Method for securing data input, communications terminal and corresponding program
11295038 · 2022-04-05
Assignee
Inventors
Cpc classification
G06Q20/40
PHYSICS
G06F3/04886
PHYSICS
G06F21/83
PHYSICS
International classification
G06F21/62
PHYSICS
G06Q20/40
PHYSICS
G07F7/10
PHYSICS
G06F3/04886
PHYSICS
Abstract
A method for securing entry of sensitive data, the method being implemented by a communications terminal having a processor, an entry touchpad screen on which the entry of sensitive data is carried out. Such a method includes: displaying a random keypad for the entry of a confidential code; receiving, by the processor, a reference pad display signal; and displaying the reference keypad, the reference keypad being inactive.
Claims
1. A method for securing entry of sensitive data, the method being implemented by a communications terminal comprising a processor and an entry touchpad screen on which the entry of sensitive data is carried out, wherein the method comprises: displaying on the entry touchpad screen an active random keypad for entry of a confidential code, wherein the active random keypad allows entering the sensitive data; receiving a key press of a key of the communications terminal from a user wishing to enter the sensitive data and responsively generating a display signal for displaying a reference keypad; while the active random keypad is being displayed, receiving, by the processor, the display signal for displaying the reference keypad; and displaying, by the processor, the reference keypad on the entry touchpad screen, said reference keypad being inactive and preventing entry of the sensitive data via the reference keypad and said reference keypad overlapping at least part of said active random keypad.
2. The method according to claim 1, wherein the displaying of the reference keypad is preceded by masking the active random keypad.
3. The method according to claim 1, wherein the the key is situated at a pre-determined location of the communications terminal, leading to transmission of the display signal for the reference keypad to the processor.
4. The method according to claim 3, wherein the displaying of the reference keypad ends at an interruption of the display signal and wherein the interruption of the display signal takes place at an interruption of the pressing on said key.
5. The method according to claim 1, wherein the displaying of the reference keypad ends at an interruption of the display signal.
6. The method according to claim 1, wherein said reference keypad is displayed on said touchpad screen of said communications terminal in the form of an image representing a reference keypad.
7. The method according to claim 6, wherein a size of the image representing the reference keypad is smaller than a size of the active random keypad.
8. The method according to claim 1, wherein said active random keypad has a shape different from that of said reference keypad.
9. A communications terminal for securing entry of sensitive data and comprising: a processor; an entry touchpad screen on which the entry of sensitive data is carried out; and a non-transitory computer-readable medium comprising instructions stored thereon, which when executed by the processor configure the communications terminal to perform acts comprising: displaying on the entry touchpad screen an active random keypad for entry of a confidential code, wherein the active random keypad allows entering the sensitive data; receiving a key press of a key of the communications terminal from a user wishing to enter the sensitive data and responsively generating a display signal for displaying a reference keypad; while the active random keypad is being displayed, receiving, by the processor, the display signal for displaying the reference keypad; and displaying, by the processor, the reference keypad on the entry touchpad screen, said reference keypad being inactive and preventing entry of the sensitive data via the reference keypad and said reference keypad overlapping at least part of said active random keypad.
10. A non-transitory computer-readable medium comprising a computer program product stored thereon, which comprises program code instructions for executing a method of securing entry of sensitive data on a communications terminal, when the instructions are executed by a processor of the communications terminal, wherein the instructions configure the communications terminal to: displaying on an entry touchpad screen of the communications terminal an active random keypad for entry of a confidential code, wherein the active random keypad allows entering the sensitive data; receiving a key press of a key of the communications terminal from a user wishing to enter the sensitive data and responsively generating a display signal for displaying a reference keypad; while the active random keypad is being displayed, receiving, by the processor, the display signal for displaying the reference keypad; and displaying, by the processor, the reference keypad on the entry touchpad screen, said reference keypad being inactive and preventing entry of the sensitive data via the reference keypad and said reference keypad overlapping at least part of said active random keypad.
Description
4. DRAWINGS
(1) Other features and advantages of the invention shall appear more clearly from the following description of a preferred embodiment, given by way of a simple illustratory and non-exhaustive example and from the appended drawings, of which:
(2)
(3)
(4)
5. DESCRIPTION
1.1. Reminders
(5) As explained here above, the present technique brings a solution to the problem of the use of random virtual keypads used in prior-art techniques. More particularly, the invention proposes a method of display of a non-random keypad in a way that is complementary to the display of the random keypad.
