WO2015145179A1

WO2015145179A1 - Point of sale system and scanner

Info

Publication number: WO2015145179A1
Application number: PCT/GB2015/050948
Authority: WO
Inventors: Dan Wagner; Paul RASORI
Original assignee: Powa Technologies Limited
Priority date: 2014-03-27
Filing date: 2015-03-27
Publication date: 2015-10-01
Also published as: GB2524593A; GB201406253D0; GB201405480D0

Abstract

A point-of-sale system comprises a printer housed in a base shell, a scanner, a stem extending from the base shell, a screen attached to the stem, and a secure payment device. An alternative point-of-sale system comprises a base shell and a scanner removably mounted to the base shell, wherein the scanner is adapted to operate as an automatic presentation mode scanner when mounted to the base shell and as a handheld scanner when removed from the base shell, the scanner being adapted to detect mounting on the base shell and activate the automatic presentation mode in response. Another point-of-sale system comprises a base including a base plate and a base shell, a stem extending from the base shell, a screen attached to the stem, and a secure payment device, wherein the base shell is rotatably mounted on the base plate.

Description

POINT OF SALE SYSTEM AND SCANNER

BACKGROUND

The present disclosure relates to a point of sale (POS) system and a scanner of the POS system.

POS systems are well-known but can be expensive to purchase and complicated to set up.

The present disclosure includes a consumer tablet-based POS system targeted at small merchant customers. It may be an all-in-one (AlO) system. It may include any one or more of payment processing, merchant reporting, and secure PINpad estate management software services.

SUMMARY OF THE DISCLOSURE

In one aspect, the invention provides a point-of-sale system as defined in claim 1.

In a second aspect, the invention provides a point-of-sale system as defined in claim 16.

In a third aspect, the invention provides a point-of-sale system as defined in claim 31.

In a fourth aspect, the invention provides a system comprising a point-of-sale system and a beacon, as defined in claim 49.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the disclosure will now be described by way of example only and with reference to the accompanying drawings, in which:

Fig. 1 is a front view of a POS system according to an embodiment of the invention showing a receipt being printed;

Fig. 2 is a front view of a POS system according to an embodiment of the invention;

Fig. 3 is a rear three-quarter view of the POS system of Fig. 2;

Fig. 4 is a rear view of the POS system of Fig. 2; Fig. 5 is a rear three-quarter view of a white POS system according to an embodiment of the invention;

Fig. 6 is a front view of a white POS system according to an embodiment of the invention; Fig. 7 is a front three-quarter view of a POS system having a cash drawer according to an embodiment of the invention;

Fig. 8 is a side view of a POS system according to an embodiment of the invention;

Fig. 9 shows various components of a POS system according to an embodiment of the invention, with and without the printer door open;

Fig. 10 is a front view of a POS system according to an embodiment of the invention showing a side of the tablet holder removed so that a tablet computer can be mounted to and removed from the tablet holder.

Fig. 11 is a close-up view of the tablet holder showing cable routing for connection of the POS system to a tablet computer;

Fig. 12 shows a rotating base and a sensor for detecting rotation of the base in a POS system according to an embodiment of the invention;

Fig. 13 shows a bezel assembly with security screws in a tablet holder of a POS system according to an embodiment of the invention;

Fig. 14 shows a tablet placed in the holder of Fig. 13, with the bezel about to be fitted;

Fig. 15 shows bezel cable routing in the tablet holder of a POS system according to an embodiment of the invention;

Fig. 16 shows joints in the tablet holder of Fig. 15 allowing the tablet holder to be swivelled up and down and left and right, in addition to showing an integrated pinpad mount;

Figs. 17A and 17B show a cable routing forest in the base of a POS system according to an embodiment of the invention;

Fig. 18 shows the base of a POS system according to an embodiment of the invention with the printer door open and the platen roller visible;

Figs. 19 and 20 are perspective views of a scanner of a POS system according to an

embodiment of the invention; Figs. 21 and 22 show the scanner of Figs. 19 and 20 removed from and mounted to the base of a POS system according to an embodiment of the invention respectively. The charging pins for the scanner are visible in Fig. 21;

Fig. 23 is a front view of a tablet mounted in the tablet holder of a POS system according to an embodiment of the invention and shows a magnetic swipe reader facing the cashier (who views the tablet) at the back (from a customer's viewpoint) of the pinpad;

Fig. 24 shows the hinge for the printer door of a POS system according to an embodiment of the invention;

Fig. 25 shows various views of a POS system according to an embodiment of the invention with a tablet installed;

Fig. 26 shows a block diagram of the electrical design of the system;

Fig. 27 shows a block diagram of a printer controller board suitable for the thermal printer;

Fig. 28 shows a cross-sectional view of the mechanical layout of the scanner;

Fig. 29 shows a block diagram of the electrical layout of the scanner.

DETAILED DESCRIPTION

The POS system of the invention as a whole can best be described with reference to Fig. 9. A key to Fig. 9 is provided below:

Part Name

Bezel (F

2 Bezel (L)

3 Bezel Screw Plugs

4 Home Button Guard

5 Screen Hinge

6 PED

7 Printer Access Door

8 Printer Roll Holder

9 Base Shell

10 Thermo Printer

11 Printer Roller 12 Serrated Cutter

32 Scanner Charge Cradle Contacts

14 Screen Mount Collar

15 PED Collar

16 Scanner Glass

Scanner Belly

18 Scanner Button

19 Scanner Button LED Diffuser

20 Scanner Back

21 Hex Tube

22 Base Plate (Top)

23 Base Plate (Bottom)

24 Kensington Lock Bracket

The main components of the POS system in this embodiment include a base shell 9

incorporating a printer 10 and a scanner 16 that can be mounted on the base shell 9. The system also comprises a tablet holder 1 for accommodating a tablet computer, a stem 14, 15 joining the base shell 9 to the tablet holder 1, and a Personal Identification Number (PIN) entry device (PED) 6. Various views of the POS system as a whole are shown in Figs. 1 to 8 and 25.

The base shell is dome-shaped or roughly hemispherical. A base disk or plate 23 is provided at the bottom of the base shell and the base shell is rotatably attached to the base plate. This arrangement allows the base shell to be rotated through at least 180 degrees about a vertical axis with the base plate stationary on a surface so that the screen and pin pad can be viewed by both a customer and an operator of the POS system. An expanded view of the swivel mechanism including a lower base plate 23, an upper base plate 22 and the base shell 9 is shown in Fig. 12.

Preferably the swivel mechanism between the base plate and the base shell has detent at 0° and 180° positions so that the base can easily be set to and held in place at these angles of rotation. The base also has a rotation sensor such as a Hall effect sensor that detects the angle of rotation of the base shell relative to the base plate. The detected angle is preferably passed to the tablet computer, which can select the information displayed on its screen accordingly. For example, when the base shell is detected to be at the 0° position this may indicate that the screen is facing the cashier, so transaction information for the cashier may be displayed by the tablet. When the base shell is detected to be at the 180° position this may indicate that the screen is facing the customer, so the tablet displays a signature screen instead for example.

The tablet holder 1 is joined to a screen mount part of the stem 14 by a screen hinge 5, which allows the tablet holder 1 to be rotated up and down about a horizontal axis. The screen hinge may also allow the tablet holder 1 to be rotated left and right about a vertical axis. The screen hinge thus provides ease of operation in merchant environments with varying counter heights and lighting, and an optimal angle for the height of the operator. Various tilt angle ranges of adjustment are possible.

The tablet holder 1 includes a frame and a bezel, which consists of a main holder bezel 1 and a detachable bezel side section 2. The bezel side section can be fixed to the main holder bezel by bezel screw plugs 3. In use of the POS system, a tablet computer is inserted into the frame and bezel with the bezel side section removed and the bezel side section is then reattached to the main holder bezel using the bezel screw plugs 3 to hold the tablet in place. This operation is illustrated in Fig. 10.

Fig. 11 shows how the connector cable for the tablet is routed into the tablet holder. As shown at the bottom right of Fig. 11, the cable is plugged into a USB port on the screen mount part of the stem 14 and is then fed through a hole in the back of the frame of the tablet holder. The cable is then pressed into an indentation running towards the detachable side section of the bezel so as to hold the cable in place beneath the tablet. The adapter to connect to the tablet is provided at the end of the cable on the far side of the indentation.

Alternatively, the POS system may include an integrated screen instead of the tablet holder. If intended for use with a tablet computer, naturally the system can be provided without the tablet, which may be provided/purchased independently. An adapter (not shown) is provided in the tablet holder 1 to connect to a port on the tablet when the tablet is inserted. Adapters may be provided for different tablets on different models of the POS system, for example adapters for iPads or Android tablets. The tablet holder may have interchangeable adapters for various different tablets. Cabling passing through the base shell 9, the stem 14, 15 and the tablet holder 1 connects the adapter and hence the tablet to the printer and other components in the base shell 9. This allows the tablet to control the electronics of the printer and other components in the POS system, which reduces the need for complex bespoke control circuitry in the POS system and reduces the overall cost of the system as a result. Since tablet computers are produced on a massive scale, using an off-the-shelf tablet computer is much more cost efficient than providing bespoke electronics of equivalent complexity in the POS system.

The thermal printer 10 of the POS system includes a printer access door 7, a printer roll holder 8, a printer roller 11 and a serrated cutter 12. The printer is preferably a high-speed printer. Thermal printer mechanisms are known in the art but the printer of the invention differs from conventional POS system printers in its form factor. The printer of the invention is housed within the hemispherical base shell of the POS system and the printer access door forms a section of the hemisperical shell. By integrating the printer into the base of the POS system, the printer mechanism simultaneously provides its usual printing function and stability for the stem and tablet holder of the POS system. Integrating the components of the POS system in this way reduces the overall size of the system.

The printer access door 7 has a magnetic latch mechanism that can hold the access door in either an open position or a closed position using magnetic force. For example, a magnet may be mounted along the front lip of the access door so as to be attracted to a corresponding metal piece in the base shell when the access door is closed. Similarly, a magnet may be mounted near the hinge of the access door so as to be attracted to a corresponding metal piece in the base shell when the access door is open. The printer also features a printed paper outlet at the bottom of the printer access door. The printed paper outlet includes a cutter 12 for separating a printed section of paper from a continuous paper roll housed in the printer. Fig. 1 shows a printed receipt being ejected from the paper outlet and Fig. 18 shows an expanded view of the printer access door in an open state. Fig. 24 shows a side view of the hinge of the printer access door 7 in the open state, and also shows how the charge cradle 40 for the scanner is formed in the top of the printer access door.

The scanner 16 is mounted to the base shell 9 on top of the printer access door 7 as shown in Fig. 9. Expanded views of the scanner are shown in Figs. 19 and 20. Expanded views of the scanner being mounted into a charge cradle 40 on the base shell 9 are shown in Figs. 21 and 22.

The scanner may be a ID or 2D handheld code scanner that is operated by a rechargeable battery such as an Li-ion battery contained within the scanner. The term "code scanner" used herein includes scanners capable of reading codes of various formats, including but not limited to conventional bar codes, QR codes and holographs.

The scanner is connected to the electronics and power supply of the POS system via charge contacts 32, which can be seen in Fig. 21. The scanner is detachable from the POS system so that it can be used to scan labels on items remote from the POS system itself. The scanner has a glass front 16 used to perform the scanning itself and electronics for performing scanning and wirelessly communicating with the POS system. Preferably, the scanner communicates wirelessly with the tablet computer mounted in the POS system using a wireless protocol such as Bluetooth.

The scanner has a scan engine that provides an image capture facility, such as a CMOS imager, an illumination source, such as one or more LEDs, and a facility for aiming illumination and capturing of images (e.g., barcode images, QR code images, and the like), as well as transfer of data to a decoder board of the scanner. A cross-sectional view showing the mechanical layout of the scanner is shown in Fig. 28. A block diagram of the electrical layout of the scanner is shown in Fig. 29.

The scanner has a scan activation button 18 for handheld operation and charge contacts arranged to contact those on the base shell when the scanner is mounted. The button 18 is located on the top cover of the scanner, in the center of the case for easy access by a thumb when held in the left or right hand of the user. This button may also provide a wake up function for the scanner. A multi color LED ring 19 may be included surrounding the button of the scanner to provide feedback on operating mode and charging status.

The scanner may be held in place when mounted by a magnetic attachment mechanism provided across the scanner and the base shell. In particular, the scanner may include a magnet inside its case that aligns with a corresponding set of magnets in a charging cradle on the base shell for proper alignment and stability in the cradle. The scanner may enter automatic scanning mode when it is mounted, which means that items passed across the scanner glass will be scanned without a button needing to be pressed. Detaching the scanner from the base shell de-activates automatic scanning mode.

Since the charge contacts of the base shell 9 are symmetrical in the direction parallel to the longitudinal axis of the scanner, the scanner can be mounted facing either left or right from the point of view of a user facing the screen of the POS system. This allows items to be scanned on either side of the POS system with the scanner in its mounted configuration.

The PED 6 may be one of various available PEDs and is preferably connected to the POS system via a USB interface. Preferably, the PED is a PowaPIN 100 PINpad. The stem of the POS system preferably has a dedicated USB port to connect to the PED. Note also that the system may be provided with a cash drawer 30, which may be mounted underneath the base shell as shown in Fig. 7. The cash drawer may be provided separately from the POS system or may be internally integrated into the system. The cash drawer is preferably connected to the POS system via a USB interface so that the POS system can control the opening and closing of the drawer. The cash drawer has an open/close sensor able to detect whether the drawer is open or closed and communicate this to the POS system.

The POS system may also include a main controller board that has overall control of the system. The main controller board may contain embedded firmware that controls system serial communications, sensor operations, and DC power supplies to various components of the system, including peripheral devices. An integrated USB hub may provide interfaces to internal and external USB peripheral devices. A UART port may provide a serial interface to an integrated printer controller board and printer mechanism. A block diagram of a printer controller board suitable for the thermal printer is shown in Fig. 27.

The main controller board may have a configuration that includes the Apple MFi chip for the AIO iPad Air system configuration and the Universal configuration that supports both iPad and Android tablet models. Windows may also be accommodated.

