WO2007035149A1 - Procede et dispositif destines a accroitre la securite pendant un transfert de donnees - Google Patents

Procede et dispositif destines a accroitre la securite pendant un transfert de donnees Download PDF

Info

Publication number
WO2007035149A1
WO2007035149A1 PCT/SE2006/001044 SE2006001044W WO2007035149A1 WO 2007035149 A1 WO2007035149 A1 WO 2007035149A1 SE 2006001044 W SE2006001044 W SE 2006001044W WO 2007035149 A1 WO2007035149 A1 WO 2007035149A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
entry
giv
rec
characters
Prior art date
Application number
PCT/SE2006/001044
Other languages
English (en)
Inventor
William Edward Isaac Palmborg
Original Assignee
Ekonomi & Juridik Lars Waldenström
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SE0502102A external-priority patent/SE529203C2/sv
Application filed by Ekonomi & Juridik Lars Waldenström filed Critical Ekonomi & Juridik Lars Waldenström
Publication of WO2007035149A1 publication Critical patent/WO2007035149A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Definitions

  • the invention refers to a first embodiment, hereinafter referred to as EMB 1, in the shape of a simple software method as well as, in a more advanced embodiment, hereinafter referred to as EMB 2, a device that both prevents data theft during data transfer over any medium, and, in connection with this, ensures authentication between authorized parties, eliminating phishing, pharming, prevents from eavesdropping and deciphering of encrypted data after wire tap and stops "man in the middle" scenarios as successful pharming cannot be made.
  • IP-Alias An Alias is referred to below as an IP-Alias, and is a name chosen to conceal one's real name, i.e. a type of Internet pseudonym or "facade.”
  • a Device is a communication box that contains both processing power and a removable, unique SM card (or similar SmartCard, Data Chip Card) for its functionality.
  • the device cannot work as intended without the presence of the card unique to the Device, and the card will not work in another Device.
  • ATM short for Automated Teller Machine, allowing customers to perform banking transactions anywhere and at anytime, is the international designation for the cash service equipment known in Europe as a "Bankomat ".
  • An attraction site is a site on the Internet or another medium attractive for purposes of data theft, and which is identified by infectious spy software in PCs for criminal exploitation.
  • the attraction site may be a website or other site of activity, which is often maintained by an I- REC (information recipient) to which an I-GIV (information giver) wants to connect to the end of e-commerce, financial services (Internet banking) or other data communication (military or other).
  • An attraction site may be a frequently loaded web page, such as an order page, and/or page in closed networks (such as business to business networks,B2B).
  • An attraction site is characterized by the fact that it always imposes identification requirements on at least I-GIV.
  • Authentication is a process between I-GIV and I-REC intended for one to be able to identify the other and vice versa. Blanks are positions that do not contain information visible to the user.
  • Bots or Botnets An abbreviation for "Robotic Networks” consisting of groups (clusters) of PC Zombies controlled remotely for orchestrated attacks, such as mass withdrawals of Internet bank accounts, mass collection of IDs, heavy decryption jobs that require huge amounts of computing power, for transmission of spam, etc. Botnets may require access to Spyware programs that steal IDs from infected and totally vulnerable PCs.
  • Wire tap refers to illegal eavesdropping on communication between I-GIV and I-REC for the purpose of gaining access to information which the eavesdropper does not have authority to access.
  • CW2 code (CVC2 or CV2).
  • the security code (often consisting of 3 or 4 digits) printed separately on I-GIV' s bank card in order to corroborate I-GIV' s authorization for the card for I-REC's benefit and requirement.
  • POP Device Operating System For mobile Internet phones describing the special operating system software identical to the operating system in the hardware Device.
  • EMB 1 The primary embodiment of the invention (software operated).
  • EMB 2 The second, more complex embodiment of the invention (software/Device operated).
  • Labels are unique, randomly chosen names (El, E2, E3, etc. [see below] ) put in place by I- REC. Labels are placed on Original Positions (OpI, Op2, Op3, etc.) [see below] for the purpose of allowing I-REC to find its way back to the correct Original Position (OpI, Op2, Op3, etc.) after input by I-GIVof Entry Positions (Pl, P2, P3, etc.) [see below] on an Entry Form (IEF, SEF) [see below] without allowing others to find its way back to the correct Original Position (OpI, Op2, Op3, etc.)
  • ID or Identity which identifies an I-GTV or I-REC to the other party.
  • ID can exist as many different forms of authorization, such as bank card numbers (Fig. 1-4), CW2 codes, access codes such as MasterCardSecureCode® mil., social security numbers, user names, passwords, PIN codes, access levels, military or other secret concepts, or identity codes used one or more times for online banking, for instance.
  • Information is the mass of characters transferred or meant to be transferred from I-GIV to I- REC in any given instance. Information can also be a stored mass of characters. ID is information, but information is not always an ID. Information is part of an Original Message (0). [see below] 1. Information can have any form, see for example Fig. 1 (IEF) and Fig. 3 (SEF).
  • Information may be formatted in accordance with a previous internal agreement between I-GIV and I-REC.
  • I-GIV - Information Giver I-GIV maybe:
  • I-GIV one time and I-REC the following time 5. Alternately first I-GIV and then I-REC in a regular pattern of such alternation
  • I-REC may be:
  • Entry is the keying in / registration of information through a PC keyboard, touch screen or other data entry method, for transfer to I-REC. Entry may take place manually, automatically, or by means of a mixture of both.
  • I-REC A question form generated by I-REC that can have any appearance, and which is presented to I-GIV for use in Entering Information.
  • Fig. 1 "IEF”, Fig. 3 "SEF” There are two types of entry forms: a) Initial Entry Form (IEF) is the Form window displayed by first I-REC on I-GIV's screen in the form of data entry windows, some of which are open, and others of which are closed and which may not be possible to be filled in, and are therefore, for instance, marked black.
  • IEF Initial Entry Form
  • SEF Snbsequent Entry Form
  • Entry Position The entry form consists of Entry Windows [see below for definition] with Entry of at least one character at each such position / window. (Entry Positions P 1 ,P2,P3 , etc.). Entry can take place in Entry Windows ( R1,R2,R3, etc.) in accordance with Fig. 1, 3, and 7. Entry Positions can proceed in keeping with the logical sequence of the Original Message (O) in the Initial Entry Form (IEF) and the Subsequent Entry Form (SEF) (Fig. 1 -2). It can also be specified in advance that Entry Positions be Entered in a scrambled order generated by so called "Labels" (Fig. 6-8) through a procedure controlled by I-REC, so that I- REC can later reassemble the positions (Fig. 6) in a secure setting by knowing the location of the Labels. The entry windows can thus vary from the anticipated Entry Position (Fig. 6). In order to keep track of this, Entry Positions need to have the unique Labels. Schematically, this can be done as follows:
  • Entry Window (Closed or O p en) Ih certain cases the Positions are visible as Entry Windows.
