Keypad
10218383 ยท 2019-02-26
Assignee
Inventors
Cpc classification
G06F2221/2143
PHYSICS
H03M11/006
ELECTRICITY
G07F7/1016
PHYSICS
G06F3/0416
PHYSICS
G06F21/83
PHYSICS
International classification
H03M11/00
ELECTRICITY
G06F3/041
PHYSICS
G06F3/02
PHYSICS
G07F7/10
PHYSICS
Abstract
A keypad is described. The keypad comprises: a keypad housing defining a plurality of key apertures; a plurality of physical keys, each physical key located in a respective key aperture and being moveable with respect to the key aperture; and a non-contact (for example, capacitive) sensing layer located beneath the plurality of keys. A touch controller is coupled to the capacitive sensing layer and is operable to ascertain a touch location corresponding to a depressed key. A cryptographic controller may be provided in communication with the touch controller and is operable to interpret the touch location.
Claims
1. A keypad comprising: a keypad housing providing individually depressable keys for selection by a user, and five posts between the keypad housing of the keypad and a printed circuit board, each post abuts a corresponding separation switch and an underside of an upper surface of the keypad housing; a sealing layer of elastomeric material under the keypad housing; a multi-layer under the sealing layer comprising the printed circuit board with an upper layer of the multi-layer comprising dome switches, second and third layers of the multi-layer comprising a layout of copper tracks for sensing the depressable keys, fourth and fifth layers of the multi-layer comprising mesh for detecting any penetration of multi-layer, and a sixth layer of the multi-layer that routes signals from the depressable keys to an elastomeric connector; a metal space layer under the multi-layer comprising the elastomeric connector coupled to a connection strip of a sensing layer; the sensing layer located beneath the metal space layer, the sensing layer including a cryptographic processor, a secure touch controller, non-volatile memory, and volatile memory, wherein the sensing layer configured to ascertain which of the individually depressable keys is depressed using proximity sensing within the keypad housing, and wherein the sensing layer is configured to monitor when any post ceases to depress that post's separation switch to change a monitored state of the keypad and when the change is detected by the sensing layer, the sensing layer is configured to cause removal of cryptographic keys associated with the keypad, and wherein the sensing layer is operable to detect any change to a particular touchscreen pattern generated on printed circuit board by measuring capacitance and electrical parameters against expected readings and the sensing layer is operable to communicate any deviation in the touchscreen pattern to the touch controller as being indicative of a potential tamper event for the keypad, and wherein the sensing layer is configured to detect a wire connected to a touchscreen that is attempting to read the touchscreen pattern and detect a presence of conductive ink injected onto the touchscreen and the sensing layer is configured to notify the touch controller as other potential tamper events for the keypad, and the volatile memory for storing a particular one of the cryptographic keys during operation of the keypad and the non-volatile memory for storing an encryption algorithm and a cryptographic key deriving algorithm, wherein the sealing layer provides tactile feedback to the depressable keys, seals the keypad from ingress of water and dirt into internal components of the keypad, and prevents over-travel of the depressable keys that may otherwise be caused by manufacturing tolerances, and wherein the elastomeric material is rubber.
2. The keypad of claim 1, wherein the proximity sensing is implemented using capacitive technology.
3. The keypad of claim 1, wherein the proximity sensing is implemented using resistive technology.
4. The keypad of claim 1, wherein the proximity sensing is implemented using inductive technology.
Description
BRIEF DESCRIPTION OF DRAWINGS
(1) Embodiments of the present invention will now be described hereinafter, by way of example only, with reference to the accompanying drawings in which:
(2)
(3)
(4)
DESCRIPTION OF EMBODIMENTS
(5) In the drawings like reference numerals refer to like parts.
(6) Reference is first made to
(7) The EPP 10 comprises a keyboard body (also referred to as a keypad housing) 12 which supports a keypad 14 including sixteen individual keys 16 for a customer to use when entering his/her PIN and when making transaction selections, each key having either a digit (with one of the numbers from 0 to 9) etched or printed thereon, words such as Cancel, Clear, and Enter, or such like, etched or printed thereon, or left blank. The keypad 14 protrudes from an upper surface 18 of the EPP 10, which also defines a raised keypad perimeter 19.