A separate 10 connector board may be located in the center of the base, which contains the main DC input connector and USB ports for external peripheral connections. Various ports for external peripheral connections may be provided, including two mico-USB ports in a preferred embodiment. A custom USB cable may integrate into the fixed base plate of the base swivel mechanism to provide external USB connectors for connection of external peripherals. A System power ON/OFF switch may be wired to this board in order to control DC input power to the system and recover from a system fault or hang condition. It should be understood that the system can be provided without the tablet installed and, as such, this disclosure covers the provision of the system without the tablet or indeed any of the other peripheral devices.

In Figs. 10 and 11 the tablet is mounted by removing the side section of the holding bezel, which can then be screwed, clipped or otherwise fastened into place when the tablet is mounted by being slid into the the slot formed by the bezel. In more detail, with the left hand clip-on section and home button cover removed, the user inserts the tablet into the main screen bezel. The user then inserts the home button cover (if required) and then clips the left hand section back on. Trex or other screws, plastic caps or fasteners (e.g., Velcro^® strips) may be used to secure the tablet in place. It may be possible to remove the tablet by using different screws or omitting them altogether. A spring mechanism by be provided to assist removal.

Alternatively, in one preferred embodiment shown in Figs. 13-16, the whole bezel can be removed, the tablet mounted back-first into the tablet holder and the bezel replaced and screwed into place. Similar considerations apply in respect of securing and removing the tablet - use of Trex or other screws, caps, springs etc.

Various different cable routings are possible as shown, but depending on the tablet, the standard I/O port and pins are used and cabling is routed in the tablet holder and through the stem to the AIO system electronics. The system may be shipped with the cable pre-routed, so that the pins can be easily mated with the corresponding socket in the tablet. Alternatively, a standard cable for the tablet may be used and routed by the user as shown in Fig. 11, in which a female USB or similar connector may be housed in the tablet holder at 1.

Figs. 17A and 17B show USB, power and other data/communications sockets formed on the bottom of the base for connection via various power and/or data protocols through the base to the tablet and other components, for example at the top of the system, as well as potentially the cash drawer. The sockets allow connection to various external data sources and/or power sources, which in turn can be relayed to the tablet. The design includes cylindrical or other appropriately shaped bumps or nubs, which are preferably made or rubber, synthetic rubber or another suitable resilient material, and are preferably provided in a recessed portion, recessed from the bottom of the base. The tops of the nubs may be flush with the bottom of the base. Cables may routed through the rubber nubs. This is an innovative design and gives cable strain relief and flexibility for various sizes and types of cable. A mains power socket may be provided in the socket region shown in Fig. 17, which can allow all components of the AlO system (tablet, EMV, printer, scanner, cash drawer etc) to be powered using one socket. Thus, the AlO system can be used out of the box by simply plugging it in.

Before or after mounting the tablet computer, the user (e.g., an enterprise wishing to use the system as a POS) can load a predetermined application (app) onto the tablet to allow it to interact with the various elements of the system, e.g., to act as a POS system. Control may be split between electronics provided on the AlO system, the tablet and external systems (e.g., server-based systems, cloud computing resources, enterprise computing resources, or the like) as appropriate - all or substantially all the control for all the elements of the system (eg cash drawer, printer, scanner, pinpad/EMV payment terminal) may be provided by the tablet computer, the AlO system electronics, or one or more external systems, or there may be some distribution among them. In one preferred embodiment, as shown in the exemplary control circuitry disclosed herein, the tablet and the scanner communicate directly via a wireless communications protocol, such as Bluetooth. However the tablet may communicate with the other elements via a circuit board provided in the AlO, for example in the domed base.

Naturally, other means of communication between any two or more elements are possible, including WiFi, Bluetooth, LAN cabling, Zigbee and wired connections. The tablet computer may communicate with an external network, by any of the methods discussed above, such as by WiFi. It is preferred that the scanner be rested in a charging cradle on the base for hands free scanning. The scanner may be set to automatic scanning when on the charging cradle.

As discussed above, the scanner can be orientated left or right to adapt to user requirements. Automatic scanning may be disabled when the scanner is lifted from the base for mobile scanning. A recessed button on the scanner may initiate different functions depending on how it is pressed. For example, a single press of the recessed button may allow momentary / single scanning, while a long press of the recessed button may allow automatic scanning (and a second long press may return to single scanning).

The body of the scanner may be made of three main parts - scanner belly 17, scanner upper 20 and scanner glass 16. The scanner glass may recess flush to create a clean cut down the face of the scanner. A seamless / screw-less friction-fit between the scanner belly and the scanner upper may reduce bulk.

The slightly recessed button 18 on the scanner allows for easy navigation to the location of the button. The LED ring around the button may be flush with the upper body, providing visually- seamless integration. The LED may be of various colors, such as red, green, white or blue. In embodiments, multiple LEDs, such as an RGB triad of LEDs, can allow multiple levels of feedback by allowing a range of colors, including individual colors and mixed colors. For example, the color red can indicate an alert, such as for a low battery, etc.

In embodiments the scanner and system base are moulded so that when the scanner rests in the charging cradle it is flush with the contour of base on the non-scanning side and projects from the base on the scanning side, irrespective of which way round it is mounted.

The printer door may hinge about the upper split line with the base shell. Note from Fig. 24 that the scanner cradle may be located on the printer door. The printer door may 'click' into place and hold its own weight once fully open to allow for one-handed print roll replacement. A small amount of pressure will allow the lid to be returned to its lower position. This may be achieved by the magnetic latch mechanism discussed above.

The overall design and configuration is ergonomic and incorporates all common retail peripherals into a single form factor, requiring less counter space and reducing cost as compared to bulky, multi-component systems typically used in current retail environments. An advanced software developers kit (SDK) may enable integration of other applications. In particular, in a tablet, EMV payment terminal, code scanner, thermal printer and cash drawer applications may be provided, each associated with the related component of the system disclosed herein. The system may be modular so that one or more of these elements can be provided separately.

The POS system may also interact with one or more beacons within the store or other retail environment to provide location-based services to customers, even when the customers are remote from the POS system itself.

A non-limiting example of a beacon is a wireless personal area network, such as Bluetooth LE^®, also known as Bluetooth Low Energy or Bluetooth Smart^®. The beacon may adhere to the basic IEEE 802.15 standard. Devices according to this standard may be compatible with one or more operating systems, such as Apple iOS7, Windows Phone 8, Android 4.3 and BlackBerry 10, as well as more recent versions of each. Other area network technologies may be used as beacons, which may have a communication range from about 30 m to about 100 m, without limitation. A brick-and-mortar retail establishment may limit its beacon range through limits on a received signal strength indicator, received channel source power indication or other suitable method. In embodiments, the beacon may be used to identify the physical location of a user's mobile device by communicating with the mobile device. The beacon may be in communication with a client/merchant server as well as the POS system. The server is preferably a PowaPOS Server.

In embodiments, a user may be able to walk into a merchant's store and the beacon may then be in communication with the user's mobile device. The customer may then select a product that interests the customer and pay for the product without checking out at the

POS system itself. In this case, the POS system, the beacon and the mobile device

communicate to carry out the transaction. The beacon provides the POS system with product information and payment details from the user's mobile device and the POS system authorizes the transaction and sends approval of the transaction back to the user's mobile device via the beacon.

In embodiments the beacon is a transmitter that transmits a unique identifier to a

consumer's mobile device, serving as a signal that kicks off activity of a mobile application to execute an event associated with that beacon when the mobile device comes into proximity to the beacon. In embodiments, the mobile application communicates with the POS system to perform an action, the action being influenced by the awareness that the mobile application has been in proximity to the beacon that sent the unique identifier.

In embodiments, the beacon may be used to provide personalized offers according to purchase habits at a retail/merchant location. In a non-limiting example, a customer may walk into a retail store and enter into range of the beacon. The beacon may then provide a personalized offer for the mobile device application user within range and may cause the phone to alert the user to such an offer. The coupon may be linked to the user's loyalty or rewards account and may be tailored to the user's shopping habits, e.g. a customer that spends $500 a month at the store may receive a gift or an additional $20 off of a favorite category of item.

Additionally, the beacon may provide a coupon which shows a machine-identifiable tag to scan or acquire upon presentation of a loyalty card at physical checkout. Such embodiments may also be employed to attract users into stores. When a customer enters within range of the beacon outside of the store entrance, their mobile device application may alert the customer showing an offer or personalized welcome message to attract a user to enter the

retail/merchant location. In embodiments, the beacon may be used to facilitate tracking a user within a retail/merchant location once the user is inside.

In embodiments, the beacon may be used to provide loyalty or rewards program identification without product a corresponding card or other type of verification. The mobile device application user may add their loyalty or rewards program ID as a portion of their

identification for their mobile device application. The user may then walk into a

retail/merchant location and use their mobile device application, which contains the loyalty or rewards ID to checkout their purchase. Upon entry to the checkout location, the user may be identified by the POS system, which may then register all purchases made by the loyalty or rewards program member. In embodiments, the beacon may be used to facilitate users signing up for a loyalty or rewards program by matching information to a loyalty database, such as email, phone, address or other identifiers.

In the embodiments above, the beacon is deployed in conjunction with a mobile device application and the POS system to allow for digital wallet capabilities and data interchange. In such embodiments, the beacon may be used to provide loyalty program, member, or customer information transfer. The beacon may also be deployed for quick register, loyalty signup, product warranty registration, rebate submission, and the like, by using personal consumer information acquired by the beacon. Additionally, the beacon may be used for payment, e.g. coming within range of a beacon to pay for a certain item and using a personal identifier to authorize or verify the payment.

MORE DETAILED DESCRIPTION OF AIO PRODUCT CONFIGURATIONS In exemplary embodiments, product configurations and localization requirements may be as follows.

1.1. Tablet Configurations

1.1.1. AlO iPad

This configuration may support charging and serial communications via 9pin Lightning interface cable to Apple iPad Air. The tablet mounting and display bezel assembly may be configured to support particular iPad Air model dimensions. In embodiments, the T25 model number includes a Scanner, while the T20 model is without Scanner. Each model may have multiple (e.g. 4) configurations for the Pinpad and Cash Drawer options. Either or both the Pinpad and Cash Drawer may be omitted.

1.1.2. AIO Android

A configuration for Android tablets may support charging and USB 2.0 communications with a bundled Android tablet. The tablet mounting and display bezel assembly may be configured to support particular Android model dimensions, ports, and controls. The disclosure is not limited to this and can be applied to other iPads or Android tablets and tablets using other operating systems. The T25 model number includes a Scanner, while the T20 model is without Scanner. Each model will have 4 configurations for the Pinpad and Cash Drawer options. Either or both the Pinpad and Cash Drawer may be omitted.

1.1.3. AIO Universal Mount

This configuration may support charging and USB 2.0 communication with a wide range of tablets. This configuration may include a 30pin Dock interface cable for iPad Gen2/3, 9pin Lightning inteface cable for iPad Gen4, and USB 3.0 cable for Android, support for Microsoft Windows tablet designs, or other tablets. The tablet mounting may be a universal design to support these iPad models as well as Android tablets and Windows tablets.

1.2. Accessories Each of the following accessories may be sold as integrated with the AlO system, may be bundled or may be sold separately.

1.2.1. Power Supply (May be Bundled)

Main AC/DC brick type power supply for the complete system, with a separate AC cable and integrated DC cable. The power supply enclosure and cables may be color matched to the POS system.

1.2.2. Standard Cash Drawer (May be Sold Separately)

This standard size accessory may be shipped and sold separately with POS AlO although it could be provided together or integrated. The host interface may be USB and the enclosure design may be customized and color matched to the POS.

1.2.3. Mini Cash Drawer (May be Sold Separately)

This custom accessory may be shipped and sold separately with POS AlO although it could be provided together or integrated. The host interface is preferably USB and the enclosure design may be customized and color matched to the POS.

1.2.4. Secure PINpad (May be Sold Separately)

The AlO system may support USB interface and power supply to various proprietary and third party PINpad products. A dedicated USB port is available for this connection with the appropriate power supply to support the maximum power required for these PINpad products. A non-limiting lists of possible PINpad products includes, among others:

• PowaPIN 100

• VeriFone Vx820

• Ingenico IP 320/350

• PAX S300

• Worldline Yomani

• Others as necessary 1.3. Distribution Requirements/Possibilities

1.3.1. AIO model with PED caddy for PINpad product (EMV payment terminal)

1.3.2. AIO model no PED caddy for PINpad product

1.3.3. PINpad & USB interface cable (or inbuilt cable for proprietary PINpad

1.3.4. Cash Drawer & interface cable

1.3.5. Power Supply with country specific AC cable

1.4. Localization requirements/possibilities

1.4.1. Tablet Application Software

1.4.2. AC Cable

1.4.3. User documentation

Product Requirements/Possibilities

1.5. Human Interface design

1.5.1. Tablet installation & adjustment - Display assembly with mechansim to install and secure the compatible consumer tablet device with a USB cable connection to AIO system. Integrated hinge mechanism for adjusting tilt angle of tablet device for ease of operation in merchant environments with varying counter heights, lighting, and optimal angle for height of operator. Various tilt angle ranges of adjustment of adjustment are possible.

1.5.2. Swivel adjustment - Base plate assembly may incorporate 180°, bi-directional swivel mechanism with detent at 0° and 180° positions and sensor subsystem to allow merchant application to switch screens for consumer signature capture and transation verification when unit is moved to 180° position.

1.5.3. Cable management & access - Tablet interface cable; PINpad interface cable;

Peripheral USB interface cable; DC input cable. 1.5.4. Paper door - hinged door with release latch for drop in paper roll installation and replacement.

1.5.5. Barcode scanner - recharge receptacle and contacts in Paper door with physical feature and/or magnet to securely dock scanner to charger in 180° opposite orientations to support left or right auto scan mode.

1.5.6. Power button - System power ON/OFF button is provided to shutoff system outside business hours and to recover from a system fault or hang condition.

1.6. Mechanical design

1.6.1. PCBA Interconnects

• DC power input/USB port board to Main controller board

• Printer controller to Main controller board

• Barcode scanner charging contacts to Main controller board

• PINpad interface cable to Main controller board

• Tablet interface cable to Main controller board

• Printer mechanism to controller board

1.6.2. Mechanisms

• Base: Swivel, 180 degrees bi-directional with optical positioning sensor.

