1. Patent Search
  2. Details

Method and Device for Protecting Data Entered by Means of a Non-Secure User Interface

20210383017 · 2021-12-09

    Inventors

    Cpc classification

    International classification

    Abstract

    In the field of payment terminals, a new generation of feature-rich payment terminals is emerging. These payment terminals are mass-produced and the level of security provided for data entry operations is low because the primary function of these communication terminals is not the entry of sensitive data. As a result, the data relating to payment transactions entered via these payment terminals are entered with a level of security that is not adequate as regards the sensitivity of the data entered. Accordingly, a communication terminal is provided, which secures data entered via a user interface of a communication terminal, by transmitting them among a stream of dummy data, and by encrypting all data, those actually entered by a user and the dummy data, before the transmission thereof to a secure data processing device.

    Claims

    1. A protection method for protecting data entered via a user interface of a communication terminal, the method being implemented by a secure data processing device and comprising: transmitting an encryption table to a module for processing the entered data comprised in the communication terminal, said encryption table being configured to be used by the communication terminal to encrypt a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof to be emulated by the user interface, transmitting said plurality of second data sets to the user interface, implementing a phase of receiving said plurality of second data sets encrypted using said encryption table, during which: the data of the first data set, actually entered via the user interface and encrypted using said encryption table, are received by the secure data processing device, and decrypting the first data set and the plurality of second data sets transmitted by the module for processing the entered data.

    2. The protection method according to claim 1, further comprising transmitting a new encryption table to said module processing the entered data prior to each phase of transmitting said plurality of second data sets.

    3. The protection method according to claim 1, wherein the phase of transmitting said plurality of second data sets is stopped once the first data set has been decrypted.

    4. The protection method according to claim 1, further comprising the processing module determining the content to be displayed by the user interface for data entry.

    5. The protection method according to claim 1, further comprising the processing module communicating with at least one secure device using the data of the first data set.

    6. The protection method according to claim 5, wherein the secure device is a payment card and the data of the first data set are a PIN code associated with said payment card.

    7. A secure transmission method for securely transmitting data entered via a user interface of a communication terminal to a secure data processing device, the method being implemented by a module for processing the entered data comprised in the communication terminal and comprising: receiving an encryption table from the secure processing device, receiving, from the user interface, a group of data sets comprising a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof has been emulated by the user interface, encrypting, via said encryption table, all of the data sets received, and transmitting all of the encrypted data sets to the secure processing device.

    8. The secure transmission method according to claim 7 comprising, upon receiving a message confirming a decryption of the first data set from the secure processing device, establishing communication with a processing server.

    9. A device for securely processing data entered via a user interface of a communication terminal, the processing device comprising: at least one processor configured to: transmit an encryption table to a module for processing the entered data comprised in the communication terminal, said encryption table being configured to be used to encrypt a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof to be emulated by the user interface, transmit said plurality of second data sets to the user interface, receive said plurality of second data sets encrypted using said encryption table in a phase during which: the data of the first data set, actually entered via the user interface and encrypted using said encryption table, are received by the secure data processing device, decrypt the first data set and the plurality of second data sets transmitted by the module for processing the entered data.

    10. (canceled)

    11. A communication terminal comprising: a user interface adapted for entering data, and at least one processor configured to process the entered data by: receiving an encryption table from the secure processing device, receiving, from the user interface, a group of data sets comprising a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof has been emulated by the user interface, encrypting, via said encryption table, all of the data sets received, and transmitting all of the encrypted data sets to the secure processing device.

    12. The communication terminal according to claim 11, further comprising a secure data processing device for securely processing the data entered via the user interface of the communication terminal, the secure data processing device comprising at least one processor configured to: transmit the encryption table to the module for processing the entered data, transmit said plurality of second data sets to the user interface, receive said plurality of second data sets encrypted using said encryption table in a phase during which: the data of the first data set, actually entered via the user interface and encrypted using said encryption table, are received by the secure data processing device.