(8)
(9) The encryption unit 20 also includes a secure touch controller 32. The secure touch controller 32 is operable to receive signals from a touch panel (not illustrated in
(10) The processor 22, the RAM 24, the flash memory 26, and the secure touch controller 32 all communicate via an internal bus 36.
(11) Suitable cryptographic processors 22 include one of the range of secure microcontrollers supplied by Maxim Integrated Products, Inc. of 160 Rio Robles, San Jose, Calif. 95134, U.S.A.
(12) Suitable secure touch controllers 32 include a secure touch sensor supplied by Cirque Corporation, 2463 South 3850 West, Salt Lake City, Utah 84120-2335, U.S.A.
(13) Data from the keypad 14 is transmitted to the cryptographic processor 22. Each key press is transmitted by the secure touch controller 32 to the cryptographic processor 22 as a co-ordinate corresponding to the location of the key 16 that was pressed. The cryptographic processor 22 processes the keypad entries using a keyboard control algorithm (not shown) executing within the cryptographic processor 22. The cryptographic processor 22 also includes internal RAM (not shown) and internal non-volatile memory (not shown) for use in performing cryptographic functions. The cryptographic processor 22 includes an erase function that operates automatically to delete stored encryption keys within the cryptographic processor 22 (and/or in the RAM 24 and FLASH memory 26) in the event that any sensors in the EPP 10 detect tampering.
(14) In normal operation the EPP 10 outputs encrypted data to an ATM controller module (not shown) via an output port 40 in the form of a USB port.
(15) Parts of the EPP 10 are shown in more detail in
(16) The lowest layer in the EPP 10 is a base layer 50 comprising a printed circuit board (PCB) on which is mounted the encryption unit 20 including the cryptographic processor 22 for performing encryption functions of the EPP 10 and the secure touch controller 32. This base layer 50 is referred to as the encryption PCB. In this embodiment, the PCBs comprise conventional FR-4 glass reinforced epoxy PCBs.
(17) As shown in
(18) The next layer comprises a metal space layer 52 defining an aperture 54 through which an elastomeric connector 56 extends. The elastomeric connector 56 couples to the connection strip 34 on the encryption PCB 50. In this embodiment, the elastomeric connector is a Zebra strip (trade mark).
(19) The layer above the metal spacer layer 52 comprises a keyboard PCB 60. The keyboard PCB 60 is a multi-layer PCB comprising six layers in this embodiment.
(20) The upper layer of the six layers includes 16 dome switches 62 corresponding to, and in registration with, the keys 16, and five separation switches 64. When one of the keys 16 is depressed, the corresponding dome switch 62 flexes.
(21) The second and third layers of the six layers include a touchscreen pattern comprising a layout of copper tracks. This touchscreen pattern is similar to a touchscreen pattern that would be deposited as Indium Tin Oxide on a conventional capacitive touchscreen display panel. The purpose of the touchscreen pattern is to be able to sense which of the keys 16 has been depressed, by sensing the change in capacitance caused by the movement of the corresponding dome switch 62.
(22) Each of the fourth and fifth layers of the keyboard PCB 60 comprises a mesh that is provided to detect any attempt to penetrate the EPP 10, for example, a front drilling attack from the upper surface 18 to try and access the cryptographic processor 22.
(23) The sixth layer of the keyboard PCB 60 is used for routing signals to the elastomeric connector 56 and includes a connector strip 66 to which the keyboard PCB 60 signals are routed. The touchscreen pattern on the second and third layers of the keyboard PCB 60 is coupled to the elastomeric connector 56, which routes a signal from the touchscreen pattern to the secure touch controller 32 via the connection strip 34 on the encryption PCB 50. The secure touch controller 32 ascertains which key 16 this signal corresponds to and conveys this information to the cryptographic processor 22 for processing. The sixth layer of the keyboard PCB 60 also routes signals from the five separation switches 64 to the encryption unit 20.