• Stem : Tablet friction hinge, various angles of adjustment possible

• Scanner: Charging dock with locating feature and magnet retainer in AlO & Scanner

• Printer: Paper door cover, latch, and integrated thermal printer mechanism with manual tear bar on bottom each of exit slot

Electrical Design

1.7.1. Exemplary Block Diagram

A block diagram of the electrical design of the system is shown in Fig. 26. 1.7.2. Main Controller Board

The main controller board may contain embedded firmware that controls system serial communications, sensor operations, and DC power supplies to various components of the system, including peripheral devices. An integrated USB hub may provide interfaces to internal and external USB peripheral devices. A UART port may provide a serial interface to the integrated printer controller board and printer mechanism. A Hall Effect sensor may provide location feedback to the system, such as relating to location and/or rotary position of a swivel mechanism in the base. In embodiments, rotation of the base, when detected, can signal the rest of the system to provide different information. For example, the tablet screen of the point-of-sale system can provide a set of merchant-relevant information when rotated into a merchant-facing position and a different set of customer-relevant information when rotated into a customer-facing position. Thus, the base itself can induce changes in the user interface that are appropriate for the different users who may interact with a screen in a retail environment.

1.7.3. Exemplary Printer Controller Board

A block diagram of a printer controller board suitable for the thermal printer is shown in Fig. 27.

1.7.4. 10 Connector Board

A separate connector board may be located in the center of the base that contains the main 24V/4.0A DC input connector and two (2) micro USB ports for external peripheral connections. A custom USB cable may integrate into the fixed bottom plate of the base swivel mechanism to provide external USB Type A female connectors for connection of external peripherals. A System power ON/OFF switch may be wired to this board in order to control DC input power to the system and recover from a system fault or hang condition.

1.7.5. Apple MFi authentication chip (MFi337S3959) The main controller board may have a configuration that includes the Apple MFi chip for the AlO iPad Air system configuration and the Universal configuration that supports both iPad and Android tablet models. Windows may also be accommodated.

1.7.6. DC Power Supplies (Internal)

1.8. Printer

1.8.1. Thermal printer mechanism

1.8.2. Thermal Printer controller board

1.8.3. Power supply

1.8.4. Paper roll receptacle:

• Paper width: 79 ± 0.5mm (standard size)

• Roll diameter: 80mm ± 2.0mm (Euro size)

• Cutter: Manual cutter bar on bottom edge of paper exit slot although other cutter are possible.

1.9. Barcode Scanner - see below for more detail

• Custom Design • Scan activation button for handheld operation

• Charge contacts

• Locating feature & magnets

• Enters Auto scan mode when docked in charging receptacle

1.9.1. Scan Engine:

1.9.2. Bluetooth Module:

• OS Support: Android, iOS, Windows Mobile

• Profile stack: SPP (Android OS), HID (iOS)

• Range: 10m (preferred minimum)

1.9.3. Battery & Power Supply . Cash Drawer (External Accessory)

1.10.1. Mini Cash Drawer

• Center Lock: Three function (manual open, on-line, locked)

• Spring: force to open drawer to fully extended position

• Cycle life: 500,000 open/close cycles

• Slots: 5 adjustable Bill slots; 6 Coin slots

• Sensors: Open/Close sensor, accessible by AlO system

• Mechanical: Drawer should preferably be capable of supporting full weight of POS AlO without impacting lock or drawer operation.

1.10.2. Full Size Cash Drawer

1.11. AC/DC Power Supply (External Accessory)

2. Environmental Specifications

2.1. Ingress Protection (IP) Rating

The AlO system may be designed to protect against solid and liquid ingress that may damage the electronics and electro-mechanical devices in the system. In particular, the paper door cover and cavity may contain features to channel liquid spills away from ingress into the printer mechanism and internal board assemblies of the system.

Rating: IP32, where

3 = protection against a solid object >2.5mm

2 = protection against vertical falling drops of liquid with enclosure at tilted at 15 degrees from vertical.

2.2. Reliability

3. Pinpad Compatibility - various possibilities, which may interface with Bluetooth or cable such as USB. A pinpad may be integrated with the AIO POS. For example:

• PowaPIN 100 (integrated with AIO)

o Interface: Bluetooth 2.1

• VeriFone Vx820 with cable

o Interface: USB

• Ingenico ΪΡΡ320/350 with cable

o Interface: USB

• PAX S300 with cable

o Interface: USB

• Worldline Yomani with cable

o Interface: USB

4. Product Documentation

4.1. SDK Programming Guide may be provided to allow further development by third parties.

MORE DETAILED SCANNER CONFIGURATIONS As noted herein, the POS AIO may be provided with a scanner, which is described in more detail below. POS Scanner may be considered an accessory to the POS Txx/yy Series point of sale system. POS Scanner is a handheld, battery operated, 1D/2D barcode scanner with Bluetooth wireless communication for interface to for example to iOS, Android, and Windows tablet computers.

Product Configurations

The product configurations and localization requirements are as follows.

1.1.1. System Bundle

May be bundled with POS Txx Series point of sale system, power adapter, packaging and user documentation.

1.1.2. Accessory Product

Stand alone Accessory with packaging, and user documentation for upgrade sale to existing POS Txx Series customers.

2. Product Features

2.1.1. Trigger button

A Trigger button may be located on the top cover of the scanner, in the center of the case for easy access by thumb when held in the left or right hand of the user. This button may activate the scan engine to capture barcode images. This button may also provide a wake up function and certain operation modes defined in this specification.

2.1.2. LED ring

An multi color LED ring may be included, such as surrounding the Trigger button of the scanner to provide feedback on operating mode and charging status.

2.1.3. Charging contacts & magnet

Charging contacts may be included on the bottom surface of the scanner and centered in a position that allows the placement in the POS Txx Series charging cradle in two opposite orientations for both left and right presentation model operation. In addition, the scanner may include a magnet inside the case that aligns with a corresponding set of magnets in the charging cradle for proper alignment and stability in the cradle.

3. Mechanical design

3.1.1. Mechanical Assembly Layout

A cross-sectional view showing the mechanical layout of the scanner is shown in Fig. 28.

3.1.2. Mechanisms

• Trigger Button Switch: Metal dome, PCB mounted

Switch travel 0.25mm (nominal)

• Charging Contacts Two contacts in Belly recess

• Docking Magnet Single magnet in Belly

4. Electrical Design

4.1.1. Block Diagram

A block diagram of the electrical layout of the scanner is shown in Fig. 29.

4.1.2. Main Controller board

The main controller board may contain the MCU, Bluetooth module, charge control circuit, DC/DC supply, LED operation indicators, buzzer, and trigger switch. The main controller board may interface with and supply power to the scanner decoder board, optics module, and Bluetooth module. The board may also contain interfaces for trigger button, buzzer, LEDs, charging contacts and battery power input from an integrated rechargeable battery pack.

The MCU may contain control firmware that operates the main functions of the scanner as follows:

• Scanner operating modes

• Scan engine operation • Bluetooth communications with POS host Tablet, including barcode data transfer from scan engine to host Tablet.

• LED control for operating mode indication (4 Blue LED; 4 Red LED)

• Beeper operation

• Battery charge control

• Scanner decoder board configuration and firmware updates

• DC/DC regulation

4.1.3. Decoder board

The decoder board may provide the control interface to the optics engine and decode functionality for all supported barcode formats. The decoder board architecture may include for example:

• Processor core

• 512 MB Mobile LPSDRAM

• 1G asynchronous flash

• Camera Sensor Interface (CSI) port

• UART host serial port (RS-232)

The decoder board may be configured for standard RS-232 with SSI command protocol host interface communication with the main controller board and Host Tablet system. This configuration is established via logic level setting of two signals on the host interface pins of the decoder board.

4.1.4. Scan Engine

The scan engine may provide an image capture facility, such as a CMOS imager, an illumination source, such as one or more LEDs, and a facility for aiming illumination and capturing of images (e.g., barcode images, QR code images, and the like), as well as transfer of data to the decoder board.

4.1.5. Bluetooth module Operating modes:

Pairing sequence

Active mode

Sniff mode

Deep Sleep Mode (DSM)

4.1.6. Battery Pack

An Li-ion battery may be used

4.1.7. Charging contact board

The charging contact board is mounted to the Belly part and connected 2 wire cable to the main controller board charge control IC to supply power for recharging the main battery.

4.1.8. Interconnects

4.1.9. DC/DC supply

The main controller DC/DC supply will provide power to all modules in the system via regulator IC. In order to achieve maximum performance from the scan engine, this supply may be carefully designed and filtered to achieve minimal noise on the supply line to the decoder board.

4.1.10. Operation Modes

The table below describes the operating modes with user action and feedback.

Possible Scanner Operating Modes

Operation User Action Trigger LED Audio Tone

Mode Ring Power ON Press trigger Blue LEDs Low/Mid/High

3sec Flash xl

Power OFF Press trigger Red LEDs None

15sec Flash xl

Presentation Place in (see Batt High (scan charger modes) code)

Wake from Press trigger Blue LEDs None

Sleep <lsec Flash xl

Sleep mode None for lmin Blue LEDs None

pulsing

Batt charge None Red LEDs None low Flashing

Batt charging Place in Red LEDs ON None

charger

Batt full None (in Blue LEDs ON None charge charger)

Bluetooth not None Blue LED None connected Flashing

Bluetooth Tablet pairing None None connected with Scanner

Operating Mode Definitions:

Power ON

Scanner is operational. Main controller is ON and communicating with Scan engine and Bluetooth module.

Scan engine is ON and in Idle mode ready to accept host command to scan.

Bluetooth module is ON and connected to host Tablet system. Sleep Mode

Scanner is non-operational. Main controller is ON and awaiting user input to

Wake from Sleep.

Scan Engine is in low power Sleep mode awaiting host command to wake from Sleep.

Bluetooth radio is in Sniff mode

Power OFF (Standby)

Scanner is non-operational. Main controller is in low power, standby state awaiting user input to Power ON.

Scan engine is OFF.

Bluetooth radio is in Deep Sleep mode (DSM).

This mode will be invoked for shipping and when a Power OFF/ON reset cycle is required for firmware upgrade of Scan Engine or Bluetooth module.

Presentation (Docked in Charger)

Scanner is operational and docked in charger. Main controller is ON and communicating with Scan engine and Bluetooth module.

Scan engine is ON and in Presentation mode ready to detect object in field, which will create a trigger event to and High tone beep when barcode is sucessfully scanned.

Bluetooth module is ON, paired, and active for data transmission with host Tablet system.

5. Environmental Specifications

5.1. Ingress Protection (IP Rating)

The Scanner shall be designed to protect against dust and liquid ingress that may damage the optics, electronics and electro-mechanical devices in the product. In particular, the Scan Engine optics and window interior area shall be sealed to prevent dust ingress that may impact the function and reliablity of the Scanner. Additional enclosure protection around the trigger button and charging contacts is also recommended to prevent malfunction of these interfaces. 5.2. IEC Rating: IP52, where

5 = dust protection per standard test methods

6. Product Documentation

6.1. An SDK Programming Guide may be provided

The foregoing description has been given by way of example only and it will be appreciated by a person skilled in the art that modifications can be made without departing from the scope of the present disclosure.

It will be appreciated that the more detailed configurations set out above are exemplary only and that any aspect may be varied whilst still falling within one or more of the general concepts set out above.

As noted above, the system may incorporate a built-in EMV (chip and PIN) reader, or this may be provided separately. Either way, the EMV reader may incorporate or be a secure data entry device as set out in Appendix A (British patent application number 1317462.8, which is incorporated herein) and/or Appendix B (British patent application no. 1317466.9, which is incoporated herein). Any aspect or concept of Appendix A and/or Appendix B may be combined with any of the above-described aspects or concepts, or combinations of aspects or concepts. The aspects and concepts of Appendices A and B may also be combined with one another, whether or not with the above-described aspects and concepts as well.

Appendix A relates to arrangements that improve the security for sensitive circuits without resorting to complex and elaborate approaches. Thus, in accordance with one aspect of the present disclosure, there is provided a secure data entry device comprising: electronic circuitry; a keypad in communication with the electronic circuitry for inputting data; and a cover arranged between the keypad and the electronic circuitry to prevent access to the electronic circuitry. The keypad may be for entering data for processing by the electronic circuitry.

The cover may comprise a mesh, such as a fine wire mesh. The mesh may comprise a metallic material. The mesh may be separate from the keypad. The mesh may be secured in place on the electronic circuitry with adhesive.

The secure data entry device is both small and very resistant to attack. The cover prevents access by probing devices to the underlying electronic circuitry, particularly the circuitry relating to the keypad circuits. In addition, probe attacks from above penetrating the cover will register an attack, Moreover, attempts to lift the cover will cause it to lose contact with the electronic circuitry below and thus register an attack.

The keypad may comprise at least one key, a plurality of keys, twelve keys, or twelve keys or more.

The electronic circuitry may comprise a key-press detection component corresponding to each key. Each key may be arranged to be in communication with its corresponding key-press detection component such that a key-press of each key is detectable by the electronic circuitry.

The cover may be located between a key-press detection component and its corresponding key.

Each key-press detection component may comprise: a conductive inner component, such as a conductive inner ring, on the electronic circuitry; a conductive outer component, such as a conductive outer ring, on the electronic circuitry; and a conductive dome, wherein a portion of the dome is in contact with the outer component.

The dome may be a convex dome extending away from the electronic circuitry. The dome may be deformable between a first position in which the dome does not contact the inner ring and a second position in which the dome contacts the inner ring. The inner ring, the outer ring and/or the dome may comprise metallic material. The dome may be secured in place on the electronic circuitry with adhesive. The dome may be secured in place on the electronic circuitry with adhesive tape, resulting in a very strong and secure structure.

The cover may be in contact with at least one key, a plurality of keys, four keys, or four keys or more. Each one or more keys which contact the cover may be positioned at a corner of the keypad.

The electronic circuitry further comprises at least one security element. Each security element comprises an inner security component, such as an inner security ring, and an outer security component, such as an outer security ring. The inner security ring and the outer security ring may be substantially like the inner ring and outer ring, respectively, of the key-press detection component. The electronic circuitry may be adapted to detect changes in conductivity via at least one of the security element(s). At least one of the security element(s) may be connected to the cover.