    13. The communication terminal according to claim 11, wherein the user interface consists of a touch screen.

    14. A non-transitory computer-readable medium comprising a computer program product stored thereon comprising program code instructions for implementing a data protection method when the instructions are executed by a processor of a secure data processing device, wherein the instructions configure the secure data processing device to protect data entered via a user interface of a communication terminal by: transmitting an encryption table to a module for processing the entered data comprised in the communication terminal, said encryption table being configured to be used by the communication terminal to encrypt a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof to be emulated by the user interface, transmitting said plurality of second data sets to the user interface, implementing a phase of receiving said plurality of second data sets encrypted using said encryption table, during which: the data of the first data set, actually entered via the user interface and encrypted using said encryption table, are received by the secure data processing device, and decrypting the first data set and the plurality of second data sets transmitted by the module for processing the entered data.

    15. A non-transitory computer-readable medium comprising a processing module stored thereon comprising program code instructions for implementing a secure data transmission method, when the instructions are executed by a processor of a communication terminal, the instructions configuring the communication terminal to securely transmit data entered via a user interface of a communication terminal to a secure data processing device by: receiving an encryption table from the secure processing device, receiving, from the user interface, a group of data sets comprising a first data set actually entered via the user interface and a plurality of second data sets, the entry whereof has been emulated by the user interface, encrypting, via said encryption table, all of the data sets received, and transmitting all of the encrypted data sets to the secure processing device.

    Description

    LIST OF FIGURES

    [0056] Other purposes, features and advantages of the invention will be better understood upon reading the following description, which is given as a rough guide and in no way as a limited guide, with reference to the accompanying figures, in which:

    [0057] FIG. 1 shows a system wherein the present invention can be implemented according to a first embodiment,

    [0058] FIG. 2 shows the steps implemented when executing the secure data entry methods according to one embodiment of the invention,

    [0059] FIG. 3 shows a piece of communication equipment according to one embodiment of the invention,

    [0060] FIG. 4 shows a secure data processing device 2 according to one embodiment of the invention.

    DETAILED DESCRIPTION OF THE EMBODIMENTS OF THE INVENTION

    [0061] FIG. 1 shows a system wherein the present invention can be implemented according to a first embodiment.

    [0062] Such a system comprises a communication terminal 1, such as a tablet or a smartphone, connected via a secure connection 3 to a secure data processing device 2, such as a payment card reader.

    [0063] The communication terminal 1 in particular comprises a user interface 10 and a module 11 for processing the entered data. The user interface 10 can, in one embodiment of the invention, consist of an alphanumeric keyboard and a screen. In another embodiment of the invention, the user interface 10 can be a touch screen.

    [0064] The secure connection 3 can be a wired connection established using an Ethernet cable or a wireless near-field connection of the Bluetooth® or NFC (Near Field Communication) type.

    [0065] The secure data processing device 2 comprises a secure data processing module 20 and a payment card reader 21. In a first implementation, the payment card reader 21 is a secure contactless card reader using, for example, an NFC connection to exchange data with the payment card 4. When the payment card 4 is close enough to the contactless payment card reader, a secure near-field connection is established between the contactless payment card reader and the payment card 4.

    [0066] In a second implementation, the payment card reader 21 is an integrated circuit card reader into which a payment card 4 is inserted. Once the payment card 4 has been inserted into the integrated circuit card reader, a connection is established between the payment card 4 and the reader heads of the integrated circuit card reader allowing data to be exchanged between the integrated circuit card reader and the payment card 4.

    [0067] In a second embodiment, the secure data processing module 20 can be embedded in the communication terminal 1.

    [0068] FIG. 2 shows the steps implemented when executing the secure data entry and transmission methods according to one embodiment of the invention.

    [0069] For example, in a step E1, the establishment of a connection between a payment card 4 and the payment card reading module 21 triggers the output, by the secure data processing module 20, of a request MSG1 for activating an application installed on the communication terminal 1 and requiring the entry of sensitive data, such as a payment application.