  • the number of Entry Windows may correspond to the number of characters, for instance, in an E ) or in an Information. Only certain Entry Windows may be open for Entry and are called “Open” whereas other Entry Windows may be closed to Entry and are called “Closed” and are then either black or marked in another way in order to be opened later for entry in one or more Subsequent Entry Forms [SEFs]. Closed Entry Windows may contain bogus information hidden from the user aiming to mislead malicious software "Spyware" logging all information on the screen.
  • Interactivity Alternating coordination and data exchange between I-GIV and I-REC in a running or random design and form. Interactivity may occur in at least the initial phase of Authentication.
  • Internet bankin g Online service is provided by banks in order to make the use of banking services easier.
  • IP Nrnnber (Internal Protocol No.) A unique multi-digit character address (a type of "street address"); every device connected to the Internet is required in advance to have provided its identification / location to the Internet itself in order to make use of its services.
  • IP is used instead of the full name BP Number.
  • IP is a place where criminals can go to eavesdrop and copy data transmission.
  • I-GIV and / or I-REC may have more than one IP.
  • IP can exist in fixed or dynamic form. IP is assigned under a domain (a unique proper name chosen - openly or as an Alias).
  • MPOP Mobile Internet Phone/cell phone Operating system For mobile Internet phones describing the standard operating system software of the mobile phone apparatus.
  • Pharmin g Is a modem piece of Spyware technology that "cultivates its prey" inside a PC.
  • Phishin g A criminal method for tricking an I-GIV into giving up Information, such as an ID, CVV2 code, login codes, text, etc. to a bogus Attraction Site or email belonging to a criminal I-REC.
  • Private Kevs are code keys exchanged in advance between authorized parties in a way that is more secure than sending them to each other digitally.
  • no "digital fellowship” of "flag" is required between the data packets that constitute the transmission, such that no wire tap will be able to find all the parts of the Original Message and successfully decrypt/decipher them.
  • the present invention normally makes use of private keys, sole.
  • Public Keys are the opposite. These code keys are visible to all since they are included in the transmission itself.
  • public keys there has to be a "digital fellowship" between the various data packets that constitute other transmissions or the packets cannot be located and assembled by even the true I-REC. This fellowship exists in the form of what are referred to as flags that aid in locating the packets to the Original Message and its final assemblage, which wire tap is also able to do.
  • the invention at hand does not make use of public keys.
  • Op Original Position One of the unique character positions found in the Original Message. OpI, O ⁇ 2, O ⁇ 3, etc. Fig 7.
  • PC-Zombies are PCs that have fallen victim to invasive surreptitious software that can be controlled remotely by criminals in order to carry out all manner of criminal tasks.
  • Proxy is a (criminal) function during data communication wherein I-GIV is forcibly and unwittingly connected to I-REC via an intermediate data server — a proxy server — instead of directly to the intended IP. This is called "man-in-the-middle.
  • Rootkits are advanced carriers of spy software and are considered to fall under the category ofPharming. They lie deep in the PC's system, and some are impossible to detect less to remove once infestation has occurred. Rootkits are considered to constitute the greatest threat to the online monetary system. criminal groups sell or rent Rootkits to commit fraud, e.g. at http://www.bebits.com/app/2469.
  • Rootkits are the greatest danger for InternetBanking, ecommerce and military and the protection against them is poor or lacking.
  • Session Is a remote connection over which information is to be transmitted between at least one I-GIV and one I-REC. Sessions can occur at random and are therefore entirely unpredictable for Spyware programs, which prevents them from analyzing characters and determining that they belong to the Original Message.
  • Fig. 1-2 is Session 1- Hg. 3-4 is a subsequent Session, or, in the simplest of cases, a final Session for the Original Message.
  • Fig. 6-7 is a Session example in a more complex appli cat i°n.
  • SIM Card A unique card with a processor "chip card'% such as a cell phone card pr a separate SmartCard specifically for the Device, «?ee defo ⁇ -hn above, or a standard i zed bank card with a data chip that contains a specially encoded and encrypted soft ware module tlxat serves the purpose of the invention.
  • SIM card is (he future f oft nat cf the current Standard Magnetic Strip Card, SMSC.
  • Spyware is a data virus such as "keystroke loggers,”, scre ⁇ dump loggers," data storage loggers" "Rootkits, 11 etc.
  • SMSC Standard Magnetic Strip Card - the current kind of plastic cards issued by banks. ( Compared to SIM Card )
  • VPN-Tunnel Virtual Private Network Tunnel This provides confidentiality, integrity, and origin authentication peer-to-peer.
  • ID theft can cause lifelong disruption by destroying credit ratings and compelling victims to pay back credit card charges and bank loans taken out by other people in the victims' names. ID theft is the fastest growing crime threatening the Trust in the online financial services with huge impact to Homeland.
  • Spyware serves to enable proxy connections, i.e. enables the theft of transmitted information, which can then be sold and/or to redirect ongoing legal communication between I-GIV and I- REC (i.e. an Internet bank) in order to skim or empty entire accounts, and/or to steal identities from I-GIV for later use and/or to eliminate commercial competition in other ways, i.e. by tarnishing the reputations of good brands and/or inflicting damage through terror or some other form of criminal intent.
  • I-GIV i.e. an Internet bank
  • I-GIV nor I-REC may know that an intermediate server is in control of the connection established by the authorized parties, since the Information can be displayed just as validly by proxy and the so called end-sum checkout (the sum of each of the characters in a certain transmission approved by real account holder to bank ) can be compromised by a lurking proxy in between them.
  • Spyware also aims to take over PCs and remotely control PC-zombies in order to undertake criminal enterprises.
  • the immense power of a Botnet was shown in Sweden in May 2006 when somebody started a Botnet attack against the server of the Central Police and of the Swedish Secret Service in turn making them collapse and a few days thereafter the Swedish Government server systems were overloaded and went down. Botnets must be considered as the worst threat of 2006-2007. If put into mass operations in the Online financial systems this will become a night mare to all of us. The common benefit of the present invention cannot be over estimated.
  • Spyware is able to detect and select keystrokes for all information and IDs. See Fig. 1, 3, 5, and 7. Spyware is also able to scan everything that is written and which appears on the screen ("screen dump loggers"). In addition, these programs can locate and steal previously saved information and IDs in the PC's archive.
  • Spyware is also able to select and read other forms of data entry than those that take place manually via a keyboard, such as fully automated systems and processes for resolving authorization rights, authentications, identifications or other methods of information exchange.