The electronic circuitry may further comprise a removable data-storage medium reader for receiving a data-storage medium containing data. The data-storage medium may be a card, such as a chip and/or smart card. The electronic circuitry may comprise processing circuitry for processing data read by the data-storage medium reader and data input using the keypad, e.g. for cross-checking a code, such as a PIN, input by the keypad with data stored on the datastorage medium to confirm whether the data is sufficiently similar or identical, and if so, proceeding with reading other data from the removable data-storage medium and/or performing actions such as proceeding with a transaction, such as a card payment transaction (when a card is inserted as the removable data storage medium) into the reader. The datastorage medium reader may comprise an integrated circuit card (ICC) or smartcard receptor. The secure data entry device may further comprise a user interface in communication with the electronic circuitry. The user interface may comprise a display. For example, the display screen may be an LCD display screen.

The secure data entry device may be configured to be powered by one or more batteries. The secure data entry device may further comprise a Bluetooth module. The secure data entry device may be a personal identification number (PIN) entry device (PED). The electronic circuitry may be a circuit board, such as a printed circuit board (PCB).

In accordance with another aspect of the present disclosure, there is also provided a system comprising: a secure data entry device according to an embodiment of the disclosure; and a communication device, wherein the secure data entry device and the communication device are configured to communicate with each other. The communication device could, for example, be the tablet in the AIO system although other communication devices are possible.

The secure data entry device and the communication device may be configured to

communicate with each other via Bluetooth. The communication device may be a mobile communication device (MCD). The MCD may be a smartphone or the tablet. The

communication device may be configured to communicate with an external system. The MCD may be configured to communicate with an external system by means of an application stored on the MCD. The external system may be a payment acquirer, secure data entry device comprising: electronic circuitry; a keypad in communication with the electronic circuitry for inputting data; and a cover arranged between the keypad and the electronic circuitry to prevent access to the electronic circuitry. Appendix B relates to to arrangements that improve the security for sensitive electronic circuitry without resorting to complex and elaborate approaches.

In one aspect of the present disclosure, there is provided a secure data entry device comprising a data input device; electronic circuitry; and a security frame, wherein the data input device and the security frame are arranged to form a security cage for substantially surrounding the electronic circuitry.

The secure data entry device may further comprise a reader. Such a reader could be a biometric unit, for example a fingerprint reader. Preferably, the reader is a reader for reading a removable data medium. The reader and the security frame may be together arranged to form the security cage for substantially surrounding the electronic circuitry.

As stated above, the security cage may be formed from the data input device, the reader and the security frame. Using the data input device and the reader as part of the security cage minimises the requirement for additional security-specific components and thus allows the secure data entry device to maintain a small form factor. This can improve the portability of the secure data entry device without sacrificing security.

A secure data entry device is a device that is used for receiving data input and has security measures that help to protect data from unauthorised access and/or protect the device from tampering.

The data input device is the device that allows the user to enter data. The data input device has a user-facing component with which the user will directly interact, as well as additional mechanisms that convert the user's interactions into a data signal that can be used by the secure data entry device. Such mechanisms can include electrical contacts which are closed when a user presses a given point on the data input device. Possible data input devices that may be used with the present disclosure include a keypad. The keypad may have a plurality of keys allowing the user to input data in the form of a

combination of key presses. The keypad may have at least ten keys so as to allow the input of any combination of Arabic numerals. Alternatively, or in addition, the data input device may have sufficient keys to represent all the letters of an alphabet, for example all 26 letters of the English alphabet. The keypad of a data input device may have at least twelve keys, preferably at least sixteen keys. The keypad may have twelve keys or sixteen keys.

The reader may be capable of reading a removable data medium. This allows the secure data entry device to read information from the removable data medium, which in turn can influence any subsequent processing or action of the secure data entry device. For example, the reader allows the secure data entry device to cross-check a code inputted by the user on a data input device with a code stored on the removable data medium. The information read from the removable medium may be processed in the electronic circuitry.

The removable data medium may be a secure card and, correspondingly, the reader may be a secure card reader for receiving the secure card. Such a secure card may be an integrated circuit card (ICC) and, in this case, the reader is an ICC reader. An ICC is a form of card used, among other things, for chip and PIN payment. Alternatively, the removable data medium may be a near field communication (NFC) card and the reader is a NFC reader.

The secure data entry device includes electronic circuitry. The electronic circuitry processes data from the data input device as well as possible data read by a reader from a removable data medium. The electronic circuitry may therefore be processing security- sensitive information requiring protection from unauthorised access by a security cage, as described later. The electronic circuitry may be present on a printed circuit board (PCB). The electronic circuitry may include components which are security-sensitive. The security frame protects the electronic circuitry within it from attack from certain directions. In this way it contributes to the secure nature of the secure data entry device.

The security frame may comprise a continuous frame structure around a hollow centre in which the electronic circuitry is located. This advantageously provides a continuous form of protection in certain areas around the electronic circuitry. The security frame may be a planar structure that has a relatively small through-thickness dimension compared to a relatively large width and length dimension. Such relative dimensions allow the secure data entry device to maintain a small form factor. In this way, the security frame completely protects the electronic circuitry from attack within the plane of the frame.

As stated above, the data input device, the reader and the security frame can be arranged to form a security cage. Therefore, these three components are arranged so that each of them represents a barrier to accessing the electronic circuitry. In this way, each of these

components is contributing to the security of the electronic circuitry and so advantageously increasing the difficulty of unauthorised access. These components substantially surround the electronic circuitry. In other words, there may be additional components present which further contribute to enclosing the electronic circuitry but each of the data input device and the security frame, as well as the reader if present, are arranged such that they all contribute to the enclosing of the electronic circuitry. Another component that may possibly contribute to surrounding the electronic circuitry is a security mesh, as will be described below.

The data input device is preferably arranged to be a first side of the security cage. The reader is preferably arranged to be a second side of the security cage. The security frame is preferably arranged between the data input device and the reader. Using the data input device as one side of the security cage and/or the reader as a second side of the security cage utilises these components to increase the protection of the electronic circuitry within the security cage from attack from these sides. Positioning the security frame between the data input device and the reader results in the data input device providing protection from one side, the reader providing protection from another side and the security frame providing protection for other sides around the electronic circuitry. In this way, these three components can provide complete, or almost complete, protection for the electronic circuitry.

The security frame may have further features to prevent or detect tampering attempts, i.e. attempts to access or manipulate the circuitry contained within the security frame. One such feature is the presence of conductive vias. The security frame, which has a first side and a second side, may have at least one conductive via extending between the first side and the second side. If unauthorised physical access is attempted through the part of the security frame that has a via present then the conductive via will be broken and a tamper event can be registered. The registering of the tamper event can result in the sounding of an alarm, or the deletion of sensitive data from the electronic circuitry contained within the security cage.

It is particularly preferred that there is a plurality of conductive vias present so as to allow the registration of a tamper event from any of a number of different directions. An increased number of vias, decreases the possibility that the intrusion attempt won't disrupt a via or won't cause sufficient disruption to the via to register a tamper event.

When the security frame is in the form of a planar structure it is preferred that the first side and the second side are the first planar face and the second planar face resulting in the conductive vias extending through the thickness of the security frame.

It is particularly preferred that the at least one via is formed along the inner edge of the security frame, adjacent to the hollow centre of the security frame. The inner edge of the security frame is the face, or faces, of the security frame that face the hollow centre of the security frame. When the security frame has a planar structure, the inner edge is the exposed face that spans the through-thickness direction of the security frame and faces the hollow centre. The at least one via may be exposed along the inner edge of the security frame. In other words, the conductive via can be completely seen from a viewpoint at the hollow centre of the security frame. This places the conductive via as close to the security sensitive electronic circuitry as possible.

The at least one via may be formed as a hole through the security frame. This hole can have conductive material coated on its inner surface to result in a through-thickness conductive trace. Such a hole can be cut in half so as to expose the conductive trace from a viewpoint at the hollow centre. This is a particularly straightforward way of producing exposed vias along the inner edge which utilises common electronics processing steps.

The security frame may have conductive vias for carrying data. These vias may form a conductive path from outside the security frame to carry data to devices positioned within the hollow centre of the security cage. Vias for carrying data and vias for detecting tampering events may both be present.

The security frame may be formed from a printed circuit board material. A printed circuit board material is one that is commonly used as a printed circuit board. Such materials are laminates that are manufactured by curing thermoset resin under pressure and temperature with layers of cloth or paper. Examples of laminates that are used as printed circuit board material are FR-2, FR-3, FR-4, FR-5, FR-6, G-10, CM-1, CM-2, CM-3, CM-4, CM-5. Preferably the PCB material is FR-4 since this is particularly readily available as one of the most common PCB materials. FR-4 refers to a PCB material with glass reinforced epoxy laminate sheets composed of woven fibre glass cloth with an epoxy resin binder.

Utilising printed circuit board material as a security frame is an advantageously

straightforward approach for manufacturing the security frames of the present disclosure, allowing the use of existing, well-established manufacturing technology. It also negates the need for specialist materials, since it is possible to utilise the same PCB material that is used for the electronic circuitry that is to be protected. Additionally, the use of PCB material for the security frame allows the straightforward production of the anti-tamper vias as described above.

The security frame is preferably affixed into position using solder joints. When the security frame comprises at least one conductive via, the positioning of the solder joints may correspond to the conductive vias present. This provides a continuous conductive path through the security cage to the component to which the security frame is affixed. These conductive paths can be used to transmit data though the security cage. In addition, or alternatively, these conductive paths are part of a tamper detection system. If the solder joint is broken, either by moving of the security cage or by direct physical intervention, a tamper event can then be registered.

The use of solder to affix the security frame also allows the affixing step to be carried out as part of standard PCB processing, increasing the ease of manufacture.

The security cage may comprise at least one layer of security mesh. The security mesh provides extra protection against unauthorised access to the electronic circuitry. The security mesh may be conductive. When the security mesh is conductive, it may be connected to additional circuitry that can detect when the mesh's conductivity is disrupted and so register a tamper event. This provides additional security for the electronic circuitry in the security cage.

The security mesh may be made from wire. In particular, the security mesh may be made from metallic wire. The wire may be a fine wire, i.e. less than about 0.2 mm in thickness. Also, the individual wires may be spaced no more than about 0.2 mm apart.

The security mesh utilised may be chosen to meet the required security standards, such as the Payment Card Industry PIN Transaction Security (PCI PTS) standard. A security mesh that forms part of the security cage may be positioned in various locations in order to provide additional protection for the electronic circuitry. For example, the security mesh may be positioned over the outer surface of the data input device. The outer surface of the data input device is the surface that is not facing the electronic circuitry that is inside the security cage. In this position the security mesh provides a level of protection before any attack would then need to overcome the barrier of the data input device.

A security mesh may be positioned over the outer surface of the reader. The outer surface of the reader is the surface that does not face the electronic circuitry that is within the cage. Again, this security mesh provides another layer of initial protection for the electronic circuitry within the security cage.

A layer of security mesh may be positioned between the inner surface of the data input device and the inner surface of the reader. Such positioning of a security mesh provides another layer of protection for the electronic circuitry after the data input device or the reader may be breached. The security mesh may be either side of the electronic circuitry. Alternatively, a security mesh could be positioned on both sides of the electronic circuitry but on the inside of the data input device and the reader, i.e. within the security cage.

A security mesh may be positioned within the data input device. In particular, the security mesh may be positioned under a user-facing layer, with which the user directly interacts, but above the additional operating mechanisms of the data input device. This has the benefit of also providing a layer of security for the mechanism of the data entry device without interrupting the user's experience of the data entry device. t is obviously possible for several layers of security mesh to be present at one or more of the positions stated above. A greater number of layers of security mesh will increase the security of the device but will add to the cost and complexity of manufacture. The secure data entry device may be a personal identification number (PIN) entry device (PED). It is particularly important that such devices have a secure location within them for the electronic circuitry that stores and processes sensitive information such as user's PINs and account numbers. This importance is emphasised by the existence of security standards which such PEDs must fulfil, such as the PCI PTS certification.

The present disclosure also provides a security frame formed from a printed circuit board (PCB) material, comprising a continuous frame structure with a hollow centre, wherein the continuous frame structure has a first side and a second side; and at least one conductive via extending between the first side of the frame structure and the second side of the frame structure.

As noted above, such a security frame provides extra security for anything present in its hollow centre. In particular, the printed circuit board continuous frame provides a physical barrier for accessing the hollow centre from a range of directions. Also, the presence of at least one conductive via provides a trace that may be broken in any unauthorised access attempt. This disruption of the via can then be used to register a tamper event. The features recited above with reference to the security frame present as part of a secure data entry device apply equally to the security frame in isolation from the rest of the secure data entry device.

The security frame of the present disclosure can be utilised in a range of scenarios. In the above-noted application of a secure data entry device, the security frame forms a security cage with a data input device and, optionally, a reader. However, the security frame can be utilised with other components to form a security cage. In one of its simplest forms, a security cage can be formed by sandwiching the security cage between two PCBs.

The present disclosure also provides a PCB assembly comprising security- sensitive

components on a PCB; and a security frame according to the present disclosure, wherein the security frame is affixed around the security-sensitive components. Securing the security frame around security-sensitive components on a PCB provides the protection highlighted above for those security-sensitive components.

The security frame can be affixed by adhesive. Alternatively, the security frame may be affixed by using a screw connection or by using rivets. Preferably, the security frame is affixed to by using solder joints. The solder joints may correspond to vias present in the security frame providing a continuous conductive path through the security frame and into the component to which the security frame is affixed. As noted above, this has advantages for carrying data and providing tamper protection.

The present disclosure further provides a system comprising the secure data entry device according to the present disclosure; and a communication device; wherein the secure data entry device and the communications device are configured to communicate with each other.

Such a system allows the secure data entry device to be of a minimal size as the

communications device can contain the additional components that do not need to be part of the secure data entry device.

The communication device may be configured to communicate with an external system. The communication device may be a mobile communications device, such as a smart phone or the tablet in the AIO. The mobile communication device may run an application that drives the communications required to connect to an external system. The secure data entry device and the communication device may communicate with each other via Bluetooth technology. Accordingly, the secure data entry device of the present disclosure may comprise a Bluetooth module. Also, the communication device may comprise a Bluetooth module.

