DE102009033918A1 - Method for displaying usage data on e.g. LCD display of mobile telephone terminal of user, involves separating filter element with filter pattern from card-shaped separation substrate, and applying filter element on display device - Google Patents

Abstract

The method involves displaying a display pattern on a display device, where the pattern has usage data in obscured form. The display pattern is superimposed with an analog filter pattern (4a) such that the usage data are detectable. A filter element (3) with the filter pattern is separated from a card-shaped separation substrate (1) and is applied on the display device. The display pattern is generated based on the usage data and the filter pattern. A portable data carrier is separated from the substrate, and is formed as a mobile communication card in a telecommunications terminal of a user. An independent claim is also included for a card-shaped separation substrate comprising a filter element.

Description

The The present invention relates to a method for displaying payload data on a display device by means of one of a Ausbrechsubstrat breakable filter element, as well as such Ausbrechsubstrat with a break-off filter element.

For the security of many electronic applications, within their framework a data communication between a telecommunication terminal, for example, a mobile station, and a server via a data communication connection is performed, e.g. B. with a transaction server on the Internet, it is crucial that assume a user of the telecommunication terminal can that on a display device of the telecommunication terminal or another user's computer terminal displayed by the server or trusted Originate secret user data is unmanipulated and integer. This is especially true for the user provided safety-critical payload data in connection with mobile or online transactions, e.g. For example, transaction data, passwords, Transaction confirmations or the like.

at the display of such user data on a display device of a However, telecommunication or computer terminal exists usually the problem that the display device in principle uncertain is because the traffic required for display control of a Operating system of the telecommunication or computer terminal to the display device is not separately secured. This opens up the possibility of a so-called "man-in-the-middle" attack, in which an attacker, for example in the form of a malicious code as a Trojan or the like, on the telecommunications or Computer terminal between the display device and the operating system turns on and the latest in there Read plain text available to be displayed user data or even can manipulate.

Based on the methods of visual cryptography reveals the WO 03/085632 A2 a method according to which two electronic display devices are used, whose black and white pixel patterns displayed in each case can be superimposed in such a way that the user data reproduces the overall pattern, although no indication of the useful data can be taken from each individual pixel pattern. However, the use of a second electronic display device in addition to the display device of the telecommunications or computer terminal used anyway is associated with considerable costs and effort.

The DE 10 2007 018 802 B3 discloses a method for secured data transfer in the context of online banking based on methods of visual cryptography. In this case, the corresponding user data are not transmitted in plain text, but in the form of coordinate data which are entered via a keypad displayed on a display device. The image of the keypad to be displayed (ie, the payload data to be displayed) is split into two largely random partial images in accordance with visual cryptography so that the image of the keypad can not be derived from each individual partial image alone. The keypad can then be made visible by a user by displaying a partial image on the display device and placing the other partial image in the form of a secretive printed film onto the display device such that the two partial images combine again to form the image of the keypad , In this case, however, a user must be provided with the second partial image in the form of one or more slides.

Besides There are similar methods for securely displaying Payload on a display device based on color mixing effects and in which the payload to be displayed is similar in color Disturbances are so obscured that the payload only by overlaying with a secret, on the disguising Disturbing coordinated color filter pattern are made recognizable can. In this context, it is also known, temporally to provide varying disturbances that only by the same time-varying color filter patterns or stroboscopic illuminations compensated can be. However, there are also such approaches the problem is that the color filter patterns to be kept in shape of foils, electronic display or lighting devices or the like separately provided to the user concerned which in turn has security disadvantages bring and increased costs due to this required infrastructure.

As a result, It is the object of the present invention, user data by means of the most efficient infrastructure possible principally display insecure display device.

In a method according to the invention for displaying user data on a display device accessible to a user, a display pattern is initially displayed on the display device, which displays the user data to be displayed in a disguised form such that the user data in the displayed display pattern are initially not recognizable. This can be achieved, for example, by supplementing the payload with obscuring clutter data, which together with the Enter user data in the display pattern. The concealed payload data is identified by superimposing the display pattern displayed on the display device on a filter pattern to be kept secret by the user, to which the type of concealment of the payload data is coordinated in such a way that the payload data becomes recognizable in the displayed display pattern. In the case of masking disturbance data present in the display pattern, these are matched to the secret filter pattern in such a way that the filter pattern suppresses the disturbance data. The user superimposing the display pattern on the filter pattern receives a filter element comprising the filter pattern, e.g. B. a plastic frame with a filter film embedded therein, which reproduces the filter pattern, according to the invention in the form of a card-shaped Ausbrechsubstrats from which the filter element can be broken and placed on the display device.

