This invention relates to the field of touchscreen security. In particular it relates to a method and system that is designed to encourage uptake of security protection for devices with a touchscreen input. Smartphone and tablet use is increasing dramatically: not only is the number of users increasing, but also the time period over which each device is in use and the applications to which the technology is put. In 2017, it was reported that almost 70% of the UK population owned a smartphone, with similar figures applying throughout Western Europe, Canada and the US. A 2016 report indicated that one in three UK adults admit to checking their phones in the middle of the night; a third said that they regularly used their devices when with friends and around a tenth said that they used them“always” or“very often” at meals. With the advent of 4G, smartphones have increasingly been used to shop online, for mobile banking and for making payments using digital wallet services such as Apple Pay. A smartphone is therefore highly likely to hold sensitive data such as credit card numbers and authentication information. This is in addition to the wealth of private information that is stored: photographs, emails and text messages. Moreover, many companies now provide employees with a smartphone, or at least access to a work email account, increasing the likelihood that the phone also holds commercially sensitive information.

In summary, a large number of people own a smartphone, which they tend to carry with them for most of the day and which is used to store sensitive, personal and commercial data.

There is accordingly a need to protect that information should the phone be stolen or accessed without the owner’s consent. Despite the increase in sensitive information held, many smartphones are protected simply by limiting access to the touchscreen to users who correctly input a 4 or 6 digit passcode. This form of security is vulnerable to attack. The owner may simply be observed entering the passcode, leaving an observer with the means to unlock the phone. Absent direct observation of the screen, a keypad is generally displayed in a standard format and observation of the finger movement can provide an indication of the number pattern needed to unlock the phone. In one study it was found that it is possible to discern a device’s passcode from images of smudge marks left by fingers on the screen.

As the technology becomes less costly, smartphone use among children is increasing. In 2017, it was reported by Ofcom that in the UK 83% of 12 - 15 year olds own their own smartphone, with significant ownership (39%) in the younger 8 - 11 age group. Whilst these smartphones may not contain commercially sensitive information, the rise in social media use means that they will hold a vast amount of personal information, both in relation to the owner and to the owner’s friends. Moreover, children often have access, via a smartphone, to their parents’ account information on many shopping sites. It is becoming increasingly important to provide better security for such phones.

FR 2819067 describes a touch screen system in which a randomised keypad arrangement is displayed to a cardholder when a credit card or the like is inserted into an EPOS or ATM terminal. As a result, an observer is unable to determine the code merely by observing the finger movements of the cardholder during input. Although concerned with EPOS terminals and smart card payments, the teachings of this document are clearly applicable to smartphone lockscreens. WO 2006/095203 describes a development of this type of system that also addresses the security risks posed by interception of authorisation data that is sent between a client terminal (e.g. a home computer) and a database or authorisation server for verification. In this latter system, a security server is used to generate a randomised keypad that is associated with an identification code. The randomised keypad is presented to a cardholder or other user requiring authorisation, who then inputs their own personal authentication PIN or passcode. The screen positions that are selected by the cardholder as the PIN is entered are used to generate a coded representation of the cardholder

authentication data. The encoded representation only is transmitted back to the security server, along with the identification code for the randomised keypad. Absent any knowledge of the randomised display, interception of this encoded information cannot be used to derive the cardholder’s PIN. The security server decodes the positional information to derive the true authentication data, which is in turn sent for verification, via a secure or encrypted link, to a bank or other remote database server.

A variety of randomised keypads are described in WO 2006/095203. In one implementation, the keypad includes a randomised selection of symbols, such as a sun, cloud, flower, etc. that are taken from a wide selection of available symbols. The subset of symbols presented to the user must include those that comprise the PIN but their position within the keypad, and the symbols on the remaining keys, are randomly selected. There is a perceived need to improve smartphone security by encouraging a movement away from the use of an access system that uses a standard numerical keypad. It is therefore an object of this invention to provide a randomised keypad that provides additional incentives, particularly to a younger user, for its use. The present invention accordingly provides a method of providing touchscreen access to functionality that is protected by a passcode, the method comprising:

(a) Presenting an image of a keypad on a screen, the keypad

comprising a randomised arrangement of keypad characters, the keypad characters including all characters of the passcode plus pre selected additional characters; and

(b) Following user-selection of a subset of keypad characters, verifying that the user-selected subset corresponds to the passcode and, if so:

(i) Allowing access to the functionality; and

(ii) Accessing a game of chance, the game having a starting point of the randomised arrangement of keypad characters.