The external system may be a payment acquirer. A payment acquirer is an entity that processes card-based payments. Whilst disclosure has been given of a POS system in general, it should be noted that all features, aspects and concepts of this disclosure are not limited to a general POS system. For example, the cable routing concept can be applied to any electronic/electrical device involving cabling and secure data entry key pad concepts also have wide application. Non-limiting examples of uses of the disclosure include retail point of sale, restaurant point of sale, inventory control, hire or rental of equipment such as autos and auto equipment, skis and ski equipment, boats and boat equipment, customer self service kiosks, gaming, voting, customer or other feedback, check-in eg at office, hotel, restaurant seating, medical office etc.

While only a few embodiments of the present disclosure have been shown and described, it will be apparent to those skilled in the art that many changes and modifications may be made thereunto without departing from the spirit and scope of the present disclosure as described in the following claims. All patent applications and patents, both foreign and domestic, and all other publications referenced herein are incorporated herein in their entireties to the full extent permitted by law.

The methods and systems described herein may be deployed in part or in whole through a machine that executes computer software, program codes, and/or instructions on a processor. The present disclosure may be implemented as a method on the machine, as a system or apparatus as part of or in relation to the machine, or as a computer program product embodied in a computer readable medium executing on one or more of the machines. In embodiments, the processor may be part of a server, cloud server, client, network infrastructure, mobile computing platform, stationary computing platform, or other computing platform. A processor may be any kind of computational or processing device capable of executing program instructions, codes, binary instructions and the like. The processor may be or may include a signal processor, digital processor, embedded processor, microprocessor or any variant such as a co-processor (math co-processor, graphic coprocessor, communication co-processor and the like) and the like that may directly or indirectly facilitate execution of program code or program instructions stored thereon. In addition, the processor may enable execution of multiple programs, threads, and codes. The threads may be executed simultaneously to enhance the performance of the processor and to facilitate simultaneous operations of the application. By way of implementation, methods, program codes, program instructions and the like described herein may be implemented in one or more thread. The thread may spawn other threads that may have assigned priorities associated with them; the processor may execute these threads based on priority or any other order based on instructions provided in the program code. The processor, or any machine utilizing one, may include memory that stores methods, codes, instructions and programs as described herein and elsewhere. The processor may access a storage medium through an interface that may store methods, codes, and instructions as described herein and elsewhere. The storage medium associated with the processor for storing methods, programs, codes, program instructions or other type of instructions capable of being executed by the computing or processing device may include but may not be limited to one or more of a CD-ROM, DVD, memory, hard disk, flash drive, RAM, ROM, cache and the like.

A processor may include one or more cores that may enhance speed and performance of a multiprocessor. In embodiments, the process may be a dual core processor, quad core processors, other chip-level multiprocessor and the like that combine two or more independent cores (called a die).

The methods and systems described herein may be deployed in part or in whole through a machine that executes computer software on a server, client, firewall, gateway, hub, router, or other such computer and/or networking hardware. The software program may be associated with a server that may include a file server, print server, domain server, internet server, intranet server, cloud server, and other variants such as secondary server, host server, distributed server and the like. The server may include one or more of memories, processors, computer readable media, storage media, ports (physical and virtual), communication devices, and interfaces capable of accessing other servers, clients, machines, and devices through a wired or a wireless medium, and the like. The methods, programs, or codes as described herein and elsewhere may be executed by the server. In addition, other devices required for execution of methods as described in this application may be considered as a part of the infrastructure associated with the server.

The server may provide an interface to other devices including, without limitation, clients, other servers, printers, database servers, print servers, file servers, communication servers, distributed servers, social networks, and the like. Additionally, this coupling and/or connection may facilitate remote execution of program across the network. The networking of some or all of these devices may facilitate parallel processing of a program or method at one or more location without deviating from the scope of the disclosure. In addition, any of the devices attached to the server through an interface may include at least one storage medium capable of storing methods, programs, code and/or instructions. A central repository may provide program instructions to be executed on different devices. In this implementation, the remote repository may act as a storage medium for program code, instructions, and programs.

The software program may be associated with a client that may include a file client, print client, domain client, internet client, intranet client and other variants such as secondary client, host client, distributed client and the like. The client may include one or more of memories, processors, computer readable media, storage media, ports (physical and virtual), communication devices, and interfaces capable of accessing other clients, servers, machines, and devices through a wired or a wireless medium, and the like. The methods, programs, or codes as described herein and elsewhere may be executed by the client. In addition, other devices required for execution of methods as described in this application may be considered as a part of the infrastructure associated with the client.

The client may provide an interface to other devices including, without limitation, servers, other clients, printers, database servers, print servers, file servers, communication servers, distributed servers and the like. Additionally, this coupling and/or connection may facilitate remote execution of program across the network. The networking of some or all of these devices may facilitate parallel processing of a program or method at one or more location without deviating from the scope of the disclosure. In addition, any of the devices attached to the client through an interface may include at least one storage medium capable of storing methods, programs, applications, code and/or instructions. A central repository may provide program instructions to be executed on different devices. In this implementation, the remote repository may act as a storage medium for program code, instructions, and programs.

The methods and systems described herein may be deployed in part or in whole through or in connection with network infrastructures. The network infrastructure may include elements such as computing devices, servers, routers, hubs, firewalls, clients, personal computers, communication devices, routing devices and other active and passive devices, modules and/or components as known in the art. The computing and/or non-computing device(s) associated with the network infrastructure may include, apart from other components, a storage medium such as flash memory, buffer, stack, RAM, ROM and the like. The processes, methods, program codes, instructions described herein and elsewhere may be executed by one or more of the network infrastructural elements. The methods and systems described herein may be adapted for use with any kind of private, community, or hybrid cloud computing network or cloud computing environment, including those which involve features of software as a service (SaaS), platform as a service (PaaS), and/or infrastructure as a service (laaS).

The methods, program codes, and instructions described herein and elsewhere may be implemented on a cellular network having multiple cells. The cellular network may either be frequency division multiple access (FDMA) network or code division multiple access (CDMA) network. The cellular network may include mobile devices, cell sites, base stations, repeaters, antennas, towers, and the like. The cell network may be a GSM, GPRS, 3G, EVDO, mesh, or other networks types.

The methods, program codes, and instructions described herein and elsewhere may be implemented on or through mobile devices. The mobile devices may include navigation devices, cell phones, mobile phones, mobile personal digital assistants, laptops, palmtops, netbooks, pagers, electronic books readers, music players and the like. These devices may include, apart from other components, a storage medium such as a flash memory, buffer, RAM, ROM and one or more computing devices. The computing devices associated with mobile devices may be enabled to execute program codes, methods, and instructions stored thereon. Alternatively, the mobile devices may be configured to execute instructions in collaboration with other devices. The mobile devices may communicate with base stations interfaced with servers and configured to execute program codes. The mobile devices may communicate on a peer-to-peer network, mesh network, or other communications network. The program code may be stored on the storage medium associated with the server and executed by a computing device embedded within the server. The base station may include a computing device and a storage medium. The storage device may store program codes and instructions executed by the computing devices associated with the base station.

The computer software, program codes, and/or instructions may be stored and/or accessed on machine readable media that may include: computer components, devices, and recording media that retain digital data used for computing for some interval of time; semiconductor storage known as random access memory (RAM); mass storage typically for more permanent storage, such as optical discs, forms of magnetic storage like hard disks, tapes, drums, cards and other types; processor registers, cache memory, volatile memory, non-volatile memory; optical storage such as CD, DVD; removable media such as flash memory (e.g. USB sticks or keys), floppy disks, magnetic tape, paper tape, punch cards, standalone RAM disks, Zip drives, removable mass storage, off-line, and the like; other computer memory such as dynamic memory, static memory, read/write storage, mutable storage, read only, random access, sequential access, location addressable, file addressable, content addressable, network attached storage, storage area network, bar codes, magnetic ink, and the like. The methods and systems described herein may transform physical and/or or intangible items from one state to another. The methods and systems described herein may also transform data representing physical and/or intangible items from one state to another.

The elements described and depicted herein, including in flow charts and block diagrams throughout the figures, imply logical boundaries between the elements. However, according to software or hardware engineering practices, the depicted elements and the functions thereof may be implemented on machines through computer executable media having a processor capable of executing program instructions stored thereon as a monolithic software structure, as standalone software modules, or as modules that employ external routines, code, services, and so forth, or any combination of these, and all such implementations may be within the scope of the present disclosure. Examples of such machines may include, but may not be limited to, personal digital assistants, laptops, personal computers, mobile phones, other handheld computing devices, medical equipment, wired or wireless communication devices, transducers, chips, calculators, satellites, tablet PCs, electronic books, gadgets, electronic devices, devices having artificial intelligence, computing devices, networking equipment, servers, routers and the like. Furthermore, the elements depicted in the flow chart and block diagrams or any other logical component may be implemented on a machine capable of executing program instructions. Thus, while the foregoing drawings and descriptions set forth functional aspects of the disclosed systems, no particular arrangement of software for implementing these functional aspects should be inferred from these descriptions unless explicitly stated or otherwise clear from the context. Similarly, it will be appreciated that the various steps identified and described above may be varied, and that the order of steps may be adapted to particular applications of the techniques disclosed herein. All such variations and modifications are intended to fall within the scope of this disclosure. As such, the depiction and/or description of an order for various steps should not be understood to require a particular order of execution for those steps, unless required by a particular application, or explicitly stated or otherwise clear from the context. The methods and/or processes described above, and steps associated therewith, may be realized in hardware, software or any combination of hardware and software suitable for a particular application. The hardware may include a general- purpose computer and/or dedicated computing device or specific computing device or particular aspect or component of a specific computing device. The processes may be realized in one or more microprocessors, microcontrollers, embedded microcontrollers, programmable digital signal processors or other programmable device, along with internal and/or external memory. The processes may also, or instead, be embodied in an application specific integrated circuit, a programmable gate array, programmable array logic, or any other device or combination of devices that may be configured to process electronic signals. It will further be appreciated that one or more of the processes may be realized as a computer executable code capable of being executed on a machine-readable medium.

The computer executable code may be created using a structured programming language such as C, an object oriented programming language such as C++, or any other high-level or low- level programming language (including assembly languages, hardware description languages, and database programming languages and technologies) that may be stored, compiled or interpreted to run on one of the above devices, as well as heterogeneous combinations of processors, processor architectures, or combinations of different hardware and software, or any other machine capable of executing program instructions. For the web dashboard, as described herein, HTML 5.0 and Javascript may be used. For the cloud solution, as described herein, Java and node.js may be used.

Thus, in one aspect, methods described above and combinations thereof may be embodied in computer executable code that, when executing on one or more computing devices, performs the steps thereof. In another aspect, the methods may be embodied in systems that perform the steps thereof, and may be distributed across devices in a number of ways, or all of the functionality may be integrated into a dedicated, standalone device or other hardware. In another aspect, the means for performing the steps associated with the processes described above may include any of the hardware and/or software described above. All such permutations and combinations are intended to fall within the scope of the present disclosure.

While the disclosure has been disclosed in connection with the preferred embodiments shown and described in detail, various modifications and improvements thereon will become readily apparent to those skilled in the art. Accordingly, the spirit and scope of the present disclosure is not to be limited by the foregoing examples, but is to be understood in the broadest sense allowable by law.

The use of the terms "a" and "an" and "the" and similar referents in the context of describing the disclosure (especially in the context of the following claims) is to be construed to cover both the singular and the plural, unless otherwise indicated herein or clearly contradicted by context. The terms "comprising," "having," "including," and "containing" are to be construed as open-ended terms (i.e., meaning "including, but not limited to,") unless otherwise noted. Recitation of ranges of values herein are merely intended to serve as a shorthand method of referring individually to each separate value falling within the range, unless otherwise indicated herein, and each separate value is incorporated into the specification as if it were individually recited herein. All methods described herein may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g., "such as") provided herein, is intended merely to better illuminate the disclosure and does not pose a limitation on the scope of the disclosure unless otherwise claimed. No language in the specification should be construed as indicating any non-claimed element as essential to the practice of the disclosure.

While the foregoing written description enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill will understand and appreciate the existence of variations, combinations, and equivalents of the specific embodiment, method, and examples herein. The disclosure should therefore not be limited by the above described embodiment, method, and examples, but by all embodiments and methods within the scope and spirit of the disclosure.

APPENDIX A

Secure Data Entry Device

Field of the Disclosure

[1] The present invention relates to a secure data entry device. It also relates to a system comprising the secure data entry device.

Background

[2] Data entry devices are employed in many situations and it is a common requirement that they are secure. Accordingly, secure data entry devices are available that resist unauthorised access to the internal circuitry of the data entry device, especially the circuitry that processes or stores sensitive information.

[3] An example of a data entry device that is required to be secure is a personal identification number (PIN) entry device (PED). PEDs are used to process payments securely. Such devices have a keypad for the customer to input their PIN along with internal circuitry which encrypts the customer's information for external transmission. Therefore, it is of the upmost importance that the circuitry within the PED that carries sensitive information is secure from external attack. This is recognised by the existence of security standards for such devices administered by the PCI Security Standards Council. Previous secure data entry devices have used a security mesh to enclose and protect sensitive circuitry.

Summary of the Disclosure

[4] The present disclosure relates to arrangements that improve the security for sensitive circuits without resorting to complex and elaborate approaches. [5] In accordance with one aspect of the present disclosure, there is provided a secure data entry device comprising: electronic circuitry; a keypad in communication with the electronic circuitry for inputting data; and a cover arranged between the keypad and the electronic circuitry to prevent access to the electronic circuitry. The keypad may be for entering data for processing by the electronic circuitry.

[6] The cover may comprise a mesh, such as a fine wire mesh. The mesh may comprise a metallic material. The mesh may be separate from the keypad. The mesh may be secured in place on the electronic circuitry with adhesive.

[7] The secure data entry device which is both small and very resistant to attack. The cover prevents access by probing devices to the underlying electronic circuitry, particularly the circuitry relating to the keypad circuits. In addition, probe attacks from above penetrating the cover will register an attack, Moreover, attempts to lift the cover will cause it to lose contact with the electronic circuitry below and thus register an attack.

[8] The keypad may comprise at least one key, a plurality of keys, twelve keys, or twelve keys or more.

[9] The electronic circuitry may comprise a key-press detection component corresponding to each key. Each key may be arranged to be in communication with its corresponding key-press detection component such that a key-press of each key is detectable by the electronic circuitry.