  • the Spyware programs are statically designed and are not flexible, a property which would be needed to be able to analyze interactive forms of information exchange or the Device to which the invention applies. This large weakness in Spyware programs thus constitutes a reason for the present invention, which for them will create entirely unexpected combined changes in anticipated data entry and information transmission methods, etc. In this way, the invention's combination method presents the first opportunity to put an end, from the beginning, to current forms of criminal damage by Spyware and the growing threats posed by the tens of thousands of various Spyware programs on the Internet.
  • EMB 1 of the present invention, we demonstrate its capabilities using a buyer who intends to purchase a product or a service on the Internet using a bank card so called card-not-present, CNP.
  • EMB 2 of the invention, we demonstrate its capabilities using a bank customer who wants to make banking transactions on the Internet.
  • One of the purposes of the invention is to prevent Spyware from using locally intercepted information to link one's personal information to an Original Message, as well as from either understanding the meaning of an entry, or understanding it correctly, or how the Information is transmitted not even when.
  • the invention eliminates Phishing, against which there is no protection today.
  • the term refers to the combination of the Device and the SIM card, if nothing to the contrary is specified — and in each instance only in their applicable parts.
  • the invention can protect long text passages against Spyware programs by adding several Entry Forms to several alternating Interactivities and/or Sessions between L-GIV and I-REC in a mass session scenario. This is a level of security that currently does not exist.
  • the invention is enabled by means of repeated, alternating Sessions for transmission of the Original Message in which I-GIV turns into the role of I-REC, only to revert to being I-GIV again, and so on. (Session 1, Fig.
  • the EMB 2 - The Function of the Device and SIM card in alliance
  • EMB 2 enables usage for as well additional purposes as Internet banks, military purposes, e-commerce and for any other application where strong authentication and automated login is required i.e. not limited to the expressed area of usage.
  • EMB 2 uses a "digital forms" IEF:s and SEF:s containing the Information which will be 1 encrypted in a far stronger way including several interactive sessions and likewise exchange of the I-GIV and I-REC positions between a Device at the bank customer's end (original I-GIV ) and the bank server end (original I-REC ) instead of a webshop end point.
  • An Internet banking customer receives a registered regular mail from the bank including a Device, as well as a SIM card, sent separately.
  • the Device is about the size of a PDA, and has a full display but no keypad.
  • the customer connects the Device to his PC's USB port via a cable or wirelessly.
  • the PC supplies power to the Device that enables insert of the SIM card in a SIM card holder inside the Device.
  • the Device is as well equipped with a port for a separate larger PC screen as an option.
  • the SIM card is a "hardware code,” i.e. no password is required of the customer, even though in an additional application the Device could be equipped with this extra security feature. With no password to hide, protect and to recall, the user friendliness improves as people are very tired with passwords and even Microsoft® VD Bill Gates predicts that passwords (PWDs) have no place in the modern Society.
  • the customer then inserts the SIM card into the Device and a fully automated process takes place.
  • a handshake procedure is initiated between the Device and the SM card.
  • the Internet banking module in the SIM card / SmartCard only works together with this specific Device, which vice versa works with this specific SIM card, solely.
  • the only exceptions to this rule are in the event of an authorized SIM card or Device replacement, as well as when several authorized users are allowed to use the same authentication system.
  • the SIM card can be inserted into the built into card holder - otherwise the SIM card cannot be inserted into the Device.
  • Inside the Device there is a mechanical stop that automatically is released when the Device is connected to PC electric power supply enabling the SM card to be inserted.
  • the stop is activated and the SM card is ejected and cannot be inserted again prior to electric power to the Device. This is to enhance the security as nobody can store the SM card inside the Device by convenience when bringing it in his pocket to the Automatic Teller Machine (ATM), to the supermarkets, to the summer house, job or to holidays.
  • ATM Automatic Teller Machine
  • the PC's operating system will serve only the Device's operating system and will perform only a highly limited set of tasks.
  • a preferable arrangement would provide for two separate operating systems, where the Device's operating system could be an industrial operating system with extremely few functions (vulnerabilities) in order to forestall infiltration by PC viruses from the proximate infected PC environment to Device.
  • the PC client's tasks are to supply the Device with power, printer functionality, broadband access and Device encrypted data storage for the Device's transaction data.
  • the PC's screen is not used.
  • the Device has its own display or a separate screen connected therein.
  • Authentication begins without the customer having to do anything. This occurs through cooperation between the SM card and the Device, which leads to the Device ordering the web browser on the client PC to connect to an IP randomly chosen by the Device/SM card from the SM card's IP database.
  • This database consists of several IP whereof which everyone is an IP to the Bank endpoint server inside the Bank Perimeter 60 [see down]
  • EMB 2 with a Device
  • EMB 2 an interactive Authentication process then takes place with alternating connection and exchange of authorization codes between the Device and the server. Regardless of the direction in which the codes are sent, they are encrypted in a form that is not based on the encryption protocols destroyed in 2004 in accordance with the Secure Socket Layer (SSL), described above.
  • SSL Secure Socket Layer
  • the Device and the server use an entirely new encryption method based on the private keys pre-loaded into the SM card and the server and could favourably be based on the encryption protocol and IEF and SEF forms described in the "EMB 1" for e-commerce [ see above ] . No "public keys" are used.
  • the process featured in the invention requires more than one server at the Internet bank, e-commerce companies or other actor. These servers are servers equipped to send and receive message and message parts in a to the Device unique and dedicated way in a multi-session process.
  • the format of the transmission between the Device and the bank does not comply with the format required by the bank. For this reason the servers must be implemented inside the bank Perimeter 60 to reformat the data from Device into a suitable and already accepted format that the platform of the bank data system requires for upholding the service.
  • the invention according to EMB 2 becomes "platform independent.” This is an analogue to the EMB 1 which is platform independent too, fitting into the webshop server system accepting the format entered by customer.
  • the software in the bank servers is based on a duplicate of the software in the Device with extension to fit the complex features of EMB 2.