When reference is made herein to a keypad and passcode“character”, this term is to be understood as encompassing any mark that can be identified, generally, but not exclusively, visually, and so can be used as an identifier for an element of a keypad or passcode. That is, the term includes, for example, images, icons, symbols and pictographs as well as alphanumeric characters. Preferably, the game of chance provides a reward if the randomised arrangement of keypad characters includes a pre-set target pattern of characters.

This invention provides the advantage that entry into the game of chance is automatically achieved at the same time as providing access to the functionality, which is protected by the passcode, without any requirement for additional input by the user. The passcode protection provided by this invention has enhanced security, in comparison with passcode protection alone. Randomisation of the keypad characters prevents the passcode being deduced from simple observation of the locations of keys selected within the keypad. The user is therefore incentivised to adopt this additional security measure by the provision of entertainment at no additional cost.

As a further incentive an embodiment of the invention is based on a popular game of chance: a fruit machine or one-arm-bandit style game. This includes the steps of:

(a) preparing a set of virtual wheels, each wheel comprising an ordered listing of characters from a character symbol database and including at least one of the characters shown on the randomised

arrangement of keypad characters at a virtual“start” position;

(b) for each virtual wheel, randomly selecting a character from the listing to define an“end” position;

(c) simulating a spinning of the wheels such that the characters at the “start” position are replaced in the image of the keypad with those at the“end” position; and

(d) providing a reward if the“end” position, as displayed on the

touchscreen, includes a pre-set target pattern of characters.

In another aspect the present invention provides a system for providing touchscreen access to functionality that is protected by a passcode, the system including:

a touchscreen display;

a means for generating an image of a keypad on the display, the keypad comprising a randomised arrangement of keypad characters, the keypad characters including all characters of the passcode plus pre selected additional characters;

an unlock application that is adapted to provide access to the functionality; and

a gaming application that is adapted to provide access to a game of chance, the game having a starting point of the randomised arrangement of keypad characters; wherein

the unlock and gaming applications are arranged such that they both operate in response to a single verification that a subset of keypad characters selected by a user corresponds to the passcode. The invention will now be described, by way of example only, and with reference to the accompanying drawings, in which:

Figure 1 is a schematic illustration of an unlocking / access system that presents a randomised custom keypad to a user, in accordance with this invention; Figure 2 is a schematic representation of a secondary function of the passcode entry system described in relation to Figure 1 and in accordance with a first embodiment of the invention;

Figure 3 is a schematic representation of an alternative secondary function of the passcode entry system, in accordance with a further embodiment of the invention;

Figures 4a to 4f are illustrations of alternative variations to the secondary function described in relation to Figure 3; and

Figure 5 is a schematic representation of another alternative secondary function of the passcode entry system, in accordance with a further embodiment of the invention.

With reference to Figure 1 , there is shown a schematic representation of a system 10 that is implemented on a smartphone to restrict access only to authorised users. The smartphone, as is customary, comprises a touchscreen display 12 and a processor that governs all aspects of its operation. The present invention may be implemented in the form of an app that is downloaded or otherwise installed on the smartphone. Once installed, the processor makes available a section of memory 14 that may be accessed by an unlock application module 16 that is specific to this system. The memory 14 includes a database 18 that stores all information relating to the character or symbol set that comprise the“alphabet” from which the PIN or passcode may be select. This may be a bespoke symbol set, for example relating to a particular brand, sports club or celebrity.

Alternatively, it could be one that is already stored on the phone, for example an emoji set or stylised character keyboard. Other options include symbols typically found, for example, on a one-armed-bandit or fruit machine, in mathematics or letters from a foreign alphabet. Ideally, there should be more symbols available than positions on the keypad to be displayed.

