[go: up one dir, main page]

WO2012160037A1 - Système et procédé pour identifier efficacement des données de transaction devant être signées dans un dispositif de signature - Google Patents

Système et procédé pour identifier efficacement des données de transaction devant être signées dans un dispositif de signature Download PDF

Info

Publication number
WO2012160037A1
WO2012160037A1 PCT/EP2012/059407 EP2012059407W WO2012160037A1 WO 2012160037 A1 WO2012160037 A1 WO 2012160037A1 EP 2012059407 W EP2012059407 W EP 2012059407W WO 2012160037 A1 WO2012160037 A1 WO 2012160037A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
party
user
list
security token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2012/059407
Other languages
English (en)
Inventor
Amol Deshmukh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SA
Original Assignee
Gemalto SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto SA filed Critical Gemalto SA
Publication of WO2012160037A1 publication Critical patent/WO2012160037A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/353Payments by cards read by M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates generally to securing online transactions, and more particularly to securing online transactions signed using an optical token against attacks such as phishing, and man-in-the-middle and man-in-the-browser attacks.
  • a Phishing attack involves an attacker masquerading an email or website as belonging to a legitimate trustworthy online entity. Through the masquerading communication a user is baited into entering account credentials that the attacker may then use to obtain access to the user's account and thereby cause damage to the user, for example, by withdrawing funds from the account or causing payment to a third party.
  • a Man-ln-The-Middle attack an attacker inserts himself between two communication endpoints, for example, between a client of a website and that website.
  • the attacker mimics the behavior of each of the endpoints with respect to the other end-point such that both end-points think they are communicating directly with each other. By doing so, the MITM attacker can capture sensitive information transmitted between the two endpoints, such as account information.
  • the Man-ln-The-Browser attack is closely related to the MITM attack.
  • a Trojan is inserted into a browser, for example, as a browser extension or plug-in. This Trojan has the ability to modify transaction details exchanged between a user of the browser and a website. For example, in a transaction for transfer of funds, the user may believe he is transferring a certain amount from one account to another whereas the MITB Trojan modifies the transaction so that the bank transfers the funds to a third account.
  • Transaction-specific authentication also called transaction signing, is a method for verifying the integrity of the financial transaction. This ensures that online transactions received by the bank are exactly the transaction the customer intended to perform.
  • the online customer is provided with a token which provides the ability for the customer to verify their transaction on the screen or display of the token itself.
  • Secure personal tokens may be used to secure many online transactions.
  • Such tokens e.g. , smart cards, may be used to store account numbers, keys associated with account numbers, and to use this information to authenticate transactions.
  • a secure personal token may i ncl ude a customer's checking account number and a secret key associated with that account.
  • the user may retrieve the account number from the secure personal token and direct the personal token to sign a transaction using the secret key.
  • Optical readers such as the Ezio Optical Reader from Gemalto S.A., Meudon, France, is an optical authentication device having an optical link that captures the data users would normally enter from a keypad to carry out and sign online transactions, eliminating cumbersome typing.
  • a user presents the reader in front of their PC screen and the data needed for authentication and signature generation is instantly transmitted. The user is presented on a screen on the optical reader the information associated with thetransaction and is provided the option, on the optical reader, to proceed with or cancel the transaction.
  • Typical transaction data that is involved in a signature process is the Account number from where the money is to be debited from (FROM ACCT), the account number where the money will be transferred to (TO ACCT) and the amount of money that will be transferred (AMOUNT).
  • FROM ACCT the Account number from where the money is to be debited from
  • TO ACCT the account number where the money will be transferred to
  • AMOUNT the amount of money that will be transferred
  • the FROM ACCT and TO ACCT are a sequence of numbers (like the IBAN - International Bank Account Number). It is difficult to read the long sequence of digits and make sure that these numbers, e.g., the TO ACCT has not been changed by a Trojan or MITM/MITB. Users have the tendency to get used to simply clicking "NEXT" and may inadvertently approve a transaction with fraudulent data.
  • Whi le the foregoi ng describes the problem of a user confirming transaction data that may have been modified by a Trojan in the context of optical readers and associated secure personal tokens, similar problems relate to other transaction mechanisms.
  • mobile telephones are becoming increasingly popular as a technology choice for online transactions.
  • Such solutions are also vulnerable to MITM and MITB attacks and transaction-specific authentication may be used to combat such attacks.
  • a user may be cal l ed to authorize transaction data before a cryptographic signature is applied and the user may routinely confirm such transactions out of habit.
  • Figure 1 is a schematic illustration of an online transaction secured using a security token and an optical reader.
  • Figure 2 is an illustration of a smart card inserted into an optical reader of Figure 1.
  • Figure 3 is an illustration of the backside of the optical reader of Figure 2 having several optical sensors located thereon.
  • Figure 4 is an illustration of a user placing an optical reader against the screen of a personal computer in anticipation of optical transmission from the personal computer to the optical reader.
  • Figure 5 is a smart card which may be used as personal security device.
  • Figure 6 is a block diagram il l ustrati ng an exam ple architecture for a personal security device of Figures 1 through 5.
  • Figure 7 is a series of instances of use of a personal security device with an optical reader, displaying an account number corresponding to each instance of use.
  • Figure 8 is a database schema for an account database containing familiar names for accounts used in online transactions.
  • Figure 9 is a series of instances of use of a personal security device with an optical reader, displaying familiar names rather than account nu mbers whenever an account nu mber of a transaction has a corresponding familiar name.
  • Figure 10 is a flow-chart illustrating one embodiment for registering familiar names.
  • Figure 1 1 is a flow-chart illustrating one embodiment for using familiar names to verify transactions more easily.
  • a technology for allowing a user to easily verify transaction data prior to authorizing a personal security device, such as an optical reader with a security token or a mobile telephone, to cryptographically sign a transaction.
  • the technology is simple, yet elegant, and provides an inexpensive way to add further level of security to online transactions.
  • Figure 1 is a schematic illustration of an online transaction secured using a security token and an optical reader.
  • the process flow is as follows:
  • Step 1 A user 101 inserts a personal security device 103 into an optical reader 105, and logs into the personal security device 103 using authentication credentials, e.g., PIN.
  • the personal security device 103 is a smart card and the optical reader 105 is an optical reader 105 specifically designed to receive and communicate with a smart card as shown in Figures 2 and 3.
  • Figure 2 is an illustration of a smart card 201 inserted into an optical reader 105.
  • the optical reader 105 has a small display 203 on which information for the user 101 may be displayed. The user may enter information using a keypad 205 of the optical reader 105.
  • the display 203 may be used to display transaction data for the user's confirmation.
  • the keypad 205 may be used for a user to enter information such as a PIN to log into the personal security device 103 (here the smart card 201 ; henceforth herein, the security device is referred to as personal security device 103. That is to be taken to include smart card 201 and other alternative embodiments).
  • the personal security device 103 here the smart card 201 ; henceforth herein, the security device is referred to as personal security device 103. That is to be taken to include smart card 201 and other alternative embodiments).
  • Figure 3 is an il lustration of the backside of the optical reader 105 wherein several, here five, optical sensors 301 are located. These optical sensors 301 may receive transaction data from a screen on a user's personal computer, as illustrated in Figure 4 and discussed below.
  • Step 2 The user 101 places the optical reader 105 in front of the screen 107 of the user's personal computer 109.
  • the user 101 lines up the optical reader 105 to a corresponding image on the screen 107 of the user's personal computer 109, as shown in Figure 4 which is an illustration of a user placing an optical reader 105 against the screen of a personal computer 109 in anticipation of optical transmission from the personal computer 109 to the optical reader 105.
  • a user 1 01 places the optical reader 1 05 against the screen 107 of the user's personal computer 1 09 l ined up with an image of the optical reader 105 and to couple of alignment marks 401 on the screen using corresponding alignment marks 403 on the optical reader 105.
  • the optical sensors 301 are aligned with corresponding transmission areas 405.
  • the transmission areas 405 are made to flicker in a manner that may be sensed by the optical reader 105 and processed by the optical reader 105 to digital data that may be used to transmit messages from a web application running via the personal computer 109.
  • the received di gital messages may be processed by the personal security device 103.
  • the personal security device 103 is a smart card 201 .
  • a smart card 201 is illustrated in Figure 5.
  • the smart card 201 is typically a plastic card, for example, in the form factor of a credit card.
  • the smart card 201 may be a SIM card inserted into a mobile communications device, e.g., a mobile telephone.
  • the smart card 201 has a physical connector pad 501 for communicating to the optical reader 105.
  • Alternative embodiments, e.g., USB form-factor smart cards would also have a physical connecter, e.g . , a U SB connector, for communication with the optical reader 105.
  • the personal security device 103 is contained within the optical reader 105.
  • the personal security device 103 architecture is illustrated in Figure 6 which is a block diagram illustrating the architecture of one embodiment of a personal security device 103.
  • the personal security device (PSD) 103 has a connector 501 for connecting the portable security device 103 to a optical reader 105.
  • the personal security device 1 03 communicates wirelessly to the optical reader 105.
  • the personal security device 103 further contains a processor 605 connected to a communications interface 617 for communication to the host computer via the connector 501 .
  • the processor 605 is further connected to a non-volatile memory 607 and a read-only memory 609.
  • the read-only memory 609 may be used to store programs 61 1 , for example, program instructions executable by the processor 605 to perform the methods described herein.
  • the non-volatile memory 607 may further store an account database 615 for storing information related to accounts with which the user 101 uses the personal security device 103 and the optical reader 105 for transaction-specific authentication. This account database is described in greater detail herein below.
  • Ste p 2 As noted the user 1 01 pl aces the o pti cal reader 1 05 ( havi ng the personal security device 103 inserted therein or contained therein) against the screen 107 of the user's personal computer 1 09 in the manner shown in Figure 4.