  • the meaning of using several bank servers in one of the applications of EMB 2 is that the IP number ordered for connection by the Device, will be altered many times to confuse Spyware which are designed to save the one and only bank login IP number generally used by competing methods. Randomly used IP numbers are replaced without warning in an interactive login procedure with connected, disconnected, connected etc. lines in a flow between the Device and the bank servers. This interactivity of connections during the login procedure will make it useless to criminals to set up a man-in-the-middle scenario as the next IP number in the EMB 2 application will never be the same and Spywares fail.
  • the SIM card contains a separate list of approved login codes to be sent to the bank during authentication procedure and likewise the SIM card contains a further separate code list with authentication codes expected to be reverted from the bank server to authenticate the bank to the Device.
  • the bank servers contain the corresponding lists in order to firstly identify into which bank servers (IP number list) the information is arriving from the Device and secondly the list for authentication of the Device (access code list) as well used for the bank server to authenticate itself to the Device.
  • IP number list bank servers
  • the flow between the Device and the bank servers will be a mix of true and false data encrypted with private keys and hash with no possibilities for Spyware and/or eavesdropping to comprehend the bypassing string of unknown characters.
  • An additional application is that alarm is trigged by the Device in real time in case of criminal attempts to re-route to bogus bank web sites during the process. This secures a strong protection component against both keystroke, screen dumping loggers, wire tap and phishing bank web sites.
  • there is a protocol inside the Device that randomly generates open and closed Entry Windows into which information to be sent is entered.
  • I-REC sends a requirement specification to the Device, which "fills in” the empty Entry Windows in the intended way.
  • the customer can start using the bank's/website's services by interacting with them using this PC's keyboard and mouse, which are now connected to the Device instead.
  • Encrypted data is sent from the Device (I-GIV) to the client PC, then out to the Internet and to I-REC, where analysis is performed; repeat. This process can most closely be described as what is referred to as a so called "VPN tunnel.”
  • the customer can store them in the client PC by creating a folder there.
  • the Device transfers desired transaction data to this folder in encrypted form with keys that only the Device recognizes.
  • the client can work with his accounts Offline as well in case of inserting the SIM card into Device and choose OFFLINe mode. This enables him to fetch stored encrypted files from the designed folder in PC for any Offline use.
  • SIM Card When the transactions are finished, the SIM Card is still inserted in the Device and the PC is still in Client mode.
  • customer In order to write e-mails, browse the Internet, print letters, play games, work Offline etc. with the PC, customer needs to put PC into "Standard mode" again and release PC from Client mode. This can be made by ejecting the SIM card, sole. SIM card is ejected from the Device, at which point its control of the client PC ceases; the PC then returns to its Standard mode with common functions with all its services. The keyboard/mouse, however, remain plugged into the Device. This gives customer an extra protection against at least keystroke loggers when writing letters and emails, as loggers cannot scan any event outside the PC, moreover, once the keyboard and mouse are moved from PC to Device it's user friendly to let them stay in position.
  • SIM card is absent, there is now direct communication between the keyboard/mouse and PC, via the Device, which is on standby until the time comes to log on to a bank site or e-commerce portal again, at which point the SIM card is inserted into the Device anew to activate the security functions.
  • the customer wants to bring the Device along when he travels he can unplug the USB cable from the PC.
  • the keyboard and mouse can often stay at home, i.e. they can be removed from the Device, which can then be placed in a pocket, and which is useless without its own SIM card.
  • Spyware programs cannot interpret the codes and other data sent from the Device to I-REC and in revert by the later, since all information is already encrypted outside the infected PC environment.
  • Spyware programs cannot perform screen captures of the PC screen, since no data is written anywhere on the PC; data merely passes through the PC.
  • EMB 2 In another application of EMB 2, there are no account numbers or customer numbers at all stored anywhere other than the bank, e-commerce companies, etc. All accounts are called “1, 2, 3, 4, etc.” or are referred to by names such as "Home, food account, loan, etc.” This further enhances security, since no real account numbers are kept by the customer. Actually, why should he remember long account numbers risking to lose them by writing them into a laptop or mobile device or perhaps on more risky places.
  • EMB 2 using mobile Internet (telephones) - herein called “mobile phone”- the Device is implemented inside the telephone, so that when a caller uses the phone for Internet banking or e-commerce, an operating system other than the infected one will control the telephone.
  • mobile Internet telephones
  • the Device is implemented inside the telephone, so that when a caller uses the phone for Internet banking or e-commerce, an operating system other than the infected one will control the telephone.
  • a mobile phone is operated by a Mobile Internet Phone/cell phone Operating system (MPOP) serving the functions/features of the mobile phone.
  • MPOP Mobile Internet Phone/cell phone Operating system
  • the function of the Device could be built into a mobile phone in form of an additional software - a Device Operating System (DOP) - serving the function of the invention, sole.
  • DOP Device Operating System
  • the MPOP will be switched/ adapted to a client function to the DOP likewise earlier described for an operating PCsystem to become a client to the Device.
  • the features of the mobile phone will become likewise reduced to e.g. power supply, Internet access, data storage and printing functions, accordingly.
  • the DOP will automatically login and the database of IP numbers and access codes is likewise stored on a SIM card.
  • the shifting over from MPOP to DOP can be made with keystroke/s and/or a PIN code activating the specific second SIM card inserted in the mobile phone in a second built into card holder.
  • the already inserted and active mobile phone smart card itself could be equipped with a certain Internet Bank module "Internet bank mode" apart from the Standard mode and MPOP of the mobile phone. This would exclude a special SIM card and make the mobile phone itself even better equipped.
  • the mobile phone card then must be designed under the control by the bank to uphold the secrets of the IP numbers and login code lists.
  • a PBSf code or a biometric system could be as good a protection against criminal use of the mobile phone and/or an immediate stop of the use from another and perhaps distant phone sending an Terminating-SMS to the lost mobile phone or SIM card that erases it all as soon as the loss is detected.
  • the Device can be used as a hardware shield against skimming in ATM environments. This can be compared to a "hardware locker," which is a radical new security protection for ATM machines.
