System and method for a secure display module

- BBPOS LIMITED

A system for a secure display module includes a display element array, a driver controller, a communication interface, a host controller and a cryptographic engine. The display element array includes one or more segments, and the driver outputs are configured to drive the one or more segments, respectively. The host controller is configured to send commands and data to the driver controller via the communication interface and the cryptographic engine is configured to encrypt communication data between the display element array and the host controller.

Skip to: Description  ·  Claims  ·  References Cited  · Patent History  ·  Patent History
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No. 14/178,174, filed on Feb. 11, 2014, entitled SYSTEM AND METHOD FOR A SECURE DISPLAY MODULE, published as U.S. Patent Application Publication No. 2014-0226815 on Aug. 14, 2014, and patented as U.S. Pat. No. 9,264,228 on Feb. 16, 2016. U.S. patent application Ser. No. 14/178,174 claims benefit of U.S. Provisional Application No. 61/764,584, filed on Feb. 14, 2013. U.S. patent application Ser. Nos. 14/178,174 and 61/764,584, U.S. Patent Application Publication No. 2014-0226815, and U.S. Pat. No. 9,264,228 are incorporated by reference herein in their entirety.

FIELD OF THE INVENTION

The present invention relates to a system and a method for a secure display module.

BACKGROUND OF THE INVENTION

There are many different display technologies available today. For example, in dot-matrix liquid crystal display (LCD) units, there is a grid of display elements pixels. In some other display modules, the display elements are made up of arrays of Light-emitting diodes (LEDs). In simpler displays, seven-segment, fourteen-segment, or sixteen-segment display units are used. There are even mechanical flip disc signs that can display images or text messages. In all the above examples, a controller is used to drive the display elements. For example, in LCDs, electronic controller driver integrated circuit (IC) is used to drive the liquid crystal display pixel on and off. This controller accepts a set of commands from a host microcontroller or processor that control the image or text to display. By tapping at the communication interface and reading the stream of commands, it is possible to deduce the image or message displayed.

In some applications, the information displayed is sensitive and it is desirable to protect the displayed information by making the communication channel between the display controller and the host controller secure, thereby making the commands incomprehensible. For example, in a payment application, by making the display unit secure, more information can be displayed and this simplifies the design of the other components. Accordingly, there is a need for a secure display module that can greatly simplify the design and reduce the cost of a secure application and products.

SUMMARY OF THE INVENTION

The invention presents a secure display module where the display controller includes a cryptographic engine to encrypt the commands sent to and from a host controller. By making the display secure, the design of a secure application can be greatly simplified.

In general, in one aspect, the invention provides a system for a secure display module including a display element array, a driver controller, a communication interface, a host controller and a cryptographic engine. The display element array includes one or more segments, and the driver outputs are configured to drive the one or more segments, respectively. The host controller is configured to send commands and data to the driver controller via the communication interface and the cryptographic engine is configured to encrypt communication data between the display element array and the host controller.

Implementations of this aspect of the invention may include one or more of the following features. Information displayed on the display element array comprises the commands and data sent from the host controller. The cryptographic engine stores one or more identification tokens for mutual authentication with the host controller. The cryptographic engine stores one or more cryptographic keys for cryptographic operations comprising one or more of data encryption, authentication, digital signature, or hashing. The one or more cryptographic keys may be fixed key, master-session key or Derived Unique Key Per Transaction (DUKPT). The display element array further includes elements comprising light-emitting diodes, seven-segment, fourteen-segment, sixteen-segment display elements, or mechanical flip disc display elements. The elements are in the form of pixels, line segments or icons. The system further includes a Personal Identification Number (PIN) pad and an application configured to display a randomized number grid in the display element array, and the PIN pad is used to enter positional information corresponding to the randomized number grid. The positional inputs on the PIN pad are configured to be sent to the display module and the display module is configured to decode the positional inputs into PIN digits and to generate an encrypted PIN and then to send the encrypted PIN back to the PIN pad.

In general, in another aspect, the invention provides a method for a secure display module including the following. First, providing a display element array comprising one or more segments. Next, providing a driver controller comprising driver outputs configured to drive the one or more segments, respectively. Next, providing a communication interface and a host controller configured to send commands and data to the driver controller via the communication interface. Next providing a cryptographic engine configured to encrypt communication data between the display element array and the host controller.

