System, device, and method of secure entry and handling of passwords

摘要

Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

主权项

1. A computing device comprising:
a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to generate in the non-secure execution environment a first version of a message intended for transport to a remote server; a secure execution environment (SEE) that is co-located next to the non-secure execution environment in the computing device, to securely execute code, the SEE comprising: a rewriter module operable in the SEE and internally to the computing device, (a) to securely obtain the confidential data item from the secure storage unit of the computing device, and (b) to securely generate a second version of the message by securely writing by the rewriter module that is operable in the SEE, the confidential data item, that was securely obtained from the secure storage unit in a non-encrypted form, into one or more fields in the first version of the message that was generated in the non-secure execution environment, wherein the second version of the message is different from the first version of the message due to one or more bit-replacement operations that the rewriter module performed within the SEE on the first version of the message, wherein the first version of the message is accessible by both the SEE and the non-secure execution environment, wherein the second version of the message is accessible by the SEE but is non-accessible by the non-secure execution environment, wherein the non-secure execution environment is not configured to determine whether or not the rewriter module of the SEE performed bit-replacement operations on the first version of the message when securely creating the second version of the message from the first version of the message; (c) to securely encrypt the second version of the message in the SEE of the computing device for encrypted transport of the second version of the message from the computing device to the remote server, wherein the remote server that receives the encrypted second version of the message, is not configured to determine whether the encrypted second version of the message (AA) is identical to the first version of the message that was generated by the non-secure execution environment, or (BB) is different from the first version of the message due to bit-replacement operations performed within the SEE of the computing device on the first version of the message.