BRPI0803951A2 - method for remote data signing - Google Patents

Abstract

The method in question is particularly suited to the interaction between a user (1) using a mobile device (10), such as a cell phone, and an institution (20) provided with a server device (21), to perform electronic transactions that require authorization, authentication or signature through a data transmitting means (30). A transaction signature submission and verification application (22) runs on the institution's server (21) (20), which submits signed and encrypted transactions via data transmitter (30) to a subscriber token program (11) ). This data is decrypted and verified by the subscriber token program (11) and displayed on the mobile device display (10) to the user who inspects the transaction data on the display and presses keys on the mobile device (10) for transaction acceptance or rejection. . The result of the user's action is signed and encrypted and sent to the institution's server (21) (20), where the transaction submission submission and verification application performs the option chosen by the user.

Description

"REMOTE DATA SUBSCRIPTION METHOD"

Field of the invention

The present invention relates to a method for allowing a user of an institution with transaction protection requirements, such as a banking institution, to sign data using tokens (devices or programs for authentication or electronic signature).

The method now proposed is particularly suitable for joint use on mobile devices and personal computers when securely performing electronic transactions. It combines the isolation of mobile devices and personal computers when you want to conduct secure electronic transactions,

Mobile devices are isolated from attackers' access to their communication capabilities to easily and cheaply receive and transmit signed data through an intermediary device connected to the financial institution.

State of the Art

The proliferation of trojans, viruses, among others, used by fraudsters to intercept passwords for access to protected access institutions, such as banking institutions, has created the need for new methods to ensure that an electronic transaction has been performed by the legitimate user and make sure that the content you subscribe to is really what this user wants.

At one end of the spectrum of digital signature solutions are smart cards and physical tokens, which are costly to adopt on a large scale.

Smart cards can store cryptographic keys and perform operations on data such as encryption and digital signing. These features, although docusto, led to the popularization of smart cards for signing digital transactions. On the other hand, conventional smart cards do not have a user interface such as a display and keyboard. These smart cards need to be connected to a terminal or computer in order for a user to interact with it. With the lack of input and output interface on smartcards, the problem of "blind signature" arises. The "blind signature" expression comes from the feature that one is not sure that the data being submitted for the smart card signature is actually being observed by the user on the computer screen or terminal to which the smart card is connected. To avoid this problem, a smart card with keypad display would be required. The display shows the data being signed by the card. The keypad is for the user to refuse the operation by pressing a key corresponding to the action. The keyboard can also be used to protect the smart card with a password that only the legitimate user should know. Recently, smart cards with display and keyboard have been created, but their cost is even higher than the conventional ones. In addition, it may be impracticable to display extensive information or documents on a small display.

Physical tokens, initially used for OTP (One-Time Passwords) generation, that is, passwords that are usable only once, began to receive more and more features, such as event, portempo or challenge-response passwords, and signature detransactions. Token programs implemented in dedicated hardware have a high cost of manufacturing and distribution. In contrast, software-implemented tokens can run on various platforms or devices, such as mobile phones and PDAs.

Applications with higher security requirements may require something stronger than simple user authentication to authorize a transaction, as there are interception attacks that can allow an attacker to obtain and use an OTP (one timepassword). In these cases, the transaction signing operation using tokens is very convenient, because the user can view the information that describes the transfer that he is authorizing and the digitally signed. Today's token devices may have some limitations on data signing, such as not having a communication channel to receive longer data, forcing the user to enter data to be signed, having a limited size display, displaying only numeric data, operating with data encryption only. symmetric wrench, etc.

Summary of the invention

Due to the above limitations and present in various devices, it is an object of the present invention to provide a method that allows a user to sign electronic transactions, such as those of a financial institution, using a terminal device capable of executing a token program to perform the authorization and signature operations of digital data. This can be accomplished using a new token program type with special transaction signature characteristics. The token acts as a cryptographic smartcard, generating asymmetric cryptographic keys, exporting public keys, and performing cryptographic operations on data without leaving the private key. There is, however, the great advantage of the token running on the mobile device can take advantage of the screen of this device to display the data to be signed and keyboard to confirm or enter instructions.

In order for the token program to receive and transmit signed data, any of the multiple data communication channels that the mobile device has may be used: keyboard, modem, bluetooth, WiFi, typing, camera, infrared, sound, etc.

Normally, the user interacts with the financial institution through an intermediary device, such as a computer running a browser application, an ATM (self-service), telephone, cashier terminal at the bank branch or terminals in stores. These intermediary devices have means of communicating with the financial institution, transmitting and receiving data about the transactions the user wishes to carry out. In order for the user to be able to sign data on his mobile device without the effort of typing, it is convenient for him to receive it from the financial institution through the intermediary device. The intermediary device must have a way of establishing communication compatible with those supported by the mobile device, such as both supporting bluetooth. It is also possible for the mobile device to contact the financial institution directly through one of its supported data channels (GPRS). , modem, 3G, SMS, etc.), but this is usually charged and costly to the user.

