IL126017A - Peripheral secure processor system - Google Patents

Peripheral secure processor system

Info

Publication number
IL126017A
IL126017A IL12601798A IL12601798A IL126017A IL 126017 A IL126017 A IL 126017A IL 12601798 A IL12601798 A IL 12601798A IL 12601798 A IL12601798 A IL 12601798A IL 126017 A IL126017 A IL 126017A
Authority
IL
Israel
Prior art keywords
user
computer
secure processor
input
input device
Prior art date
Application number
IL12601798A
Other versions
IL126017A0 (en
Inventor
Reuven Wachtfogel
Rannen Meir
Ron Katz
Original Assignee
Nds Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nds Ltd filed Critical Nds Ltd
Priority to IL12601798A priority Critical patent/IL126017A/en
Priority to GB9907887A priority patent/GB2341257B/en
Publication of IL126017A0 publication Critical patent/IL126017A0/en
Publication of IL126017A publication Critical patent/IL126017A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

A communication method comprising: employing a computer communication interface for communicating with a computer; receiving inputs from a user via a user input interface; employing a secure processor interface for receiving a secure processor and for communication therewith; selecting an operating mode from a plurality of operating modes, wherein the plurality of operating modes includes a first mode and a second mode; and if the first mode is selected, communicating via at least the computer communication interface, and if the second mode is selected, communicating exclusively via at least one of the following: the user input interface; and the secure processor interface. 845 ט' באייר התשס" ב - April 21, 2002

