explorer

G06F21/86

PHYSICS

Classification Explorer

G06F21/87

PHYSICS

Abstract

Claims

Description