Whenever a subscription operation is required by the financial institution, the user must trigger the subscriber programtoken on their mobile device. In this application a communication channel is established between the intermediate device and the mobile device, the latter receiving the data to be signed and displaying it on the display of the mobile device. The user must decide whether or not to sign the data. According to his choice, he presses a key or generates an equivalent action confirming or rejecting the signature at that moment. The data and the result of the operation (confirm or reject) are signed with the private key stored on the mobile device and are transmitted back to the intermediary device and then to the financial institution.

If an attacker is acting on the intermediate device and changes the data, it will be displayed on the mobile device screen and can be detected by the user. Neither will the attacker be able to generate the transaction signature because it does not have the private key stored on the user's mobile device.

In addition, data received by the mobile device may have been previously signed or encrypted by an institution's private key, so that the attacker cannot produce arbitrary data for signature. Verification of this data by the token program through the institution's public key ensures a higher degree of security and less chance for distracted users to sign data entered by the attacker.

According to the invention, the method comprises the steps of:

- trigger a token program on the mobile device;

- generate a pair of asymmetric keys;

- transmit the public key to the institution;

- bind the public key to a particular entity (login, account, user);

access the financial institution through an intermediary device (optional);

- trigger the subscriber token program on the mobile device and establish a communication channel with the intermediate device;

receive the data to be signed from the financial institution through the intermediary device;

the user and agree or disagree with the signature of the data;

- sign, with the token program private key, the transaction data and the result of the decision to sign the data;

- transmit the data to the intermediary device which in turn forwards it to the financial institution.

Brief Description of Drawings

The invention will be described below with reference to the accompanying drawing, given by way of example of a embodiment of the invention and in which:

Figure 1 is a schematic diagram of the elements that make up the invention, illustrating the interaction between said elements.

As can be seen from Figure 1, the method in question is particularly suited to interaction between user 1 using a mobile device 10, such as a mobile phone and an institution 20 provided with a server device 21, to perform electronic transactions requiring authorization, authentication or signing, via a data transmission means 30 which may be defined by an intermediate device 30a. Mobile device 10, for example, in cellular telephone form, greatly highlights the advantages of the presented method. This device is equipped with a subscriber token program 11 capable of performing cryptographic operations such as data generation and signature verification, as well as storage and creation of asymmetric cryptographic keys. Public 12 and private 13 asymmetric cryptographic keys are created by the subscriber token program 11 or imported from an external source for compatibility with existing systems.

The user interacts with the financial institution 20 through the intermediary device 30, such as a computer, an ATM (self-service terminal), telephone, bank teller terminal or store terminals. Through an institution access application 34, such as a browser or specific application running on the intermediate device 30, the user can query or instruct transactions to the financial institution 20. Transactions in the form of digital data are transmitted to a financial institution server 20, through a suitable communication channel, such as the internet, dedicated line, dial-up line or any other channel capable of transmitting digital information. It is also possible to traffic information between mobile device 10 and financial institution 20 without using intermediary device 30, via a direct connection using a communication channel 33, which can be defined by data channels such as GPRS, 3G, modem, internet or any other channel capable of trafficking digital information.

When the transaction signing submission and verification application 22 running on server 21 of the financial institution 20 requires a transaction signature, it signals the application access 34 to the institution 20 so that it can direct the user to trigger the token signing program 11 on the your mobile device 10. The transaction signature verification submission application 22 signs the transfer with your private key 24, optionally encrypts it with the user's asymmetric public key 12, and transmits it to the institution access application 34. Mobile device 10 establishes communication channel 31 via bluetooth, WiFi, infrared, camera image capture, sound or other channels supported for transmission on the intermediate device and reception on the mobile device. The access application 34 to institution 20 transmits the signed transaction generated to the token signing program 11. The token signing program 11 decrypts the message with its asymmetric private key 13 and verifies the digital signature with the public key 23 of the institution 20. If these operations are unsuccessful, An alert is sent to the user through the display of mobile device 10 as there is a possibility of an attack.

When the message is received in its entirety, it is displayed on mobile device 10 so that it can be viewed by the user. The user decides whether to sign or reject the signature by pressing the corresponding keys on the mobile device. The original message plus the value of your decision (sign or reject) are signed using the user's asymmetric private key 13 and encrypted using the public key 23 of the institution 20. This is the return message and is passed from the tokenizer program 11 to the access application 34 to the institution20 using channel 31 or any other channel allowing data transmission between the mobile device10 and the intermediate device 30. As a data receiving channel on the intermediate device 30, even summary data can be supported from the signature on the keypad of this device. The return message is then transmitted by the intermediary device to the financial institution20 via channel 32.