The unlock application module 16 includes a combination generator 22, a randomiser 23, an image generator 24 a decoder 26, an input signal detector 28 and a verification module 30. When the application is first run, the user is prompted to select a passcode: an ordered sequence of symbols from the character symbol database 18. The passcode is stored 20 in the memory. The setup procedure continues with the combination generator 22, which is adapted to generate a keypad string. The keypad string that is generated by the combination generator 22 will depend upon:

• The content of the character symbol database 18;

• the stored passcode 20; and

· the number of keypad positions that are to be displayed.

For example, if the passcode consists of a number p of user-selected symbols, the generator 22 is arranged first to take each of these p symbols for use in the keypad string. Next the generator selects a random symbol from the character symbol database 18, discarding it if it is already in the keypad string and otherwise adding it to the string. Selection from the character symbol database 18 continues in this manner until the keypad string is d characters long, where d is the number of key positions that will be displayed on the keypad image 12. This ensures first that the passcode characters are included and, secondly, that no character is repeated.

As an example, if the authorisation data is in the form of a PIN, i.e. if the authorisation data includes only numerals, the keypad string is ideally 10 characters long, e.g. 7260948135’. Alternatively, if the authorisation data includes both numerals and uppercase letters, the keypad string may be up to 36 characters long corresponding to 10 numerals (0-9) and 26 letters (A- Z), e.g.‘JR6VSAPKB2G...’ If the keypad is to be displayed in the format shown in Figure 1 , 12 positions are available and so the keypad string will be 12 characters long. This string of d characters, comprising the p passcode characters plus (cf - p) characters that are randomly selected from the available alphabet, make up the keypad characters, which are specific to the individual user and passcode. If the passcode is changed, a new set of keypad characters will be generated by the combination generator 22. The keypad character string is also stored 21 in the smartphone memory 14.

When the smartphone receives a signal that the touchscreen is to be unlocked, for example depression of a“home” button or detection of a swipe across the screen, the randomiser 23 is adapted to access the keypad character string from memory 21 and to randomise the position of each character in the string. This random keypad string is passed to the image generator 24.

On receipt of the random string the image generator 24 is adapted to generate image data suitable for display on the smartphone screen 12.

That is, the image data may consist of an image file (e.g. JPG, GIF, BMP etc.), an FITML file or other form of display instruction, as is known in the art. The generated image comprises at least each character of the random string, wherein the position of each character in the image is determined by the order in which that character appears in the random string. So for example, the first character of the random string may be displayed at the top left of the image whilst the last character of the string is displayed on the bottom right of the image. The generated image preferably retains the same overall design regardless of the random string of characters that is received, and it is only the configuration of the characters within this same overall design that changes with each random string. For example, the image generator 24 might always generate the image of a keypad, on which symbols are positioned according to the random string that is received. The display 12 in Figure 1 shows symbols taken from a standard emoji set.

A user then enters his authorisation data by selecting the individual characters making up his passcode using the touchscreen 12 of the smartphone. The authorisation data entered by the user is recorded as positional data by the input signal detector 28. This positional data may be converted by the input signal detector 28 into character data or some other form of representative data. For example, if the image of Figure 1 is displayed on the touchscreen and the user selects the symbols“smiley face, red car, police car, red apple”, then the positional data might be‘first- row-first-column, third-row-first-column, third-row-second-column, second- row-first -column’. This positional data might then be converted to “1 ,7, 8, 4”, which corresponds to the arrangement of numerals on a conventional numerical keypad. Thus positional data or the character data to which it may be converted represents an encoded form of the

authorisation data. This encoded authorisation data (e.g.“1 ,7,8,4”) can only be decoded by knowing either the image data or the specific random string and the method used to generate the image data. After authorisation data has been entered by a user, the encoded authorisation data is communicated to the decoder 26.

The decoder 26 stores the random string that is received from the randomiser 23. When the encoded authorisation data is received, the decoder 26 decodes or extracts the true authorisation data using the random string from which it was generated. The decoded authorisation data is then communicated to the verification module 30, which checks it against the passcode stored in the smartphone memory 20. If they match, the phone is unlocked and ready for use.

