WO2016081011A1 - Coordonnées de décalage de clavier - Google Patents

Coordonnées de décalage de clavier Download PDF

Info

Publication number
WO2016081011A1
WO2016081011A1 PCT/US2014/066870 US2014066870W WO2016081011A1 WO 2016081011 A1 WO2016081011 A1 WO 2016081011A1 US 2014066870 W US2014066870 W US 2014066870W WO 2016081011 A1 WO2016081011 A1 WO 2016081011A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing device
keyboard
coordinates
image
offset
Prior art date
Application number
PCT/US2014/066870
Other languages
English (en)
Inventor
Martin OHL
Michael J. HANNIGAN
Original Assignee
Hewlett Packard Enterprise Development Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development Lp filed Critical Hewlett Packard Enterprise Development Lp
Priority to PCT/US2014/066870 priority Critical patent/WO2016081011A1/fr
Publication of WO2016081011A1 publication Critical patent/WO2016081011A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • a human interface device such as a keyboard, mouse, track pad, or touch-enabled display
  • characters entered by a user are considered sensitive and, as such, important to protect from access by unauthorized parties. Examples of such computer activities include those involving user authentication, those involving financial information, and those involving private information.
  • FIG. 1 illustrates an environment including an example client system in communication with an example server system.
  • FIG. 2 illustrates an example client computing device.
  • FIG. 3 illustrates an example server computing device.
  • FIGs. 4-6 illustrate example methods for using an image of a keyboard and an offset coordinate to facilitate user entry of a keyboard character.
  • FIG. 7 illustrates an example method for using an image of a keyboard to facilitate user entry of a keyboard character at a client computing device, and for using an offset coordinate to facilitate communication of the user entry to a server computing device.
  • FIGs.8-10 illustrate example methods for using an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • FIG. 11 illustrates an example method for using an image of a keyboard and an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • FIG. 12 illustrates example techniques for using an image of a keypad to facilitate user entry of credit card information at a client system, and using an offset coordinate to facilitate communication of the user entry to payment systems.
  • This disclosure describes examples for using an image of a keyboard ("keyboard image") to receive user entry of one or more characters at a client system and for using offset coordinates to communicate the user entry to a server system.
  • Various examples described herein can permit a user to enter characters at a client system without the client system actually being aware of the characters being entered, as possibly would using a hardware keyboard or an onscreen virtual keyboard. In doing so, various examples can secure entry of the characters at the client system while reducing risk of an unauthorized party intercepting the entered characters (e.g., using a keystroke logger). Additionally, various examples described herein can permit obfuscated communication of user-entered characters from a client system to a server system, thereby reducing the risk of unauthorized parties determining what characters are being communicated.
  • unauthorized parties are known to use various mechanisms to gain access to user-entered sensitive data, including keystroke loggers to access characters as they are entered at a keyboard, and network sniffers to access user-entered sensitive data as it is communicated between systems (e.g., over a network).
  • keystroke loggers to access characters as they are entered at a keyboard
  • network sniffers to access user-entered sensitive data as it is communicated between systems (e.g., over a network).
  • Techniques described by this disclosure can be beneficial in protecting user entry of sensitive data during various computer activities, such as financial-related computer activities that are subject to data security standards defined by the Payment Card Industry (PCI).
  • PCI Payment Card Industry
  • a call center sales agent can use their workstation to enter credit card information, such a primary account number (PAN) or a credit card verification number (CVN), without need for the agent's workstation or their local network environment to be within the scope of PCI compliance.
  • PAN primary account number
  • CVN credit card verification number
  • FIG. 1 illustrates an environment 100 including an example client system 102 in communication with an example server system 104 over a communications network 106.
  • the client system 102 includes a display module 108, a user input module 110, a keyboard request module 112, a coordinates module 114, an offset coordinates generation module 116, and a client communications module 118.
  • the client system 102 may comprise a desktop, laptop, hand-held computing devices (e.g., personal digital assistants, smartphones, tablets, etc.), workstations, and the like.
  • the server system 104 includes a keyboard response module 120, an offset generation module 122, an offset coordinates receiving module 124, a translation module 126, and a server communications module 128.
  • the server system 104 may comprise one or more servers, which may be operating on or implemented using one or more cloud-based resources, such as a System-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (laaS).
  • SaaS System-as-a-Service
  • PaaS Platform-as-a-Service
  • laaS Infrastructure-as-a-Service
  • the components or the arrangement of components in the environment 100 may differ from what is depicted in FIG. 1.
  • the client system 102 or the server system 104 can include more or less components than those depicted in FIG. 1.
  • modules and other components of various implementation may comprise, in whole or in part, machine-readable instructions or electronic circuitry.
  • a module may comprise computer-readable instructions executable by a processor to perform one or more functions in accordance with various examples described herein.
  • a module may comprise electronic circuitry to perform one or more functions in accordance with various examples described herein. The elements of a module may be combined in a single package, maintained in several packages, or maintained separately.
  • the communications network 106 permits data to be communicated between the client system 102 and the server system 104 in accordance with various examples described herein.
  • the communications network 106 may comprise one or more local or wide-area communications networks, such as the Internet, WiFi networks, cellular networks, private networks, public networks, and the like.
  • the display module 108 may facilitate display of various content on a display device coupled to, or included as part of, the client system 102.
  • the display module 108 may facilitate display of a graphical user interface (GUI) that enables a user to interact with the client system 102.
  • GUI graphical user interface
  • the display module 108 facilitates the display of a keyboard image on the display device.
  • the keyboard image may depict a set of buttons or keys representing one or more keyboard characters that a user, at the client system 102, can enter using the keyboard image.
  • the keyboard image may include one or more keys that represent any number of digits, symbols, or alphabetical letters.