    [0070] In a step E2, the secure data processing module 20 determines the content of the running application intended to be displayed by the user interface 10 for data entry. Thus, when the user interface is a touch screen for example, the secure data processing module 20 determines the position on the touch screen of areas corresponding to the digits on a numeric keypad. An area corresponding to the same digit is never displayed in the same position on the touch screen.

    [0071] In a step E3, the secure processing module 20 outputs a message MSG2 to the user interface 10 comprising instructions for the content to be displayed determined in step E2.

    [0072] In a step E4, the secure processing module 20 generates an encryption table TC intended to be used by the module 11 for processing the entered data to encrypt the data entered via the user interface 10.

    [0073] In a step E5, the secure processing module 20 transmits the encryption table TC generated in step E4 to the module 11 for processing the entered data in a message MSG3.

    [0074] In a step E6, the secure data processing module 20 outputs a message MSG4 to the user interface 10, comprising a data set JD1, the entry whereof is intended to be emulated by the user interface 10.

    [0075] In a step E7, the user interface 10 emulates the entry of the data set JD1, and transmits the data set JD1 whose entry was emulated to the module 11 for processing the entered data.

    [0076] Upon receiving the data set JD1, the module 11 for processing the entered data encrypts the data set JD1 using the encryption table TC in a step E8.

    [0077] The encrypted data set CJD1 is then transmitted to the secure processing module 20 in a step E9.

    [0078] Steps E6 to E9 are repeated at random time intervals during a phase PH1, the duration whereof is variable.

    [0079] In a step E10, a data set JD2 is actually entered by a user of the communication terminal 1 via the user interface 10. Such a data set JD2 corresponds, for example, to the PIN code associated with the payment card 4 connected to the card reader 21. Step E10 occurs during the phase PH1 so that the entry of the data set JD2 is masked among the emulated entries of the data sets JD1.

    [0080] Upon receiving the data set JD2, the module 11 for processing the entered data encrypts the data set JD2 using the encryption table TC in a step E8.

    [0081] The encrypted data set CJD2 is then transmitted to the secure processing module 20 in a step E12.

    [0082] In a step E13, the secure processing module 20 decrypts the various data sets CJD1 and CJD2 received.

    [0083] In a step E14, the secure processing module 20 identifies the data set JD2 from among all of the decrypted data sets. This is possible because the secure processing module 20 has generated the data sets JD1 whose entry is intended to be emulated by the user interface 10. Once the data set JD2 has been identified, it is processed by the secure processing module 20. When the data set

    [0084] JD2 matches the PIN code of the payment card 4 that has established a connection with the payment card reading module 21, the secure data processing device 20 can access sensitive data stored in a memory of the payment card 4.

    [0085] In a step E15, after accessing the contents of the memory of the payment card 4, the secure processing module 20 transmits a message MSG5 to the module 11 for processing the entered data comprising parameters for establishing a communication session with a processing server ST, such as a payment server. The parameters comprised in the message MSG5 can be encrypted to guarantee the confidentiality thereof.

    [0086] In a step E16, the module 11 for processing the entered data establishes a secure communication session with the processing server ST, for example, to carry out a payment transaction using the payment card 4.

    [0087] In a step E17, an acknowledgement message ACK can be transmitted from the processing server ST to the secure processing module 20 and relayed by the module 11 for processing the entered data.

    [0088] In one embodiment of the method of the invention, the phase PH1 can end once the data set JD2 has been decrypted and identified by the secure data processing module 20.

    [0089] In another embodiment of the invention, the phase PH1 has a fixed duration. If, after this duration has expired, the data set JD2 has not actually been entered via the user interface 10, an error message can be displayed via the graphical user interface 10 asking the user of the communication terminal to reconnect the payment card 4 with the card reading module 21, for example.

    [0090] FIG. 3 shows a piece of communication equipment 1 according to one embodiment of the invention.