Description

126017/2 no iNQ >opv> ιιν» nmyo PERIPHERAL SECURE PROCESSOR SYSTEM NDS Limited Inventors: Reuven Wachtfogel i>siaoDii in : D>N>nnnn Rannen Meir T>NO γη Ron Katz > γη C: 31110 FIELD OF THE INVENTION The present invention relates to input systems generally, and more particularly to computer input systems employing secure access devices which enable secure access to services provided by computerized systems.
BACKGROUND OF THE INVENTION There are known in the art viruses which act as Trojan Horses to hijack personal identification information of users for illegal use thereafter. The existence of such viruses intimidates many users and affects electronic commerce via networks, such as the Internet.
Sometimes, such viruses read personal identification information of users inputted via input devices. The users have no way of knowing whether a request to enter personal identification information is authentic or generated by a Trojan Horse virus. Additionally, the Trojan Horse virus may also execute an illegal transaction using the stolen personal identification information, and the users have no way of knowing that the transaction has been executed.
When a user inputs personal identification information in response to a request generated by a virus, or when a virus is in a computer used by the user, the virus may read the personal identification information and transmit it to hackers who may use the personal identification information illegally. It is appreciated that the personal identification information may include a credit card number, and the hacker may use the credit card number to steal money from the user.
The Trojan Horse virus may be also harmful in configurations which include smart cards which communicate with transaction terminals via smart card readers. In such a case, the virus may hijack signatures of product providers and send authentic certificates to a smart card. Since the certificates are authentic, the l authentic, the smart card may verify the certificates and provide the personal identification information to the terminal where it may be hijacked by the virus.
US Patent 5,406,624 to Tulpan describes a processor unit connectable between a computer and a keyboard unit. The processor unit stores a plurality of programs for operating the processor unit according to either a Transparent Mode wherein stored data inputted from the keyboard via a keyboard I/O port in the processor unit is transmitted to the computer unit, or according to one of a plurality of Special Handling Modes, and is controlled to select either the Transparent Mode or one of the Special Handling Modes.
US Patent 5,742,756 to Dillaway et al. describes a user security system for use in conjunction with an operator terminal such as a personal computer. The user security system utilizes an intelligent security token, commonly referred to as a Smart Card, for security-critical operations.
US Patent 5,434,395 to Storck et al. describes a plug-in data carrier which includes a processor, a memory connected to the processor and a dedicated memory connected to the processor. Additionally, there is also described a keyboard, substantially of the ISO credit card format, incorporating a microcircuit which, among other things, establishes electrical connection between the keyboard and the device into which it is plugged, the device notably powering the keyboard's microcircuit.
Israel Patent Application 121188 describes a portable EPG device which processes program guide information.
International patent application PCT/TL97/00031, publication number WO 97/35430, describes a pay television system including a pay television network and a subscriber unit which receives pay television transmissions via the pay television network and displays the pay television transmissions on televisions coupled thereto.
US Patent 5,046,093 to Wachob describes subscriber apparatus for a cable television system or the like which comprises a converter/descrambler and programmable remote control.
US Patent 5,517,187 to Bruwer et al. describes encoder and decoder microchips which are suitable for use in remote control devices.
The disclosures of all references mentioned above and throughout the present specification are hereby incorporated herein by reference.
SUMMARY OF THE INVENTION The present invention seeks to provide computer input systems associated with computers and/or computerized systems and having secure access devices which enable conditional access to services provided by the computers and the computerized systems in a secure manner.
In the present invention, a computer input device, such as a keyboard, a mouse or a joystick, includes user operable input means, an indicator, such as a local display, and preferably another conventional indicator, such as a LED or a speaker. The input device also includes a smart card reader which is operative to accept a smart card. The smart card reader may be implemented in conventional circuitry which is comprised in the computer input device.
When a user initiates execution of a program which executes an electronic transaction via a computer, transaction information is generated by the computer or provided to the computer and displayed on a main computer display. Display of the transaction information is typically followed by a request to input personal identification information of the user.
In response to generation of the transaction information and the request to input personal identification information of the user, at least part of the transaction information, and the request to input personal identification information of the user are provided to the smart card reader. The smart card reader preferably performs the following operations: activation of the indicators; disconnection of the user operable input means from the computer and from the main display; and operation of the local display.
When the local display is activated, the request to input personal identification information of the user is displayed on the local display. Additionally, at least part of the transaction information may be also displayed on the local display.
Upon display of the request on the local display, the user inputs at least an item of personal identification information via the user operable input means by employing the local display for visual verification of data inputted via the user operable input means. The item of personal identification information inputted by the user typically includes a personal identification number (PIN). The PIN is typically used to instruct the smart card to release other secret user information that is stored in the smart card, such as a credit card number, a password and any other secret user information that may provide access to valuable user information.
Typically, the smart card will not release any secret user information stored in the smart card if a correct PIN is not inputted. Since the PIN serves as a key which releases other secret information, a copy of the PIN is not kept in the smart card. Rather, a one-way function is executed on the PIN inputted by the user to hash the PIN. The output of the one-way function is typically checked in the smart card, and if the PIN is verified and found to be valid and authentic the smart card releases the secret user information stored in it in an encrypted form readable only by a trusted supplier.
In addition to the PIN, signatures of a supplier which are comprised in the at least part of the transaction information are also checked by the smart card, and if the PIN and the signatures of the supplier are verified and found to be valid and authentic, the smart card reconnects the user operable input means to the computer and to the main display and transmits an authorization to perform the electronic transaction to the computer which performs the transaction in response to receipt of the authorization. Thus, a signed verification of the transaction rather than the personal identification information of the user is provided to the computer. Accordingly, personal information of the user cannot be hijacked, and the verification of the transaction in the smart card is performed independently of the computer and thereby of the Trojan Horse virus.
The smart card may be operative to display on the local display any secret user information that is provided during the transaction. The smart card may also display different types of secret information in different colors and/or in any special characters, such as bold characters, big characters, small characters, underlined characters and blinking characters. Additionally, the smart card may also associate different secrecy levels to different types of secret information. The secret information is preferably stored in an encrypted form in the smart card so that even if the smart card is stolen, a thief cannot use the secret information stored in the smart card.
A similar method may be applied for personalizing operating parameters of the input device. In such a case, a reconfiguration program which is operative to reconfigure the input device rather than the program which executes the electronic transaction may be executed by the user. The reconfiguration program may be executed at any time and independently from the program which executes the electronic transaction.
The reconfiguration program is operative to generate a message indicating that the input device will be reconfigured at the end of the program, and a request to input personal identification information of a user. Once the smart card receives the request, operations which are similar to the operations mentioned above with reference to the program which executes the electronic transaction are performed until the smart card verifies the personal identification information of the user. If the personal identification information of the user is verified, the smart card provides to the computer personalization information which is stored in the smart card. The computer employs the personalization information to personalize at least part of an action of the input device.
There is thus provided in accordance with a preferred embodiment of the present invention a method for performing an electronic transaction between a computer and a secure processor each operatively associated with an input device, the method including transmitting transaction information from the computer to the secure processor, displaying a display item including at least a portion of the transaction information and a request to input personal identification information, mutually exclusively operatively associating the input device, the secure processor and an indicator, generating, via the indicator, an indication indicating receipt of the request, inputting, via the input device, personal identification information of a user in response to the request, verifying the personal identification information of the user, ending the step of mutually exclusively operatively associating the input device, the secure processor and an indicator, and transmitting an authorization to perform the transaction from the secure processor to the computer in response to the verifying step.
The indication is preferably generated locally to the input device.