  • keys depicted in the keyboard image may or may not represent keyboard characters traditionally found in physical keyboards, such as a 104-key PC keyboard, a computer keypad, a numeric keypad, and the like. Additionally, one or more keys depicted by the keyboard image may mimic the appearance of a physical keyboard. For instances, keys of the keyboard image may mimic the color, organization, arrangement, or keyboard characters represented. The keyboard image presented by the image may vary between different examples.
  • the display module 108 displays a pointer or a cursor on a display device coupled to, or included as part of, the client system 102.
  • a user at the client system 102 may use the displayed pointer or cursor to select a location on the display device.
  • the user may control the pointer or cursor to select a location comprising a point or a region of points on the keyboard image.
  • a location can include a point or a region of points.
  • the user input module 110 may enable a user at the client system 102 to enter user input with respect to the client system 102.
  • the user input module 110 accepts user input for selecting a location on content displayed on a display device by the display module 108, where the content may include a keyboard image.
  • a user at the client system 102 may utilize a human interface device, such as a pointing device that controls an onscreen pointer or cursor, to select the location.
  • a user may use a pointing device to move the onscreen pointer or cursor over a key depicted by the keyboard image, and may use the onscreen pointer or cursor to select a point within the depicted region of the key or to select a region around the key (e.g., draw a selection box or circle) around the key.
  • Other forms of user selection may also be utilized in selecting points or regions on the keyboard image.
  • the user input module 110 may disable selection of a location on the keyboard image using a hardware keyboard or an onscreen virtual keyboard presented through the display module 108.
  • the keyboard request mod ule 112 may send the server system 104 a request to use a keyboard image at the client system 102 for receiving a set of characters as a user entry in accordance with examples described herein.
  • the keyboard request module 112 may send the request when a user at the client system 102 desires to enter a set of characters using the keyboard image and further desires to send the set of characters to the server system 104 (e.g., as offset coordinates data).
  • the request may provide information regarding the set of characters the user intends to enter at the client system 102 using the keyboard image.
  • the request may specify how many characters are to be entered using the keyboard image, an identifier for the set of characters to be entered (e.g., sensitive data, such a PAN, a social-security number, or a PIN number), or the types of characters being entered (e.g., digits, symbols, alphabetical characters, or some combination thereof).
  • an identifier for the set of characters to be entered e.g., sensitive data, such a PAN, a social-security number, or a PIN number
  • types of characters being entered e.g., digits, symbols, alphabetical characters, or some combination thereof.
  • the keyboard request module 112 may receive the keyboard image from the server system 104.
  • the client system 102 may possess a copy of the keyboard image prior to the request to use the keyboard image, such as a cached copy received during a previous keyboard session with the server system 104.
  • the keyboard request module 112 may not request or receive another copy of the keyboard image from the server system 104.
  • the keyboard request module 112 may receive a set of offsets from the server system 104.
  • the client system 102 utilizes the set of offsets received from the server system 104 with coordinates produced at the client system 102 when a keyboard image is used by a user to enter a set of characters at the client system 102.
  • a set of offsets provided to the client system 102 may be used by the client system 102 with respect to the coordinates of a single character entered through the keyboard image, or with respect to a set of characters (e.g., a data string) entered through the keyboard image.
  • the coordinates module 114 may provide a set of coordinates associated with a location selected on a keyboard image by a user at the client system 102 (e.g., using the user input module 110).
  • the set of coordinates provided by the coordinates module 114 may correspond to a user-selected point, may correspond to coordinates that fall within a user- selected region, or may correspond to the coordinates that define a user-selected region.
  • the set of coordinates is determined according to the dimensions of the keyboard image.
  • the set of coordinates may comprise an X-axis coordinate and a Y-axis coordinate for the location, where the X-axis coordinate and the Y-axis coordinate are based on the X and Y axes of the keyboard image.
  • the set of coordinates provided by the coordinates modules 114 may depend on the arrangement of keys depicted in the keyboard image.
  • the set of coordinates determined by the coordinates module 114 may include one coordinate (e.g., a X-axis or a Y-axis coordinate) for each location selected by a user.
  • the offset coordinates generation module 116 may produce a set of offset coordinates based on the set of coordinate provided by the coordinates module 114, and based on the set of offsets received by the keyboard request module 112. In certain examples, the offset coordinates generation module 116 produces the set of offset coordinates by applying the set of offsets to the set of coordinates. To apply the set of offsets to the set of offset coordinates, the offset coordinates generation module 116 may perform one or more mathematical operations on the set of coordinates using the set of offsets, including addition, subtraction, multiplication, or division.
  • the set of offsets may include a single offset to be applied to all coordinates, a separate offset for each axis (e.g., X-axis offset and Y-axis offset), or a series of offsets to be applied to a series of coordinates.
  • the client communications module 118 may facilitate communication between the client system 102 and the server system 104 over the communication network 106.
  • the client communications module 118 may facilitate the keyboard request module 112 sending a request to use a keyboard to the server system 104, the keyboard request module 112 receiving a response to the request, or the client system 102 sending of the set of offset coordinates to the server system 104.
  • the client communications module 118 may facilitate the keyboard request module 112 sending a request to use a keyboard to the server system 104, the keyboard request module 112 receiving a response to the request, or the client system 102 sending of the set of offset coordinates to the server system 104.
  • the keyboard response module 120 may receive, from the client system 102, a request to use a keyboard image at the client system 102 to receive a set of characters as a user entry. In response to the request, the keyboard response module 120 may send the client system 102 a keyboard image for use at the client system 102. The keyboard response module 120 may respond to the request by sending the client system 102 offset data comprising a set of offsets. As described herein, the client system 102 can utilize the set of offsets with coordinates produced at the client system 102 during use of the keyboard image at the client system 102.
  • the offset generation module 122 may generate a set of offsets to be sent to the client system 102 by the keyboard response module 120.
  • the set of offsets generated may include a single for all coordinates, a separate offset for each axis (e.g., X-axis offset and Y-axis offset), or a series of offsets to be applied to a series of coordinates.
  • the offset generation module 122 generates the set of offsets to include one more randomly generated offset values.
  • the offset generation module 122 may save the set of offsets for future use by the server system 104 during the offset coordinate to keyboard character translation process.
  • the offset coordinates receiving module 124 may receive offset coordinates data from the client system 102 where the offset coordinates data comprises a set of offset coordinates produced at the client system 102.
  • the set of offset coordinates received from the client system 102 may be produced at the client system 102 by applying a set of offsets, provided to the client system 102 by the keyboard response module 120, to a set of coordinates produced during use of the keyboard image at the client system 102.
  • the translation module 126 may translate the set of offset coordinates, received through the offset coordinates receiving module 124, to one or more keyboard characters.
  • the server system 104 is aware of the mapping between keyboard characters depicted on the keyboard image and coordinates of the keyboard image, which the keyboard response module 120 may provide the client system 102 at the time of request. Based on this mapping awareness, the translation module 126 can translate the set of offset coordinates to keyboard characters depicted on the keyboard image.
  • the translation module 126 includes an offset removal module 130 and a coordinate-to-keyboard character mapping module 132.
  • the offset removal module 130 may use the set of offsets, previously provided by the keyboard response module 120 to the client system 102, to remove the effects of offsets on the set of offset coordinates received by the offset coordinates receiving module 124.
  • the coordinate-to-keyboard character mapping module 132 may map the set of coordinates resulting from the offset removal module 130 to a keyboard character.
  • the server communications module 128 may facilitate communication between the server system 104 and the client system 102 and over the communication network 106. For instance, the server communications module 128 may facilitate the keyboard response module 120 receiving a request to use a keyboard image from the client system 102, the keyboard response module 120 sending a response to the request, and the offset coordinates receiving module 124 receiving offset coordinates data from the client system 102. By receiving the set of offset coordinates from the client system 102, one or more characters entered at the client system 102 using the keyboard image can effectively be communicated to the server system 104.
  • FIG. 2 illustrates an example client computing device 200.
  • the client computing device 200 includes a computer-readable medium 206, a processor 208, and communications interface 210. Additionally, the client computing device 200 is coupled to a display device 202 and a human interface device 204.
  • the components or the arrangement of components of the client computing device 200 may differ from what is depicted in FIG. 2. For instance, the client computing device 200 can include more or less components than those depicted in FIG. 2.
  • the display device 202 may be any of various display screens that can present content to a user at the client computing device 200.
  • the display device 202 may be separate remotely coupled to the computing device 200, as shown in FIG. 2, or integrated into the client computing device 200.
  • the display device 202 may, for example, comprise a liquid crystal display (LCD), light emitting diode display (LED), organic light emitting diode display (OLED), active matrix organic light emitting diode display (AMOLED), retina display, or another display capable of presenting content to a user.
  • the content presented by the display device 202 includes an image of a keyboard, which can be utilized by various examples described herein.
  • the display device 202 comprises a touchscreen layer to detect user touches, taps, and/or gestures (e.g., a resistive or capacitive touchscreen layer). Where the display device 202 has such a touchscreen layer, the display device 202 may display content and function as a human interface device with respect to the client computing device 200.
  • a touchscreen layer to detect user touches, taps, and/or gestures (e.g., a resistive or capacitive touchscreen layer).
  • the display device 202 may display content and function as a human interface device with respect to the client computing device 200.
  • the human interface device 204 can include any device that enables a user to submit user input to the client computing device 200, such as a keyboard, mouse, touch-pad, joystick, camera, and like.
  • the human interface device 204 is a pointing device, such as a mouse, touchpad, or joystick, that permits a user at the client computing device 200 to select a location on an image presented on the display device 202, such as a keyboard image.
  • the human interface device 204 may control a pointer or cursor displayed on the display device 202 and may do so to move the pointer or cursor over the image during user selection.
  • the pointer or cursor may be displayed as part of a graphical user interface (GUI) presented on the display device 202.
  • GUI graphical user interface
  • the computer-readable medium 206 may be any electronic, magnetic, optical, or other physical storage device that stores executable instructions.
  • the computer-readable medium 206 may be a Random Access Memory (RAM), an Electrically-Erasable Programmable Readonly Memory (EEPROM), a storage drive, an optical disc, or the like.
  • RAM Random Access Memory
  • EEPROM Electrically-Erasable Programmable Readonly Memory
  • the computer-readable storage medium 206 can be encoded to store executable instructions that cause the processor 208 to perform operations in accordance with various examples described herein.
  • the computer- readable storage medium 206 is non-transitory. As shown in FIG. 2, the computer-readable storage medium 206 includes offset receiving instructions 212, keyboard image presenting instructions 214, user input receiving instructions 216, offset coordinates generation instructions 218, and offset coordinates sending instructions 220.
  • the processor 208 may be one or more central processing units (CPUs), microprocessors, or other hardware devices suitable for retrieval and execution of one or more instructions stored in the computer-readable medium 206.
  • the processor 208 may fetch, decode, and execute the instructions 212, 214, 216, 218, and 220 to enable the client computing device 200 to perform operations in accordance with various examples described herein.
  • the processor 208 may include one or more electronic circuits comprising a number of electronic components for performing the functionality of one or more of the instructions 212, 214, 216, 218, and 220.
  • the offset receiving instructions 212 may cause the processor 208 to receive a set of offsets from another computing device, such as a server computing device, through the communications interface 210.
