WO2016134730A1 - Method for analysing if display data generated by an application has been tampered with - Google Patents
Method for analysing if display data generated by an application has been tampered with Download PDFInfo
- Publication number
- WO2016134730A1 WO2016134730A1 PCT/EE2016/000001 EE2016000001W WO2016134730A1 WO 2016134730 A1 WO2016134730 A1 WO 2016134730A1 EE 2016000001 W EE2016000001 W EE 2016000001W WO 2016134730 A1 WO2016134730 A1 WO 2016134730A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- pixels
- screen
- data
- displayed
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
- G06F3/1415—Digital output to display device ; Cooperation and interconnection of the display device with other functional units with means for detecting differences between the image stored in the host and the images displayed on the displays
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T1/00—General purpose image data processing
- G06T1/0021—Image watermarking
- G06T1/0042—Fragile watermarking, e.g. so as to detect tampering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/44008—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving operations for analysing video streams, e.g. detecting features or characteristics in the video stream
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8358—Generation of protective data, e.g. certificates involving watermark
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T2201/00—General purpose image data processing
- G06T2201/005—Image watermarking
- G06T2201/0051—Embedding of the watermark in the spatial domain
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T2201/00—General purpose image data processing
- G06T2201/005—Image watermarking
- G06T2201/0081—Image watermarking whereby both original and watermarked images are required at decoder, e.g. destination-based, non-blind, non-oblivious
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09G—ARRANGEMENTS OR CIRCUITS FOR CONTROL OF INDICATING DEVICES USING STATIC MEANS TO PRESENT VARIABLE INFORMATION
- G09G2358/00—Arrangements for display data security
Definitions
- the present invention regards a method for analyzing if data generated by an application has been tampered with before it is displayed to the user by securing that a dataset produced by an application and sent to the screen of an end users device actually is displayed and presented on screen.
- Tampering is the deliberate altering or adulteration of information, and today there is no single solution that can be considered as tamper proof.
- a problem regarding tampering with displayed data is that it is usually hard to detect and check if data has been tampered with or not.
- the application generates the data to be display on the screen of a device.
- the application generates randomized addresses for positioning pixels on the screen of the device in question.
- the application analyses the addressing and inserts the pixels in the blue channel (RGB) into the data that is going to be displayed in order to make the pixels as invisible for humans as possible.
- RGB blue channel
- the application executes display operations and presents the data to the end user.
- the application takes screen shot of what actually is displayed to the end user
- the application analyses the screen shot in order to detect the inserted pixels and compares the number and position of the pixels with the pixels that the application generated and processed for display to the end user.
- An example of a scenario is a hacker interfering with a bank transaction between a user and a bank.
- the hacker intercepts the transaction and changes the amount to be paid and the account number it is to be paid to.
- the bank sees the information the hacker has entered and thinks it is from the user. The user only sees the information originally entered and approves the falsified transaction of the money.
- a screenshot is taken of what is actually displayed at the other side.
Abstract
A method for analyzing if data generated by an application has been tampered with, comprising an application and a device with a screen and a channel of communication, wherein said application generates data to be display on the screen of a device, pixels is inserted into the data that is going to be displayed, said application generates randomized addresses for positioning pixels on the screen of the device in question, the display operations are executed and the data presented to the end user, a screen shot of what is displayed is taken, and said screen shot is analyzed, and the number and position of the pixels compares with the pixels that the application generated and processed for display to the end user.
Description
METHOD FOR ANALYSING IF DISPLAY DATA GENERATED BY AN APPLICATION
HAS BEEN TAMPERED WITH
Technical field
The present invention regards a method for analyzing if data generated by an application has been tampered with before it is displayed to the user by securing that a dataset produced by an application and sent to the screen of an end users device actually is displayed and presented on screen.
Background of the invention
Tampering is the deliberate altering or adulteration of information, and today there is no single solution that can be considered as tamper proof.
Often several levels of security are needed to be addressed to reduce the risk of tampering. Usually the following considerations are taken in order to prevent tampering :
Identify who a potential tampering attacker might be and what level of knowledge they might they have.
Identify all feasible methods of unauthorized access into a system. In addition to the primary means of entry, also consider back door methods.
Control or limit access to systems of interest.
Improve the tamper resistance by making tampering more difficult, time-consuming, etc.
Add tamper-evident features to help indicate the existence of tampering.
Educate people to watch for evidence of tampering.
A problem regarding tampering with displayed data is that it is usually hard to detect and check if data has been tampered with or not.
Summary of the invention
It is therefore an object of the invention, as it is stated in the set of claims, to solve the problems stated above. This is done by the application by adding randomly positioning pixels into the screen of the device in question, the application executes display operations and presents the display data to the end user, the application takes screen shots of what actually is displayed and compares the number and position of the pixels with that generated by the application.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
SUBSTITUTE SHEETS (RULE 26)
Detailed description
The application generates the data to be display on the screen of a device.
The application generates randomized addresses for positioning pixels on the screen of the device in question.
The application analyses the addressing and inserts the pixels in the blue channel (RGB) into the data that is going to be displayed in order to make the pixels as invisible for humans as possible.
The application executes display operations and presents the data to the end user.
The application takes screen shot of what actually is displayed to the end user
The application analyses the screen shot in order to detect the inserted pixels and compares the number and position of the pixels with the pixels that the application generated and processed for display to the end user.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
An example of a scenario is a hacker interfering with a bank transaction between a user and a bank. When a user tries to pay a bill using net banking, the hacker intercepts the transaction and changes the amount to be paid and the account number it is to be paid to. The bank sees the information the hacker has entered and thinks it is from the user. The user only sees the information originally entered and approves the falsified transaction of the money.