Preferably, the displaying step includes the step of locally displaying the at least a portion of the transaction information associated with the request, and the method also includes the steps of disconnecting the input device from the computer and from a main display associated with the computer, and connecting the input device to a local display.
Preferably, the secure processor is included in a smart card.
The authorization to perform the transaction preferably includes at least one of the following: the transaction information; encrypted secret information of the user; and a signature identifying the transaction information and the encrypted secret information of the user.
Preferably, the verifying step includes the step of authenticating the personal identification information of the user. The authenticating step preferably includes the step of authenticating a signature of the user.
Alternatively or additionally, the verifying step includes the step of validating the personal identification information of the user.
Preferably, the method also includes the step of reconnecting the input device to the computer after the step of transmitting an authorization to perform the transaction.
There is also provided in accordance with a preferred embodiment of the present invention a method for personalizing operating parameters of an input device selectively operatively associated with a secure processor and a computer, the method including generating an indication indicating receipt of a request to input personal identification information, inputting, via the input device, personal identification information of a user in response to the request, verifying the personal identification information of the user, and employing personalization information personalizing at least part of an action of the input device and received from the secure processor to personalize the at least part of an action of the input device in response to the verifying step.
Preferably, the generating step includes the step of displaying the request on a local display, and the method also includes the steps of disconnecting the input device from the computer and from a main display associated with the computer, and connecting the input device to the local display.
Further in accordance with a preferred embodiment of the present invention there is also provided a communication method including employing a computer communication interface for communicating with a computer, receiving inputs from a user via a user input interface, employing a secure processor interface for receiving a secure processor and for communication therewith, selecting an operating mode from a plurality of operating modes, wherein the plurality of operating modes includes a first mode and a second mode, and if the first mode is selected, communicating via at least the computer communication interface, and if the second mode is selected, communicating exclusively via at least one of the following: the user input interface; and the secure processor interface.
There is also provided in accordance with a preferred embodiment of the present invention an input device for inputting information useful in performing an electronic transaction between a computer and a secure processor, the input device including user operable input means selectively operatively associated with the secure processor and the computer and operative to input personal identification information of a user in response to a request to input personal identification information, an indicator operative to provide an indication indicating receipt of the request to input personal identification information provided via the computer, and an IC device reader and writer exclusively operatively associated with the user operable input means and the indicator in a first mode of operation, and operatively associated with the secure processor and the computer in a second mode of operation, wherein the IC device reader and writer is operative, in the second mode of operation, to access the secure processor for transmitting an authorization to perform the transaction from the secure processor to the computer in response to a verification of the personal identification information of the user inputted via the user operable input means in the first mode of operation.
Preferably, the indicator includes at least one of a light source and a ■ sound generator. Alternatively or additionally, the indicator includes a local display operative to display the personal identification information of the user inputted via the user operable input means, and the IC device reader and writer is also operative to disconnect the user operable input means from the computer and from a main display associated with the computer, and to connect the user operable input means to the local display.
The user operable input means may include at least one of the following: a keyboard; a tablet associated with a pen for inputting at least one of handwritten text and data; a mouse; and a joystick. The local display is preferably included in the user operable input means.
There is also provided in accordance with a preferred embodiment of the present invention an adjustable input device usable with a computer and a secure processor operatively associated with the input device, the input device including user operable input means selectively operatively associated with the secure processor and the computer and operative to input personal identification information of a user in response to a request to input personal identification information, an indicator operative to provide an indication indicating receipt of the request to input personal identification information provided via the computer, and an IC device reader and writer exclusively operatively associated with the user operable input means and the indicator in a first mode of operation, and operatively associated with the secure processor and the computer in a second mode of operation, wherein the IC device reader and writer is operative, in the second mode of operation, to access the secure processor for receiving from the secure processor personalization information personalizing at least part of an action of the user operable input means in response to a verification of the personal identification information of the user inputted via the user operable input means in the first mode of operation.
Preferably, the indicator includes a local display operative to display the personal identification information of the user inputted via the user operable input means, and the IC device reader and writer is also operative to disconnect the user operable input means from the computer and from a main display associated with the computer, and to connect the user operable input means to the local display.
Preferably, the user operable input means includes a joystick, and the personalization information includes gain adjusting information for adjusting a gain of the joystick in at least one direction.
Alternatively or additionally, the user operable input means includes a mouse, and the personalization information includes information determining at least one of the following: an input language used by the mouse, a mode of operation of mouse buttons; a mouse cursor size; and tracking parameters of the mouse.
Further alternatively, the user operable input means includes at least one of a keyboard and a tablet, and the personalization information includes information determining at least one of the following: an input language used by the at least one of a keyboard and a tablet; and a mode of operation of at least one keyboard key.
Further in accordance with a preferred embodiment of the present invention there is also provided an input device for use with a computer and adapted to receive a secure processor, the input device including a computer communication interface for communicating with a computer, a user input interface for receiving input from a user of the input device, a secure processor interface adapted to receive a secure processor and operative to communicate therewith, and a mode selector for selecting an operating mode of the input device from a plurality of operating modes, wherein the plurality of operating modes includes a first mode and a second mode, and the input device is operative, in a first mode, to communicate via at least the computer communication interface, and the input device is operative, in a second mode, to communicate exclusively via at least one of the following: the user input interface; and the secure processor interface.
Preferably, the mode selector is operative upon receipt of a first signal from the computer communication interface, to select the second mode, and to select the first mode upon receipt of a second signal from at least one of the following: the user input interface; and the secure processor interface.
Further preferably, the secure processor is included in a smart card and the secure processor interface includes a smart card reader.
BRIEF DESCRIPTION OF THE DRAWINGS The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which: Fig. 1 is a simplified pictorial illustration of a preferred implementation of a keyboard based input device constructed and operative in accordance with a preferred embodiment of the present invention; Fig. 2 is a simplified pictorial illustration of a preferred implementation of a mouse based input device constructed and operative in accordance with another preferred embodiment of the present invention; Fig. 3 is a simplified pictorial illustration of a preferred implementation of a joystick based input device constructed and operative in accordance with yet another preferred embodiment of the present invention; Fig. 4 is a simplified block diagram illustration of a preferred implementation of an input device constructed and operative in accordance with another preferred embodiment of the present invention; Fig. 5 is a simplified flow chart illustration of a preferred method of operation of the apparatus of Figs.1 - 3; Figs. 6A and 6B together constitute a simplified flow chart illustration of another preferred method of operation of the apparatus of Figs.1 - 3; and Fig. 7 is a simplified flow chart illustration of a preferred method of operation of the apparatus of Fig. 4.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT Reference is now made to Fig. 1 which is a simplified pictorial illustration of a preferred implementation of a keyboard based input device 10 constructed and operative in accordance with a preferred embodiment of the present invention.
Preferably, the input device 10 is operatively associated with a computer 15 and a main computer display 20 for inputting data to the computer 15. The input device 10 preferably includes user operable input means 25 which typically include a keyboard 30 and a keypad 35 embodied in a single board unit 40. Alternatively, the user operable input means 25 may include a tablet associated with a pen for inputting at least one of handwritten text and data.
The user operable input means 25 are preferably operatively associated with the computer 15 and the main display 20 via any appropriate conventional communication means, such as a cable 45. Alternatively, the user operable input means 25 may be operative to communicate with the computer 15 and the main display 20 over the air via a wireless communication link (not shown).