  • Step 3 The transaction data is transmitted via the optical sensors 301 to the optical reader 105 and the personal security device 103.
  • the transaction data is displayed on the display 203 as an indication to the user 101 to cryptographically sign the transaction data.
  • Step 4 The user 101 checks and validates the data.
  • Step 5 The personal security device 103 generates a one- time-password (OTP) that is captures the cryptographic signature of the transaction data.
  • OTP may be a hash that captures the cryptographic signature of the transaction data.
  • Step 6 Through the web browser window on the screen 107 of the user's personal computer 109, the user 101 enters a user ID and the OTP thereby indicating that the user has validated and authorized the corresponding transaction.
  • Step 7 The user ID and OTP are transmitted to an authentication server which validates the OTP.
  • Step 8 the validation result is transmitted back to the personal computer 109 of the user 101.
  • Step 9 the validation result is displayed on the screen 107 of the user's personal computer 109.
  • Figure 7 is a series of illustrations of the display of transaction data on the optical reader 105, for example, corresponding to Step 3.
  • the left hand column (instances 701a - 701c) illustrate an initial display of three account numbers, respectively, to a user. These could, for example, occur when the user 101 registers the personal security device 103 for use with the accounts or on an occasion when a user 101 attempts to make a transaction with the accounts.
  • the right hand column represents another occasion of use of the three accounts, respectively.
  • the keen observer will notice that in the example of instance 701b' the account number is not exactly the same as for 701b, namely, the account number in 701b is "2658745923" whereas in 701b' the number is displayed as "2658746923," i.e., the seventh digit is a '6' rather than a '5.
  • the first instance 701b is the actual account belonging to the user 101 and that the second instance 701b', has been modified by a MITM or MITB program.
  • the user 101 is likely to not notice the difference in the account number and is likely to OK the transaction thereby generating an OTP that would confirm the transaction and entering that OTP to actually confirm the transaction.
  • a user 101 may enter familiar names associated with each account managed by the personal security device 103. These are entered into an account database 615 (introduced in conjunction with Figure 6).
  • Fig u re 8 is an i l l ustration of a database schem a for the account database 615.
  • the Account Database 615 here illustrated as a relational database table, includes an Account Number field and a Familiar Name field. For each account of the user, a familiar name may be entered, e.g., "Amol's Checking" for account "1548964523" and "Texas Gas” for account "2658745923.”
  • the personal security device 103 transmits the familiar name rather than the actual account number to the optical reader 105.
  • the fami liar name is displayed rather than the account number.
  • Fi g u re 9 is a seri es of i l l ustrati ons of the d ispl ay of transaction data on the optical reader 105, for example, corresponding to Step 3 wherein the familiar names are displayed rather than the account numbers.
  • the familiar names "Amol's checking" and "Texas Gas,” are displayed rather than the corresponding account numbers. The user 101 would recognize these as familiar names for the accounts and would be comfortable with OKing the transactions.
  • the instance 901 b' (corresponding to the instance 701 b of Figure 7)
  • the account number suggested by the web application is displayed.
  • Figure 10 is a flow chart illustrating the steps of registering a familiar name for an account number into the account database 615.
  • the registration process may be performed via an application program running on the personal computer 109 and using the optical reader 105 for transmitting data to the personal security device 103.
  • step A01 The user 101 would select an account to manage, step A01.
  • the user 1 01 sel ects to e nte r a fam i l i ar na me for the account, step A03.
  • Figure 1 1 is a flow chart illustrating the steps of using a familiar name for an account number entered into the account database to allow a user easier verification that a transaction is accurate.
  • a user 101 uses an optical reader 105 to sign a transaction in the manner of Figure 1 et seq, step B01.
  • the optical reader 1 05 reads the account number from the screen 107 of the user's personal computer 109, step B03.
  • the personal security device 103 retrieves the familiar name from the account database 615, step B05.
  • the reader for the personal security device 103 may communicate with the personal computer 109 using WIFI, Bluetooth, or USB to transmit account numbers to the personal security device 103 rather than the optical transmission described hereinabove.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention aborde le domaine de la vérification de données de transaction à l'aide de noms bien connus. La présente invention concerne un système et un procédé pour employer un jeton de sécurité afin de sécuriser une transaction créée par un utilisateur à l'aide d'un ordinateur hôte. Le jeton de sécurité reçoit de l'ordinateur hôte un message de transaction par une liaison de communications, le message de transaction comprenant un identifiant qui identifie une partie pour la transaction. Le jeton détermine si une entrée pour ledit identifiant existe dans une liste de parties de transaction enregistrées. S'il est déterminé qu'il existe une entrée pour ledit identifiant d'une partie de transaction dans la liste de parties de transaction enregistrées, une indication, que la partie existe dans la liste des parties de transaction enregistrées, est affichée. La présente invention concerne en outre d'autres systèmes et d'autres procédés.
PCT/EP2012/059407 2011-05-25 2012-05-21 Système et procédé pour identifier efficacement des données de transaction devant être signées dans un dispositif de signature Ceased WO2012160037A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161489889P 2011-05-25 2011-05-25
US61/489,889 2011-05-25