It will be noted that on each occasion that the user wishes to unlock the phone, it is the same selection of characters, those within the keypad string, that are used to generate the keypad. The arrangement is simply “shuffled” between unlock requests. If the non-passcode characters were, on each occasion, randomly selected from all characters in the character symbol database, it would not take an attacker too many attempts at unlocking to deduce the characters that make up the passcode.

As indicated in Figure 1 , certain parameters derived by the unlock application processes 16 are communicated to a separate gaming application. In this regard, it is noted that the keypad displayed to a user is, of course, a virtual keypad that is imaged on the touchscreen only.

Selecting positions on the keypad enables access to the phone. However the data that is used to generate the keypad and / or that entered by the user may be used for a secondary purpose. Effectively, one virtual keypad, for the primary purpose, may be overlaid on another, which accesses a secondary application. In accordance with this invention, the secondary virtual keypad may be generated using the same or different data from that which is used to generate the primary keypad.

Figure 2 is a schematic representation of a secondary function of the unique passcode entry system described in relation to Figure 1 and in accordance with a first embodiment of the invention. A gaming application module 32 is, in this embodiment, installed on the smartphone along with the unlock application module 16, described previously. The gaming application module 32 has access to the character symbol database 18 stored in the smartphone memory 14 and is in communication with the randomiser 23 and verification module 30 of the unlock application module 16. It also takes input from and outputs to the touchscreen 12a of the smartphone. The gaming application module 32 comprises a target pattern set mechanism 34, a win / lose assessor 36 and a reward generator 38.

In preparation for running the gaming application, a winning symbol combination must be defined and stored. The target pattern set

mechanism 34 achieves this in one of three ways: user selection, random selection or remote selection by a game operator. As will be appreciated by one skilled in the art, there are various mechanism by which user selection may be permitted. A first option is to prompt the user, via the smartphone display 12a, to select a winning combination. The target set mechanism causes the screen 12a to display each symbol in the character symbol database 18, either individually or in small groups according to display size, and allows the user to cycle through the options and to select a first symbol of choice. This is repeated for subsequent symbols until a winning pattern of the desired length is selected. In the example screen display 12a shown in Figure 2, this is a line of three symbols. Alternatively, winning combinations are pre-set and the target pattern set mechanism 34 outputs the possible options to the display 12 and allows the user to cycle through the presented combinations to select a target. This can be used to restrict winning options to symbols that can be given a theme, for example three cars, three fruit, etc. Alternatively, the winning combination can be selected randomly by the target pattern set mechanism 34. This can be by random selection from the character symbol database 18 in the same way that the combination generator 22 generates the keypad string. In another arrangement, winning combinations can be stored in a lookup table and a random number is generated to point to a position in the table. This alternative again allows for themed winning combinations.

Another alternative is for the target pattern to be defined by a remote game operator. In this embodiment the target pattern set mechanism 24 includes a means for receiving a communication of a target pattern. This

arrangement, implemented on a number of smartphones, would enable a gaming operator to set a distribution of win probabilities in order to have some control of pay-outs.

It will be recalled that, in initialising the unlock application module 16, the user’s passcode plus a random string of symbols selected by the

combination generator 22 from the character symbol database 18 are used to derive the keypad string. In accessing the smartphone, the randomiser 23 places the characters of the keypad string in a random order and this randomised keypad string is used to generate a randomised keypad that is presented to the user. In addition to communicating the randomised keypad string within the unlock application module 16, the randomiser 23 also communicates this string to the win / lose assessor 36 of the gaming application module. The win / lose assessor 36 overwrites any previously- received string.