(24) A sealing layer 70 of elastomeric material (in this embodiment, rubber material) is disposed between the keyboard body 12 and the keyboard PCB 60 to seal the EPP 10, thereby preventing, or at least minimizing, ingress of water and/or dirt. This sealing layer 70 also provides tactile feedback to the keys 16 and helps prevent over-travel of the keys 16 that may otherwise be caused by manufacturing tolerances.
(25) Five posts (in this embodiment, metal posts or pins) 72 are provided between the keyboard body 12 and the keyboard PCB 60. Each of the metal posts 72 abuts a corresponding separation switch 64 and an underside of the upper surface 18.
(26) To assemble the EPP 10, the layers are brought into close contact and maintained in place using screws (not shown). When assembled, each of the metal posts 72 closes the corresponding separation switch 64. The encryption unit 20 monitors the state of the separation switches 64 (that is, whether each switch 64 is open or closed).
(27) If the EPP 10 is disassembled then the metal posts 72 separate from the separation switches 64, causing the separation switches 64 to open circuit. The encryption unit 20 detects this open circuit condition. The encryption unit 20 then responds to this tampering by deleting any critical information (such as stored keys, algorithms, and the like).
(28) It should be appreciated that this embodiment has the advantage that traditional scan lines (as would be used to detect a physical key press on a conventional keyboard) are not required. Instead, a secure touch controller is used to ascertain a location corresponding to a key press. Using a secure touch controller obviates the requirement to protect the scan lines (the pattern delineated on the capacitive sensing layer is not really a scan line) and also ensures that if a fraudulent third party managed to monitor the output of the capacitive sensing layer then no useful information would be obtained because this output needs to be interpreted by the secure touch controller before the touch location can be ascertained. This means that using the secure touch controller is more secure than using scan lines.
(29) Furthermore, the secure touch controller 32 is able to detect any change to the touchscreen pattern on the second and third layers of the keyboard PCB 60. For example, if the EPP 10 is attacked from the front by a third party attempting to attach a wire to the touchscreen pattern to read the signals from the touchscreen pattern, or if conducting ink is injected onto the touchscreen pattern, then the secure touch controller 32 would detect this and inform the cryptographic processor 22. The cryptographic processor 22 would then erase stored encryption keys. Typically, a secure touch controller measures the capacitance (and other electrical parameters) of the touchscreen pattern when the EPP 10 is powered up, and compares these readings with expected readings. Any deviation from expected readings would be communicated to the cryptographic processor 22 as possibly indicative of a tamper event.
(30) This embodiment therefore provides a more secure key scanning method by using technology used in touchscreens (that is, a touch panel and associated sensing technology), but by enclosing this technology within the keyboard body 12 so that a user cannot access the touch panel or sensing technology directly.
(31) Reference is now made to
(32) The user interface 80 includes a card reader/writer slot 84, a display 86, and the EPP 10. The user interface 80 can optionally include other access ports/slots, such as a private audio port 88. The keypad 14 of the EPP 10 provides an interface between a customer and the EPP 10. A keypad aperture 90 of the ATM 82 aligns with the keypad perimeter 19 of the EPP 10 so that only the keypad 14 of the EPP 10 is visible to an ATM customer through the keypad aperture 90 of the ATM.
(33) It should be understood however that the EPP 10 may be utilized with other types of SSTs or assisted service terminals, such as automated fuel dispensers, kiosks, self-checkout terminals, check-in terminals, vending machines, or the like.
(34) In other embodiments, different separation switches may be provided (instead of or in addition to the metal posts). In some embodiments, no separation switches may be provided.
(35) In other embodiments, the touchscreen pattern may be located on a single layer of the keyboard PCB 60.
(36) In other embodiments, a different number of layers may be provided than those described above.
(37) In other embodiments, the RAM 24 and FLASH memory 26 may be located on the same side of a PCB as the cryptographic processor 22 and the secure touch controller 32.
(38) Throughout the description and claims of this specification, the words comprise and contain and variations of them mean including but not limited to and they are not intended to (and do not) exclude other features, components, integers, or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.
(39) Features, integers, characteristics or groups described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of the features and/or steps are mutually exclusive. The invention is not restricted to any details of any foregoing embodiments. The invention extends to any novel one, or novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.
(40) The reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.