  • the problem today is, on one hand, that fake bank cards gained through skimming and data infringement can be used in ATM-type cash withdrawal machines; and on the other that ATM machines today are subjected to false fronts that use cameras to steal PIN numbers and passwords when inserted and passing by the criminal reader into the ATM, and which read bank cards as they are passed through the ATM front in order to use their information in the illegal manufacture of bank cards.
  • data theft of hacking into databases is a well known problem. In 2005 about 40 mln credit card numbers and PINs were stolen in an Arizona intrusion.
  • a third flaw is that the magnetic strip on the back of a standard plastic card, an SMSC, includes information built into the chip if a chip card. This is to facilitate the use. However, this makes it possible to analyze the magnetic strip to get into the chip.
  • the EMB 2 application of the invention prevents from this if a bankcard is used requiring a certain sealed module in the chip that doesn't exist in the magnetic strip of the card backside. This enables a card holder to use his chip card in ATMs and in supermarkets irrespectively of bringing his Device with him there as the sealed module is able to connect for login to the bank server for the stronger authentication feature of the invention giving access to the bank directly and not via credit card companies in order to save costs.
  • the invention enables this multi-feature use to a smooth start of the use of the invention as replacement of SMSC to chip cards takes time. (See furthermore down).
  • the very new step by fraudsters is to break into supermarkets in order to install malicious software in local servers to scan customers' credit card numbers and PIN codes from tills at cashiers' line during the route to a remote checkout prior to encryption for the transmission.
  • the supermarket feature of the application of EMB 2 eliminates this new criminal method the sensitive data is encrypted already when passing the malicious software wherever installed at the supermarket as all data becomes encrypted already inside the Device itself at cashier's reader.
  • the supermarket applications of the invention on the contrary requires a real time login from the Device to the bank server and full two-ends authentication and no disconnection as described above which substantially enhances the security as no sensitive data is given away until procedure is accepted by both parties.
  • the role of the supermarket won't any longer be the Authenticator but the carrier of already encrypted authentication, sole.
  • the supermarket application of the invention is feasible for any kind of shop accepting plastic cards for purchase and skimming will be eliminated.
  • Part 1 is for the standard use and Part 2 for Device use of the invention. Part 1 is used for ATMs and swipes when Device not present. Part 2 requires the Device. Part 2 is encrypted in the way of understanding by Device as described above.
  • the SMSC is already inserted into Device as described above and automated login even when a SMSC card used.
  • a master PDSf code for Part 2 of the magnetic strip can be required.
  • the ATM- procedure 13. The customer inserts his card into the ATM
  • the customer inserts the Device itself into the slot and can see on the screen how the Device in turn is shunted to its own docking station without reach by fraudsters.
  • the ATM application of the invention affords protection against SIM card theft, since if the card is swallowed by the false ATM front, this can be seen on the screen, and no slot will be opened for the Device.
  • a lost SM card or a lost Device can be immediately blocked by a phonecall to the security department, moreover, the invention enables a customer to send an SMS to a certain number to block it instantly and the ATM will swallow both card or Device.
  • the supermarket of the invention afford protection against flaws by installation of malicious software in supermarket backoffice servers to scan identities prior to encryption to Internet transmission for remote checkout.
  • the data will be encrypted already in Device at cashier's of no criminal use and the real time feature protects account holder against identity theft during the transmission to remote checkout compared to the insecure present solution with no real time control of the transmission of the sensitive data by owner.
  • Fig. 2 Result after the initial Entry, to be transmitted to I-REC regardless of whether Spyware programs are eavesdropping or not;
  • Fig. 3 Randomly generated (by I-REC in a subsequent or final Entry Form (SEF)) Entry Windows (Rl, R2, R3, etc.), along with corresponding randomly generated Closed Entry Windows (Sl, S2, S3, etc.) as part of/ the next phase in I-GIV's Entry of Original Information (O);
  • Fig. 4 Result after the subsequent Entry, to be transmitted to I-REC regardless of whether Spyware programs are eavesdropping or not;
  • Fig. 5 Final result.
  • the character row displays a result that I-REC can analyze to arrive at a portion of the Original Message (O), in this case the entire Identity (ID).
  • O Original Message
  • ID the entire Identity
  • the character rows beneath show the Spyware programs' two separate analyses of what was Entered and what was transmitted;
  • Fig. 6 The Entry application developed pursuant to Fig. 1 with an initial Entry Form with fixed Entry Positions (Pl, P2, P3, etc.), though with random Label names (E4, E15, E5, etc.)
  • Fig. 7 The second Entry Form which has new, shuffled Label names (ElO, E6, E18, etc.) at new Entry Positions.
  • the shuffling method can be endlessly and randomly varied. I-REC must provide suppressed dashes or arrows to instruct I-GTV before data Entry. Entered values are completely changed.
  • Fig. 8 The third Entry Form (last). Identical to Fig. 7; new reshuffled Label names have been set (E3, ElO, E9, etc.) for the same Entry Positions.
  • Fig. 9 Today's Process Here today's system is shown, with various types of Spyware programs that have infected a PC, modem hijacking, bugging, and generally unprotected data transmission.
  • Fig. 10 Invention Process Here the Device is shown, as well as how it places Entry outside the PC, and the VPN tunnel between the Device and the new server set up within the Perimeter 60 at the bank or e-commerce company, military command etc., and how the information passes through the infected PC.
  • Fig 11 Normal This figure shows how the customer returns to the normal PC situation and is able to use the PC in the customary fashion for other services, though with entry still taking place through the Device outside the infected PC environment, thus augmenting the owner's protection against Spyware programs, even for e-mail and other applications as keystroke loggers cannot note keystrokes made outside the PC area via the Device even in Normal mode. DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION. FIRST EMBODIMENT
  • I-GIV connects to the Internet and looks up an Attraction Site whose IP-number is recorded on I-REC's server and is also unwantedly logged by the Spyware programs and eavesdroppers in transit. This is the server's first response to the sender (I-GIV). This may take place using an Alias. The connection can take place manually ( EMB 1 ) or through the Device ( EMB 2 ). I-REC responds in the form of the Initial Entry Form, IEF (Fig. 1).
  • EMB 2 maintains security through the random placement of the Entry Form's open Entry Windows (Rl, R2, R3, etc.), which yield false Information when the closed Entry Windows (Sl, S2, S3, etc.) are removed upon transmission, thus distorting the Information in the character strings that are transmitted to I-REC (Fig. 2).