    [0091] The communication equipment 1 can comprise at least one hardware processor 101, a storage unit 102, an entry device 103, a display device 104, an interface 105, at least one network interface 106 and a module 11 for processing the entered data, which are connected to one another via a bus 107. It goes without saying that the component elements of the communication equipment 1 can be connected by means of a connection that is different from a bus.

    [0092] The processor 101 controls the operations of the communication equipment 1. The storage unit 102 stores at least one program for implementing a method for securely transmitting data according to one embodiment of the invention and, in the event that the communication equipment is embedded in a payment terminal, at least one program for the execution of payment transactions, to be executed by the processor 101, and various data, such as parameters used for computations carried out by the processor 101, and intermediate data for computations carried out by the processor 101, etc. The processor 101 can be formed by any known and suitable hardware or software, or by a combination of hardware and software. For example, the processor 101 can be formed by dedicated hardware such as a processing circuit, or by a programmable processing unit such as a central processing unit that executes a program stored in a memory thereof.

    [0093] The storage unit 102 can be formed by any suitable means capable of storing the one or more programs and data in a computer-readable manner. Examples of a storage unit 102 include computer-readable non-transitory storage media such as solid-state memory devices and magnetic, optical or magneto-optical recording media loaded on a read/write unit.

    [0094] The entry device 103 can be formed by a keyboard, or a pointing device such as a mouse to be used by a user to enter commands. The display device 104 can also be formed by a display module, such as a graphical user interface or GUI. The entry device 103 and the display device 104 constitute the user interface 10 and can be integrally formed by a touch screen, for example.

    [0095] The interface 105 provides an interface between the communication equipment 1 and an external appliance such as the secure data processing device 2. The interface 105 can communicate with the external appliance via a wired or wireless connection.

    [0096] At least one network interface 106 provides a connection between the communication equipment 1 and a remote piece of equipment, such as the processing server ST, via a communication network, such as the Internet. The network interface 106 can provide, depending on the nature thereof, a wired or wireless connection to the network.

    [0097] The module 11 for processing the entered data is controlled by the processor 101 in accordance with the instructions of the program for implementing a secure transmission method according to one embodiment of the invention. The module 11 for processing the entered data can be a software module or a combination of hardware and software.

    [0098] FIG. 4 shows a secure data processing device 2 according to one embodiment of the invention.

    [0099] The secure data processing device 2 can comprise at least a hardware processor 201, a storage unit 202, a secure data processing module 20, a reading module 21 for reading a payment card 4, and an interface 203 which are connected to one another via a bus 204. It goes without saying that the component elements of the secure data processing device 2 can be connected by means of a connection that is different from a bus.

    [0100] The processor 201 controls the operations of the secure data processing device 2. The storage unit 202 stores at least one program for implementing a method for protecting data entered according to one embodiment of the invention and, in the event that the secure data processing device 2 is embedded in a payment terminal, at least one program for the execution of payment transactions, to be executed by the processor 201, and various data, such as parameters used for computations carried out by the processor 201, and intermediate data of computations carried out by the processor 101, etc. The processor 201 can be formed by any known and suitable hardware or software, or by a combination of hardware and software. For example, the processor 201 can be formed by dedicated hardware such as a processing circuit, or by a programmable processing unit such as a central processing unit that executes a program stored in a memory thereof.

    [0101] The storage unit 202 can be formed by any suitable means capable of storing the one or more programs and data in a computer-readable manner. Examples of a storage unit 202 include computer-readable non-transitory storage media such as solid-state memory devices and magnetic, optical or magneto-optical recording media loaded on a read/write unit.

    [0102] The interface 203 provides an interface between the secure data processing device 2 and an external appliance such as the communication equipment 1. The interface 203 can communicate with the external appliance via a wired or wireless connection.

    [0103] The secure data processing module 20 is controlled by the processor 201 in accordance with the instructions of the program for implementing a method for protecting the data entered according to one embodiment of the invention. The secure data processing module 20 can be a software module or a combination of hardware and software.