Once presented with the keypad, the user enters a passcode. The primary purpose of the randomised keypad is to allow a more secure access to the smartphone by making it impossible for the passcode to be inferred from finger movements. If the passcode entered by the user is correct, the verification module 30 performs a dual function: it allows access to the smartphone, in accordance with its primary function, and, as a secondary effect, it sends a“correct” signal to the win / lose assessor 36. On receipt of the“correct” signal, the win / lose assessor 36 parses the currently- stored random string for a match with the currently-set target pattern. If there is a match, with the winning symbols appearing in the correct order with a suitable start position (e.g. three-in-a-row must start at a position within the random string that corresponds to the beginning of a row if the keypad corresponding to this string is displayed), then a“win” signal is sent to the reward generator 38. The reward generator 38 is pre-programmed with rewards. In one implementation, the reward generator is installed on the smartphone and rewards are generated locally. For example, a flashing display or playing a piece of music. In other implementations, the reward generator 38 may request a reward from a remote server. In this instance, a reward request is sent to the server along with a smartphone identification code. The server will allocate the reward and communicate it back to the smartphone that corresponds with that identification code. This implementation allows rewards to be controlled centrally. This is advantageous if, for example, credits are to be given for musical downloads, additional lives or other in game purchases. Alternative examples that will need to be subject to a separate control are external rewards such as tickets for concerts or sporting events, when it will be essential to limit the number of winners.

Winning patterns need not be limited to the traditional three-in-a-row fruit machine configurations. Figure 2a shows a display 12b in which the winning symbols must occupy a specific pattern of key locations.

Figure 3 shows a schematic illustration of a secondary function of the unique passcode entry system described in relation to Figure 1 and in accordance with a further embodiment of the invention.

This embodiment includes an alternative gaming application module 40, which includes a wheel spinning module 42 as well as the win / lose assessor 36 and reward generator 38 of the previous embodiment. The gaming application module 40 of this embodiment may be fully installed on the smartphone or on a remote central server. Installation on the server provides central control of the gaming application, which enables multiple players to compete for the same reward(s). Alternatively, the reward generator 38 may, as with the previous embodiment, transmit a request for a reward to the remote server. The wheel spinning module 42 has access to the character symbol database 18a and is in communication with the randomiser 23 and verification module 30 of the unlock application module 16. It also takes input from and outputs to the touchscreen 12c of the smartphone.

In embodiments for which the gaming application module 40 is installed on a remote server, the character symbol database 18a need not be the one that is stored in the memory 14 of the smartphone, but may be stored on the server. In this situation, the content of the server character symbol database 18a should be identical to that in the smartphone memory 18, which is used to generate the passcode. Although it would be possible to have a single character symbol database 18a on the server and allow the smartphone to access this remotely when a passcode is to be generated, this is not preferred. This is because unlocking the touchscreen 12c is an act that will need to be done locally, regardless of whether the smartphone has access to a network or is connected to wi-fi.

In this embodiment of the invention, the gaming application module is stored on the smartphone. The wheel spinning module 42 has three components: a wheel set up 44, a wheel spin 46 and a final view 48.

The randomiser 23 communicates the randomised keypad string that it generates in the course of obtaining the passcode display screen to the wheel set up module 44. Any previously-received string is overwritten. Once the wheel set up module 44 receives the“correct” signal from the verification module 30, it proceeds to model spinning wheels, such as those found in a fruit machine or one-arm bandit by the following algorithm.

First, the wheel structure is set. In this embodiment, each column of the display (3 in this instance) is considered to correspond to a visible section of a wheel. In the example shown in Figure 3, four symbols on each wheel are visible, corresponding to the four rows of the keypad display. Data contained within the randomised keypad string therefore defines the symbols that are located at the first four positions on each wheel. For each wheel in turn, the remaining positions are allocated a symbol until the wheel structure is determined. For each subsequent position, a symbol is selected at random from the character symbol database 18a and, if not previously selected for that wheel, located at that position on a virtual model of the wheel. The wheel structures that are determined by the wheel set up module 44 are passed to the wheel spin module 46. This may be in the form of a list of codes for each symbol, the codes being stored in a lookup table.