  • the set of offsets may be received in response to a request the processor 208 sent to the other computing device for use of a keyboard image to enter one or more characters at the client computing device 200.
  • the keyboard image may be one already possessed by the client computing device 200, or one the client computing device 200 receives from the other computing device in response to the request.
  • the keyboard image presenting instructions 214 may cause the processor 208 to present a keyboard image on the display device 202 coupled to the client computing device 200.
  • the user input receiving instructions 216 may cause the processor 208 to receive user input from the human interface device 204 (e.g., mouse or touch pad) that facilitates user selection of a location, at a set of coordinates, on a keyboard image presented on the display device 202.
  • the offset coordinates generation instructions 218 may cause the processor 208 to produce a set of offset coordinates by applying a set of offsets (e.g., received from another computing device) to a set of coordinates associated with a location on a keyboard image.
  • the offset coordinates sending instructions 220 may cause the processor 208 to send a set of offset coordinates to another computing device, such as a server computing device, through the communications interface 210.
  • FIG. 3 illustrates an example server computing device 300.
  • the server computing device 300 includes a computer-readable medium 302, a processor 304, and communications interface 310.
  • the components or the arrangement of components of the server computing device 300 may differ from what is depicted in FIG. 3.
  • the server computing device 300 can include more or less components than those depicted in FIG. 3.
  • the computer-readable medium 302 may be similar to the computer-readable medium 206 of FIG. 2, and can be encoded to store executable instructions that cause the processor 306 to perform operations in accordance with various examples described herein. As shown in FIG. 3, the computer-readable storage medium 302 includes keyboard user request receiving instructions 308, offset generation instructions 310, keyboard image sending instructions 312, offset sending instructions 314, offset coordinates receiving instructions 316, and offset coordinates-to-keyboard character instructions 318.
  • the processor 304 may be similar to the processor 208 of FIG. 2. Accordingly, the processor 304 may fetch, decode, and execute the instructions 308, 310, 312, 314, 316, and 318 to enable the server computing device 300 to perform operations in accordance with various examples described herein.
  • the processor 304 may include one or more electronic circuits comprising a number of electronic components for performing the functionality of one or more of the instructions 308, 310, 312, 314, 316, and 318.
  • the keyboard user request receiving instructions 308 may cause the processor 304 to receive a request from another computing device, such a client computing device, to use a keyboard image for user entry of one or more characters.
  • the processor 304 may receive the request through the communications interface 306.
  • the offset generation instructions 310 may cause the processor 304 to produce a set of offsets for use with user entry of one or more characters using a keyboard image at another computing device, such as a client computing device.
  • the set of offset may be produced in response to a request to the processor 304 receiving a request from another computing device to use a keyboard image for user entry of one or more characters.
  • the keyboard image sending instructions 312 may cause the processor 304 to send a keyboard image to another computing device, such as a client computing device, through the communications interface 306.
  • the keyboard image may be sent in response to a request to the processor 304 receiving a request from another computing device to use a keyboard image for user entry of one or more characters.
  • the offset sending instructions 314 may cause the processor 304 to send a set of offsets to another computing device, such as a client computing device, through the communications interface 306.
  • the set of offsets may be sent in response to a request to the processor 304 receiving a request from another computing device to use a keyboard image for user entry of one or more characters.
  • the offset coordinates receiving instructions 316 may cause the processor 304 to receive a set of offset coordinates from another computing device, such as a client computing device, through the communications interface 306.
  • the set of offset coordinates may be received from a computing device that produced the set of offset coordinates based on user entry of one or more characters using a keyboard image at the computing device.
  • the offset coordinates-to-keyboard character instructions 318 may cause the processor 304 to translate a set of offset coordinates to one or more keyboard characters.
  • the processor 304 may use a set of offsets previously generated and provided for use with a keyboard image upon which the set of offset coordinates were produced. Additionally, to perform the translation, the processor 304 may use a mapping of coordinates to keyboard characters.
  • FIG. 4 illustrates an example method 400 for using a keyboard image an offset coordinate to facilitate user entry of a keyboard character.
  • execution of method 400 is described below with reference to the client system 102 of FIG. 1, other suitable systems or devices for execution of method 400 can be possible, such as the client computing device 200 of FIG. 2.
  • the method 400 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 400 begins at block 402, with the client system 102 receiving a set of offsets.
  • the client system 102 may receive from the server system 104 offset data including a set of offsets to be used at the client system 102 for user entry of a single character or a set of characters.
  • the client system 102 may receive from the server system 104 offset data include a set of offsets that applies to all coordinates equally (e.g., offset value of 20) or a set of offset having separate offsets for each of the axes (e.g., X-axis offset value of 554 and a Y-axis offset value of 471 ).
  • offset data include a set of offsets that applies to all coordinates equally (e.g., offset value of 20) or a set of offset having separate offsets for each of the axes (e.g., X-axis offset value of 554 and a Y-axis offset value of 471 ).
  • the client system 102 presents an image of a keyboard ("keyboard image") on a display device coupled to, or integrated into, the client system 102.
  • the client system 102 may present a keyboard image of a numeric keypad, which may include a set of keys for entering digit and symbol keyboard characters.
  • the client system 102 receives a user selection of a location on the keyboard image at a set of coordinates on the keyboard image. For instance, where the keyboard image presented at block 404 depicts a numeric keypad, the client system 102 may receive a user selection with respect to a key bearing the digit "2" at an X-axis coordinate of 30, and a Y-axis coordinate of 55 on the keyboard image.
  • the user selection at the set of coordinates (30, 55) indicates a user's desire to enter the keyboard character 2 through keyboard image.
  • the user may have selected the "2" key by moving a mouse pointer over the "2" key depicted by the keyboard image clicking a mouse button.
  • the user may have moved and then held their mouse pointer over the "2" key for a predetermined set of time (e.g., 1 sec), or used their mouse pointer to draw a region (e.g., a selection square or circle) around the "2" key.