such Breakout substrates with important electronic or otherwise knockout components have long been known to users z. B. in connection with mobile phone cards, which consists of a smart card-shaped Substrate can be broken, which the user For example, receives from a mobile network operator. in this connection It is common for users to know that in the form of a Stripping substrate safety-relevant and as carefully as possible and secret components to be delivered by post, so that of a necessary safety awareness the user can be easily assumed. on the other hand an existing infrastructure can be used to make card-shaped Secure, manage, deliver and deploy stripping substrates if applicable, to be settled.

Preferably is broken out by the user in the breakout substrate next to the breakout substrate Filter element also a breakable portable media for Provided in the context of the invention Method for displaying user data on the display device in connection with the filter element can be used by the broken portable data carrier the filter pattern - in digital form - providing in dependence of the filter pattern and the user data to be displayed, a corresponding one Generate display patterns yourself or otherwise trusted To enable this.

in this connection it is particularly preferred that the ausbrechbare from the Ausbrechsubstrat portable data carrier in a telecommunication terminal of User usable mobile card is. It follows immediately the advantage that the break-off filter element to the user the same way as a mobile card from a manufacturer or Publisher of Mobilfunkkarten over its infrastructure can be provided and a separate provision of the Filter element can be omitted.

As well can be related to the release and. administration from mobile phone cards known security mechanisms as well Securing the filter element can be used as the filter element can only be used according to the invention if the user has access to the mobile card itself by he knows a separately sent identification number (PIN). This results especially if the inventive close connection between the function of the filter element with a (analog, because, for example, realized as a transparent film) filter pattern and that of the portable disk exclusively for generation of a display pattern provided corresponding digital filter pattern such that the display pattern depending from the digital filter pattern (and payload) from the mobile card generated and z. B. on the display device of a telecommunication terminal can be displayed, so that the payload data only by the (analog) Filter pattern of the filter element can be identified.

in this connection the portable data carrier can be the digital filter pattern to provide a display pattern either by that the (digital) filter pattern, for example, in a suitable memory of the data carrier, or that the (digital) filter pattern over a safe, z. B. encrypted data communication an external memory chip is read into the disk. In the former case, the filter pattern z. B. already at a Personalization as part of a manufacturing or publishing process portable media as part of the personalization data be enrolled. In the latter case, for example possible that the filter pattern is present in a memory chip, either unbreakable in the stripping substrate itself or in the break-off filter element, for. In its plastic frame, is integrated. The reading of the filter pattern from such separate memory chip, z. As an RFID transponder, is preferably conducted without contact, that is over a suitable contactless or NFC interface (short-range communication) - z. B. an RFID read interface (radio frequency identification) - Disk or a telecommunication terminal, used in the portable media as a mobile card is.

Preferably, the portable data carrier generates the display pattern itself depending on the filter pattern and the user data to be displayed. Here is preferably a digital, pixel or image region-wise linking of the user data (or a user data representing user data pattern or image) calculated with the secret (digital) filter pattern, so that the user data are so obscured that without superimposing the display pattern with the corresponding (analog) Filter pattern the user data are not recognizable. The pixel or image region-wise linking the user data with the filter pattern can, for. B. produce the user data masking clutter that go into the display pattern together with the user data.

Preferably becomes such a display pattern generated by the data carrier from this as a mobile communication card on a display device of a telecommunication terminal displayed and overlaid by the display device with the originating from the same Ausbrechsubstrat as the disk Filter element, the user data are identified.

The Filter pattern is preferably constructed so complex that it at least not homogeneous or rotational, point or axisymmetric, but rather from several, different fields, areas, Sectors or the like. In principle, the filter pattern from a recognizable geometric field pattern or even off a higher resolution pixel pattern, the can also represent a picture. Preferably, the filter pattern at least so complex that the payload data in the display pattern be identified only if the filter pattern is in a required, predetermined relative position to the display pattern on the display device is hung up.