The input device 10 also preferably includes an integrated circuit (IC) device reader and writer 50 which may be housed in a housing 55. The housing 55 may be mounted on top of a portion of the board unit 40 and may be attached to the board unit 40 by any appropriate conventional coupling means. Alternatively, the housing 55 may be comprised in the board unit 40.
Preferably, the input device 10 also includes at least one conventional indicator. Preferably, at least one of the following indicators may be employed: a light source 60, such as a light emitting diode (LED); a sound generator 65, such as a speaker; and a local display 70, such as a liquid crystal display (LCD). However, it is appreciated that the number of indicators and the type of indicators shown in Fig. 1 and described above are by way of example only and are not meant to be limiting.
Each of the indicators 60, 65 and 70 is preferably housed in the housing 55. Preferably the following units: the indicators 60, 65 and 70; the user operable input means 25 or a portion thereof, such as the keyboard 30 or the keypad 35, and the IC device reader and writer 50 are mutually exclusively operatively associated.
The term "exclusively operatively associated" is used throughout the specification and claims to indicate linkage between a series of devices in which each device in the series of devices may communicate with other devices in the series of devices, but when the devices in the series of devices communicate with each other, they are disabled from communication with other devices which are not part of the series of devices. It is appreciated that disabling of communication between the devices in the series of devices and other devices which are not part of the series of devices may be implemented in firmware. Alternatively, a switch may be operated to electrically disconnect the series of devices from devices which are not part of the series of devices.
Preferably, the IC device reader and writer 50 is operative to accept a smart card 75 in which a secure processor is typically embedded. The smart card 75 may preferably be inserted in a smart card receptacle 80 in the IC device reader and writer 50. It is appreciated that the secure processor may be embedded in the user operable input means 25 in which case the receptacle 80 is optional and typically not present.
Alternatively, the IC device reader and writer 50 may include a conventional PCMCIA reader and writer (not shown), the smart card 75 may include a PCMCIA card having a secure processor embedded therein (not shown), and the receptacle 80 may include a PCMCIA slot (not shown).
Further alternatively, the smart card 75 may include a contactless smart card (not shown) which communicates with the IC device reader and writer 50 via a wireless link (not shown), such as a radio-frequency (RF) wireless link. In such a case, the contactless smart card is brought in proximity to the IC device reader and writer 50 in order to establish communication with the IC device reader and writer 50.
The IC device reader and writer 50 is preferably operatively associated with the smart card 75 to enable access to/from the smart card 75 via the IC device reader and writer 50 by the following units: the user operable input means 25, or a portion thereof; each of the indicators 60, 65 and 70; and the computer 15. It is appreciated that the IC device reader and writer 50 may be operatively associated with the keyboard 30 or the keypad 35 or with both the keyboard 30 and the keypad 35.
Alternatively, the smart card 75 may include at least one of the indicators 60, 65 and 70 and input means, such as a touch sensitive keypad (not shown) which may include numeric keys and function keys as in the keypad 35. The touch sensitive keypad and the indicators 60, 65 and 70 may preferably be integrated in the smart card 75 and linked with the secure processor in the smart card 75 via a secure link (not shown) which is preferably embedded in the smart card 75. It is appreciated that such a configuration may improve security of the apparatus 10 since a potential hacker cannot access the secure link in the smart card 75, whereas if the indicators 60, 65 and 70 and the keypad 35 are associated with the IC device reader and writer 50, the hacker may have access to the indicators 60, 65 and 70 and the keypad 35 via the IC device reader and writer 50.
If the smart card 75 is a PCMCIA card having a secure processor embedded therein, the PCMCIA card may be of the type which protrudes from the receptacle 80 when inserted in the receptacle 80 and thus the touch sensitive keypad may be mounted on the PCMCIA card. Alternatively, the touch sensitive keypad may be coupled to the PCMCIA card via any conventional means. Preferably, the touch sensitive keypad may be employed to enter inputs to the PCMCIA card. PCMCIA cards which protrude from a PCMCIA receptacle and PCMCIA cards which include a keypad are well-known in the art.
Preferably, the cable 45 may be used for supplying electricity to the following units: the user operable input means 25; the IC device reader and writer 50; the light source 60; the sound generator 65; and the local display 70. Additionally, the cable 45 may be also used for internal data communication between the user operable input means 25, the IC device reader and writer 50, and the local display 70, and for data communication between the input device 10 and the computer 15.
The operation of the apparatus 10 of Fig. 1 is now briefly described. Preferably, the apparatus 10 is operative to perform any operation which requires intervention of the smart card 75, such as a secure electronic transaction between the computer 15 and the smart card 75. Additionally or alternatively, the apparatus 10 may be operative to provide conditional access to a remote server and/or to any appropriate data storage device, such as a hard disk (not shown) in the computer 15, or portions of the hard disk.
Typically, a user operates the computer 15 using the user operable input means 25. When transaction information, or any other information which requires personal identification information of the user, is received at the computer 15 from a remote location (not shown), or generated at the computer 15, the computer 15 provides at least part of the transaction information and a request to input personal identification information of the user to the smart card 75. Preferably, the transaction information may include at least one of the following: a product certificate; a supplier certificate; cost information; and a list of required secret user information items.
The term "personal identification information" is used throughout the specification and claims to include information uniquely related to a person or information which may be derived from the information uniquely related to the person, typically by using a one-way function. The information related to the person may be also used, in some applications, to identify the person.
Upon receipt of the transaction information and the request to input personal identification information at the smart card 75, at least one indicator comprised in the input device 10 may be activated to generate an indication indicating receipt of the request to input personal identification information of the user for initiating the transaction. The at least one indicator may include any appropriate type of conventional indicator, such as the light source 60, the sound generator 65 and the local display 70.
Typically, an indication generated by the light source 60 includes a blinking light. An indication generated by the sound generator 65 typically includes a beep sound. The blinking light, the beep sound or any indication generated by an appropriate conventional indicator may be stopped when the user inputs personal identification information via the user operable input means 25 and the personal identification information of the user is verified by the smart card 75.
It is appreciated that verification of the personal identification information of the user by the smart card 75 may include authentication of the personal identification information of the user. The authentication may include authentication of a signature of the user. Alternatively or additionally, the verification may include validation of the personal identification information of the user.
In a configuration in which the input device 10 includes the local display 70, the IC device reader and writer 50 may preferably disconnect the user operable input means 25 and the main display 20 from the computer 15, and connect the user operable input means 25 to the local display 70 in response to reception of the transaction information and the request to input the personal identification information of the user from the computer 15. Preferably, the request to input the personal identification information of the user may be displayed on the main display 20 prior to disconnection of the main display 20 from the computer 15, and on the local display 70 once the local display 70 is activated. The local display 70 may be used by the user for visual verification of data inputted via the user operable input means 25 when inputting the personal identification information. The personal identification information of the user is typically associated with a personal identification number (PIN).
It is appreciated that the request to input personal identification information may include a request to input secret information which is preferably, but not necessarily, associated with the personal identification information. Accordingly, the personal identification information of the user may include information which is considered by the user as secret, such as a credit card number, a password and any other secret user information that may be stored in the smart card and used to identify the user and/or to provide access to valuable user information.
Alternatively or additionally, the personal identification information of the user may include a plurality of PINs, and each PIN may be associated with a different service or application. It is appreciated that any secret user information which is stored in the smart card 75 is preferably stored in an encrypted form so that even if the smart card 75 is stolen, a thief cannot use the secret information stored in the smart card 75.
Disconnection of the user operable input means 25 from the computer 15 and use of the local display 70 which is operatively associated only with the user operable input means 25, assures that the transaction itself has not been replaced and that the user may input the personal identification information without interference from any software program in the computer 15 and without any possible link to the computer 1 which may be used by a virus program to hijack the personal identification information and the secret information of the user and to disclose them to a hacker.
It is appreciated that the local display 70 may be used for display of the following information: the product certificate; the supplier certificate; the cost information; and the list of required secret user information. If some of the required secret user information is not available in the smart card 75, the user is typically prompted to enter the unavailable information.