[10] The cover may be located between a key-press detection component and its corresponding key. [11] Each key-press detection component may comprise: a conductive inner component, such as a conductive inner ring, on the electronic circuitry; a conductive outer component, such as a conductive outer ring, on the electronic circuitry; and a conductive dome, wherein a portion of the dome is in contact with the outer component.

[12] The dome may be a convex dome extending away from the electronic circuitry. The dome may be deformable between a first position in which the dome does not contact the inner ring and a second position in which the dome contacts the inner ring. The inner ring, the outer ring and/or the dome may comprise metallic material. The dome may be secured in place on the electronic circuitry with adhesive. The dome may be secured in place on the electronic circuitry with adhesive tape, resulting in a very strong and secure structure. [13] The cover may be in contact with at least one key, a plurality of keys, four keys, or four keys or more. Each one or more keys which contact the cover may be positioned at a corner of the keypad.

[14] The electronic circuitry further comprises at least one security element. Each security element comprises an inner security component, such as an inner security ring, and an outer security component, such as an outer security ring. The inner security ring and the outer security ring may be substantially like the inner ring and outer ring, respectively, of the key-press detection component. The electronic circuitry may be adapted to detect changes in conductivity via at least one of the security element(s). At least one of the security element(s) may be connected to the cover.

[15] The electronic circuitry may further comprise a removable data-storage medium reader for receiving a data-storage medium containing data. The data-storage medium may be a card, such as a chip and/or smart card. The electronic circuitry may comprise processing circuitry for processing data read by the data-storage medium reader and data input using the keypad, e.g. for cross-checking a code, such as a PIN, input by the keypad with data stored on the data-storage medium to confirm whether the data is sufficiently similar or identical, and if so, proceeding with reading other data from the removable datastorage medium and/or performing actions such as proceeding with a transaction, such as a card payment transaction (when a card is inserted as the removable data storage medium) into the reader. The data-storage medium reader may comprise an integrated circuit card (ICC) or smartcard receptor. The secure data entry device may further comprise a user interface in communication with the electronic circuitry. The user interface may comprise a display. For example, the display screen may be an LCD display screen.

[16] The secure data entry device may be configured to be powered by one or more batteries. The secure data entry device may further comprise a Bluetooth module. The secure data entry device may be a personal identification number (PIN) entry device (PED). The electronic circuitry may be a circuit board, such as a printed circuit board (PCB).

[17] In accordance with a second aspect of the present disclosure, there is also provided a system comprising: a secure data entry device according to an embodiment of the invention; and a communication device, wherein the secure data entry device and the communication device are configured to communicate with each other.

[18] The secure data entry device and the communication device may be configured to communicate with each other via Bluetooth. The communication device may be a mobile communication device (MCD). The MCD may be a smartphone. The communication device may be configured to communicate with an external system. The MCD may be configured to communicate with an external system by means of an application stored on the MCD. The external system may be a payment acquirer.

Brief Description of the Drawings

[19] The invention is described below, by way of example only, with reference to the accompanying drawings, in which:

[20] Fig. 1 is a perspective view of a secure data entry device according to an embodiment of the invention; [21] Fig. 2 is a cut-away view of a key-press detection component according to an embodiment of the invention;

[22] Fig. 3 is a plan view of electronic circuitry according to an embodiment of the invention;

[23] Fig. 4 is a plan view of a portion of electronic circuitry according to an embodiment of the invention; and

[24] Fig. 5 is a schematic view of a key detection circuit and a key-press detection component or security component according to an embodiment of the invention.

Detailed Description [25] Fig. 1 shows a perspective view of a secure data entry device 10, such as a personal identification number (PIN) entry device (PED), according to an embodiment of the invention. The secure data entry device 10 comprises electronic circuitry 12, for example a circuit board, such as a printed circuit board (PCB), a keypad 14 in communication with the electronic circuitry for inputting data, and a cover 16 arranged between the keypad 14 and the electronic circuitry 12 to prevent access to the electronic circuitry 12. In the embodiment shown in Fig. 1 , the cover 16 is a mesh which may be made from a metallic material and/or be a fine wire mesh. References "mesh" below will generally be understood as references to the "cover".

[26] The mesh 16 is separate from the keypad 14, and is secured in place on the electronic circuitry 12 with adhesive. In the exemplary embodiment shown in the figures, the keypad 14 comprises twelve keys 18. However, in alternative embodiments, the keypad 14 may comprise at least one key, a plurality of keys, twelve keys, or twelve keys or more. The skilled person will understand that any suitable number of keys can be used. The keys 18 of the keypad 14 are accessible to a user to permit the user to press the keys 18 to input data, such as one or more alphanumeric characters or any other character. [27] The electronic circuitry 12 comprises a key-press detection component 20 corresponding to each key 18 of the keypad 14. Fig. 2 shows a cut-away view of a keypress detection component 20 according to an embodiment of the invention. Each key 18 is arranged to be in communication with its corresponding key-press detection component 20 such that a key-press of each key 18 is detectable by the electronic circuitry 12. [28] Each key-press detection component 20 comprises a conductive inner ring 22 (or contact, such as a spot contact) on the electronic circuitry 12, a conductive outer ring 24 on the electronic circuitry 12, and a conductive dome 26. A portion of the dome 26 is in contact with the outer ring 24. As shown in Fig. 2, the outer perimeter of the dome 26 is in contact with the outer ring 24. Typically, the inner ring 22, outer ring 24 and dome 26 are made of a conductive material, for example a metallic material, such as gold.

[29] The dome 26 is a convex dome 26 extending away from the electronic circuitry 12, and is deformable between a first position in which the dome 26 does not contact the inner ring 22 and a second position in which the dome 26 contacts the inner ring 22. When the dome 26 contacts the inner ring 22, for example as a result of pressure applied by a user on the key 18 corresponding to the key-press detection component 20 concerned, a keypress is registered, i.e. the electronic circuitry 12 is adapted to detect the change in conductivity, e.g. the shorting of the outer ring 24 to the inner ring 22 via the dome 26. The dome 26 is typically secured in place on the electronic circuitry 12 with adhesive and/or adhesive tape, resulting in a very strong and secure structure.

[30] Fig. 3 shows the inner ring 22 and outer ring 24 in more detail. As discussed previously, the inner ring 22 and outer ring 24 are typically made of a conductive material, for example a metallic material, such as gold. Of course, reference has been made herein to outer and inner "rings". However, it will be appreciated that other geometries are useable which utilise an outer conductive component surrounding an inner conductive component. [31] The electronic circuitry 12 further comprises at least one security element 28. Each security element 28 comprises an inner security ring and an outer security ring. In an exemplary embodiment, the inner security ring and the outer security ring are substantially like the inner ring 22 and outer ring 24, respectively, of the key-press component. For example, they are typically mounted on the electronic circuitry 12 and are made from a conductive material, for example a metallic material, such as gold. Of course, it will be appreciated that other geometries are useable which utilise an outer security conductive component surrounding an inner security conductive component.

[32] The electronic circuitry 12 is adapted to detect changes in conductivity via each security element 28, each of which can be connected to the cover 16. As a result, movement of the cover 16 so that it becomes detached from one or more of the security elements 28 or changes its position on the security elements 28, or manipulation of the cover 16, e.g. via a metallic probe, can be detected by the electronic circuitry 12 which detects slight changes in conductivity via one or more of the security elements 28.

[33] Each key-press detection component 20 and/or security element 28 is adapted to pass electrical current between its outer and inner conductive components such that changes in the conductivity can be detected, for example as a result of the dome contact or cover manipulation mentioned above. This conductivity change is detectable by a detection circuit 60 (see Fig. 5) on the electronic circuitry 12 and connected to one or more or all of the key-press detection components 20 and/or security elements 28. The detection circuit 60 is adapted to take preventative action when intrusive manipulation via the keypad is detected, e.g. via manipulation or probing of the cover 16. The detection circuit 60 is also adapted to pass the aforementioned current to each key-press detection component 20 and/or security element 28. Such preventative action may include one or more of: disabling some or all functionality provided by the electronic circuitry 12, displaying a warning; sounding an alert etc. This may be achieved since the detection circuit 60 is connected to or comprised within other processing circuitry (not shown) on the electronic circuitry 12 which performs the conventional functions of the electronic circuitry 12.

[34] Fig. 4 shows exemplary electronic circuitry 12 in the form of a printed circuit board (PCB) with twelve sets of inner 22 and outer 24 rings corresponding to twelve key-press components, as described previously, and four sets of inner and outer security rings .

[35] As shown in Fig. 1 , the cover 16 is located between each key-press component 20 and its corresponding key 18. The cover 16 is typically in contact and/or fixed to one or more, or all of four keys 18 located at the four corners of the keypad 14. This configuration prevents the cover 16 from being lifted thereby improving the security of the device. However, the skilled person will understand that least one key, a plurality of keys, four keys, or four keys or more may be in contact with the cover 16.

[36] In embodiments where the secure data entry device 10 is configured to receive data from a card, the electronic circuitry 12 further comprises a card reader (not shown in the drawings) for receiving a card containing data. The electronic circuitry 12 comprises processing circuitry for processing data read by the card reader and data input using the keypad. In some embodiments, the card reader comprises an integrated circuit card (ICC) receptor or a smartcard receptor.

[37] The secure data entry device 10 further comprises a user interface in communication with the electronic circuitry 12, such as the processor mentioned above. The user interface comprises a display, such as an LCD display screen.

[38] In some embodiments, the secure data entry device is configured to be powered by one or more batteries. Alternatively, the secure data entry device may be solar-powered or powered by plugging it into an electric socket.

[39] There is also provided a system (not shown) comprising a secure data entry device 10 according to any embodiment of the invention and a communication device, wherein the secure data entry device 10 and the communication device are configured to communicate with each other.

[40] In some embodiments, the secure data entry device 10 comprises a Bluetooth module, and the secure data entry device 10 and the communication device are configured to communicate with each other via Bluetooth. The communication device may be a mobile communication device (MCD), such as a smartphone. Alternatively, the communication device could be a PC, tablet device or any other communication device. The communication device is configured to communicate with an external system by means of an application or program stored on the MCD. The external system may be a payment acquirer.

[41] The present invention has been described above in exemplary form with reference to the accompanying drawings which represent embodiments of the invention. It will be understood that many different embodiments of the invention exist, and that these embodiments all fall within the scope of the invention as defined by the following claims.

Claims

1. A secure data entry device comprising:

electronic circuitry;

a keypad in communication with the electronic circuitry for inputting data; and a cover arranged between the keypad and the electronic circuitry to prevent access to the electronic circuitry.

2. The secure data entry device according to claim 1 , wherein the cover comprises a mesh.

3. The secure data entry device according to claim 2, wherein the mesh is a fine wire mesh.

4. The secure data entry device according to claim 2 or claim 3, wherein the mesh comprises a metallic material.

5. The secure data entry device according to any one of claims 2 to 5, wherein the mesh is separate from the keypad. 6. The secure data entry device according to any one of claims 2 to 5, wherein the mesh is secured in place on the electronic circuitry with adhesive.

7. The secure data entry device according to any one of the preceding claims wherein the keypad comprises at least one key.

8. The secure data entry device according to any one of the preceding claims wherein the keypad comprises a plurality of keys.

9. The secure data entry device according to any one of the preceding claims wherein the keypad comprises sixteen keys, or sixteen keys or more.

10. The secure data entry device according to any one of claims 7 to 9, wherein the electronic circuitry comprises a key-press detection component corresponding to each key. 1 1. The secure data entry device of claim 10, wherein each key is arranged to be in communication with its corresponding key-press detection component such that a keypress of each key is detectable by the electronic circuitry. 12. The secure data entry device of claim 10 or claim 1 1 , wherein the cover is located between a key-press component and its corresponding key.

13. The secure data entry device of any one of claims 10 to 12, wherein each keypress component comprises:

a conductive inner component on the electronic circuitry;

a conductive outer component on the electronic circuitry; and

a conductive dome,

wherein a portion of the dome is in contact with the outer component. 14. The secure data entry device of claim 13, wherein the conductive inner component is a conductive inner spot or a conductive inner ring and the conductive outer component is a conductive outer ring.

15. The secure data entry device according to claim 13 or claim 14, wherein the dome is a convex dome extending away from the electronic circuitry.

16. The secure data entry device according to any one of claims 13 to claim 15, wherein the dome is deformable between a first position in which the dome does not contact the inner component and a second position in which the dome contacts the inner component.

17. The secure data entry device according to any one of claims 13 to 16, wherein the inner component, the outer component and/or the dome comprise metallic material. 18. The secure data entry device according to any one of claims 13 to 17, wherein the dome is secured in place on the electronic circuitry with adhesive. 19. The secure data entry device according to any one of claims 13 to 18, wherein the dome is secured in place on the electronic circuitry with adhesive tape.

20. The secure data entry device according to any one of claims 7 to 19, wherein the cover is in contact with or fixed to at least one key, thereby holding it in a fixed position relative to the at least one key.

21. The secure data entry device according to any one of claims 8 to 20 when dependant on claim 8, wherein the cover is in contact with a plurality of keys.

22. The secure data entry device according to any one of claims 8 to 21 , when dependant on claim 8, wherein the cover is in contact with four keys or four keys or more.

23. The secure data entry device according to any one of claims 20 to 22, wherein each one or more keys which contact the cover are positioned at a corner of the keypad.

24. The secure data entry device according to any one of the preceding claims, wherein the electronic circuitry further comprises at least one security element. 25. The secure data entry device according to claim 24, wherein the electronic circuitry further comprises four security elements.

26. The secure data entry device according to claim 24 or claim 25, wherein each security element comprises an inner security component and an outer security component.

27. The secure data entry device according to claim 26, wherein the inner security component is an inner security ring and the outer security component is an outer security ring. 28. The secure data entry device according to any one of claims 24 to 27, wherein the electronic circuitry is adapted to detect changes in conductivity via at least one of the security element(s). 29. The secure data entry device according to any one of claims 24 to 28, wherein at least one or all of the security element(s) is/are connected to the cover.

30. The secure data entry device according to any one of the preceding claims, wherein the electronic circuitry further comprises a card reader for receiving a card containing data.