Around to assist the user in the filter element the required predetermined relative position to the display pattern To arrange the relative position of the filter pattern of the portable Disk be determined in advance to the display pattern then turn or move in such a way that it takes the required relative position to the filter pattern. This can be in a telecommunication terminal with a touch-sensitive display device ("touch-screen") in particular be achieved by the user over Touch the display device, z. B. in a given Order at the corners or at the edges of the launched Filter element, the position of the filter element on the display device and thereby the instantaneous relative position of the filter pattern to the displayed display pattern indicates that the disk the display pattern can rotate or move accordingly. As well the filter element itself can be electrically conductive points of contact own, z. B. at the corners of the filter element, the touch by the user an electrical pulse through the filter element through to the touch-sensitive display direct and so a direct touches of the display device replicate.

As well It is possible that before displaying the display pattern a test pattern is displayed on the display device corresponding to the User includes known test data, for. B. one of him Watermark or logo or the like. This becomes the test pattern displayed on the display device in the same position as below the display pattern with the payload data is displayed, and the test data are equally obfuscated in the test pattern, we the payload in the display pattern to be displayed. If the user then a to Identifying the test data required relative position of the filter pattern For example, he can do this with respect to the test pattern confirm his telecommunications terminal. Then the portable data carrier shows the Display pattern with the user data in the same position on the display device as before, the test pattern, which ensures that the filter pattern already in the required, given relative Location is positioned on the display device.

Alternatively to the generation of a display pattern by the portable data carrier itself, the display pattern can also be generated by a trusted further location, eg. B. from a transaction server on the Internet, against which the user has instructed with his telecommunications terminal an online transaction. The user data can in this case z. B. relate to a transaction confirmation (TAN), which is preferably displayed on a display device of a user's computer terminal and must be returned by the user to the transaction server to release the transaction. For this purpose, it is necessary that the portable data carrier such a transaction server provides the (digital) filter pattern for generating the display pattern, for. B. by the filter pattern is transmitted encrypted over a mobile network to the transaction server or by an unidentifiable outsider identifying filter identifier is sent to the transaction server, based on which the transaction server can determine the disk present (digital) filter pattern independently, for. B. in a database with personalization data of the card manufacturer or publisher, if the (digital) filter pattern has already been stored as part of a personalization process in the disk. The display pattern generated by the transaction server can then be transferred to the computer terminal of the user without further protection and displayed there in such a way that the user can identify the user data with his filter element can.

Preferably the filter pattern is provided as a random color filter pattern, so that no indications of user data are derived from this can. The display pattern is used as a color display pattern determines that when placing the color filter element on the display device the payload by color mixing the random filter color pattern become recognizable with the particular display color pattern. This can z. B. be done by a color mixing operation, the user data based on the color filter pattern by colored clutter sufficiently veiled. When placing the color filter pattern on the color display pattern is then a further color mixture of Filter color pattern with the useful and disturbing data of the display pattern, so that the filtered payload sufficiently clear of Distinguish the filtered clutter. Such Color mixing can z. B. an additive color mixture with the primary colors red, Green and blue or a subtractive color mixture with the Basic colors are cyan, magenta and yellow.

Alternatively, the filter pattern according to the method of visual cryptography (see. M. Naor, A. Shamir "Visual Cryptography", Europerypt 94 ) can also be provided as a random black and white pixel filter pattern, from which no information about any useful data can be derived. Based on the pixel filter pattern, a black and white pixel display pattern is determined such that when the pixel filter pattern is placed on the display device, the pixels of the pixel filter pattern are logically linked to those of the display filter pattern according to the specifications of the visual cryptography so that the user data become recognizable.

at visual cryptography creates the pixel filter pattern, by turning every single pixel one out of a given amount randomly assigned atomic subpixel pattern, z. B. a 2 × 2 black / white pattern. Starting from this (digital) pixel filter pattern we generated the pixel display pattern, by each foreground pixel of the payload (or one of the payload as foreground before a distinguishable background User data image) is assigned an atomic sub-pixel pattern, the the inverted sub-pixel pattern at the corresponding location in the pixel filter pattern and each background pixel has the same subpixel pattern is assigned as it is in the appropriate place of the pixel filter pattern can be found. The resulting pixel display pattern may then as well little taken from a note about the veiled user data be like the pixel filter pattern. In the subsequent layered overlay of the pixel display pattern with the corresponding (analog) pixel filter pattern results from the logical (and thereby visually perceptible) link the corresponding subpixel pattern of the pixel filter pattern and the Pixel display pattern for the foreground pixels of one of the payloads a (dark) gray value, which is emitted by the (lighter) gray value of the corresponding background pixels recognizable distinguishable is.