With the present invention, a screenshot is taken of what is actually displayed at the other side. By checking if a set of marker pixels inserted into the picture at the user side corresponds with a set of marker pixels in the screen shot of what is displayed at the banking side it is possible to detect if the information in the picture has been tampered with, and hence stop the transaction.
SUBSTITUTE SHEETS (RULE 26)
Claims
1. A method for analyzing if display data generated by an application has been tampered with, comprising an application and a device with a screen and a channel of communication, c h a r a c t e r i z e d i n t h a t :
• said application generates data to be displayed on the screen of a device,
• said application generates randomized addresses for positioning pixels on the screen of the device in question,
• pixels is according to the pixel addressing information inserted into the data that is going to be displayed,
• the display operations are executed and the data presented to the end user,
• a screen shot of what is displayed is taken, and
• said screen shot is analyzed by the application, and the number and position of the pixels are compared with the pixels that the application generated and processed for display to the end user.
2. A method according to claim 1, wherein the inserted pixels is in the blue channel in the RGB color model.
SUBSTITUTE SHEETS (RULE 26)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16710672.3A EP3262502A1 (en) | 2015-02-24 | 2016-02-25 | Method for analysing if display data generated by an application has been tampered with |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NO20150255 | 2015-02-24 | ||
NO20150255A NO339312B1 (en) | 2015-02-24 | 2015-02-24 | Secure data for display |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016134730A1 true WO2016134730A1 (en) | 2016-09-01 |
Family
ID=55586110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EE2016/000001 WO2016134730A1 (en) | 2015-02-24 | 2016-02-25 | Method for analysing if display data generated by an application has been tampered with |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3262502A1 (en) |
NO (1) | NO339312B1 (en) |
WO (1) | WO2016134730A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109544170A (en) * | 2018-11-26 | 2019-03-29 | 努比亚技术有限公司 | A kind of transaction snapshot verification method, equipment and computer readable storage medium |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6873711B1 (en) * | 1999-11-18 | 2005-03-29 | Canon Kabushiki Kaisha | Image processing device, image processing method, and storage medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140201527A1 (en) * | 2013-01-17 | 2014-07-17 | Zohar KRIVOROT | Systems and methods for secure and private delivery of content |
GB2512140A (en) * | 2013-03-22 | 2014-09-24 | Classfiedapp Ltd | Messaging system and method |
-
2015
- 2015-02-24 NO NO20150255A patent/NO339312B1/en unknown
-
2016
- 2016-02-25 WO PCT/EE2016/000001 patent/WO2016134730A1/en active Application Filing
- 2016-02-25 EP EP16710672.3A patent/EP3262502A1/en not_active Ceased
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6873711B1 (en) * | 1999-11-18 | 2005-03-29 | Canon Kabushiki Kaisha | Image processing device, image processing method, and storage medium |
Non-Patent Citations (1)
Title |
---|
WALTON S: "IMAGE AUTHENTICATION FOR A SLIPPERY NEW AGE", DR. DOBB'S JOURNAL, M&T PUBL., REDWOOD CITY, CA, US, vol. 20, no. 4, 1 April 1995 (1995-04-01), pages 18 - 20,22,24, XP000198825, ISSN: 1044-789X * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109544170A (en) * | 2018-11-26 | 2019-03-29 | 努比亚技术有限公司 | A kind of transaction snapshot verification method, equipment and computer readable storage medium |
CN109544170B (en) * | 2018-11-26 | 2023-08-11 | 努比亚技术有限公司 | Transaction snapshot verification method, device and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
NO20150255A1 (en) | 2016-08-25 |
NO339312B1 (en) | 2016-11-21 |
EP3262502A1 (en) | 2018-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10798313B2 (en) | Preserving privacy in surveillance | |
US8397275B1 (en) | Time-varying sequenced image overlays for CAPTCHA | |
US9584543B2 (en) | Method and system for web integrity validator | |
US7913292B2 (en) | Identification and visualization of trusted user interface objects | |
US20190273750A1 (en) | Methods and apparatus for detecting remote control of a client device | |
US20120299701A1 (en) | Method and apparatus for passcode entry | |
Murdoch et al. | How certification systems fail: Lessons from the Ware report | |
Nia et al. | Assessing fraud risk factors of assets misappropriation: Evidences from Iranian banks | |
US9672581B2 (en) | Multimodal biometric profiling | |
Sava et al. | Assessing the impact of transformations on physical adversarial attacks | |
WO2016134730A1 (en) | Method for analysing if display data generated by an application has been tampered with | |
CN115659295B (en) | Page protection method, device, equipment and storage medium | |
CN109345186B (en) | Service handling method based on Internet of things and terminal equipment | |
CN103650459A (en) | Information presentation method and equipment | |
Shetty et al. | Investigation of Card Skimming Cases: An Indian Perspective | |
CN112883951B (en) | Method, system and storage medium for protecting sensitive content | |
US20190080100A1 (en) | Identify and protect sensitive text in graphics data | |
Hole et al. | Lessons from the Norwegian ATM system | |
Nashit | Global cybercrimes, associated laws and befitting policies for Pakistan | |
US20170348994A1 (en) | Invisible Luminescent Protection for Financial and Identification Documents | |
CN114550253B (en) | Method and device for preprocessing face image in queuing scene | |
Sultanov et al. | Peculiarities of the investigation of crimes and administrative offenses committed in the digital environment | |
Grillenmeier | Protecting Active Directory against modern threats | |
Rusch | Foreground and Background in Cybercrime: A Reply to Pinguelo and Muller | |
EP3557839A1 (en) | Method for securing a computer system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16710672 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2016710672 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |