NO339312B1 - Secure data for display - Google Patents

Secure data for display Download PDF

Info

Publication number
NO339312B1
NO339312B1 NO20150255A NO20150255A NO339312B1 NO 339312 B1 NO339312 B1 NO 339312B1 NO 20150255 A NO20150255 A NO 20150255A NO 20150255 A NO20150255 A NO 20150255A NO 339312 B1 NO339312 B1 NO 339312B1
Authority
NO
Norway
Prior art keywords
application
pixels
display
screen
displayed
Prior art date
Application number
NO20150255A
Other languages
Norwegian (no)
Other versions
NO20150255A1 (en
Inventor
Trond Lemberg
Original Assignee
Protectoria As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Protectoria As filed Critical Protectoria As
Priority to NO20150255A priority Critical patent/NO339312B1/en
Priority to PCT/EE2016/000001 priority patent/WO2016134730A1/en
Priority to EP16710672.3A priority patent/EP3262502A1/en
Publication of NO20150255A1 publication Critical patent/NO20150255A1/en
Publication of NO339312B1 publication Critical patent/NO339312B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/14Digital output to display device ; Cooperation and interconnection of the display device with other functional units
    • G06F3/1415Digital output to display device ; Cooperation and interconnection of the display device with other functional units with means for detecting differences between the image stored in the host and the images displayed on the displays
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/14Digital output to display device ; Cooperation and interconnection of the display device with other functional units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • G06T1/0021Image watermarking
    • G06T1/0042Fragile watermarking, e.g. so as to detect tampering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/44008Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving operations for analysing video streams, e.g. detecting features or characteristics in the video stream
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8358Generation of protective data, e.g. certificates involving watermark
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T2201/00General purpose image data processing
    • G06T2201/005Image watermarking
    • G06T2201/0051Embedding of the watermark in the spatial domain
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T2201/00General purpose image data processing
    • G06T2201/005Image watermarking
    • G06T2201/0081Image watermarking whereby both original and watermarked images are required at decoder, e.g. destination-based, non-blind, non-oblivious
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09GARRANGEMENTS OR CIRCUITS FOR CONTROL OF INDICATING DEVICES USING STATIC MEANS TO PRESENT VARIABLE INFORMATION
    • G09G2358/00Arrangements for display data security

Description

Technical field
The present invention regards a method for analyzing if data generated by an application has been tampered with before it is displayed to the user by securing that a dataset produced by an application and sent to the screen of an end users device actually is displayed and presented on screen.
Background of the invention
Tampering is the deliberate altering or adulteration of information, and today there is no single solution that can be considered as tamper proof.
Often several levels of security are needed to be addressed to reduce the risk of tampering. Usually the following considerations are tåken in order to prevent tampering: • Identify who a potential tampering attacker might be and what level of knowledge they might they have. • Identify all feasible methods of unauthorized access into a system. In addition to the primary means of entry, also consider back door methods.
Control or limit access to systems of interest.
Improve the tamper resistance by making tampering more difficult, time-consuming, etc.
Add tamper-evident features to help indicate the existence of tampering. Educate people to watch for evidence of tampering.
A problem regarding tampering with displayed data is that it is usually hard to detect and check if data has been tampered with or not.
From Alzomai, M. et al: "Display security for online transactions: SMS-based authentication scheme", 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 20101108 IEEE, Piscataway, NJ, USA there is known a method for secure online transactions. Among other, the method includes to verify and authenticate transactions by comparing image information, the images being captured from a display screen.
US 2014/201527 describes a system and method for secure delivery of information between a sender and receiver via a network. The method includes entering additional information preventing displayed information from being retransmitted or copied.
GB 2512140 describes a system and method for handling the display of messages. The system includes an image memory for storing images and metadata associated with the images, the metadata including a time stamp showing when the image was captured, and a device taking a screen shot of an image displayed on a screen, wherein the screen shot and the time stamp is stored in the image memory, and a device for comparing image data tåken from the screen shot.
Summary of the invention
It is therefore an object of the invention, as it is stated in the set of claims, to solve the problems stated above. This is done by the application by adding randomly positioning pixels into the screen of the device in question, the application executes display operations and presents the display data to the end user, the application takes screen shots of what actually is displayed and compares the number and position of the pixels with that generated by the application.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
Detailed description
The application generates the data to be display on the screen of a device.
The application generates randomized addresses for positioning pixels on the screen of the device in question.
The application analyses the addressing and inserts the pixels in the blue channel (RGB) into the data that is going to be displayed in order to make the pixels as invisible for humans as possible.
The application executes display operations and presents the data to the end user.
The application takes screen shot of what actually is displayed to the end user The application analyses the screen shot in order to detect the inserted pixels and compares the number and position of the pixels with the pixels that the application generated and processed for display to the end user.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
An example of a scenario is a hacker interfering with a bank transaction between a user and a bank. When a user tries to pay a bill using net banking, the hacker intercepts the transaction and changes the amount to be paid and the account number it is to be paid to. The bank sees the information the hacker has entered and thinks it is from the user. The user only sees the information originally entered and approves the falsified transaction of the money.
With the present invention, a screenshot is tåken of what is actually displayed at the other side. By checking if a set of marker pixels inserted into the picture at the user side corresponds with a set of marker pixels in the screen shot of what is displayed at the banking side it is possible to detect if the information in the picture has been tampered with, and hence stop the transaction.