Further Features and advantages of the invention will become apparent from the following Description of various inventive embodiments and alternative embodiments in connection with the accompanying Drawings. Show:

1 an inventive Ausbrechsubstrat with ausbrechbarem filter element and portable data carrier;

2 a telecommunication terminal with a portable data carrier and a filter element placed on the display device;

3 a flow diagram of a preferred embodiment of the method according to the invention;

4 another embodiment in which the display pattern is generated by a transaction server and displayed on a computer terminal;

5 an example of a display pattern in which user data can be identified by means of a color mixture with a filter pattern; and

6 an example of a display pattern and a filter pattern that are generated and linked in accordance with visual cryptography to identify payload data.

1 shows a Ausbrechsubstrat 1 , preferably in the known smart card format ID1, from which a mobile communication card 2 and a filter element 3 can be broken out along the dashed lines. The mobile card 2 and the filter element 3 are designed such that they according to a preferred embodiment of the invention (see. 2 ) in connection with a mobile radio terminal 10 for safe display of user data 6 on a display device 11 the mobile terminal 10 or on a display device 41 a computer terminal 40 of the user (cf. 4 ) can be used.

These are the mobile card 2 and the filter element 3 in interaction, as indicated by the in 3 reproduced procedure clearly, because the mobile phone card 2 is authoritative Lich on the generation and presentation of a display pattern 8th involved, which depends on a digital filter pattern 4b disguised user data 6 includes while the filter element 3 a digital filter pattern 4b as closely as possible corresponding analog filter pattern 4a which, by placing on the display device 11 . 41 and overlay the display pattern 8th with the filter pattern 4a the initially obfuscated user data 6 makes recognizable. Generating the display pattern 8th depending on the payload 6 and the digital filter pattern 4b as well as making recognizable the Nutzdaten 6 depending on the analog filter pattern 4a can therefore be realized in principle as inverse optical / spectral or logical operations, since the digital filter pattern 4b for concealing user data 6 is used and the corresponding analog filter pattern 4a to identify the obfuscated user data 8th , The obfuscation of the user data 8th when generating the display pattern 8th However, here is designed such that the user data 6 only with the right analog filter 4a can be identified again, as it is exemplary in connection with the 5 and 6 is explained. The "right" analog filter pattern 4a Here is the filter pattern 4a of that filter element 3 that with the portable disk 2 together in a stripping substrate 1 passed to the user.

That is why the mobile phone card 2 regardless of whether they themselves or any other trustworthy entity, such as A transaction server 30 a bank, the display pattern 8th always generates the required digital filter pattern 4b to disposal. This can in the simplest case z. B. be done by the fact that the filter pattern 4b already in the context of the manufacturing process of the mobile phone card 2 for example, in their personalization together with other personalization data in a secure memory of the mobile card 2 is deposited. Alternatively it is like in the 1 and 2 also illustrates possible that the digital filter pattern 4b is present on a contactless readable memory chip, z. B. on an RFID transponder 5 or the like, from which it comes from the mobile card 2 using an NFC interface 12 (eg, an RFID read interface) of a telecommunications terminal 10 can be read in which the mobile card 2 is used.

According to shows 2 a particular embodiment of the invention, wherein a mobile card 2 in a telecommunication device 10 is used such that via the antenna, a voice connection can be made via a mobile network. The telecommunication device 10 further comprises a display device 11 , z. B. a color LCD display, as well as an RFID read interface 12 , Alternatively, as in 4 may be shown instead of the display device 11 a telecommunications device 10 also a display device 41 a computer terminal 40 the user to display the display pattern 8th be used. Such a display device 11 . 41 For example, an LCD display with a higher dot resolution, a TFT display or the like may be. In particular, the display device 11 . 41 suitable to display colored data and patterns, ie it is a multicolor color representation according to a suitable color space possible, for. B. according to one of the usual color spaces RGB, CMY or CMYK.

telecommunications terminal Equipment 10 with mobile phone card 2 are often used to transmit and receive security-related payload data 6 used, for example, in connection with online or mobile banking transactions against a transaction server on the Internet, where secret or at least protectable data, eg. As identifiers (PIN), transaction data or transaction confirmations (TAN), from the mobile station 10 to the transaction server 30 be sent and correspondingly secret or estimated useful data 6 back to the telecommunication terminal 10 sent and on its unsafe display device 11 are displayed. Such payload 6 can z. For example, a secret transaction confirmation (eg, an mTAN or iTAN or the like) may be the user of the display device 11 and release a previously defined transaction to the transaction server 30 must send back.