  • the Entry Windows are not shuffled, but are rather entered sequentially (where open), (Fig. 1-4). By this simple procedure, Entry and transmission can take place without taking advantage of the possibilities presented by Labels. Labels come into play in the invention's more advanced applications (Fig. 6-8) using shuffled Entry Windows.
  • the Labels (El, E2, E3, etc.) identify a certain Entry Window (Rl, R2, R3, etc.; Sl, S2, S3, etc.) in relation to the Original Position (OpI, O ⁇ 2, Op3, etc.). Because the Labels are random, non-repeated, and not identified outside of I-REC's secure environment, nor arranged in order in the transmitted Information Forms (IEF, SEF), nothing can be deduced from the Labels by Spyware programs, though of course the I-REC that created the Labels can make perfect sense of them. In order for I-GIV to be able to know in which Information Window a given value from the Original Position is to be entered, I-REC has provided arrows/dashes in its Entry Forms (Fig.
  • the Labels are able to identify the correct Original Positions (OpI, Op2, Op3, etc.) with regard to the Entry Positions (Pl, P2, P3, etc.) from I-GIV (or the Device).
  • the Device consists of an apparatus placed outside of I-GIV' s PC environment so that the Device's own operating system will not have to use the infected operating system on I-GIV's PC.
  • Such an external system can be used to perform entry of important data which only afterwards passes through the area controlled by Spyware programs, whereby the keystroke-sensitive Spyware programs neither register keystrokes nor note the information passing through the system as the malicious codes are designed to note specific unencrypted information, sole, and gets only a long string with an "uninteresting" pre-encrypted content.
  • the screen- capturing Spyware programs likewise receive only pre-encrypted "uninteresting" Information both ways.
  • the invention's central role in the protection provided by the Device against Spyware & Rootkit programs thus lies in processing the greatest possible amount of information outside of the direct infected environment by avoiding existing, potentially infected operating systems in PCs, LapTops, mobile phones etc.
  • the other services provided by the existing PC are made use of, such as power supply, certain encryptions, broadband access, printing features, encrypted data storage and ability to receive data.
  • a user is able to continue his daily routines on his PC through the Device; when a financial transaction comes up, the user is able to move to the strictly secure inside environment offered by the Device.
  • the Device therefore consists of at least 2 USB communication ports, or ports with the similar functions, whereof at least one such port connects the Device to the PC.
  • the PC's keyboard or other peripheral is connected to a keyboard port suitable to the make of the PC. Likewise for the mouse or other peripheral.
  • the Device is as well serving ports for an extra screen and/or a touch screen for the first time adapting the PC environment to the well known requirements by elderly and/or disabled having great difficulties with standard keyboards and screens.
  • the Device is connected to the PC so that it can give instructions, give printing orders, retrieve or deliver encrypted data in storage in the PC, communicate directly with the bank server and be supplied with power.
  • the USB function will replace the need of ports for keyboard and mouse.
  • the Device contains a card-reader for a SIM card along with its code keys (private keys as well as, potentially, Aliases and IPs), which have been generated in advance and at the Attraction Site owner's initiative (I-REC) i.e. the Internet Bank, and of which I-GIV has been informed in an appropriate fashion, and regarding which an agreement has been reached as to the conditions that apply to the session and to the period of time prior to replacement of the secret codes.
  • I-REC Attraction Site owner's initiative
  • the Device is equipped with an operating system other than that in I-GIV's PC in order to eliminate viral cross-infection from the PC's environment; in order to cross-infect the Device, a virus would have to be sufficiently specialized to be able to handle two simultaneous operating systems, i.e. by first passing through one type, only to be greeted by another. Such viruses do not exist today, adding to me invention's unique position. Because its tasks are so sharply limited, the operating system in the Device can be extremely simple, thus reducing vulnerability to viral attacks in like proportion.
  • the Device has a display that displays Entries. I-GIV's PC screen is not used at all, providing protection against certain Rootkits.
  • the Device routs all activities significant to local eavesdropping to the Device, turning the PC into a mere "client.”
  • the Device enables must faster, automated routines, and is able to conduct Interactivities completely automatically, such that all data transfer takes place automatically, machine-to-machine, M2M, excluding manual mistakes.
  • M2M machine-to-machine
  • Fig. 9 is a schematic demonstration, using prior art technique, of how transfer takes place between a PC 50 at I-GIV (i.e. an Internet Banking customer ) and a web portal at I-REC (i.e. an Internet bank ) and re-routed to its back office. As shown in Fig. 9 the transfer is made via the Internet 100.
  • the customer's PC 50 may be host to a number of Spyware programs. Accordingly,
  • “keystroke loggers” 200 are able to scan keystrokes on the customer's keyboard and “screen dump loggers” 300 are able to scan the PC's screen for data to and from I-REC.
  • the transfer takes place by means of servers 40, whereby additional Spyware programs 400,500 are able to capture desirable information, such as through what are referred to as PC-Zombies or through wire tap. All of this takes place before the transfer has reached the bank's server 70 or 80 located inside the bank Perimeter 60.
  • Fig. 10 is a schematic representation of how transfer takes place between a PC 50 and an Internet bank's web portal for re-routing to back office 90, where transfer takes place by means of the Device as to the EMB 2 of the present invention.
  • Fig. 10 demonstrates in which way the Device 30 is connected to the PC 50. Because the Device 30 has its own operating system, of a kind other than the operating system on the PC 50, the transfer sent from the Device 30, via the PC 50, will take place within a VPN-tunnel 35. That makes it more difficult or impossible for Spyware programs to eavesdrop on the transfer.
  • the keyboard 10 of the PC 50 is moved from the PC port to the keyboard port of the Device 30.
  • the direct communication between the Device 30 and the bank server 70 or 80 can now take place by upholding a the VPN-tunnel 35. Important is that both ends - Device 30 and bank server 70 or 80, use the equal encryption protocol which as well is ensured by the previous internal agreement of how transfers shall be made, encrypted, data parts assembled and decrypted as to the private keys and hash agreed on.
  • a subsequent Entry Form, SEF, or in simpler cases the last Entry Form, SEF, is displayed on I-GIV's screen. This form looks identical to the one data was entered into earlier, yet with the difference that the Entry Windows filled in before are now closed to new Entry, and the earlier value is not displayed there (Fig. 1-8).
  • the closed Entry Windows (Sl, S2, S3, etc.) are filled with false background information generated by I-REC. This information may also be visible on I-REC s screen. I-REC ignores such Information, yet Spyware and wire tap programs do not and get mislead.
  • the closed Entry Windows (Sl, S2, S3, etc.), can be filled in by I-GIV using suppressed false characters above each of these windows, which misleads the types of Spyware programs that both take screen captures and react to keystrokes.