Once the user inputs personal identification information via the user operable input means 25 using the local display 70, the smart card 75 checks the personal identification information of the user and signatures of a supplier which are comprised in the at least part of the transaction information.
Preferably, the personal identification information inputted by the user includes an item of personal identification information, such as a PIN. The PIN is typically used to instruct the smart card 75 to release other secret user information that is stored in the smart card 75, such as a credit card number, a password and any other secret user information that may provide access to valuable user information.
Typically, the smart card 75 will not release any secret user information stored in the smart card 75 if a correct PIN is not inputted. Since the PIN serves as a key which releases other secret information, a copy of the PIN is not kept in the smart card 75. Rather, a one-way function is executed on the PIN inputted by the user to hash the PIN. The output of the one-way function is typically checked in the smart card 75 against a corresponding value stored in the smart card 75, and if the PIN is verified and found to be valid and authentic the smart card 75 releases the secret user information stored in it in an encrypted form readable only by a trusted supplier.
Preferably, in addition to the PIN, the signatures of the supplier which are comprised in the at least part of the transaction information are also checked by the smart card 75 against corresponding values stored in the smart card 75, and if the PIN and the signatures of the supplier are verified and found to be valid and authentic, the smart card 75 reconnects the user operable input means 25 to the computer 15 and to the main display 20, and transmits a signature associated with secret information of the user or an authorization to perform the transaction to the computer 15 which performs the transaction in response to receipt of the authorization. It is appreciated that the authorization may preferably include secret information encrypted with keys provided in the supplier certificate so that only the supplier may interpret the secret information.
It is appreciated that if the smart card 75 transmits a signature associated with secret information, the signature is preferably validated by the remote location and used as a proof of authenticity of the smart card 75 and of the PIN involved in the transaction.
Thus, a signed verification of the transaction rather than the personal identification information of the user is provided to the computer 15. Accordingly, personal information of the user cannot be hijacked, and the verification of the transaction in the smart card 75 is performed independently of the computer 15 and thereby of the Trojan Horse virus.
It is appreciated that the smart card 75 may be also operative to display on the local display 70 any secret user information that is provided during the transaction if display of the secret user information is required by the user. Preferably, the smart card 75 may also display different types of secret information in different colors and/or in any special characters, such as bold characters, underlined characters, big, characters, small characters and blinking characters. Additionally or alternatively, the smart card 75 may also associate different secrecy levels to different types of secret information.
It is appreciated that each transaction may include a transaction identification number which may be generated by a random number generator in order to prevent repetitions.
Preferably, in an application in which the input device 10 provides conditional access to data provided by a data provider via a remote server and/or to any appropriate data storage device, such as a hard disk, the smart card 75 does not provide any secret user information to the server or the hard disk. Rather, the smart card 75 is operative to perform an authentication procedure to provide a proof of authenticity to the data provider, or to provide a signature for association with data downloading. It is appreciated that in such a case, the user may be required to enter the PIN only to enable operation of the smart card 75. It is further appreciated that if the proof of authenticity is provided, the data may be downloaded and/or otherwise accessed. Preferably, in such an application the main display may remain connected throughout the input of the PIN.
The input device 10 of Fig. 1 is also useful in personalizing the user operable input means 25. Preferably, the user may execute a program which personalizes the user operable input means 25 by employing parameters which may be stored in the smart card 75.
Preferably, when the program is executed, a request to input personal identification information of a user is displayed on the main display 20 and provided by the computer 15 to the smart card 75. In response to the request received at the smart card 75, the smart card 75 preferably generates a request to input a PIN. It is appreciated that at least one of the indicators 60, 65 and 75 may be used to alert the user of the request generated by the smart card 75.
Preferably, the user may input personal identification information via the user operable input means 25 in response to the request. The smart card 75 preferably checks the personal identification information of the user, and if the personal identification information is verified, the smart card 75 transmits personalization information personalizing at least part of an action of the user operable input means 25 to the computer 15. The personalization information is preferably employed by the program to personalize the action of the user operable input means 25.
It is appreciated that the personalization information may include information determining at least one of the following: an input language used by the keyboard 30; and a mode of operation of at least one keyboard key, such as locking of keys or use of keys for special functions.
Preferably, if the input device 10 includes the local display 70, the personal identification information of the user is displayed on the local display 70, and the IC device reader and writer 50 is operative to disconnect the user operable input means 25 from the computer 15 and from the main display 20, and to connect the user operable input means 25 to the local display 70.
It is appreciated that the input device 10 may be also personalized. Preferably, personalization of the input device 10 may be established by pairing the IC device reader and writer 50 with certain smart cards, or with a unique smart card. Thus, the user may carry around the input device 10 as a personal portable input device which he can plug to and use with any computer, but other users cannot use the input device 10.
The input device 10 may be also used as a stand-alone unit which communicates and performs monetary transactions via a wireless link (not shown) with automated machines (not shown), such as vending machines, and debiting machines used in automatic purchase of services, such as automatic gas pumps in gas stations. Preferably, each transaction may include a transaction identification number which may be generated by a random number generator in order to prevent repetitions.
Reference is now made to Fig. 2 which is a simplified pictorial illustration of preferred implementation of a mouse based input device 100 constructed and operative in accordance with another preferred embodiment of the present invention.
Preferably, the input device 100 includes mouse based user operable input means 105, such as a set of conventional mouse buttons. The user operable input means 105 are preferably housed in a mouse housing 110 and are operatively associated with a conventional computer and a conventional main display (not shown) via any appropriate conventional communication means, such as a mouse cable 1 15.
The input device 100 also preferably includes an IC device reader and writer 120 which may be also housed in the mouse housing 1 10 and integrated with conventional mouse circuitry (not shown) which may provide conventional mouse pointing and selecting functionality. The IC device reader and writer 120 is preferably operative to accept a smart card 125 in which a secure processor is typically embedded. Preferably, the smart card 125 may be inserted in a receptacle 130 in the IC card reader and writer 120.
Preferably, the input device 100 also includes at least one conventional indicator. Preferably, at least one of the following conventional indicators may be employed, a light source 135, such as a LED; and a sound generator 140, such as a speaker. It is appreciated that in certain designs, the mouse housing 1 10 may also include a local display (not shown), similar to the local display 70 of Fig. 1. It is appreciated that the number of indicators and the type of indicators shown in Fig. 2 and described above are by way of example only and are not meant to be limiting.
Preferably, the mouse cable 115 may be used for supplying electricity to all units inside the input device 100, for internal data communication between the units in the input device 100, and for data communication between the input device 100 and the computer.
The functionality of the input device 100 is substantially similar to the functionality of the apparatus of Fig. 1 , except that inputs to the computer may be provided via the set of conventional mouse buttons rather than via the keyboard 30 or the keypad 35 of Fig. 1. Alternatively or additionally, the set of mouse buttons may be employed to reconfigure a pre-selected set of keys in the keyboard 30 of Fig. 1 (not shown) in a mode of operation in which only keys in the pre-selected set of keys may be used to provide an input to the local display 70 of Fig. 1.
Preferably, at least one action of the user operable input means 105 may be personalized, such as gain in the up direction. The at least one action of the user operable input means 105 may be personalized, as mentioned above with reference to Fig. 1, by employing personalization information stored in the smart card 125. Preferably, the personalization information includes information determining at least one of the following: an input language used to input data to the computer; a mode of operation of mouse buttons; a mouse cursor size; and tracking parameters of the mouse.
Reference is now made to Fig. 3 which is a simplified pictorial illustration of a preferred implementation of a joystick based input device 200 constructed and operative in accordance with yet another preferred embodiment of the present invention.
Preferably, the input device 200 includes joystick based user operable input means 205, which may include, for example, a joystick stick 210 and a push-button 215. The user operable input means 205 are preferably housed in a joystick housing 220 and are operatively associated with a conventional computer and a conventional main display (not shown) via any appropriate conventional communication means, such as a joystick cable 225.