  • a predetermined set of time e.g. 1 sec
  • a region e.g., a selection square or circle
  • the client system 102 may receive a sequence of user selections with respect to keys bearing the digits "1," "2," and "3.” Such a sequence of user selections can indicate the user's desire to enter, through the keyboard image, a sequence of keyboard characters including the digits 1 , 2, and 3.
  • each user selection may be associated with its own set of coordinates.
  • the sets of coordinates for the sequence of user selections are communicated to a server system (e.g., the server system 104), the sets may be communicated individually or as a group but while maintaining the sequence of the user selections.
  • the client system 102 applies the set of offsets, received at block 402, to the set of coordinates associated with the user selection, received at block 406, to produce a set of offset coordinates.
  • the set of coordinates include an X-axis coordinate of 30, and a Y-axis coordinate of 55
  • the set of offsets include an X-axis offset value of 554 and a Y-axis offset value of 471
  • the client system may add the set of offsets to the set of coordinates to produce a set of offset coordinates including an (offset) X-axis coordinate of 584 and a (offset) Y-axis coordinate of 526.
  • the client system 102 sends the set of offset coordinates produced at block 408.
  • the client system 102 may send the server system 104 offset coordinates data including the set of offset coordinates.
  • the server system 104 may be the same entity that sent the set of offsets to the client system 102 at block 402.
  • the method 400 stops after block 410.
  • FIG. 5 illustrates an example method 500 for using a keyboard image an offset coordinate to facilitate user entry of a keyboard character.
  • execution of method 500 is described below with reference to the client system 102 of FIG. 1, other suitable systems or devices for execution of method 500 can be possible, such as the client computing device 200 of FIG. 2.
  • the method 500 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 500 begins at block 502, the client system 102 requests use of a keyboard image for user entry of one or more characters at the client system 102.
  • the client system 102 may request use of a keyboard image in this manner from the server system 104.
  • the request may provide information regarding the set of characters the user intends to enter at the client system 102 using the keyboard image.
  • the request may, for example, specify how many characters are to be entered using the keyboard image, an identifier for the set of characters being entered (e.g., sensitive data, such as a PAN, a CVN, account and routing numbers, or a passport number), or the types of characters being entered (e.g., digits, symbols, alphabetical characters, or some combination thereof).
  • the client system 102 receives a set of offsets in response to the request made at block 502.
  • the client system 102 may receive from the server system 104 offset data including a set of offsets to be used at the client system 102 for user entry of one or more characters using the keyboard image requested at block 502.
  • Remaining blocks 506-512 may be similar to those described with respect to the method 400 of FIG. 4.
  • block 506 may be similar to block 404
  • block 508 may be similar to 406
  • block 510 may be similar to block 408,
  • block 512 may be similar to block 410.
  • the method 500 stops after block 512.
  • FIG. 6 illustrates an example method 600 for using a keyboard image an offset coordinate to facilitate user entry of a keyboard character.
  • execution of method 600 is described below with reference to the client system 102 of FIG. 1, other suitable systems or devices for execution of method 600 can be possible, such as the client computing device 200 of FIG. 2.
  • the method 600 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 600 begins at block 602, which may be similar to block 502 described with respect to the method 500 of FIG. 5.
  • the client system 102 receives a keyboard image.
  • the client system 102 may receive the keyboard image from the server system 104, which may be same entity that receives a request to use the keyboard image at block 602.
  • the client system 102 may receive the keyboard image in response to the request made at block 602.
  • FIG. 7 illustrates an example method 700 for using an image of a keyboard facilitate user entry of a keyboard character at a client computing device, and for using an offset coordinate to facilitate communication of the user entry to a server computing device.
  • method 700 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 700 begins at block 702, with a set of offsets being received from the server system 104.
  • the client system 102 receives the set of offsets from the server system 104.
  • the client system 102 presents an keyboard image at the cl ient system 102.
  • the keyboard image is received from the server system 104.
  • the client system 102 receives a user selection of a location, on the keyboard image, at a set of coordinates.
  • the set of offsets, received at block 702 is applied to the set of coordinates to produce a set of offset coordinates.
  • the client system 102 applies the set of offsets to the set of coordinates to produce a set of offset coordinates.
  • the set of offset coordinates, produced at block 708, is sent to the server system. In certain examples, the client system 102 sends the set of offset coordinates to the server system 104.
  • the server system 104 receives the set of offset coordinates (e.g., from the client system 102).
  • the server system 104 translates the set of offset coordinates to one or more keyboard characters.
  • the server system 104 may use the set of offsets the server system 104 sent at block 702.
  • the server system 104 may use a mapping of coordinates to keyboard characters associated with the keyboard image the client system 102 presented at 704.
  • the method 700 stops after block 714.
  • FIG. 8 illustrates an example method 800 for using an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • method 800 is described below with reference to the server system 104 of FIG. 1 , other suitable systems or devices for execution of method 800 can be possible, such as the server computing device 300 of FIG. 3.
  • the method 800 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 800 begins at block 802, the server system 104 sends a set of offset to the client computing system 102.
  • the server system 104 may send the client system 102 offset data including a set of offsets to be used at the client system 102 for user entry of one or more characters using a keyboard image at the client system 102.
  • the server system 104 receives a set of offset coordinates from the client system 102.
  • the set of offset coordinates may be produced by the client system 102, which may apply the set of offsets, sent at block 802, to a set of coordinates associated with a location selected by a user on a keyboard image.
  • the server system 104 translates the set of offset coordinates, received at block 804, to one or more keyboard characters.
  • the server system 104 may use the set of offsets the server system 104, sent at block 802, to translate the set of offset coordinates. Additionally, the server system 104 may use a mapping of coordinates to keyboard characters, associated with a keyboard image, to translate the set of offset coordinates.
