With the evolving of financial transactions over the internet, there have been many challenges in providing an authenticated for PIN entry over the Internet. The challenges arise from the concept that PIN codes should be encrypted at the client side and passed through secured channels till the final destination keeping the same encryption with no attempts to decrypt the PIN at any level or any stage. Another challenge arises in reading the PIN itself from the client device either using the keyboard or the mouse, which maybe exposed to hacking sniffs. There have been several solutions to overcome those challenges, but so far most of them were hardware based.

STS has developed the SecureONE™, an extremely robust & patent pending solution that simplifies and secures the web-based PIN entry, and prevents keyboard/ screen sniffing. SecureONE™ enables the validation of the PINs by encrypting the whole access channels from the user’s PC all the way to the issuers Hardware Security Module (HSM) device, thus mimicking the experience of secure PIN entry over EFT POS and ATMs. SecureONE offering ensures a solution that overcomes those challenges, along with a technique that prevents or avoids keyboard and mouse sniffing on the client side.

SecureONE Virtual Rotating Dialer (VRD) achieves two major purposes; one is that it encrypts the PIN code at the client entry point utilizing public-key infrastructure (PKI) technology, and is kept encrypted till the final destination at the system requesting the service. The second is that the PIN entry mechanism on the client avoids any sniffing on the keyboard or the mouse, preventing hackers from being able to sniff the PIN codes.

The PIN is being entered in a patented pending technique that is highly secured and based on a signed Java applet that gets loaded at the client browser. The Mechanism is unique and overcome the security holes that would arise from the keyboard or mouse hacking. It efficiently overcomes keyboard sniffing or screen capturing routines.

The PIN is also being encrypted at the client side and is being passed in an encrypted format to the SecureONE VRD Server. The solution hides the PIN over the whole channel, starting from entering the PIN at the web interface and until it gets into the backend integrator with the backend system or Switch.

An applet is loaded to client web browser to enter PIN digits, which does the necessary steps of constructing an encrypted version of the PIN and sends it over SSL connection to the web server. There, the SSL connection will be decrypted but the PIN will still be encrypted. A server side component, will take control of the encrypted PIN, decrypt it and forward it to the backend integrator.

PIN is being passed in encrypted format to back office system to be processed. This allows hiding the PIN over the whole channel, starting from entering the PIN at the web interface and until it gets into the back office system.

To overcome keyboard sniffing or screen capturing routines, an invented architecture based on an applet application is being presented to the customer with digits from 0-9 rotating with random positions and normalized user friendly outlook that customer can click on the selected architecture. The selection depends on multiple variables that relate position (within different dimensions), cursor and time. Several variables that make the sniffing process to be impossible, and do not allow reverse engineering the technique.