  • the suppressed false characters above the windows are Entered into the closed Entry Windows (Sl, S2, S3.. etc.) below, and will thus be confused with the correct characters in the bordering Entry Windows. I-REC ignores such Information, yet Spyware and wire tap programs do not.
  • Another way is to perform the data entry process in a large series of Interactive steps described in the same way, where the sum of discrete Entries from a corresponding number of Sessions constitutes the Original Message (O).
  • the invention may therefore come to consist of alternating Sessions in a multi-part arrangement, i.e. whereby I-REC in its response to I-GIV issues a notification mat a connection is to be established with at least one third party (new I-REC, new I-RECs) where I-GIV is to submit one or more subsequent Entry Forms (SEF).
  • new I-REC new I-RECs
  • new I-RECs new I-RECs
  • SEF subsequent Entry Forms
  • additional subsequent parties I-REC
  • I-REC additional subsequent parties
  • the same model can be used for more than one I-GIV (see below).
  • the Original Message consists of Information other than an Identity, and that the number of characters in the Original Message is initially unknown to I-REC, e.g. text/s or other larger pieces of encrypted information. ( Le for military use, long messages ).
  • I-GIV will need to submit the total number of characters (including any spaces / blanks) included in the original information with a request that the Information Forms be generated in keeping with that number.
  • Spyware programs that are able to compile values from several sessions will still perform their analyses in vain (Fig. 6, 7, 8).
  • I-GIV can choose to hand off the continued Session procedure to another I-GIV, which then takes over and similarly continues the alternating exchange of the subsequent Information Forms.
  • I-GIVs or I-RECs there is no limit to the number of I-GIVs or I-RECs that can be used.
  • the invention 's combination of randomization, character shuffling, false information, unexpected change of I-GIV and/or I-REC, connect & disconnect, change of IP numbers for next session when Session changes thus creates a variety of highly innovative functions that disrupt the limited number of criminal procedures employed by advanced Spyware programs for the purpose of local eavesdropping.
  • the malicious programs are designed to look for certain facts as to design. They cannot alter in case the circumstances alter. Thus they are not yet smart and logical. If they don't find exactly what they are looking for it will be neglected.
  • the invention uses this and becomes able to fully mislead them all heavily securing each kind of authentication, Identity and data exchange.
  • I-REC consists of at least one server. All communication between the server/servers on one end and the Device on the other takes place through the VPN tunnel mentioned above.
  • the question forms are designed in keeping with I-REC's requirements irrespectively of usage in EMB 1 or EMB 2 of the present invention or in both of them.
  • This makes the invention platform-independent, since it delivers precisely the information format that I-REC is designed to accept.
  • This is highly important i.e in EMB 2 of the invention, i.e. for Internet banks, since they would otherwise have to make large modifications to their internal data structure and become reluctant to the costs to implement the new technique.
  • EMB 2 of the invention requires an extra server inside the bank Perimeter 60 being one of the endpoints "interpreting/translation the incoming Information to the expected format of data set by the bank and vice versa to the other endpoint - the Device.
  • the invention and in particular its EMB 2 consisting of a Device and SIM card, the information that is currently displayed and written on the customer's screen can instead be written onto a "screen" that lies within I-REC's Perimeter 60.
  • the process is "moved from the customer's screen to the bank.”
  • the format will remain the same as what the back offices have been designed to accommodate today.
  • An additional application of the invention in is to utilize the CW2 code - inserted by means of the Entry Form technique described above— in order to ward off certain types of Phishing (false bank and e- commerce websites) and thus simultaneously secure the Identity both of I-GIV (the online buyer or Internet bank customer or else) and I-REC (the e-commerce page, card reader or Internet bank or else).
  • I-GIV the online buyer or Internet bank customer or else
  • I-REC the e-commerce page, card reader or Internet bank or else
  • the code is a parallel code to the CW2 code - an extra code to authenticate the I-REC itself- , and this method is intended to eliminate Phishing at the Information Recipient end in that none other than I-REC and I-GIV (with his bank card in hand) will know this Anti- Phishing code.
  • This code is handled using a separate Entry Form, yet in the opposite direction, since in this case I-REC is obliged to prove its identity to I-GIV.
  • I-GIV requests an initial and then a second Entry Form from I-REC with a number of characters from the actual code filled in as Information from the code's Original Message — not all characters, since this would exhaust the code more quickly due to the risk of eavesdropping.
  • I-GIV simply hopes there is the true I-REC on the webshop side. The inventions break this.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un procédé de présentation de l'information dans le cadre de la diffusion de cette dernière via Internet et/ou d'autres media. L'information, qui se présente sous la forme de caractères (0), est transférée d'un donneur d'informations (I-GIV) à un récepteur d'informations (I-REC), ce transfert s'effectuant au cours de deux sessions. Au cours de la première session, le donneur d'informations (I-GIV) remplit le formulaire d'entrée initiale (IEF) dans lequel une première quantité de la quantité totale de caractères est entrée dans le formulaire d'entrée initiale (IEF).L'information indiquée dans le formulaire d'entrée initiale rempli (IEF) est transféré du donneur d'informations (I-GIV) à un récepteur d'informations (I-REC). Le donneur d'informations (I-GIV) remplit un second formulaire d'entrée (SEF) au cours d'une seconde session. Une seconde quantité partielle de caractères de la quantité totale est entrée dans le second formulaire d'entrée (SEF). Les sessions supplémentaires de transfert de données se déroulent au gré des besoins via l'établissement de formulaires d'entrée supplémentaires (SEF) jusqu'à ce que la totalité des caractères ait été transmis du donneur d'informations (I-GIV) au récepteur d'informations (I-REC). L'invention concerne également un dispositif matériel associé au procédé susdécrit. Il est important d'observer à propos du procédé de l'invention que I-GIV fournit la quantité partielle de caractères associée à chaque session dans des fenêtres d'entrées ouvertes de manière aléatoire (Rl, R2, R3, etc.) dans les formulaires d'entrée (IEF, SEF), et que l'on trouve des fenêtres d'entrée fermées (Sl, S2, S3, etc.) entre certaines des fenêtres d'entrée ouvertes (Rl, R2, R3, etc.) du formulaire d'entrée (IEF, SEF).
PCT/SE2006/001044 2005-09-23 2006-09-14 Procede et dispositif destines a accroitre la securite pendant un transfert de donnees WO2007035149A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
SE0502102A SE529203C2 (sv) 2005-09-23 2005-09-23 Metod att motverka spionprogramvarors lokala, automatiska avlyssningsmöjligheter i datorer
SE0502102-7 2005-09-23
US11/473,021 US20070074273A1 (en) 2005-09-23 2006-06-23 Method and device for increasing security during data transfer
US11/473,021 2006-06-23