Among the advantages of this invention may be one or more of the following. By making the display secure, the design of a secure application can be greatly simplified.

The details of one or more embodiments of the invention are set forth in the accompanying drawings and description below. Other features, objects and advantages of the invention will be apparent from the following description of the preferred embodiments, the drawings and from the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a typical display module 100 with display memory, command interface and the driver outputs;

FIG. 2 shows a secure display module 300 according to this invention with display memory, command interface, driver outputs and a cryptographic unit;

FIG. 3 shows a randomized key grid 201 and its numbered positions 202 shown on the secure display 101 and a standard PIN Pad 105.

 DETAILED DESCRIPTION OF THE INVENTION

Referring to FIG. 1, in a typical display module 100, there is a display element array 101 where segments 101A, 101B, 101C are turned on or off by a set of driver outputs 112 according to a set of commands and data received from a host controller 120 through the control interface 111. The status of an element can either be stored in a display memory 113 or it can be stored in the state of the display element itself In one example, the state of a mechanical flip disc and electronic ink element retains its state unless altered. In this prior art display module 100, commands and data are sent to the display module 100 from the host controller 120 in plain text unencrypted form. Therefore, it is possible to deduce the image or text message displayed by looking at the sequence of commands and data.

In the present invention, commands and data are encrypted so that they are rendered incomprehensible without the proper cryptographic keys. Referring to FIG. 2, display module 300 includes a display element array 301 and a display controller 310. Display controller 310 includes driver outputs 312, a control interface 311, display memory 313 and a cryptographic engine 314. Cryptographic engine 314 provides a secure communication channel between the display controller 310 and the host controller 320. The cryptographic engine 314 stores a set of symmetric or asymmetric cryptographic keys that are used for key exchange, data encryption and data hashing.

In operation, the host controller 1320 and the display controller 310 first establish a key for data encryption. Different key schemes can be used including Fixed key, Master-Session key or Derived Unique Key Per Transaction (DUKPT). Next, data and commands are encrypted by the host controller 320 before sending them to the display controller 310. The display controller 310, upon receiving the encrypted commands and data, decrypts the encrypted commands and data and then carries out the intended operations such as updating the display memory and driver outputs.

One of the applications of the secure display module 300 is in the design of a personal identification number (PIN) entry device. Instead of strengthening the security level of the PIN pad, one can now rely on the security of the display. In the design, a randomized number grid 200 is displayed in display element array 301 and a PIN Pad 105 is used to enter positional information corresponding to the randomized number grid 200 instead of the PIN digits 102. In this way, a PIN can be captured securely in a standard PIN pad, keyboard or touch screen. The positional information, in combination with the displayed information on the secure display module, can give the entered digits and thus the PIN.

Several embodiments of the present invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.

Claims

1. A display module comprising:

a display controller including: a control interface configured to receive encrypted commands and encrypted data for display;, and a cryptographic engine coupled to the control interface,
the encrypted commands and data received by the control interface being decrypted by the cryptographic engine display controller to produce decrypted commands and decrypted data,
the decrypted commands being executed by the control interface to control a plurality of display driver outputs;
the plurality of display driver outputs coupled to the control interface, the plurality of display driver outputs using the decrypted data to update the a display array element with a randomized number grid; and
a PIN pad for entering positional information corresponding to the randomized number grid
the display controller receives positional information entered at a personal identification number (PIN) pad corresponding to the randomized number grid;
the display controller decodes the received positional information into PIN digits;
the display controller generates an encrypted PIN based on the PIN digits; and
the display module transmits the encrypted PIN to the PIN pad.

2. The display module of claim 1 further comprising a display memory, the display memory storing the a status of a portion of the display array element.

3. The display module of claim 1 wherein the a status of a portion of the display array element is stored within a state of the display array element.

4. The display module of claim 1 wherein the cryptographic engine stores a key used for data encryption of the encrypted commands and data.

5. A method for operating a display module comprising:

establishing, by a cryptographic engine, a key for data encryption between a control interface and an external device a host controller;
receiving, by the control interface, encrypted commands and encrypted data by the control interface sent by the host controller;
decrypting, by a display controller, the encrypted commands and encrypted data using the key, by the cryptographic engine, to produce decrypted commands and decrypted data;
executing the decrypted commands, by the control interface, to control a plurality of driver outputs to update a display array element using the decrypted data, the decrypted commands defining a randomized number grid; and;
displaying in the display array element a randomized number grid;
receiving positional information input on a PIN pad corresponding to the randomized number grid;
decoding the received position information into PIN digits;
generating an encrypted PIN based on the PIN digits; and
transmitting the encrypted PIN to the PIN pad.

6. The method of claim 5 further comprising storing in a display memory a status of a portion of the display array element.

7. The method of claim 5 further comprising storing within a state of the display array element a status of a portion of the display array element.

8. The method of claim 5 further comprising storing the key used for data encryption of the encrypted commands and data within the cryptographic engine.

9. A method for a display module comprising:

providing a display controller including a cryptographic engine and a control interface to receive encrypted commands and encrypted data for display;
configuring the provided display controller to decrypt the encrypted commands and data received by the control interface to produce decrypted commands and decrypted data;
configuring the control interface to execute the decrypted commands to control a plurality of display driver outputs;
enabling a display array element to display a randomized number grid based on the plurality of display driver outputs using the decrypted data;
enabling positional information corresponding to the randomized number grid to be input using a personal identification number (PIN) pad;
enabling the positional information to be received and decoded into PIN digits;
enabling generation of an encrypted PIN based on the PIN digits; and
enabling transmission of the encrypted PIN to the PIN pad.

10. The method of claim 9, further comprising storing in a display memory a status of a portion of the display array element.

11. The method of claim 9, further comprising storing within a state of the display array element a status of a portion of the display array element.

12. The method of claim 9, further wherein a key for data encryption of the encrypted commands and encrypted data is stored within the cryptographic engine.

13. The method of claim 12, wherein the key is part of either a set of symmetric keys or a set of asymmetric keys.

14. The display module of claim 4, wherein the key is part of either a set of symmetric keys or a set of asymmetric keys.

15. The method of claim 8, wherein the key is part of either a set of symmetric keys or a set of asymmetric keys.

Referenced Cited
U.S. Patent Documents
5493613 February 20, 1996 Denno et al.
6209104 March 27, 2001 Jalili
6222926 April 24, 2001 Cavallerano
6434702 August 13, 2002 Maddalozzo, Jr.
6549194 April 15, 2003 McIntyre
7298850 November 20, 2007 Whytock
7945785 May 17, 2011 Castaldi
8289301 October 16, 2012 Gover
8456429 June 4, 2013 Whytock
9224272 December 29, 2015 Morris
20020062445 May 23, 2002 Owada et al.
20020169959 November 14, 2002 Hsu
20030037237 February 20, 2003 Abgrall
20030058083 March 27, 2003 Birchfield
20030099355 May 29, 2003 Moroney
20040199628 October 7, 2004 Wu
20050131839 June 16, 2005 Cordery
20050195170 September 8, 2005 Habu
20080168544 July 10, 2008 von Krogh
20090119514 May 7, 2009 Sawada
20100283586 November 11, 2010 Ikeda
20110131470 June 2, 2011 Kambayashi
20120044236 February 23, 2012 Nam
20120095919 April 19, 2012 Hart
20120102564 April 26, 2012 Schentrup
20120104090 May 3, 2012 Gross
20130103190 April 25, 2013 Carapelli
Foreign Patent Documents
101000703 July 2007 CN
201111054 September 2008 CN
101661544 March 2010 CN
102129650 July 2011 CN
102722945 October 2012 CN
Other references
  • Intellectual Property Administration, PRC; The First Office Action of CN Application No. 201810565717.9; (related application); Dec. 5, 2019; 14 pages (including translation).
  • Roth, Volker, Kai Richter, and Rene Freidinger. “A PIN-entry method resilient against shoulder surfing.” Proceedings of the 11th ACM conference on Computer and communications security. ACM, 2004.
Patent History
Patent number: RE48707
Type: Grant
Filed: Apr 24, 2019
Date of Patent: Aug 24, 2021
Assignee: BBPOS LIMITED (Tsuen Wan)
Inventors: Chi Wah Lo (Hong Kong), Hwai Sian Tsai (Hong Kong)
Primary Examiner: Robert L Nasser
Application Number: 16/393,008
Classifications
Current U.S. Class: Credential Management (726/18)
International Classification: H04L 29/06 (20060101); G06F 21/84 (20130101); H04L 9/08 (20060101); G06F 21/44 (20130101); G06F 21/60 (20130101); G09G 5/393 (20060101); H04L 9/32 (20060101);