1 . Field of the Invention
This invention relates generally to a key pad decoder for determining which key on a key-pad has been activated and, more particularly, to a key-pad decoder for determining which key on a key-pad has been activated, where the number of steps used to determine which key has been activated is the same regardless of the key pressed, so as to prevent secret information from being decoded by a potential thief.
2 . Discussion of the Related Art
Personal information is sometimes used to identify an individual for various reasons, such as to complete a commercial transaction. For example, personal identification number (PIN) pads are sometimes provided at grocery store checkout lanes to allow a customer to easily pay for goods using a credit card, debit card or check. An example of such a PIN pad is the PIN pad 1000 available from Hewlett-Packard. The PIN pad allows the customer to input information relating to the particular debit or credit card being used and information about the user, such as date of birth, driver's license number and personal identification number (PIN). This information is then transmitted to a financial database, where the user's credit and financial information is accessed and verified. The PIN pad includes a key-pad through which the user can input the information, and a display for displaying the entered information and for requesting additional information by a local network computer.
FIG. 1 is a block diagram of a financial transaction system 10 employing a PIN pad 12 of the type discussed above. The PIN pad 12 includes a key-pad 14 having a plurality of keys 16 that are pressed to access and activate the PIN pad 12. Further, the PIN pad 12 includes a display 18 that displays the keys 16 activated by the user, and also displays requests for additional information to be entered by the user. Further, the PIN pad 12 includes a magnetic strip reader 20 that reads a magnetic strip on a credit card or a debit card to be entered into the PIN pad 12, as is well understood in the art.
When the user presses a key 16 on the key-pad 14, the PIN pad 12 deciphers the keystroke, and generates a signal indicative of that particular key. In known systems, the PIN pad 12 determined which key 16 had been pressed by sequentially looking at the values in a look-up table, where each value represents a particular key 16, until a match was found for that key, so that the PIN pad 12 would then know which key 16 was activated. For example, key A has a binary value associated with it, key B has another binary value associated with it, key C has another binary value associated with it, etc. If the user presses key D, the PIN pad 12 would compare the digital representation of the first number in the look-up table to the signal received to determine which key 16 was pressed. Since no match would be found, the PIN pad 12 would sequentially look at the next value in the table, and so forth, until the PIN pad 12 reached the value for key D, where a match would be found.
Once the PIN pad 12 determined which key 16, or series of keys, were pressed, it would send this information over a serial bus to a local terminal 22. The local terminal 22 would then decipher the information entered into the PIN pad 12 by the user, and possibly generate a request returned to the PIN pad 12 that would be displayed on the display 18. The user would then respond to the request through the key-pad 14 to complete the transaction. The system 10 can verify the user or the user's financial information by transferring the received information from the PIN pad 12, such as the user's PIN, to a local computer 24, which would then transmit the information to a financial institution 26, such as a bank, over the telephone lines or other connection. Therefore, the user's financial information and the like can be verified to complete the transaction.
Because the PIN pad 12 determined which key 16 was depressed by using a look-up table through a sequential matching process, unauthorized persons could gain access to a user's PIN or other private information by monitoring the time it took the PIN pad 12 to determine which key 16 was pressed by the user. For example, a potential thief could electrically couple a recording device or the like in the connection between the PIN pad 12 and the terminal 22, where the device recorded the time it took the PIN pad 12 to determine which key 16 was activated. Therefore, based on this time frame, the potential thief could then determine the PIN of the user, and could then use the acquired PIN to access the user's accounts for nefarious reasons.