The transaction submission and verification application 22 decrypts the return message with its private key 24, verifies the signature with the asymmetric public key 12 of the user, and obtains the user's decision to accept or reject the document signature. the financial institution will or will not effect the transaction.

It is important to note that the transaction submission verification and verification application 22 must know the asymmetric public key 12 of the user. This key may be transmitted by mobile device 10 through intermediate device 30 until it reaches application 22 in the same manner as the return message was sent.

Similarly, the subscriber token program 11 must recognize the public key 23 of institution 20, which can be transmitted in the same way as a transaction to sign, or come pre-installed in the subscriber token program 11.

The transaction signature method described above can also be used to authenticate the user and log in, as the transaction signature submission and submission application can generate a message to sign with a challenge and transmit it. Once opened in the subscriber token program 11, the user subscribes. The return message is transmitted for submission application and signature verification of transactions. If it is valid and has the accepted user, it can be considered authentic and the session can be opened.

The method can also be simplified by replacing all asymmetric encryption operations with symmetric encryption and the public and private key pair with a single key shared between the institution and the user. Irretrievability is not possible, but it is possible to use mobile devices with less processing capacity.

A card with encryption features such as smart card or SD, mini SD, micro SD card or the like can be used by the subscriber token program 11 when present or inserted into the mobile device 10 as a way to speed up cryptographic operations by storing or protecting keys.

Claims (18)

1. A method for remote data signing, particularly suited to interaction between a user (1) using a mobile device (10), such as a mobile phone and an institution (20) provided with a server device (21), to perform electronic transactions that require authorization, authentication or signing, the method characterized by the fact that it comprises the steps of: - triggering a subscriber token program (11) on the mobile device (10), - generating a public asymmetric key pair (12) and approved (13) or importing - from external sources - transmit the asymmetric key (12) from the user to a certain entity (login, account number, user) - access the financial institution (20) by means of data transmission (30); trigger the subscriber token program (11) on the mobile device (10) and establish a communication channel (31) as a means of - receiving, on the mobile device (10), the data to be processed by the token program (11) and generated in the financial institution (20) by the application of submission and transaction signature verification (22) via data transmission (30) - the user reads the data on the mobile device display (10) and agrees or disagrees with the data signature; the user expresses his decision to accept the subscription or reject it by pressing a corresponding keypad on the device sign, with transaction data and user decision result, data to be signed with the user's private key (13) and encrypted with a public key (23) of the institution, composing the return message; transmit the message return to the data transmission means (30) which in turn forwards them to the financial institution (20); e- decrypting the return message using a private key (24) from the institution and verifying it with the user's asymmetric public key (12). Method according to claim 1, characterized in that the subscriber token program (11) is installed and executed on a mobile device (10). Method according to claim 2, characterized in that the mobile device (10) is defined by any of the devices defined by: a digital personal assistant (PDA); a digital music player; hardware token; and any mobile device capable of breaking applications with the characteristics of the token-killer program (11). Method according to claim 1, characterized in that the data transmission means (30) is a device (31); Method according to claim 4, characterized in that the intermediate device (30a) is any of the devices defined by: a computer, an ATM (self-service terminal); a mobile payment terminal; a phone; a terminal bank of a bank; and any device capable of transmitting information from the financial institution's server (21) to the mobile device (10) and the other way around as well. Method according to claim 1, characterized in that a communication channel (31) is established between the data transmission means (30) and the mobile device (10). Method according to claim 6, characterized in that the communication channel (31) is any of the devices defined by: bluetooth; WiFi, infrared; light transmission; data captured by camera; data obtained via audio data encoding, and any means for exchanging data between the mobile device (10) and the data transmission means (30). Method according to claim 1, characterized in that a communication channel (32) is established between the data transmission medium (30) and the financial institution (20). Method according to claim 8, characterized in that the communication channel (32) is any of the means defined by: a private line; and any means for exchanging data between the financial institution (20) and the means of data transmission (30). Method according to claim 1, characterized in that a communication channel (33) is established directly between the mobile device (10) and the financial institution (20). Method according to Claim 10, characterized in that the communication channel (33) is any of the means defined by: an internet access; a GPRS connection; an ECDO connection; a 3G connection; a modem connection; and any means for exchanging data between the financial institution (20) and the mobile device (10). Method according to claim 1, characterized in that the asymmetric public key (11) of the user and the asymmetric private key (13) of the user are generated by the subscriber programtoken (11). Method according to claim 1, characterized in that it operates with encryption. Method according to claim 13, characterized in that it uses asymmetric encryption. Method according to claim 13, characterized in that it uses symmetric encryption. Method according to claim 1, characterized in that the subscriber token program (11) uses cryptographic chips or cards in the mobile device (10); Method according to claim 16, characterized in that the cryptographic chip is provided in the device. Method according to claim 13, characterized in that the cryptographic chip is inserted into the device.