(6) This method enables the user, bewildered by the display of the random keypad, to have available a standard keypad to which he can refer. It can be noted that the standard keypad is inactive. This is a keypad displayed by way of information, enabling the user to recall his code, for example his PIN code. The goal is to overcome the problems and issues posed by the memorizing method applied by the user. It may be recalled that a reference keypad is a keypad complying with the standards of display of keys in a country considered. A random keypad is a keypad comprising a number of keys appreciably identical to the number of keys of a standard keypad (a reference keypad) but in which the keys have been distributed pseudo-randomly or randomly according to a method of drawing one or more numbers and distributing keys as a function of this number or these numbers; such a process is not the object of the present invention. If need be, some keys of the random keypad can be disposed in the same way as in the reference keypad. It can be for example a pinpad, correction, cancellation and confirmation keys which are generally situated on the lower row of keys on the keypad.
(7) The invention is intrinsically linked to a problem, brought to light by the inventors, that originates in the cognitive and memory processes implemented by users in order to recall the various passwords and confidential codes that have become commonplace in daily life. Thus, for example, the memorizing of PIN codes such as bank card codes often relies on the memorizing of a gesture done more or less automatically (depending on the individual). In this sense, the invention can be called a problem invention. More particularly, the problem that has been brought to light by the inventors and comes into play in the rejection by users of virtual keypads is that a large majority of users memorize above all the gesture made by the hand when entering a PIN code or a password. This gesture, which is a sort of reflex, is implemented although the user does not recall the characters (digits, letters) that form this PIN code or this password. Thus, when a random keypad is presented to the user, his first reflex is to start tapping according to the reflex tapping scheme corresponding to a traditional keypad. Such a reflex invariably causes the entry of a wrong code, which has a consequence of upsetting the user or at least irritating him.
(8) Now, as explained here above, the use of a random keypad is necessary in order to meet security needs. The technique devised by the inventors consists in bringing the user information enabling him to more rapidly assimilate the fact that the PIN code or the password must be entered with care (i.e. by recalling the numbers and/or characters that form it and not only through an entry reflex). This providing of information is generally done by presenting the user with a non-random keypad (a standard keypad called a reference keypad). The display of this standard keypad enables the user to recall the code or the password to be entered by mentally (or physically) performing the gesture that he would have made with this standard keypad: the user is thus more capable of remembering the digits or the letters and their order.
(9) Referring to
(10) According to one complementary characteristic, in one embodiment, the step of display of the reference keypad is preceded by a step (25) for masking the random keypad.
(11) According to one complementary characteristic, in one embodiment, the step of reception (20) by the processor of the reference pad display signal is preceded by a step for pressing (15) on a key situated at a pre-determined location of the communications terminal, that leads to the transmission of the reference pad display signal to the processor.
(12) According to one complementary characteristic, in one embodiment, the step of display (30) of the reference keypad comes to an end (35) during the interruption of the display signal.
(13) Thus, as explained here above, depending on the embodiments, the non-random keypad will be displayed as a replacement of the random keypad (it takes the position of the random keypad on the display) or in addition to the random keypad (it gets added to the random keypad on the display). This ‘memory cue’ keypad is inactive. It has the advantage, through this inactivity, of ensuring that even if the user enters his code or password on this keypad, his entries cannot be “intercepted” to provide information to any attacker.
(14) In one basic embodiment, the standard keypad is displayed in the form of an image presented to the user at the user's request. More particularly, to display this image of a standard keypad, the user presses a pre-determined key (or presses a pre-determined location of the screen) enabling the display of the standard keypad that has just concealed the random keypad. In this basic embodiment, the duration of display is adjustable: for example, the display can be defined for a given time (five seconds, ten seconds) or else it can depend on an action by the user (so long as the user wishes to see the reference keypad, this keypad is displayed).
(15) Another characteristic relates to the size of the reference keypad. The display of the reference keypad, according to a first variant, is the same as that of the random keypad: the size of the keypad is identical and the keys are identical. Only the locations of the keys change.
(16) According to a second variant, the display of the reference keypad is different from the display of the random keypad: the reference keypad is displayed with a smaller size (than that of the random keypad). This can be due to two factors: the first factor relates to the fact that, in addition to the reference keypad, an information message is presented to the user. This message gives the user the information according to which the reference keypad is inactive and enables only the recalling of the confidential code. Thus, this variant can be implemented on a touchpad screen of smaller size. The second factor relates to the fact that the reference keypad and the random keypad can be displayed jointly. At the same time, it is desired to make the user understand that the reference keypad is inactive. Thus, the reference keypad is displayed in a size smaller than that of the random keypad, at the top left-hand side, or in the center or at the right-hand side of the random keypad. In this case, the user can request the display of this reference keypad but it is not an obligation. When the size of the screen allows it, the reference keypad can be displayed directly without the user's request.