The display of user data 6 on a display device 11 . 41 a telecommunications or computer terminal 11 . 41 is in principle classified as unsafe, since even encrypted transmitted user data 6 after decryption, z. B. by the operating system of the mobile or computer terminal 10 . 40 , unprotected to the respective display device 11 . 41 to be passed on to the ad. At this point, a on the mobile or computer terminal 10 . 40 relatively easy to install malicious code in the form of a Trojan or virus the payload 6 Listen or manipulate unnoticed by the user.

Therefore, the payload to be displayed becomes 6 , z. As a mTAN, for reasons of security not in plain text on the display device 11 . 41 displayed, but in the form of a display pattern 8th that the payload 6 as picture or graphic in veiled, ie initially not recognizable form. This may be in connection with the embodiment of the 2 For example, be achieved by a control device (not shown) of the mobile card 2 indicating the display pattern 8th on the display device 11 by appropriate control instructions can cause the user data to be displayed 6 by a colored deposit on the color representation of the user data 6 coordinated disturbances 7 veiled. The color or color representation of the clutter 7 then differs technically or color-analytically from that of the user data 6 However, this distinguishable color analysis lies below the threshold of perception of the human visual system, so that a viewer, the display pattern 8th the user data 6 not from the clutter 7 can distinguish and sees only a color pattern, which can be seen no recognizable information. Such a situation is for example in 5 (left) shown on the so-called Ishihara tablet. The colored clutter 7 are then through the broken out of the Ausbrechsubstrat filter element 3 with the filter pattern 4a made recognizable by this exactly on the complex color arrangement of the clutter 7 is tuned and compensated or compared to the payload 6 recognizable changed, as it is z. B. based on the Ishihara panel in 5 (right) is shown. Here is the filter pattern 4a of the filter element 3 preferably configured as a transparent or at least semitransparent color foil, so that the payload 6 through the filter pattern 4a can be recognized through.

The display pattern 8th is according to the embodiment of the 2 from the mobile card 2 generated after the digital filter pattern 4b from the RFID transponder 5 of the filter element 3 by means of the RFID read interface 12 the mobile terminal 10 was read out. The mobile card 2 indicating the payload to be displayed 6 either by itself or via a cryptographically or otherwise secure communication connection from a transaction server 30 receives, generated depending on the payload 6 and the digital filter pattern 4b the display pattern 8th and shows this on the display device 11 the mobile terminal 10 at. As it happens when overlaying the displayed display pattern 8th with the filter pattern 4a to a required, predetermined relative position of the filter pattern 4a to the display pattern 8th arrives is on the filter element 3 a position marker 9 indicated with an appropriate mark on the display device 11 must be brought into cover. By correctly superimposing the filter pattern 4a and the display pattern 8th can depend on the digital filter pattern 4b in the display pattern 8th introduced disturbances 7 hidden or sufficiently changed.

3 shows a flow diagram of a preferred embodiment of the present invention in connection with the arrangement according to 2 , In a step S1, a breakout substrate is formed 1 according to 1 to a user of the telecommunication terminal 10 sent in which a filter element 3 as well as a new mobile phone card 2 are breakable incorporated. In addition, in the mobile card 2 the digital filter pattern 4b stored, which exactly the analog filter pattern 4a corresponds to that in the break-off filter element 3 is incorporated. In steps S2 and S3, in each case the mobile radio card 2 as well as the filter element 3 by the user from the breakout substrate 1 broken out and the mobile card 2 becomes a suitable mobile station in step S4 10 used.

In step S5, the mobile communication card receives 2 the user data to be displayed 6 cryptographically secured by a transaction server 30 via the mobile radio interface of the mobile station 10 , so the mobile card 2 by disguising the user data 6 must ensure that when displaying the user data 6 on the display device 11 reading or manipulation by a malicious code is not possible. Because the digital filter pattern 4b (unlike in 1 and 2 illustrated) already during the production of the stripper substrate 1 in the context of personalization in the mobile phone card 2 was stored, reads the mobile card 2 in step S6, the digital filter pattern 4b from its memory and generated in step S7 depending on the user data 6 and the filter pattern 4b the display pattern 8th with the obfuscated user data 6 , For disguising the user data 6 through a random filter pattern 4b are suitable for. B. related to 5 described color mixing method and in connection with 6 explained methods of visual cryptography.