Publications (1)

Publication Number Publication Date
WO2007035149A1 true WO2007035149A1 (fr) 2007-03-29

Family

ID=37889106

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2006/001044 WO2007035149A1 (fr) 2005-09-23 2006-09-14 Procede et dispositif destines a accroitre la securite pendant un transfert de donnees

Country Status (1)

Country Link
WO (1) WO2007035149A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5727163A (en) * 1995-03-30 1998-03-10 Amazon.Com, Inc. Secure method for communicating credit card data when placing an order on a non-secure network
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus
US6070154A (en) * 1998-11-27 2000-05-30 Activepoint Ltd. Internet credit card security
FR2828966A1 (fr) * 2001-08-23 2003-02-28 Schlumberger Systems & Service Procede pour communiquer de facon securisee des donnees d'identification d'une carte de paiement
WO2004038629A1 (fr) * 2002-10-22 2004-05-06 Lawal Ekonomi & Juridik Lars Waldenström Procede et dispositif permettant d'effectuer des transactions electroniques

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5727163A (en) * 1995-03-30 1998-03-10 Amazon.Com, Inc. Secure method for communicating credit card data when placing an order on a non-secure network
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus
US6070154A (en) * 1998-11-27 2000-05-30 Activepoint Ltd. Internet credit card security
FR2828966A1 (fr) * 2001-08-23 2003-02-28 Schlumberger Systems & Service Procede pour communiquer de facon securisee des donnees d'identification d'une carte de paiement
WO2004038629A1 (fr) * 2002-10-22 2004-05-06 Lawal Ekonomi & Juridik Lars Waldenström Procede et dispositif permettant d'effectuer des transactions electroniques

Similar Documents

Publication Publication Date Title
US20070074273A1 (en) Method and device for increasing security during data transfer
US8997177B2 (en) Graphical encryption and display of codes and text
Tu et al. Critical risk considerations in auto-ID security: Barcode vs. RFID
GB2429094A (en) Secure transaction system to counter automatic processing fraud
CA2774178A1 (fr) Procede d'authentification d'identite et de verification d'appel telephonique frauduleux qui utilise un code d'identification d'un dispositif de communication et un mot de passe dynamique
Mos et al. The growing influence of ransomware
Pande Introduction to cyber security
AU2005242135B1 (en) Verifying the Identity of a User by Authenticating a File
Tally et al. Anti-phishing: Best practices for institutions and consumers
Afaq et al. A critical analysis of cyber threats and their global impact
Mubarak et al. A critical review on RFID system towards security, trust, and privacy (STP)
Wong et al. An enhanced user authentication solution for mobile payment systems using wearables
Nowroozi et al. Cryptocurrency wallets: assessment and security
Nosrati et al. Security assessment of mobile-banking
Smith Trajectories of cybercrime
Brar et al. Vulnerabilities in e-banking: A study of various security aspects in e-banking
Azhar et al. E-banking frauds: The current scenario and security techniques
Agoyi et al. The use of SMS encrypted message to secure automatic teller machine
Varshney et al. Secret information display based authentication technique towards preventing phishing attacks
Denning Crime and crypto on the information superhighway
Virmani et al. M, Mathur V, Saxena S (2020) Analysis of cyber attacks and security intelligence: Identity theft
WO2007035149A1 (fr) Procede et dispositif destines a accroitre la securite pendant un transfert de donnees
Helmbrecht et al. New challenges for IT-security research in ICT
Mastkar et al. Survey Paper on Securing Online Transaction using Cryptography and Steganography
Krishna et al. Bank Application: One-Time Password Generation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC

122 Ep: pct application non-entry in european phase

Ref document number: 06784173

Country of ref document: EP

Kind code of ref document: A1