Publications (1)

Publication Number Publication Date
WO2012160037A1 true WO2012160037A1 (fr) 2012-11-29

Family

ID=46146885

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/059407 Ceased WO2012160037A1 (fr) 2011-05-25 2012-05-21 Système et procédé pour identifier efficacement des données de transaction devant être signées dans un dispositif de signature

Country Status (1)

Country Link
WO (1) WO2012160037A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1329826A1 (fr) * 2000-10-17 2003-07-23 Sony Corporation Dispositif de distribution d'information, systeme de distribution d'information et procede de distribution d'information
US20060032922A1 (en) * 1998-09-11 2006-02-16 Philyaw Jeffry J Optical reader and use

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060032922A1 (en) * 1998-09-11 2006-02-16 Philyaw Jeffry J Optical reader and use
EP1329826A1 (fr) * 2000-10-17 2003-07-23 Sony Corporation Dispositif de distribution d'information, systeme de distribution d'information et procede de distribution d'information

Similar Documents

Publication Publication Date Title
US12375269B2 (en) Systems and methods for trustworthy electronic authentication using a computing device
US11664997B2 (en) Authentication in ubiquitous environment
US20260050956A1 (en) Trusted remote attestation agent (traa)
US9467292B2 (en) Hardware-based zero-knowledge strong authentication (H0KSA)
RU2523304C2 (ru) Доверенный администратор достоверности (tim)
US8650614B2 (en) Interactive phishing detection (IPD)
US10120993B2 (en) Secure identity binding (SIB)
US20140337957A1 (en) Out-of-band authentication
US20150324789A1 (en) Cryptocurrency Virtual Wallet System and Method
US20100280957A1 (en) System, method and device for enabling interaction with dynamic security
KR20080033541A (ko) 확장된 일회용 암호 방법 및 장치
US20110202762A1 (en) Method and apparatus for carrying out secure electronic communication
US20120317018A1 (en) Systems and methods for protecting account identifiers in financial transactions
CN105556550A (zh) 用于保护在线交易的验证步骤的方法
US20120095919A1 (en) Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input
US20170286944A1 (en) Secure transfer of payment data
KR100861675B1 (ko) 인터넷 금융거래를 위한 일회용 인증번호 처리 시스템
WO2012160037A1 (fr) Système et procédé pour identifier efficacement des données de transaction devant être signées dans un dispositif de signature
Jung et al. Digitalseal: a transaction authentication tool for online and offline transactions
Galhotra et al. Enhancing Automated Payments: Impact of Iris Technology's in UPI Transactions
PL230570B1 (pl) Sposob zabezpieczania przesylu danych oraz urzadzenie do zabezpieczania przesylu danych

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12722379

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12722379

Country of ref document: EP

Kind code of ref document: A1