Subsequently, in step S8, the display pattern 8th on the display device 11 the mobile terminal 10 is displayed and the user sets in step S9 the filter element present to him 3 with the analog filter pattern 4a on the display device 11 and directs it in step S10 so relative to the displayed display pattern 8th from that in step S11 the payload 6 through the analog filter pattern 4a can recognize through it.

The separate step S10 of aligning the filter element 3 on the display device 11 is necessary because the filter pattern 4a . 4b usually not a homogeneous (translational and rotationally invariant) monochrome surface represents, but a complex color or other pattern that in a required, predetermined position as closely as possible to the display pattern 8th must be placed to the payload 6 to identify. In particular, it is with such complex filter patterns 4a . 4b not possible, the filter pattern 4a to shift, rotate, reverse or otherwise in a different manner from the required predetermined position on the display pattern 8th hang up to the payload 6 to make recognizable.

For correct alignment of the filter element 3 , on the display device 11 or relative to the display pattern 8th there are in addition to the related 2 indicated positioning marks 9 More options. So it is z. B. possible that the mobile card 2 using the NFC / RFID reader interface 12 of the telecommunication terminal 10 (see. 2 ) the exact position of the filter element 3 on the display device 11 determined contactless and based on the determined relative position of the display pattern 8th in the required, predetermined relative position to the applied filter pattern 4a indicating, so that the payload 6 become recognizable. In this case, it may happen in particular that the user the filter element 3 rotated by 90 ° relative to the predetermined relative position on the display display 11 hangs up, leaving the disk 2 a corresponding 90 ° rotation of the display pattern 8th on the display device 11 performs.

It is also possible, the mobile station 10 with a touch-sensitive display 11 ("Touch screen"), allowing the user to change the position of the filter element 3 on the display device 11 indicating that it has certain corner or edge points of the filter element 3 on the display device 11 touched. The mobile card 2 evaluates this position information and directs the display pattern 8th based on the determined position of the filter pattern 4a correct. Since it is in the location of the filter element 3 via a touch-sensitive display device 11 is a capacitive detection method, the filter element 3 also be provided with electrically conductive contact points at the corners or edges, which is a contact by the user to the display device 11 pass and the touch on the top of the filter element 3 in a touch information on the bottom converts.

Furthermore, before the display of the display pattern 8th on the display device 11 a test pattern may be displayed that includes obfuscated test data known to the user, such as a watermark or the like known to him, the test data also being overlaid with the analog filter pattern 4a must be identified, as subsequently the payload 6 in the display pattern 8th , When the user the filter element 3 such on the display device 11 Aligns relative to the test pattern that the test data known to him are recognizable, he can do so compared to the mobile card 2 confirm, for example, by pressing a button on the mobile station 10 , so the mobile card 2 the display pattern 8th in the same position on the display device 11 indicates as before the test pattern and thereby ensures that the user the payload 6 can recognize immediately.

4 shows an alternative embodiment in which the display pattern 8th with the user data 6 - In contrast to the embodiment of 2 and 3 - not on a display device 11 the mobile terminal 10 is displayed, but rather on a display device 41 a computer terminal 40 the user using a transaction server 30 via the Internet or via any other suitable communication network. Likewise stands the mobile radio terminal 10 over the mobile network with the transaction server 30 in connection, for. For example, to order online transactions.

If user data of the transaction server 30 z. B. must be passed to the user in the context of such an online transaction, the transaction server generates 30 the corresponding display pattern 8th depending on the user data 6 and the digital filter pattern 4b itself. The information about the digital filter pattern to be used 4b must be the transaction server 30 however, from the disk 2 be provided because the transaction server 30 the disk 2 or whose user usually can not clearly identify. In this respect, the transaction server 30 the secret digital filter pattern 4b (in encrypted form) or one the digital filter pattern 4b identifying filter identifier from the mobile card 2 Request. Preferably, the mobile card sends 2 however, only a filter identifier based on which the transaction server 30 the relevant filter pattern 4b can determine, for. B. because the digital filter pattern 4b already as part of the personalization of the data carrier 2 inscribed and stored in a central server as a reference. The transaction server then generates 30 the display pattern 8th from the filter pattern determined via the central server 4b and the user data to be displayed 6 and transmits the display pattern 8th to the computer terminal 40 where it is on the display device 41 is shown. The user can now view the payload 6 indicate by the filter element 3 with the corresponding analog filter pattern 4a in the required relative position to the display pattern 8th on the display device 41 of the computer terminal 40 hangs up and the payload 6 reads.

5 illustrated by a color display pattern 8th Representing Ishihara panel (left) the possibility of the present invention intended obfuscation of user data shown in color 6 (eg the number "12") by colored clutter 7 to make recognizable by color operations (right). Here are the colored clutter 7 when generating the color display pattern 8th such on the (analog) color filter pattern 4a tuned that the clutter 7 when superimposed by the Farbfil term beauty 4a be compensated or hidden. Here is the color filter pattern 4a . 4b in particular color inhomogeneous color arrangements again, the z. B. individually colored dots, rectangles, segments, quadrants or other color and geometrically complex arrangements. Such complex structures of a color filter pattern 4a can each be color-independently shaped and colored, so that also correspondingly complex clutter 7 which use different optical effects (eg additive and subtractive color mixtures) and thus increase the safety of the process. Overall, there is a great freedom of design for the selection of the color filter pattern 4a and the resulting clutter 7 which also increases the safety of the procedure.

Alternatively or in combination with the color mixture according to 5 For example, methods of visual cryptography in the context of the present invention can obscure and identify user data 6 be used. Here are user data 6 For example, the alphanumeric string "01" obfuscates by using a random black and white pixel filter pattern 4a is generated and from the user data 6 and the random pixel filter pattern 4a a black and white pixel display pattern 8th which is superimposed with the pixel filter pattern 4a the user data 6 can be removed again.

For this, first the random pixel filter pattern 4a . 4b generated (left) by each pixel of the pixel filter pattern 4a . 4b an arbitrary sub-pixel pattern (e.g., a 2 × 2 or 3 × 3 sub-pixel pattern) is assigned from a given set of sub-pixel patterns. Based on this higher resolution pixel filter pattern 4b and a correspondingly resolved payload pixel pattern containing the payload 6 (for example, with black foreground pixels and white background pixels), the pixel display pattern becomes 8th created (right) by placing in it each background pixel at the corresponding position in the pixel filter pattern 4b existing sub-pixel pattern is assigned and each foreground pixel, the inverse Subpixelmuster of at this position in the pixel filter pattern 4b located subpixel pattern.

When superimposing the pixel display pattern generated in this way 8th (right) with the random pixel filter pattern 4b (left) become the payload 6 reconstructed (below) because in the filtered pixel display pattern 8th each background pixel is characterized by a black and white sub-pixel pattern, and the foreground pixels appear uniformly black due to the superposition of inverse sub-pixel patterns.

QUOTES INCLUDE IN THE DESCRIPTION

This list The documents listed by the applicant have been automated generated and is solely for better information recorded by the reader. The list is not part of the German Patent or utility model application. The DPMA takes over no liability for any errors or omissions.

Cited patent literature

• WO 03/085632 A2 [0004]
• - DE 102007018802 B3 [0005]

Cited non-patent literature

• M. Naor, A. Shamir "Visual Cryptography", Europerypt 94 [0021]

Claims (17)