Claims (2)

1. A method for analyzing if display data generated by an application has been tampered with, comprising an application and a device with a screen and a channel of communication,characterized in that: • said application generates data to be displayed on the screen of a device, • said application generates randomized addresses for positioning pixels on the screen of the device in question, • pixels is according to the pixel addressing information inserted into the data that is going to be displayed, • the display operations are executed and the data presented to the end user, • a screen shot of what is displayed is tåken, and • said screen shot is analyzed by the application, and the number and position of the pixels are co m pa red with the pixels that the application generated and processed for display to the end user.
2. A method according to claim 1, wherein the inserted pixels is in the blue channel in the RGB color model.
NO20150255A 2015-02-24 2015-02-24 Secure data for display NO339312B1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
NO20150255A NO339312B1 (en) 2015-02-24 2015-02-24 Secure data for display
PCT/EE2016/000001 WO2016134730A1 (en) 2015-02-24 2016-02-25 Method for analysing if display data generated by an application has been tampered with
EP16710672.3A EP3262502A1 (en) 2015-02-24 2016-02-25 Method for analysing if display data generated by an application has been tampered with

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
NO20150255A NO339312B1 (en) 2015-02-24 2015-02-24 Secure data for display

Publications (2)

Publication Number Publication Date
NO20150255A1 NO20150255A1 (en) 2016-08-25
NO339312B1 true NO339312B1 (en) 2016-11-21

Family

ID=55586110

Family Applications (1)

Application Number Title Priority Date Filing Date
NO20150255A NO339312B1 (en) 2015-02-24 2015-02-24 Secure data for display

Country Status (3)

Country Link
EP (1) EP3262502A1 (en)
NO (1) NO339312B1 (en)
WO (1) WO2016134730A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544170B (en) * 2018-11-26 2023-08-11 努比亚技术有限公司 Transaction snapshot verification method, device and computer readable storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201527A1 (en) * 2013-01-17 2014-07-17 Zohar KRIVOROT Systems and methods for secure and private delivery of content
GB2512140A (en) * 2013-03-22 2014-09-24 Classfiedapp Ltd Messaging system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001148776A (en) * 1999-11-18 2001-05-29 Canon Inc Image processing unit and method and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201527A1 (en) * 2013-01-17 2014-07-17 Zohar KRIVOROT Systems and methods for secure and private delivery of content
GB2512140A (en) * 2013-03-22 2014-09-24 Classfiedapp Ltd Messaging system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Display security for online transactions: SMS-based authentication scheme. Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, 20101108 IEEE, Piscataway, NJ, USA , Dated: 01.01.0001 *

Also Published As

Publication number Publication date
WO2016134730A1 (en) 2016-09-01
NO20150255A1 (en) 2016-08-25
EP3262502A1 (en) 2018-01-03

Similar Documents

Publication Publication Date Title
US8306256B2 (en) Using camera signatures from uploaded images to authenticate users of an online system
US10198783B2 (en) Dynamic digital watermark
US8397275B1 (en) Time-varying sequenced image overlays for CAPTCHA
US10320778B2 (en) Digital identification document
US10204390B2 (en) Dynamic digital watermark
US20190362458A1 (en) Digital Identification Document
US20190188821A1 (en) System and Method for Digitally Watermarking Digital Facial Portraits
US20150063658A1 (en) System and Method for Digital Watermarking
US9672581B2 (en) Multimodal biometric profiling
US10977214B2 (en) Document image security processing
WO2022222806A1 (en) Insurance verification method and apparatus for electronic device
US20180300545A1 (en) System and Method for Digitally Watermarking Digital Facial Portraits
NO339312B1 (en) Secure data for display
US8898733B2 (en) System security process method and properties of human authorization mechanism
US20200389493A1 (en) Spoofed webpage detection
Abi Din et al. Boxer: Preventing fraud by scanning credit cards
Park THE LAZARUS GROUP
CN109271811A (en) A kind of anti-tamper storage method of electronic material evidence based on group ranking
US20170348994A1 (en) Invisible Luminescent Protection for Financial and Identification Documents
US20230362012A1 (en) Systems and methods for token authentication
US20230356539A1 (en) Systems and methods for token authentication
US20230362013A1 (en) Systems and methods for token authentication
CN110149203A (en) Evidence processing method and processing device
WO2019201898A1 (en) Method for securing a computer system
GB2517136A (en) Authentication System and Method

Legal Events

Date Code Title Description
CHAD Change of the owner's name or address (par. 44 patent law, par. patentforskriften)

Owner name: OKAY AS, NO