The input device 200 also preferably includes an IC device reader and writer 230 which may be also housed in the joystick housing 220 and integrated with conventional joystick circuitry (not shown) which may provide joystick functionality. The IC device reader and writer 230 is preferably operative to accept a smart card 235 in which a secure processor is typically embedded. Preferably, the smart card 235 may be inserted in a receptacle 240 in the IC card reader and writer 230.
Preferably, the input device 200 also includes at least one conventional indicator. Preferably, at least one of the following conventional indicators may be employed: a light source 245, such as an LED; a sound generator 250, such as a speaker; and a local display 255, such as an LCD. It is appreciated that the number of indicators and the type of indicators shown in Fig. 3 and described above are by way of example only and are not meant to be limiting.
The joystick cable 225 may preferably be used for supplying electricity to all units inside the input device 200, for internal data communication between the units in the input device 200, and for data communication between the input device 200 and the computer.
The functionality of the input device 200 is substantially similar to the functionality of the apparatus of Fig. 1 , except that inputs to the computer may be provided via the stick 210 and the push-button 215 rather than via the keyboard 30 or the keypad 35 of Fig. 1.
Alternatively or additionally, at least one action of the stick 210 may be personalized, such as gain in the down direction. The at least one action of the stick 210 may be personalized, as mentioned above with reference to Fig. 1, by employing personalization information stored in the smart card 235. Preferably, the personalization information may include gain adjusting information for adjusting a gain of the stick 210 in at least one direction.
Reference is now made to Fig. 4 which is a simplified block diagram illustration of a preferred implementation of an input device 300 constructed and operative in accordance with another preferred embodiment of the present invention.
Preferably, the input device 300 includes the following units: a computer communication interface 305; a user input interface 310; a secure processor interface 315; and a mode selector 320.
The computer communication interface 305 is preferably operative to communicate with a computer 325. Preferably, the user input interface 310 is operative to receive inputs from a user of the input device 300. The secure processor interface 315 is preferably adapted to receive a secure processor 330 and operative to communicate therewith.
Preferably, the mode selector 320 is operative to select an operating mode of the input device 300 from a plurality of operating modes. The plurality of operating modes preferably includes a first mode and a second mode. In the first mode, the input device 300 is operative to communicate via at least the computer communication interface 305. In the second mode, the input device 300 is operative to communicate exclusively via at least one of the following: the user input interface 310; and the secure processor interface 315.
Reference is now made to Fig. 5 which is a simplified flow chart illustration of a preferred method of operation of the apparatus of Figs.1 - 3.
Preferably, a user operates a computer via an input device to execute an electronic transaction program as part of an electronic transaction. In the electronic transaction, transaction information is preferably transmitted from the computer to a secure processor which is associated with the computer and the input device. Preferably, at least a portion of the transaction information is displayed on a main computer display together with a request to input personal identification information.
When the request to input personal identification information is displayed, the following units are mutually exclusively operatively associated: the input device; an IC device reader and writer which is operative to provide access to the secure processor; and an indicator which is operative to generate an indication indicating receipt of the request. Preferably, personal identification information of a user is inputted via the input device in response to the request, and the personal identification information of the user is verified in the secure processor. If verification of the personal identification information of the user is established, an authorization to perform the transaction is transmitted from the secure processor to the computer in response to the verification.
Reference is now made to Figs. 6A and 6B which together constitute a simplified flow chart illustration of another preferred method of operation of the apparatus of Figs.1 - 3.
Preferably, a user may operate a computer via an input device and execute a program which may initiate an electronic transaction. In response to initiation of the electronic transaction, transaction information may be provided to the computer or generated by the computer and displayed on a main computer display.
It is appreciated that the transaction information may be associated with a request to input personal identification information of the user. Alternatively, the request to input personal identification information of the user may be generated by the computer in response to reception of the transaction information.
Preferably, the request to input personal identification information of the user is provided to a smart card which is operatively associated with the input device via a smart card reader which is coupled to the input device. When the smart card receives the request to input personal identification information of the user, the smart card reader preferably performs operations such as the following operations: alerting the user to indicate that a request to input personal identification information of the user is received at the smart card; disconnecting user operable input means comprised in the input device from the computer and from the main display associated with the computer; and operating a local display which is operatively associated with the user operable input means and the smart card reader only and is preferably housed in the input device. It is appreciated that the operations performed by the smart card reader may be performed under control of a controller associated with the smart card reader, or the smart card.
It is appreciated that if the user operable input means are not associated with a local display, the smart card preferably alerts the user by activating an indicator such as an LED or a speaker. Alternatively, if the input device does not include an LED and a speaker, the smart card preferably performs only the operations of disconnecting the user operable input means from the computer and from the main display associated with the computer, and operating the local display.
When the local display is activated, the request to input personal identification information of the user is preferably displayed on the local display.
Additionally, at least part of the transaction information may be also displayed on the local display.
Preferably, upon display of the request on the local display, the user may input personal identification information via the input device by employing the local display for visual verification of data inputted via the input device. The personal identification information inputted by the user is preferably checked by the smart card, and if the personal identification information of the user is verified, the smart card transmits an authorization to perform the electronic transaction to the computer, and the computer performs the transaction. If the personal identification information of the user is not verified, the user is preferably prompted to input correct personal identification information.
Preferably, after the transaction is performed, the smart card reconnects the input device to the computer and to the main display.
A similar method may be applied for personalizing operating parameters of the input device. In such a case, a reconfiguration program which is operative to reconfigure the input device may be executed by the user rather than the program which executes the electronic transaction. The reconfiguration program may be executed at any time and independently from the program which executes the electronic transaction.
Preferably, the reconfiguration program is operative to generate a message indicating that the input device will be reconfigured at the end of the program, and a request to input personal identification information. The request to input personal identification information is preferably provided to the smart card.
Once the smart card receives the request, operations which are similar to the operations mentioned above with reference to the program which executes the electronic transaction may be performed until the smart card verifies the personal identification information of the user. If the personal identification information of the user is verified, the smart card provides personalization information which is preferably stored in the smart card to the computer which employs the personalization information to personalize at least part of an action of the input device. If the personal identification information of the user is not verified, the user is prompted to input correct personal identification information.
It is appreciated that if the input device includes a keyboard, the personalization information may include information determining at least one of the following: an input language used by the keyboard; and a mode of operation of at least some keyboard keys, such as locking of keys or use of keys for special functions.
If the input device includes a mouse, the personalization information may include information determining at least one of the following: an input language used by the mouse; a mode of operation of mouse buttons; a mouse cursor size; and tracking parameters of the mouse. Further, if the input device includes a joystick, the personalization information may include gain adjusting information for adjusting a gain of the joystick in at least one direction.
Reference is now made to Fig. 7 which is a simplified flow chart illustration of a preferred method of operation of the apparatus 300 of Fig. 4.
Preferably, a computer communication interface is employed for communication with a computer. Additionally, inputs from a user are received via a user input interface, and a secure processor interface is employed for accepting a secure processor and for communication with the secure processor.
Preferably, an operating mode is selected from a plurality of operating modes. The plurality of operating modes preferably includes a first mode and a second mode.
In the first mode, communication is performed via at least the computer communication interface. In the second mode, communication is exclusively performed via at least one of the following: the user input interface; and the secure processor interface.
It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described herein above. Rather the scope of the invention is defined only by the claims which follow: What is claimed is:

Claims (31)

1. A method for performing an electronic transaction between a computer and a secure processor each operatively associated with an input device, the method comprising: transmitting transaction information from the computer to the secure processor; displaying a display item comprising at least a portion of the transaction information and a request to input personal identification information; mutually exclusively operatively associating the input device, the secure processor and an indicator; generating, via the indicator, an indication indicating receipt of said request; inputting, via the input device, personal identification information of a user in response to said request; verifying the personal identification information of the user; ending the mutually exclusive operative association of the input device, the secure processor and an indicator; and transmitting an authorization to perform the transaction from the secure processor to the computer in response to said verifying step.
2. A method according to claim 1 and wherein said indication is generated locally to the input device.
3. A method according to claim 1 or claim 2 and wherein said displaying step comprises the step of locally displaying said at least a portion of the transaction information associated with said request, and the method also comprises the steps of: disconnecting the input device from the computer and from a main display associated with the computer; and connecting the input device to a local display.
4. A method according to any of claims 1 - 3 and wherein said secure processor is comprised in a smart card.
5. A method according to claims 1 - 4 and wherein said authorization to perform the transaction comprises at least one of the following: the transaction information; encrypted secret information of the user; and a signature identifying the transaction information and the encrypted secret information of the user.
6. A method according to any of claims 1 - 5 and wherein said verifying step comprises the step of authenticating the personal identification information of the user.
7. A method according to claim 6 and wherein said authenticating step comprises the step of authenticating a signature of the user.
8. A method according to any of claims 1 - 5 and wherein said verifying step comprises the step of validating the personal identification information of the user.
9. A method according to any of claims 3 - 8 and also comprising the step of reconnecting the input device to the computer after said step of transmitting an authorization to perform the transaction.
10. A method for personalizing operating parameters of an input device selectively operatively associated with a secure processor and a computer, the method comprising: generating an indication indicating receipt of a request to input personal identification information; inputting, via the input device, personal identification information of a user in response to said request; verifying the personal identification information of the user; and employing personalization information personalizing at least part of an action of the input device and received from the secure processor to personalize said at least part of an action of the input device in response to said verifying step.
11. A method according to claim 10 and wherein said generating step comprises the step of displaying said request on a local display, and the method also comprises the steps of: disconnecting the input device from the computer and from a main display associated with the computer; and connecting the input device to the local display.
12. A communication method comprising: employing a computer communication interface for communicating with a computer; receiving inputs from a user via a user input interface; employing a secure processor interface for receiving a secure processor and for communication therewith; selecting an operating mode from a plurality of operating modes, wherein the plurality of operating modes includes a first mode and a second mode; and if the first mode is selected, communicating via at least the computer communication interface, and if the second mode is selected, communicating exclusively via at least one of the following: the user input interface; and the secure processor interface.
13. An input device for inputting information useful in performing an electronic transaction between a computer and a secure processor, the input device comprising: user operable input means selectively operatively associated with said secure processor and said computer and operative to input personal identification information of a user in response to a request to input personal identification information; an indicator operative to provide an indication indicating receipt of the request to input personal identification information provided via the computer; and an IC device reader and writer exclusively operatively associated with said user operable input means and said indicator in a first mode of operation, and operatively associated with said secure processor and said computer in a second mode of operation, wherein said IC device reader and writer is operative, in the second mode of operation, to access the secure processor for transmitting an authorization to perform the transaction from the secure processor to the computer in response to a verification of the personal identification information of the user inputted via the user operable input means in the first mode of operation.
14. Apparatus according to claim 13 and wherein said indicator comprises at least one of a light source and a sound generator.
15. Apparatus according to claim 13 and wherein said indicator comprises a local display operative to display the personal identification information of the user inputted via the user operable input means, and said IC device reader and writer is also operative to disconnect the user operable input means from the computer and from a main display associated with the computer, and to connect the user operable input means to the local display.
16. Apparatus according to any of claims 13 - 15 and wherein said user operable input means comprises at least one of the following: a keyboard; and a tablet associated with a pen for inputting at least one of handwritten text and data.
17. Apparatus according to any of claims 13 - 15 and wherein said user operable input means comprises a mouse.
18. Apparatus according to any of claims 13 - 15 and wherein said user operable input means comprises a joystick.
19. Apparatus according to any of claims 15 - 18 and wherein said local display is comprised in said user operable input means.
20. An adjustable input device usable with a computer and a secure processor operatively associated with the input device, the input device comprising: user operable input means selectively operatively associated with the secure processor and the computer and operative to input personal identification information of a user in response to a request to input personal identification information; an indicator operative to provide an indication indicating receipt of the request to input personal identification information provided via the computer; and an IC device reader and writer exclusively operatively associated with said user operable input means and said indicator in a first mode of operation, and operatively associated with said secure processor and said computer in a second mode of operation, wherein said IC device reader and writer is operative, in the second mode of operation, to access the secure processor for receiving from the secure processor personalization information personalizing at least part of an action of the user operable input means in response to a verification of the personal identification information of the user inputted via the user operable input means in the first mode of operation.
21. Apparatus according to claim 20 and wherein said indicator comprises a local display operative to display the personal identification information of the user inputted via the user operable input means, and said IC device reader and writer is also operative to disconnect the user operable input means from the computer and from a main display associated with the computer, and to connect the user operable input means to the local display.
22. Apparatus according to claim 20 or claim 21 and wherein said user operable input means comprises a joystick, and said personalization information comprises gain adjusting information for adjusting a gain of the joystick in at least one direction.
23. Apparatus according to claim 20 or claim 21 and wherein said user operable input means comprises a mouse, and said personalization information comprises information determining at least one of the following: an input language used by the mouse; a mode of operation of mouse buttons; a mouse cursor size; and tracking parameters of the mouse.
24. Apparatus according to claim 20 or claim 21 and wherein said user operable input means comprises at least one of a keyboard and a tablet, and said personalization information comprises information determining at least one of the following: an input language used by the at least one of a keyboard and a tablet, and a mode of operation of at least one keyboard key.
25. An input device for use with a computer and adapted to receive a secure processor, the input device comprising: a computer communication interface for communicating with a computer; a user input interface for receiving input from a user of the input device; a secure processor interface adapted to receive a secure processor and operative to communicate therewith; and a mode selector for selecting an operating mode of the input device from a plurality of operating modes, wherein the plurality of operating modes includes a first mode and a second mode, and the input device is operative, in a first mode, to communicate via at least the computer communication interface, and the input device is operative, in a second mode, to communicate exclusively via at least one of the following: the user input interface; and the secure processor interface.
26. Apparatus according to claim 25 and wherein the mode selector is operative: upon receipt of a first signal from the computer communication interface, to select the second mode; and to select the first mode upon receipt of a second signal from at least one of the following: the user input interface; and the secure processor interface.
27. Apparatus according to either claim 25 or claim 26 and wherein the secure processor is comprised in a smart card and the secure processor interface comprises a smart card reader.
28. Apparatus according to any of claims 13 - 27 and substantially as described herein above.
29. Apparatus according to any of claims 13 - 27 and substantially as shown in the drawings.
30. A method according to any of claims 1 - 12 and substantially described herein above.
31. A method according to any of claims 1 - 12 and substantially shown in the drawings. Respectfully submitted, Sanford T. Colb & Co. Advocates & Patent Attorneys C: 31 110
IL12601798A 1998-09-01 1998-09-01 Peripheral secure processor system IL126017A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
IL12601798A IL126017A (en) 1998-09-01 1998-09-01 Peripheral secure processor system
GB9907887A GB2341257B (en) 1998-09-01 1999-04-08 Peripheral secure processor system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
IL12601798A IL126017A (en) 1998-09-01 1998-09-01 Peripheral secure processor system

Publications (2)

Publication Number Publication Date
IL126017A0 IL126017A0 (en) 1999-05-09
IL126017A true IL126017A (en) 2002-04-21

Family

ID=11071921

Family Applications (1)

Application Number Title Priority Date Filing Date
IL12601798A IL126017A (en) 1998-09-01 1998-09-01 Peripheral secure processor system

Country Status (2)

Country Link
GB (1) GB2341257B (en)
IL (1) IL126017A (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2400962B (en) * 2001-05-02 2004-12-29 Virtual Access Ltd Secure payment method and system
EP2336985A1 (en) * 2009-12-03 2011-06-22 Nxp B.V. Improved authentication system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4484306A (en) * 1982-03-22 1984-11-20 Exide Electronics Corporation Method and apparatus for controlling access in a data transmission system
GB2188180A (en) * 1986-03-21 1987-09-23 Eft Pos Uk Limited EFT-POS terminal apparatus
JPH079666B2 (en) * 1988-04-30 1995-02-01 株式会社東芝 Portable electronic device handling system
IL103062A (en) * 1992-09-04 1996-08-04 Algorithmic Res Ltd Data processor security system
EP0763791A1 (en) * 1995-09-14 1997-03-19 Hewlett-Packard Company Computer keyboard unit with smartcard interface

Also Published As

Publication number Publication date
GB2341257B (en) 2003-10-01
IL126017A0 (en) 1999-05-09
GB9907887D0 (en) 1999-06-02
GB2341257A (en) 2000-03-08

Similar Documents

Publication Publication Date Title
US9904912B2 (en) Protecting transactions
US6023682A (en) Method and apparatus for credit card purchase authorization utilizing a comparison of a purchase token with test information
US7207480B1 (en) Certified digital photo authentication system
EP1026641B1 (en) Method and system for establishing a trustworthy connection between a user and a terminal
US6662020B1 (en) Arrangement for effecting secure transactions in a communication device
US9094213B2 (en) Method and system for effecting secure communication over a network
US7458510B1 (en) Authentication of automated vending machines by wireless communications devices
US20110185181A1 (en) Network authentication method and device for implementing the same
US8588415B2 (en) Method for securing a telecommunications terminal which is connected to a terminal user identification module
US20150199673A1 (en) Method and system for secure password entry
US20120143706A1 (en) Method and System for Improved Electronic Wallet Access
US20070283145A1 (en) Multi-Factor Security System With Portable Devices And Security Kernels
US20090199006A1 (en) Method and Device for Secure Mobile Electronic Signature
JP2012503242A (en) Contactless authentication system and method used for settlement
EP2751756A1 (en) System and method for secure transaction process via mobile device
GB2396472A (en) System for cash withdrawal
JP6329485B2 (en) Mobile terminal, processing terminal, and method for executing processing in processing terminal using mobile terminal
JP2010200381A (en) Method and system for verifying data integrity
JP2009545897A (en) Method of providing security service using password of mobile terminal and mobile terminal
US20120095919A1 (en) Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input
CN100492247C (en) Method for protection against fraudulent modification of data and corresponding equipment and intelligent card
CN116097692A (en) Augmented reality information display and interaction via NFC-based authentication
US8271391B2 (en) Method for securing an on-line transaction
GB2399209A (en) Secure transaction system
IL126017A (en) Peripheral secure processor system

Legal Events

Date Code Title Description
FF Patent granted
KB Patent renewed
KB Patent renewed
MM9K Patent not in force due to non-payment of renewal fees