The wheel spin module 46 carries out a virtual“spin” of each wheel. This may be done logically by simply selecting a random position on the list of symbol codes for that wheel and assigning this to a first visible position on the spun wheel. Subsequent visible symbols are determined by their order on the virtual model. The selection processes for symbol order and random“stop” symbol for one wheel are independent of the selection processes for all other wheels. That is, each wheel essentially comprises a random listing of symbols (bar those that are set by the randomised keypad string) and one symbol is selected, at random, from this list. This ensures that the visible symbols are all randomly selected. The experience of the user may be enhanced if the wheel spin module 46 also causes an animation of wheels spinning to appear on the display 12c. Information regarding the visible symbols and the position at which they appear is passed to the final view module 48. This may be in the form of a list of symbol codes for each symbol running from top to bottom, for each wheel moving left to right. This information is also passed to the win / lose assessor 36. The final view module 48 sends information to the display screen 12c in the form of an image file. The image file includes a display of the keypad and the selected symbols at their final, after the wheel spin, positions. In some embodiments, the win / lose assessor 36 has access to a database 50 in which combinations of winning symbols are stored. In other embodiments, a winning arrangement is apparent only if the same three symbols appear in a row and the wins database 50 is unnecessary. In either case, as in the previous embodiment, the win / lose assessor parses the list of symbol codes in order to determine if a winning combination is present. This could be, for the example shown, the appearance of the same symbol code (a green apple) on three occasions in the symbol list, each appearance being four positions apart. Alternatively, each winning combination is taken from the wins database 50 in turn and the list of symbol codes is searched for the occurrence of each respective

combination. Also as for the previous embodiment, if a win is present in the final list of symbol codes, then a“win” signal is sent to the reward generator 38.

As noted above, the gaming application 40 is, in some embodiments, stored remote from the smartphone on a server that is under the control of the game operator or supplier. In this instance, the random keypad string generated by the randomiser 23, the“correct” signal from the verification module and an identification code specific to the smartphone for which successful passcode entry has been determined are all transmitted to the server. Note that the passcode itself is not transmitted and so all that can be determined from unauthorised reception of the random string is that four of the characters within it appear in the passcode in some unspecified order. That is, there is no undue reduction in security by locating the gaming application on a separate server.

The wheel spinning module and win / lose assessment are carried out as before although the smartphone identification code must also be

communicated between the various components of the gaming application 40 in order to enable the reward generator to direct the reward back to the originating smartphone. The server variation of this embodiment enables the number of wins, or rewards delivered, to be controlled centrally. For example, a win can be made more likely by using a reduced character set to construct the virtual wheels and less likely by increasing the character set. Similarly, the nature of the reward may be made more or less valuable.

A similar result may alternatively be achieved by locating only the reward generator 38 on the server. A central signal may, at times, be sent to any smartphone taking part in the game to use a larger or smaller wheel and character symbol set for the virtual spin procedure, decreasing or increasing, respectively, the chances of earning a reward.

As will be appreciated by one skilled in the art, there are many variations on the fundamental idea of successful passcode entry having the secondary effect of entering the user into a game of chance involving virtual spinning wheels. Figures 4a - 4f are exemplary displays that illustrate other winning combinations in similar games of chance. In these embodiments, it is generally only the wheel set up module that is adapted to operate in a slightly different manner, such modification as necessary will be apparent to one skilled in the art,

In the embodiment shown in Figure 4a, the virtual wheels are constructed with an additional visible row of symbols (i.e. five, in the examples used).

In order to win, a target line of symbols must appear in a window 52 that is located at a particular position of the display 12d. This window 52 is one that, on passcode entry, is used to indicate the number of digits / symbols entered.

In the embodiment shown in Figure 4b, there are as many virtual wheels as there are keypad positions in the display 12e. The wheels are however smaller than those described in relation to previous embodiments: each wheel is constructed from one instance of each symbol that is represented in the randomised keypad string passed from the randomiser 23. The wheel set up module 44 therefore has to model an increased number of virtual wheels (twelve in the example 12e shown), with only one character position fixed from the randomiser. In this embodiment, it is not necessary for the wheel set up module 44 to have access to the character symbol database 18 as the information required to construct the virtual wheels is contained in the randomised keypad string. A winning pattern may, for example, then be four identical symbols appearing anywhere on the keypad. In this embodiment, it is possible to have different rewards that reflect the probability of the appearance of the pattern displayed. For example, a better reward is gained for a display in which more symbols match or in which the winning symbols are aligned, as in the example 12e shown.

In Figure 4c, there is shown a variation 12f on the embodiment of Figure 4b in which each virtual wheel is constructed from all the symbols in the character symbol database 18. Clearly the chances of winning are very much reduced in comparison with the embodiment shown in Figure 4b, but this provides the opportunity for the rewards to be raised commensurately.