Method for displaying user data ( 6 ) on a display device ( 11 ; 41 ) of a user, comprising the steps: - displaying (S8) a display pattern ( 8th ) on the display device ( 11 ; 41 ), which contains the user data ( 6 ) in a masked form; and - overlaying (S9, S10) the displayed display pattern ( 8th ) with a filter pattern ( 4a ) such that the payload ( 6 ) are recognizable; characterized in that the filter pattern ( 4a ) comprehensive filter element ( 3 ) from a user-defined, card-shaped Ausbrechsubstrat ( 1 ) (S2) and to the display device ( 11 ; 41 ) is hung up (S9). Method according to claim 1, characterized in that the display pattern ( 8th ) depending on the payload ( 6 ) and the filter pattern ( 4b ) (S7), wherein from the breakout substrate ( 1 ) also a portable data carrier ( 2 ) that breaks the filter pattern ( 4b ) for generating the display pattern ( 8th ) (S6). Method according to Claim 2, characterized in that the broken-out data medium ( 2 ) as a mobile communication card in a telecommunication terminal ( 10 ) of the user is inserted (S4). Method according to claim 2 or 3, characterized in that the filter pattern ( 4b ) during a personalization of the data carrier ( 2 ) in the data carrier ( 2 ) is stored. Method according to Claim 3, characterized in that the data carrier ( 2 ) the filter pattern ( 4b ) via a contactless interface of the telecommunication terminal ( 10 ) from one into the stripping substrate ( 1 ) or in the break-off filter element ( 3 ) integrated memory chip ( 5 ) secured reads and saves. Method according to claim 4 or 5, characterized in that the portable data carrier ( 2 ) the display pattern ( 8th ) depending on the stored filter pattern ( 4b ) (S7). Method according to Claims 3 and 6, characterized in that the portable data carrier ( 2 ) the generated display pattern ( 8th ) on a display device ( 11 ) of the telecommunication terminal ( 10 ) (S8). Method according to Claim 7, characterized in that the data carrier ( 2 ) when displaying (S8) the generated display pattern (S8) 8th ) on the display device ( 11 ) of the telecommunication terminal ( 10 ) a relative position of the filter pattern ( 4a ) to the displayed display pattern ( 8th ) and the display pattern ( 8th ) depending on the determined position of the filter pattern ( 4a ) on the display device ( 11 ) indicates (S10) that the payload ( 6 ) are recognizable. Method according to claim 8, characterized in that the relative position of the filter pattern ( 4a ) via a touch-sensitive display device ( 10 ) of the telecommunication terminal ( 10 ) and to the portable data carrier ( 2 ), the user activating the display device ( 11 ) or electrically conductive points of contact of the filter element ( 3 ), which is a touch of the user to the display device ( 11 ), suitably touched. A method according to claim 7, characterized in that the portable data carrier in front of the display pattern ( 8th ) a test pattern comprising test data in disguised form known to the user on the display device ( 11 ) indicates that a relative position of the filter pattern required for making the test data ( 4a ) to the displayed test pattern one for identifying the user data ( 6 ) required relative position of the filter pattern ( 4b ) to the display pattern to be displayed ( 8th ) corresponds. Method according to claim 4 or 5, characterized in that the portable data carrier ( 2 ) the stored filter pattern ( 4b ) or a stored filter pattern ( 4b ) identifying the filter identifier to a transaction server ( 30 ) and the transaction server ( 30 ) the display pattern ( 8th ) in dependence on the filter pattern received or determined on the basis of the received filter identifier ( 4b ) and displayed on a display device ( 41 ) one with the transaction server ( 30 ) connected terminal ( 40 ) of the user. Method according to Claims 3 and 11, characterized in that the portable data carrier ( 2 ) the stored filter pattern ( 4b ) via a mobile radio interface of the telecommunication terminal ( 10 ) to the transaction server ( 30 ) transmits. Method according to one of claims 1 to 12, characterized in that the filter pattern ( 4a . 4b ) is provided as a random color pattern and the display pattern ( 8th ) as the payload ( 6 ) and the user data obscuring clutter ( 7 ) comprehensive color pattern is determined such that when placing the filter element ( 3 ) on the display device ( 11 ; 41 ) the user data ( 6 ) by a color mixture of the random color pattern ( 4a ) and the particular color pattern ( 8th ) become recognizable. Method according to one of claims 1 to 12, characterized in that the filter pattern ( 4a . 4b ) as a random black and white pixel pattern and the display pattern ( 8th ) is determined as a black / white pixel pattern in such a way that when the filter element ( 3 ) on the display device ( 11 ; 41 ) the user data ( 6 ) by linking the random pixel pattern ( 4a ) and the particular pixel pattern ( 8th ) according to the method of visual cryptography. Card-shaped Ausbrechsubstrat ( 1 ), characterized by an eruptible, on a display device ( 11 ; 41 ) attachable filter element ( 3 ) and a breakable portable data carrier ( 2 ), wherein the filter element ( 3 ) a filter pattern ( 4a ), which one on the display device ( 11 ; 41 ) displayed display pattern ( 8th ) can be superposed in such a way that in the display pattern ( 8th ) obscures existing user data ( 6 ) and the data carrier ( 2 ), the filter pattern ( 4b ) for generating the display pattern ( 8th ) depending on the payload ( 6 ) and the filter pattern ( 4b ). Break-away substrate according to claim 15, characterized in that the break-out portable data carrier ( 2 ) one into a telecommunication terminal ( 10 ) is deployable mobile card that is set up, the display pattern ( 8th ) and on a display device ( 11 ) of the telecommunication terminal ( 10 ), provided the portable data carrier ( 2 ) in the telecommunication terminal ( 10 ) is used as a mobile card. Stripping substrate according to claim 15 or 16, characterized in that the break-off filter element ( 3 ) and the breakable data carrier ( 2 ) are configured such that they are used to display user data ( 6 ) on a display device ( 11 ; 41 ) are suitable according to a method according to any one of claims 1 to 14.

Images