  • the method 800 stops after block 806.
  • FIG. 9 illustrates an example method 900 for using an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • execution of method 900 is described below with reference to the server system 104 of FIG. 1 , other suitable systems or devices for execution of method 900 can be possible, such as the server computing device 300 of FIG. 3.
  • the method 900 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 900 begins at block 902, the server system
  • the server system 104 generates a set of offsets that includes at least one randomly-generated offset value. For instance, where the server system 104 generates a set of offsets including an X-axis offset value and a Y-axis offset value, either the X-axis offset value, the Y-axis offset value, or both may be randomly generated by the server system 104.
  • Remaining blocks 904-908 may be similar to those described with respect to the method 800 of FIG. 8.
  • block 904 may be similar to block 802
  • block 906 may be similar to 804
  • block 908 may be similar to block 806.
  • the method 900 stops after block 908.
  • FIG. 10 illustrates an example method 1000 for using an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • execution of method 1000 is described below with reference to the server system 104 of FIG. 1 , other suitable systems or devices for execution of method 1000 can be possible, such as the server computing device 300 of FIG. 3.
  • the method 1000 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 1000 begins at block 1002, the server system 104 receives a request from the client system 102 to use a keyboard image for user entry of a set of characters.
  • the request may provide information regarding the set of characters the user intends to enter at the client system 102 using the keyboard image.
  • the request may specify how many characters are to be entered using the keyboard image, an identifier for the set of characters being entered (e.g., sensitive data, such as a PAN, a CVN, account and routing numbers, or a passport number), or the types of characters being entered (e.g., digits, symbols, alphabetical characters, or some combination thereof).
  • the server system 104 may send a set of offsets to the client system 102.
  • the server system 104 may send offset data including a set of offsets to the client system 102 in response to the request received by the server system 104 at block 1002.
  • Remaining blocks 1006-1008 may be similar to those described with respect to the method 800 of FIG.8.
  • block 1006 may be similar to 804, and block 1008 may be similar to block 806.
  • the method 1000 stops after block 1008.
  • FIG. 11 illustrates an example method 1100 for using a keyboard image and an offset coordinate to receive a keyboard character entered at a client computing device by a user.
  • execution of method 1100 is described below with reference to the server system 104 of FIG. 1 , other suitable systems or devices for execution of method 1100 can be possible, such as the server computing device 300 of FIG. 3.
  • the method 1100 may be implemented in the form of executable instructions stored on a computer-readable medium or in the form of electronic circuitry.
  • the method 1100 begins at block 1102, which may be similar to block 1002 described with respect to the method 1000 of FIG. 10.
  • the server system 104 may send a keyboard image to the client system 102.
  • the server system 104 may send the keyboard image to the client system 102 in response to the request received by the server system 104 at block 1102.
  • Remaining blocks 1106-1110 may be similar to those described with respect to the method 800 of FIG.8.
  • block 1106 may be similar to block 802
  • block 1108 may be similar to 804
  • block 1110 may be similar to block 806.
  • the method 1100 stops after block 1110.
  • FIG. 12 illustrates example techniques for using an image of a keypad to facilitate user entry of credit card information at a client system, and using an offset coordinate to facilitate communication of the user entry to payment systems.
  • FIG. 12 presents a payment transaction environment 1200 including a client system 1206, a payment gateway system 1208, and a payment processing system 1210.
  • the client system 1206 is part of the non- PCI portion 1202 of the payment transaction environment 1200 and, accordingly, is not subject to Payment Card Industry (PCI) compliance.
  • PCI Payment Card Industry
  • the payment gateway system 1208 and the payment processing system 1210 are part of the PCI portion 1204 of the payment transaction environment 1200.
  • the payment gateway system 1208 includes a web server 1212, a keypad server 1214, and a datastore 1216, and the payment processing system 1210 includes a tokenizer 1218.
  • the client system 1206 is similar to the client system 102 of FIG.1 or similar to the client computing device 200 of FIG. 2.
  • the keypad server 1214 is similar to the server system 104 of FIG. 1 or similar to the server computing device 300 of FIG. 3.
  • the datastore 1216 can include any organization of data, including a data structure that stores or organizes data in a manner that permits efficient fetching or storage of the data.
  • the datastore 1216 can include traditional database, tables, comma- separate values (CSV) files, and the like.
  • the client system 1206 may be accessible to a client user interested in submitting a payment transaction.
  • the client user can include a consumer, a merchant (e.g., e -commerce merchant), a sales agent (e.g., call center sales agent), and the like.
  • the client user accesses a credit card payment web page at the client system 1206.
  • the client user may access the credit card payment web page through a web browser application, or some other web-enabled application, operating on the client system 1206.
  • the client system 1206 receives the credit card payment web page from the web server 1212 over a Secure Socket Layer (SSL)-encrypted Hypertext Transfer Protocol (HTTP) connection 1222.
  • SSL Secure Socket Layer
  • HTTP Hypertext Transfer Protocol
  • the credit card payment web page includes a variety of fields to facilitate processing of a payment transaction, including fields for gathering information regarding the credit card being used in the payment transaction.
  • the credit card payment web page includes a field for receiving the credit card type (e.g., Visa®, MasterCard®, Discover®, etc.), a field for receiving the credit cardholder's name, a field for credit cardholder's billing address, a field for receiving a primary account number (PAN), a field for receiving a credit card verification number (CVN), a field for receiving an expiration date, or some combination thereof.
  • PAN primary account number
  • CVN credit card verification number
  • the credit card payment web page causes the client system 1206 to initialize (e.g., using an initialization process 1224) and request (e.g., using a request process 1226) a keypad from the keypad server 1214 to enter the value.
  • the credit card payment web page can include executable code (e.g., script) that causes the client system 1206 to perform the initialization process 1224.
  • the entry of characters entered through the requested keypad can result in the entered characters to be communicated from the client system 1206 to the keypad server 1214 as offset coordinates data.
  • the client system 1206 and the keypad server 1214 can communicate various types of initialization data between themselves. For example, during the initialization process 1224, the client system 1206 can send the keypad server 1214 an order identifier (ID) that allows the keypad server 1214 to associate a set of field values, entered at the client system 1206 through the requested keypad, to an appropriate pending order.
  • ID order identifier
  • the keypad server 1214 can send the client system 1206 a keypad session identifier, which the client system 1206 can subsequently use when requesting a keypad from the keypad server 1214 and communicating offset coordinates to the keypad server 1214 for one or more characters at the client system 1206 through the requested keypad (e.g., offset coordinates data communicated for characters of a specific field value being entered at the client system 1206 through the requested keypad).
  • the credit card payment web page can cause the client system 1206 to request a keypad (during the request process 1226), from the keypad server 1214, to enter characters for the field value.
  • the client system 1206 may specify the field the client user at the client system 1206 intends to enter using the requested keypad.
  • the client system 1206 may specify the name of the credit card information field to be provided through the requested keypad, such as the PAN, CVN, or expiration date.
  • the client system 1206 may specify the length of the field value the client user at the client system 1206 intends to enter using the requested keypad.
  • the client system 1206 may further specify types of characters the client user at the client system 1206 intends to enter using the requested keypad.
  • the keypad server 1214 can send an image of a keypad ("keypad image") to be used at the client system 1206 for entry of a field value.
  • the client system 1206 may possess a copy of the keypad image (e.g., a cached copy from a previous keypad session) prior to the request 1224 and, as such, may not request or receive another copy of the image from the keypad server 1214.
  • the keypad image depicts keys that represent characters the client user may enter using the image, including digits, symbols, and alphabetical letters.
  • the keypad image may mimic the appearance of physical keypads, such as those commonly found on physical computer keyboard. The appearance of the keypad depicted by the keypad image may vary between different examples.
  • the keypad server 1214 can also send offset data to the client system 1206, which the client system 1206 can subsequently utilize to generate offset coordinates data communicated to the keypad server 1214, as described herein.
  • the request process 1226 may include the client system 1206 providing the keypad server 1214 with a keypad session identifier, which may have been provided to the client system 1206 during the initialization process 1224.
  • the keypad server 1214 may associate the offset data sent to the client system 1206 with the keypad session received from the client system 1206. In this way, when the client system 1206 includes the keypad session identifier with offset coordinates data that the client system 1206 send to the keypad server 1214, the keypad server 1214 can translate the offset coordinates data using the appropriate offset data.
  • the credit card payment web page may cause the client system 1206 to present a keypad image 1230 at the client system 1206 (during process 1228) to enter characters for a value of a field (e.g., PAN or CVN) included on the credit card payment web page.
  • the client user at the client system 1206 can enter one or more characters using the keypad image 1230, and may do so by selecting points or regions on the keypad image 1230 that correspond to keyboard characters the client user wishes to enter. For some examples, the client user selects the points or regions using a displayed pointer or cursor controlled by the client user.
  • the client system 1206 may prevent the client user from selecting such points or regions using a hardware keyboard or an onscreen virtual keyboard, thereby preventing the client user from using the keypad image to directly enter characters (e.g., numeric or alpha-numeric characters) for the value of the field.
  • characters e.g., numeric or alpha-numeric characters
  • certain credit card information such as a PAN, a CVN, or an expiration date
  • a PAN a PAN
  • CVN a CVN
  • expiration date a date that the client user may use the keypad image to click on digits depicted on the keyboard image to enter the credit card information.
  • these and other examples place the client user and the client system 1206 to remain outside the scope of PCI compliance, as actual the actual character entered are not flowing through the client system 1206 and the client system 1206 is not aware of the actual characters entered.
  • the client system 1206 may produce offset coordinates data 1232.
  • the client system 1206 sends the offset coordinates data 1232 to the keypad server 1214 for further processing.
  • the client system 1206 may include the keypad session identifier, which the keypad server 1214 can use to identify the appropriate offset data to be used during translation of the offset coordinates to one or more keyboard characters.
  • the keypad server 1214 may save the offset coordinates data 1232 to the datastore 1216 for use during later translation and credit card processing. Additionally or alternatively, the keypad server 1214 may translate the offset coordinates data 1232 to coordinates data using the appropriate offset data, or may translate the offset coordinates data 1232 to one or more keyboard characters using the appropriate offset data. During process 1234, the resulting translated coordinates data may be saved to the datastore 1216 for use during later mapping and credit card processing, or the resulting translated keyboard characters) may be saved to the datastore 1216 for later credit card processing.
  • other payment information may be collected 1236 from the client user by the credit card payment web page and submitted (as 1238) by the client system 1206 to the keypad server 1214.
  • the other payment information may include, without limitation, the merchant name, order identifier, customer identifier, customer information (e.g., first name, last name, etc.), cardholder billing address, customer shipping address, and transaction amount.
  • the other payment information does not include the primary account number (PAN) and the credit card verification number (CVN), which may be submitted to the keypad server 1214 as offset coordinates data produced through use of the keypad image, as described herein.
  • PAN primary account number
  • CVN credit card verification number
  • the client system 1206 may include the keypad session identifier may include the keypad session identifier, which the keypad server 1214 can use to retrieve relevant information (during process 1240) from the datastore 1216 that was received at the keypad server 1214 as offset coordinates data. Where the stored information comprises coordinates or offset coordinates, the keypad server 1214 may perform an appropriate translation process to obtain the information in plaintext form.
  • the keypad server 1214 can combine the some or all of the information obtained from the datastore 1214 (e.g., PAN and CVN) with some or all of the other payment information 1238 (e.g., cardholder billing address) received from the client system 1206.
  • the keypad server 1214 may submit the resulting combined information to the tokenizer 1218 (e.g., over an HTTPS connection 1240) for additional payment processing.