In Figure 4d there are again the same number of virtual wheels as there are keypad positions in the display 12g. Each virtual wheel contains one instance of each symbol in the character symbol database 18 plus one instance of a“winning symbol” 54. On successful passcode submission, all available keys are spun. If the final display includes one or more of the winning symbols 54 anywhere on the keypad, then a reward is given.

In the embodiment shown in Figure 4e, there are once more the same number of virtual wheels as there are keypad positions in the display 12h. Each virtual wheel contains one instance of each symbol in the character symbol database 18 plus one instance of a“jackpot symbol” 56. On successful passcode submission, all available keys are spun. If the final display includes a winning pattern, for example three“jackpot symbols” in a row, then a reward is given.

Figure 4f shows a more significant variation of the wheel theme. In this embodiment, the wheel set up module 44 has access to an image database (not shown). The image database contains information relating to a number of images, each of which can be updated or replaced as required. An image 58 is selected from the image database and passed to the wheel set up module 44. The wheel set up module 44 adjusts the image such that it is of equal size to the keypad and then divides this image into equal-sized segments, the number of segments being equal to the number of symbol positions on the keypad display 12i. Virtual“wheels” are located at each keypad position but, in this embodiment, the wheel set up module 44 constructs each wheel with only two symbols. The first symbol is that found at the keypad position in accordance with the randomised keypad string generated by the randomiser. The second symbol corresponds to the segment of the image that would be located at that same keypad position were the resized image to be superimposed on the keypad. On successful passcode submission, the wheels are spun, or flipped, between their two elements. In the final view, some keys will retain their original keypad symbol and the remainder will show their respective segment of the image. The more of the underlying image that is visible, the bigger the win. An overall winner may be the first to see the unobstructed image. In this embodiment of the invention, there is scope to use the image itself as an inducement to adopting this form of passcode security. The image could, for example, be a previously unseen image of a celebrity or new music album. The reward could also be linked to the same celebrity.

Figure 5 shows a schematic illustration of a secondary function of the unique passcode entry system described in relation to Figure 1 and in accordance with a further embodiment of the invention. This embodiment includes a further alternative gaming application module 60, which includes a scratchcard module 62 as well as the win / lose assessor 36 and reward generator 38 of the previous embodiment. The gaming application module 60 of this embodiment may be fully installed on the smartphone or on a remote central server, as previously described.

In this embodiment of the invention, the scratchcard module 62 includes a second combination generator 64 and reveal module 66. The second combination generator 64 is adapted to generate a random string, the “scratchcard” string, which is the same length as that generated by the first combination generator 22, but of only two characters. One character represents a“win” tile and the other a“lose”. As described in relation to Figure 1 , when a user is presented with a randomly generated keypad, the passcode entered using the touchscreen 12j of the smartphone is recorded as positional data by the input signal detector 28. The output from the input signal detector 28 is, in this embodiment, also passed to the reveal module 66 of the scratchcard module. At each position selected, the reveal module 66 identifies the corresponding data in the scratchcard string. If this is a “win”, an appropriate symbol 68 is displayed at the position on the screen that was just pressed. On the other hand, if the selected character in the scratchcard string is not a“win”, a different image is displayed. The different image could, for example, remain as the symbol that is located at the relevant position in the random keypad or it could be a distinct“lose” symbol. The win / lose assessor 36 then checks the number of“win” characters selected from the scratchcard string and if accompanied by a “correct” signal from the verification module 30, sends a“win” signal to the reward generator 38.

Clearly there is scope for variations in which a larger symbol set is used (for example, £1 , £10 and“lose”) and different symbols indicate different values of wins. Matching, for example, four £1 symbols earns a £1 reward, whereas four £10 symbols results in a £10 reward. As will be apparent to one skilled in the art, the idea of combining a gaming application with an unlocking procedure can be extended from the tablets and smartphones explicitly mentioned herein to cover login procedures on a computer or to access an account held on a website. Selection of passcode keys from a randomised keypad provides a dual result: first access is provided to the website or account intended and, secondly, entry to a game of chance with the potential to earn a reward.