31. The secure data entry device according claim 30, wherein the electronic circuitry comprises processing circuitry for processing data read by the card reader and data input using the keypad.

32. The secure data entry device according to claim 30 or claim 31 , wherein the card reader comprises an integrated circuit card (ICC) or smartcard receptor. 33. The secure data entry device according to any one of the preceding claims, further comprising a user interface in communication with the electronic circuitry.

34. The secure data entry device according to claim 33, wherein the user interface comprises a display.

35. The secure data entry device according to any one of the preceding claims, wherein the secure data entry device is a personal identification number (PIN) entry device (PED). 36. The secure data entry device according to any one of the preceding claims, wherein the electronic circuitry is a circuit board, such as a printed circuit board.

37. A system comprising:

a secure data entry device according to any one of the previous claims; and a communication device,

wherein the secure data entry device and the communication device are configured to communicate with each other. 38. A system according to claim 37, wherein the communication device is configured to communicate with an external system.

39. A system according to claim 38, wherein the external system is a payment acquirer.

40. The secure data entry device as hereinbefore described with reference to the accompanying drawings. 41. A system as hereinbefore described with reference to the accompanying drawings.

Abstract

TITLE: Secure Data Entry Device

A secure data entry device comprising electronic circuitry, a keypad in communication with the electronic circuitry for inputting data and a cover arranged between the keypad and the electronic circuitry to prevent access to the electronic circuitry. A system is also provided comprising the secure data entry device and a communication device, wherein the secure data entry device and the communication device are configured to communicate with each other.

To be published with Fig. 1.

APPENDIX B

Secure Data Entry Device

Field of the Disclosure

[1] The present disclosure relates to a secure data entry device. It also relates to a system comprising the secure data entry device.

Background

[2] Data entry devices are employed in many situations and it is a common

requirement that they are secure. Accordingly, secure data entry devices are available that resist unauthorised access to the internal circuitry of the data entry device, especially the circuitry that processes or stores sensitive information.

Summary of the Disclosure

[4] The present disclosure relates to arrangements that improve the security for sensitive electronic circuitry without resorting to complex and elaborate approaches. [5] In a first aspect of the present disclosure, there is provided a secure data entry device comprising a data input device; electronic circuitry; and a security frame, wherein the data input device and the security frame are arranged to form a security cage for substantially surrounding the electronic circuitry. [6] The secure data entry device may further comprise a reader. Such a reader could be a biometric unit, for example a fingerprint reader. Preferably, the reader is a reader for reading a removable data medium. The reader and the security frame may be together arranged to form the security cage for substantially surrounding the electronic circuitry.

[7] As stated above, the security cage may be formed from the data input device, the reader and the security frame. Using the data input device and the reader as part of the security cage minimises the requirement for additional security-specific components and thus allows the secure data entry device to maintain a small form factor. This can improve the portability of the secure data entry device without sacrificing security.

[8] A secure data entry device is a device that is used for receiving data input and has security measures that help to protect data from unauthorised access and/or protect the device from tampering.

[9] The data input device is the device that allows the user to enter data. The data input device has a user-facing component with which the user will directly interact, as well as additional mechanisms that convert the user's interactions into a data signal that can be used by the secure data entry device. Such mechanisms can include electrical contacts which are closed when a user presses a given point on the data input device.

[10] Possible data input devices that may be used with the present disclosure include a keypad. The keypad may have a plurality of keys allowing the user to input data in the form of a combination of key presses. The keypad may have at least ten keys so as to allow the input of any combination of Arabic numerals. Alternatively, or in addition, the data input device may have sufficient keys to represent all the letters of an alphabet, for example all 26 letters of the English alphabet. The keypad of a data input device may have at least twelve keys, preferably at least sixteen keys. The keypad may have twelve keys or sixteen keys. [11] The reader may be capable of reading a removable data medium. This allows the secure data entry device to read information from the removable data medium, which in turn can influence any subsequent processing or action of the secure data entry device. For example, the reader allows the secure data entry device to cross-check a code inputted by the user on a data input device with a code stored on the removable data medium. The information read from the removable medium may be processed in the electronic circuitry.

[12] The removable data medium may be a secure card and, correspondingly, the reader may be a secure card reader for receiving the secure card. Such a secure card may be an integrated circuit card (ICC) and, in this case, the reader is an ICC reader. An ICC is a form of card used, among other things, for chip and PIN payment. Alternatively, the removable data medium may be a near field communication (NFC) card and the reader is a NFC reader.

[13] The secure data entry device includes electronic circuitry. The electronic circuitry processes data from the data input device as well as possible data read by a reader from a removable data medium. The electronic circuitry may therefore be processing security- sensitive information requiring protection from unauthorised access by a security cage, as described later. The electronic circuitry may be present on a printed circuit board (PCB). The electronic circuitry may include components which are security-sensitive. [14] The security frame protects the electronic circuitry within it from attack from certain directions. In this way it contributes to the secure nature of the secure data entry device.

[15] The security frame may comprise a continuous frame structure around a hollow centre in which the electronic circuitry is located. This advantageously provides a continuous form of protection in certain areas around the electronic circuitry. The security frame may be a planar structure that has a relatively small through-thickness dimension compared to a relatively large width and length dimension. Such relative dimensions allow the secure data entry device to maintain a small form factor. In this way, the security frame completely protects the electronic circuitry from attack within the plane of the frame. [16] As stated above, the data input device, the reader and the security frame can be arranged to form a security cage. Therefore, these three components are arranged so that each of them represents a barrier to accessing the electronic circuitry. In this way, each of these components is contributing to the security of the electronic circuitry and so advantageously increasing the difficulty of unauthorised access. These components substantially surround the electronic circuitry. In other words, there may be additional components present which further contribute to enclosing the electronic circuitry but each of the data input device and the security frame, as well as the reader if present, are arranged such that they all contribute to the enclosing of the electronic circuitry. Another component that may possibly contribute to surrounding the electronic circuitry is a security mesh, as will be described below.

[17] The data input device is preferably arranged to be a first side of the security cage. The reader is preferably arranged to be a second side of the security cage. The security frame is preferably arranged between the data input device and the reader. Using the data input device as one side of the security cage and/or the reader as a second side of the security cage utilises these components to increase the protection of the electronic circuitry within the security cage from attack from these sides. Positioning the security frame between the data input device and the reader results in the data input device providing protection from one side, the reader providing protection from another side and the security frame providing protection for other sides around the electronic circuitry. In this way, these three components can provide complete, or almost complete, protection for the electronic circuitry.

[18] The security frame may have further features to prevent or detect tampering attempts, i.e. attempts to access or manipulate the circuitry contained within the security frame. One such feature is the presence of conductive vias. The security frame, which has a first side and a second side, may have at least one conductive via extending between the first side and the second side. If unauthorised physical access is attempted through the part of the security frame that has a via present then the conductive via will be broken and a tamper event can be registered. The registering of the tamper event can result in the sounding of an alarm, or the deletion of sensitive data from the electronic circuitry contained within the security cage. [19] It is particularly preferred that there is a plurality of conductive vias present so as to allow the registration of a tamper event from any of a number of different directions. An increased number of vias, decreases the possibility that the intrusion attempt won't disrupt a via or won't cause sufficient disruption to the via to register a tamper event. [20] When the security frame is in the form of a planar structure it is preferred that the first side and the second side are the first planar face and the second planar face resulting in the conductive vias extending through the thickness of the security frame.

[21] It is particularly preferred that the at least one via is formed along the inner edge of the security frame, adjacent to the hollow centre of the security frame. The inner edge of the security frame is the face, or faces, of the security frame that face the hollow centre of the security frame. When the security frame has a planar structure, the inner edge is the exposed face that spans the through-thickness direction of the security frame and faces the hollow centre. The at least one via may be exposed along the inner edge of the security frame. In other words, the conductive via can be completely seen from a viewpoint at the hollow centre of the security frame. This places the conductive via as close to the security sensitive electronic circuitry as possible.

[22] The at least one via may be formed as a hole through the security frame. This hole can have conductive material coated on its inner surface to result in a through-thickness conductive trace. Such a hole can be cut in half so as to expose the conductive trace from a viewpoint at the hollow centre. This is a particularly straightforward way of producing exposed vias along the inner edge which utilises common electronics processing steps.

[23] The security frame may have conductive vias for carrying data. These vias may form a conductive path from outside the security frame to carry data to devices positioned within the hollow centre of the security cage. Vias for carrying data and vias for detecting tampering events may both be present.

[24] The security frame may be formed from a printed circuit board material. A printed circuit board material is one that is commonly used as a printed circuit board. Such materials are laminates that are manufactured by curing thermoset resin under pressure and temperature with layers of cloth or paper. Examples of laminates that are used as printed circuit board material are FR-2, FR-3, FR-4, FR-5, FR-6, G-10, CM-1 , CM-2, CM-3, CM-4, CM-5. Preferably the PCB material is FR-4 since this is particularly readily available as one of the most common PCB materials. FR-4 refers to a PCB material with glass reinforced epoxy laminate sheets composed of woven fibre glass cloth with an epoxy resin binder.

[25] Utilising printed circuit board material as a security frame is an advantageously straightforward approach for manufacturing the security frames of the present disclosure, allowing the use of existing, well-established manufacturing technology. It also negates the need for specialist materials, since it is possible to utilise the same PCB material that is used for the electronic circuitry that is to be protected. Additionally, the use of PCB material for the security frame allows the straightforward production of the anti-tamper vias as described above.

[26] The security frame is preferably affixed into position using solder joints. When the security frame comprises at least one conductive via, the positioning of the solder joints may correspond to the conductive vias present. This provides a continuous conductive path through the security cage to the component to which the security frame is affixed. These conductive paths can be used to transmit data though the security cage. In addition, or alternatively, these conductive paths are part of a tamper detection system. If the solder joint is broken, either by moving of the security cage or by direct physical intervention, a tamper event can then be registered.

[27] The use of solder to affix the security frame also allows the affixing step to be carried out as part of standard PCB processing, increasing the ease of manufacture.

[28] The security cage may comprise at least one layer of security mesh. The security mesh provides extra protection against unauthorised access to the electronic circuitry. The security mesh may be conductive. When the security mesh is conductive, it may be connected to additional circuitry that can detect when the mesh's conductivity is disrupted and so register a tamper event. This provides additional security for the electronic circuitry in the security cage. [29] The security mesh may be made from wire. In particular, the security mesh may be made from metallic wire. The wire may be a fine wire, i.e. less than about 0.2 mm in thickness. Also, the individual wires may be spaced no more than about 0.2 mm apart.

[30] The security mesh utilised may be chosen to meet the required security standards, such as the Payment Card Industry PIN Transaction Security (PCI PTS) standard.

[31] A security mesh that forms part of the security cage may be positioned in various locations in order to provide additional protection for the electronic circuitry. For example, the security mesh may be positioned over the outer surface of the data input device. The outer surface of the data input device is the surface that is not facing the electronic circuitry that is inside the security cage. In this position the security mesh provides a level of protection before any attack would then need to overcome the barrier of the data input device.

[32] A security mesh may be positioned over the outer surface of the reader. The outer surface of the reader is the surface that does not face the electronic circuitry that is within the cage. Again, this security mesh provides another layer of initial protection for the electronic circuitry within the security cage.

[33] A layer of security mesh may be positioned between the inner surface of the data input device and the inner surface of the reader. Such positioning of a security mesh provides another layer of protection for the electronic circuitry after the data input device or the reader may be breached. The security mesh may be either side of the electronic circuitry. Alternatively, a security mesh could be positioned on both sides of the electronic circuitry but on the inside of the data input device and the reader, i.e. within the security cage.

[34] A security mesh may be positioned within the data input device. In particular, the security mesh may be positioned under a user-facing layer, with which the user directly interacts, but above the additional operating mechanisms of the data input device. This has the benefit of also providing a layer of security for the mechanism of the data entry device without interrupting the user's experience of the data entry device. [35] It is obviously possible for several layers of security mesh to be present at one or more of the positions stated above. A greater number of layers of security mesh will increase the security of the device but will add to the cost and complexity of manufacture.

[36] The secure data entry device may be a personal identification number (PIN) entry device (PED). It is particularly important that such devices have a secure location within them for the electronic circuitry that stores and processes sensitive information such as user's PINs and account numbers. This importance is emphasised by the existence of security standards which such PEDs must fulfil, such as the PCI PTS certification.

[37] The present disclosure also provides a security frame formed from a printed circuit board (PCB) material, comprising a continuous frame structure with a hollow centre, wherein the continuous frame structure has a first side and a second side; and at least one conductive via extending between the first side of the frame structure and the second side of the frame structure.

[38] As noted above, such a security frame provides extra security for anything present in its hollow centre. In particular, the printed circuit board continuous frame provides a physical barrier for accessing the hollow centre from a range of directions. Also, the presence of at least one conductive via provides a trace that may be broken in any unauthorised access attempt. This disruption of the via can then be used to register a tamper event. The features recited above with reference to the security frame present as part of a secure data entry device apply equally to the security frame in isolation from the rest of the secure data entry device.

[39] The security frame of the present invention can be utilised in a range of scenarios. In the above-noted application of a secure data entry device, the security frame forms a security cage with a data input device and, optionally, a reader. However, the security frame can be utilised with other components to form a security cage. In one of its simplest forms, a security cage can be formed by sandwiching the security cage between two PCBs.

[40] The present disclosure also provides a PCB assembly comprising security- sensitive components on a PCB; and a security frame according to the present disclosure, wherein the security frame is affixed around the security-sensitive components. Securing the security frame around security-sensitive components on a PCB provides the protection highlighted above for those security-sensitive components.

[41] The security frame can be affixed by adhesive. Alternatively, the security frame may be affixed by using a screw connection or by using rivets. Preferably, the security frame is affixed to by using solder joints. The solder joints may correspond to vias present in the security frame providing a continuous conductive path through the security frame and into the component to which the security frame is affixed. As noted above, this has advantages for carrying data and providing tamper protection. [42] The present disclosure further provides a system comprising the secure data entry device according to the present disclosure; and a communication device; wherein the secure data entry device and the communications device are configured to communicate with each other.

[43] Such a system allows the secure data entry device to be of a minimal size as the communications device can contain the additional components that do not need to be part of the secure data entry device.