Abstract

Selon certains exemples, l'invention concerne un procédé dans lequel un ensemble de décalages sont reçus à partir d'un dispositif informatique de serveur et une image d'un clavier est présentée sur un dispositif d'affichage couplé à un dispositif informatique de client. Le dispositif informatique de client reçoit une sélection, par un utilisateur, d'un emplacement, sur l'image, associé à un caractère de clavier montré par l'image. L'emplacement est associé à un ensemble de coordonnées sur l'image. Le dispositif informatique de client applique l'ensemble de décalages à l'ensemble de coordonnées pour produire un ensemble de coordonnées de décalage. L'ensemble de coordonnées de décalage est envoyé au dispositif informatique de serveur.
PCT/US2014/066870 2014-11-21 2014-11-21 Coordonnées de décalage de clavier WO2016081011A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2014/066870 WO2016081011A1 (fr) 2014-11-21 2014-11-21 Coordonnées de décalage de clavier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2014/066870 WO2016081011A1 (fr) 2014-11-21 2014-11-21 Coordonnées de décalage de clavier

Publications (1)

Publication Number Publication Date
WO2016081011A1 true WO2016081011A1 (fr) 2016-05-26

Family

ID=56014360

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/066870 WO2016081011A1 (fr) 2014-11-21 2014-11-21 Coordonnées de décalage de clavier

Country Status (1)

Country Link
WO (1) WO2016081011A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073809A1 (en) * 2002-10-10 2004-04-15 Wing Keong Bernard Ignatius Ng System and method for securing a user verification on a network using cursor control
WO2010117374A1 (fr) * 2009-04-10 2010-10-14 Qualcomm Incorporated Générateur de clavier virtuel à capacités d'apprentissage
US8176324B1 (en) * 2009-07-02 2012-05-08 Exelis Inc. Method and system for a secure virtual keyboard
US20130021248A1 (en) * 2011-07-18 2013-01-24 Kostas Eleftheriou Data input system and method for a touch sensor input
US20130222247A1 (en) * 2012-02-29 2013-08-29 Eric Liu Virtual keyboard adjustment based on user input offset

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073809A1 (en) * 2002-10-10 2004-04-15 Wing Keong Bernard Ignatius Ng System and method for securing a user verification on a network using cursor control
WO2010117374A1 (fr) * 2009-04-10 2010-10-14 Qualcomm Incorporated Générateur de clavier virtuel à capacités d'apprentissage
US8176324B1 (en) * 2009-07-02 2012-05-08 Exelis Inc. Method and system for a secure virtual keyboard
US20130021248A1 (en) * 2011-07-18 2013-01-24 Kostas Eleftheriou Data input system and method for a touch sensor input
US20130222247A1 (en) * 2012-02-29 2013-08-29 Eric Liu Virtual keyboard adjustment based on user input offset

Similar Documents

Publication Publication Date Title
CN106022017B (zh) 通过虚拟键盘实现密码输入的方法、装置和系统
US9716706B2 (en) Systems and methods for providing a covert password manager
US20140098141A1 (en) Method and Apparatus for Securing Input of Information via Software Keyboards
US9172692B2 (en) Systems and methods for securely transferring authentication information between a user and an electronic resource
US20070038579A1 (en) System and method using order preserving hash
US11809587B2 (en) Multi-party secure information integration system
US10270750B2 (en) Managing access to software based on a state of an account
US9563763B1 (en) Enhanced captchas
CN110521182A (zh) 协议级身份映射
US8897451B1 (en) Storing secure information using hash techniques
CN106603510A (zh) 一种数据处理方法及终端
US9035745B2 (en) Biometric authentication
US8867743B1 (en) Encryption of large amounts of data using secure encryption methods
CN108292350A (zh) 支持联合搜索的对受保护字段的自动操作检测
US9692753B2 (en) Password encode card system and method
CN112559987A (zh) 经由多个设备的多因子认证
US20130086382A1 (en) Systems and methods for securely transferring personal identifiers
CA3060282A1 (fr) Systemes et methodes de saisie et de stockage securises de donnees de nature delicate
US20220051294A1 (en) Systems and methods for identifying internet users in real-time with high certainty
US11281765B1 (en) Token management systems and methods
US20110282946A1 (en) Personal unique url access processing system
KR100495830B1 (ko) 마우스를 이용한 키보드 해킹 방지방법
WO2016081011A1 (fr) Coordonnées de décalage de clavier
KR20200020154A (ko) 금융 서비스 시스템 및 그의 금융 서비스 방법
US10742635B2 (en) Multilevel sign-on

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14906590

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14906590

Country of ref document: EP

Kind code of ref document: A1