(17) Another characteristic relates to the concealment of the random keypad by the reference keypad. Indeed, it is desired to activate the user's memorization process and therefore enable a simpler entry of the confidential code or of the password. To this end, the process of creating a mental code-tapping scheme or password-striking scheme will be facilitated by causing the concealment of the random keypad by the reference keypad to vary in time. This characteristic can be applied of course to the case where the image of the reference keypad conceals the random keypad. According to this characteristic, the percentage of concealment varies according to time. For example, over a period of 10 seconds of display of the image of the reference keypad, a transfer function (for example of the sigmoid type or again an affine function) is used to obtain variation in the percentage of concealment from a value of 100% to for example 0%. The user can then gradually memorize the mental scheme that he must accomplish on the random keypad on the basis of the mental scheme, which he knows, of the reference keypad.
(18) Yet another characteristic relates to the random keypad itself: in order to further secure the process of entry of the code, and to do so when the display of the reference keypad conceals the random keypad, the process comprises, at the time of the reappearance of the random keypad, a step of computation (or determination) of a new random keypad that is different from the random keypad that was displayed before the concealment.
(19) Another characteristic relates to the random keypad itself: according to the present invention, this random keypad has a shape different from that of the reference keypad. Thus, in one embodiment, while the reference keypad has a generally rectangular shape (especially for a pinpad), the random keypad for its part has rather a circular shape similar to that of a clock face, in which the numerical keys are distributed randomly. This has the advantage for the user of not mistaking the reference keypad and the random keypad for each other.
5.2. Description of One Embodiment
(20) The embodiment presently described is related to the case in which the user enters a personal authentication code (a PIN code) on a communications terminal comprising a touchpad screen to confirm a payment transaction, this transaction being at least partly implemented by the communications terminal. The technique is more particularly implemented at the time of the entry of the PIN code, during a financial transaction involving the entry, for a user, of such a PIN code to confirm this transaction, and is described with reference to
(21) The activation key can be a key displayed on the touchpad screen of the communications terminal or else a physical key of the communications terminal (for example the key “home”).
(22) Thus, in this embodiment, the reference keypad remains displayed only for the time of the pressing action by the user. This (temporary) display has the effect of forcing the user to keep pressing the activation button in order to continue to be able to visualize the image of the reference keypad. The purpose of this constraint is to prevent the reference keypad from leading the user into error by making him believe that it is possible to enter his PIN code on the reference keypad. The fact that he keeps a finger pressed on the activation button almost mechanically prevents him from making a code entry.
(23) When the reference keypad is displayed, the user can recall his code with the help of a mental gesture of entering the code on the standard keypad: it is assumed then that the user recalls the digits that form his code when viewing of the reference keypad and that it is thus this code that he has in memory when he releases the activation button and when the random keypad is again presented.
(24) In this embodiment, there is no limit on the number of times that the operation of displaying the reference keypad can be done. However, depending on the conditions of operational implementation, the number of iterations of the process can be limited, especially by the need to implement a transaction in an allotted time.
(25) Thus, in this embodiment, the user is given, at his request, an image of a standard digital keypad which is a reference keypad that masks the random keypad.
5.3. Other Features and Advantages
(26) With reference to
(27) For example, the communications terminal comprises a memory 31 comprising for example a buffer memory, a general processor 32, equipped for example with a microprocessor and controlled by a computer program 33 and/or a secure memory 34, a secure processor 35, controlled by a computer program 36, these processing units implementing methods of processing and entering of data as described here above to carry out a display of a reference (standard) keypad, for example in the form of an image, in order to enable the user to recall his code.
(28) At initialization, the code instructions of the computer program 36 are for example loaded into a memory and then executed by the secure processor 35. The processor 35 inputs at least one piece of data representing a need to enter a piece of sensitive data. The secure processor 35 implements the steps of the method of processing according to the instructions of the computer program 36 to display a random keypad and enable the display of an image representing a standard (reference) keypad to which the user can relate in order to recall his code.
(29) To this end, the communications terminal comprises, in addition to the memory 34, communications means such as network communications modules, data transmission means and data transmission circuits for transmitting data between the various components of the communications terminal.
(30) The means described here above can take the form of a particular processor implemented within a terminal such as a payment terminal. According to one particular embodiment, the communications terminal implements a particular application which is in charge of carrying out the operations described here above, this application being for example provided by the manufacturer of the processor in question in order to enable the use of said processor. To this end, the processor comprises unique identification means. These unique identification means ensure the authenticity of the processor.