[44] The communication device may be configured to communicate with an external system. The communication device may be a mobile communications device, such as a smart phone. The mobile communication device may run an application that drives the communications required to connect to an external system. The secure data entry device and the communication device may communicate with each other via Bluetooth technology. Accordingly, the secure data entry device of the present disclosure may comprise a Bluetooth module. Also, the communication device may comprise a Bluetooth module. [45] The external system may be a payment acquirer. A payment acquirer is an entity that processes card-based payments. Brief Description of the Drawings

[46] The invention is described below, by way of example only, with reference to the accompanying drawings, in which:

[47] Fig. 1 is a perspective view of a PCB assembly with a security frame;

[48] Fig. 2 is a perspective view of the PCB assembly of Fig. 1 with a security mesh layer;

[49] Fig. 3 is a perspective view of a PCB assembly of Fig. 2 with an ICC reader;

[50] Fig. 4 is a perspective view of the PCB assembly of Fig. 3 with an additional security mesh layer on top of the ICC reader; and

[51] Fig. 5 is a perspective view of key-press detection components on the reverse side of the PCB assembly of Figs. 1 to 4.

Detailed Description

[52] Figs 1 to 5 illustrate various security features provided by the present invention. [53] Fig. 1 depicts a main PCB 2 with a security frame 4 affixed thereto. The security frame 4 is planar in structure having a length and width which are significantly larger than the thickness dimension. The security frame 4 has a hollow centre 6 within which security- sensitive electronic circuitry (not shown) is located and mounted on the PCB. The security frame 4 protects the electronic circuitry from attack from the sides, i.e. attacks that have a direction within the plane of the security frame 4. Such attacks include possible probing with conductive probes in an attempt to access the electronic circuitry. In this regard, the frame is particularly suitable since, for example, it prevents side attacks against the pins of integrated circuits making up the electronic circuitry.

[54] The security frame 4 is not positioned around the entire PCB 2, but only surrounds security-sensitive electronic components, and is thus mounted only on a sub-section of the PCB where the security-sensitive components are located. Other non-security sensitive electronic components (not shown) can be located on the PCB external to the security frame 4.

[55] The security frame 4 has a plurality of vias 8 around its inner edge. These vias 8 are in the form of half through-holes resulting in the via being exposed to a viewpoint at the hollow centre 6 of the security frame 4.

[56] Fig. 2 illustrates the same view as Fig. , but with the addition of a layer of security mesh 10 in the hollow centre 6 of the security frame 4. The security mesh 10 is positioned over the electronic circuitry that is present in the hollow centre 6 of the security frame 4. [57] Fig. 3 illustrates a PCB assembly as depicted in figure 2 but with the addition of an ICC reader 12 on top of security frame 4. The ICC reader 12 therefore represents a further physical barrier to any attack attempting to reach the electronic circuitry beneath. The ICC reader 12 is further covered with another security mesh 14, as illustrated in figure 4. Security mesh 14 is positioned to cover the major outer face of the ICC reader 12 and the edges, apart from the lower edge 16 which is left clear for the insertion and removal of ICCs.

[58] The other side of the main PCB 2 has a key-press detection component 18 for detecting button presses via a keypad (not shown) affixed thereto as illustrated in Fig. 5. Therefore, the ICC reader 12, the security frame 4 and the keypad 18 substantially surround the security-sensitive electronic circuitry that is present in the hollow centre 6 of the security frame 4. In this way, attack from any one side is resisted by the presence of key-press detection component 18, attack from the other side is resisted by the presence of ICC reader 12, and attack from the remaining edges is resisted by the presence of security frame 4. [59] The present invention has been described above in exemplary form with reference to the accompanying drawings which represent embodiments of the invention. It will be understood that many different embodiments of the invention exist, and that these embodiments all fall within the scope of the invention as defined by the following claims. Claims

1. A secure data entry device comprising

a data input device;

electronic circuitry; and

a security frame,

wherein the data input device and the security frame are arranged to form a security cage for substantially surrounding the electronic circuitry. 2. The secure data entry device of claim 1 , further comprising a reader for reading a removable data medium, wherein the reader is arranged to form part of the security cage.

3. The secure data entry device of claim 2, wherein:

the data input device is arranged to be a first side of the security cage;

the reader is arranged to be a second side of the security cage; and

the security frame is arranged between the data input device and the reader.

4. The secure data entry device of any one of claims 1 to 3, wherein the security frame comprises a continuous frame structure around a hollow centre in which the electronic circuitry is located.

5. The secure data entry device of claim 4, wherein the security frame has a first side and a second side and further comprises at least one conductive via extending between the first side and the second side.

6. The secure data entry device of claim 5, wherein the at least one via is formed along the inner edge of the security frame, adjacent to the hollow centre.

7. The secure data entry device of any preceding claim, wherein the security cage further comprises at least one layer of security mesh. 8. The secure data entry device of claim 7, wherein a security mesh is positioned over the outer surface of the data input device.

9. The secure data entry device of claim 7 or claim 8 when dependent on claim 2, wherein a security mesh is positioned over the outer surface of the reader.

10. The secure data entry device of any one of claims 7 to 9 when dependent on claim 2, wherein a security mesh is positioned between the inner surface of the data input device and the inner surface of the reader.

1 1. The secure data entry device of any one of claims 7 to 10, wherein a security mesh is positioned within the data input device.

12. The secure data entry device according to any preceding claim, wherein the data input device is a keypad.

13. The secure data entry device according to any one of claims 2 or 3, or claims 4 to 12 when dependent on claim 2, wherein the reader is a secure card reader for receiving a secure card.

14. The secure data entry device according to any preceding claim, wherein the secure data entry device is a personal identification number (PIN) entry device (PED).

15. A security frame formed from a printed circuit board (PCB) material, comprising a continuous frame structure with a hollow centre, wherein the continuous frame structure has a first side and a second side; and

at least one conductive via extending between the first side of the frame structure and the second side of the frame structure.

16. The security frame according to claim 15, wherein the at least one via is formed along the inner edge of the frame structure, adjacent the hollow centre. 17. A printed circuit board (PCB) assembly comprising:

security-sensitive components on a PCB; and

the security frame according to claim 15 or claim 16, wherein the security frame is affixed around the security-sensitive components.

18. A system comprising

the secure data entry device according to any one of claims 1 to 14; and a communications device;

wherein the secure data entry device and the communications device are configured to communicate with each other.

19. The system according to claim 18, wherein the communications device is configured to communicate with an external system. 20. The system according to claim 19, wherein the external system is a payment acquirer.

21. A secure data entry device as hereinbefore described with reference to the accompanying drawings.

22. A security frame as hereinbefore described with reference to the accompanying drawings.

A system as hereinbefore described with reference to the accompanying drawings.

Abstract

TITLE: Secure Data Entry Device

A secure data entry device with a data input device, such as a keypad 18, a reader for reading a removable data medium, such as an ICC, electronic circuitry, and a security frame. The data input device, reader and security frame forming a security cage around the electronic circuitry that assists in securing the electronic circuitry from unauthorised access and/or tampering.

To be published with Fig. 5

Figure 2

Figure 4

Figure 5

Claims

1. A point-of-sale system comprising:

a printer housed in a base shell;

a scanner;

a stem extending from the base shell;

a screen attached to the stem; and

a secure payment device.

2. The system of claim 1, wherein the screen is a screen of a tablet computer, the tablet computer being removably attached to the stem.

3. The system of claim 2, further comprising a tablet holder attached to the stem, the tablet holder having a frame adapted to accommodate the tablet computer and a bezel attached to the frame so as to hold the tablet computer in the tablet holder.

4. The system of claim 3, wherein the bezel comprises a main holding bezel and a bezel side section, and the bezel side section is detachable from the main holding bezel so as to allow the tablet computer to be inserted into the tablet holder.

5. The system of claim 4, further comprising an attachment mechanism for securely attaching the bezel side section to the main holding bezel.

6. The system of claim 5, wherein the attachment mechanism includes a bezel screw.

7. The system of any of claims 3 to 6, wherein the tablet holder is rotatably attached to the stem.

8. The system of any of claims 3 to 7, further comprising a cable passing from the stem, through a hole in the frame of the tablet holder and along an elongate indentation in a surface of the frame to an adapter suitable for connection with the tablet computer.

9. The system of any of claims 1 to 8, wherein the secure payment device is a chip-and-pin reader and pinpad.

10. The system of any of claims 1 to 9, wherein the secure payment device is attached to the stem on the opposite side of the stem to the screen.

11. The system of any of claims 1 to 10, wherein the scanner is a handheld scanner and is removably mounted on the base shell.

12. The system of any preceding claim, wherein the printer includes a printer access door formed in the base shell, the door being movable between an open state and a closed state.

13. The system of claim 12, wherein the printer access door hinges about an upper split line with the base shell.

14. The system of claim 12 or claim 13, wherein the printer access door and the base shell include a magnetic latch mechanism adapted to magnetically latch the printer access door in the closed state.

15. The system of claim 14, wherein the magnetic latch mechanism is also adapted to magnetically latch the printer access door in the open state.

16. A point-of-sale system comprising:

a base shell; and

a scanner removably mounted to the base shell; wherein the scanner is adapted to operate as an automatic presentation mode scanner when mounted to the base shell and as a handheld scanner when removed from the base shell, the scanner being adapted to detect mounting on the base shell and activate the automatic presentation mode in response.

17. The system of claim 16, wherein the scanner is a 1-dimensional or 2-dimensional code scanner.

18. The system of claim 16 or claim 17, wherein the scanner has a scan activation button for handheld operation.

19. The system of claim 18, wherein the scanner has an LED ring surrounding the scan activation button.

20. The system of any of claims 16 to 19, wherein the scanner automatically activates for handheld operation when removed from the base shell.

21. The system of any of claims 16 to 20, wherein the scanner is adapted to communicate with the rest of the system via Bluetooth when the scanner is detached from the base shell.

22. The system of any of claims 16 to 21, wherein the scanner is mounted on the base shell by connecting charging contacts on the base shell with a complementary adapter on the scanner.

23. The system of claim 22, wherein the base shell includes an indented charging cradle for accommodating the scanner, the charging contacts being formed within the charging cradle.

24. The system of claim 23, wherein when the scanner is mounted in the charging cradle, a scanning end of the scanner projects from the cradle and a non-scanning end of the scanner is flush with the cradle.

25. The system of claim 23 or claim 24, wherein the base shell includes a printer access door for a printer and the charging cradle is formed in the printer access door.

26. The system of any of claims 23 to 25, wherein the scanner has a magnetic attachment mechanism adapted to hold the scanner in place within the charging cradle.

27. The system of claim 26, wherein the scanner includes a magnet and the charging cradle includes a corresponding magnet to hold the scanner stably in the charging cradle.

28. The system of claim 27, wherein the scanner includes a magnetic sensor that detects the presence of the magnet of the charging cradle and activates the automatic presentation mode on detection of the magnet.

29. The system of any of claims 16 to 28, wherein the scanner can be mounted on the base shell so as to face in either of two opposite directions.

30. The system of any of claims 23 to 28, wherein the charging contacts are symmetrical in a longitudinal direction of the scanner when the scanner is mounted in the charging cradle.

31. A point-of-sale system comprising:

a base including a base plate and a base shell;

a stem extending from the base shell;

a screen attached to the stem; and

a secure payment device;

wherein the base shell is rotatably mounted on the base plate.

32. The system of claim 31, wherein the base shell is dome-shaped.

33. The system of claim 31 or 32, wherein the base plate comprises a lower base plate and an upper base plate mounted on the lower base plate.

34. The system of any of claims 31 to 33, wherein the base shell is arranged to be positively held in place at two rotational positions relative to the base plate, the two rotational positions being 180 degrees apart.

35. The system of any of claims 31 to 34, wherein the base includes a rotational sensor for detecting the rotational position of the base shell relative to the base plate.

36. The system of claim 35, wherein the sensor is communicably connected to the point-of- sale system so as to inform the point-of-sale system of the rotational position of the base shell relative to the base plate.

37. The system of claim 36, wherein the point-of-sale system changes the information displayed on the screen based on the output of the sensor.

38. The system of claim 36 or 37, wherein the point-of-sale system provides a set of merchant-relevant information when rotated into a merchant-facing position and provides a set of customer-relevant information when rotated into a customer-facing position.

39. The system of any of claims 35 to 38, wherein the sensor is a Hall effect sensor.

40. The system of any of claims 31 to 39, wherein the screen is a screen of a tablet computer, the tablet computer being removably attached to the stem.

41. The system of claim 40, further comprising a tablet holder attached to the stem, the tablet holder having a frame adapted to accommodate the tablet computer and a bezel attached to the frame so as to hold the tablet computer in the tablet holder.

42. The system of claim 41, wherein the bezel comprises a main holding bezel and a bezel side section, and the bezel side section is detachable from the main holding bezel so as to allow the tablet computer to be inserted into the tablet holder.

43. The system of claim 42, further comprising an attachment mechanism for securely attaching the bezel side section to the main holding bezel.

44. The system of claim 43, wherein the attachment mechanism includes a bezel screw.

45. The system of any of claims 41 to 44, wherein the tablet holder is rotatably attached to the stem.

46. The system of any of claims 31 to 45, wherein the base plate has a lower surface comprising a plurality of sockets providing wired connections to the point-of-sale system.

47. The system of claim 46, wherein the sockets are bumps made of resilient material, each bump having an orifice through which a cable can be passed.

48. The system of claim 46 or claim 47, wherein the sockets are provided in a recessed portion of the lower surface of the base plate.

49. A system comprising the point-of-sale system of any preceding claim and a beacon adapted to communicate wirelessly with a mobile device and to communicate with the point- of-sale system.

50. The system of claim 49, wherein the beacon obtains at least one of product information and payment information from the mobile device and transmits the obtained information to the point-of-sale system.

51. The system of claim 50, wherein the point-of-sale system is adapted to authorize a transaction based on the obtained information transmitted by the beacon.

52. The system of any preceding claim, wherein the point-of-sale system is adapted to be interoperably connected to an external cash drawer, printer, screen, payment device or scanner.

53. The system of any preceding claim further comprising a cash drawer, wherein the cash drawer has a sensor for detecting whether the cash drawer is open or closed and is communicably connected to the point-of-sale system so that the point-of-sale system can control opening and closing of the cash drawer.