NO339312B1 - Secure data for display - Google Patents
Secure data for display Download PDFInfo
- Publication number
- NO339312B1 NO339312B1 NO20150255A NO20150255A NO339312B1 NO 339312 B1 NO339312 B1 NO 339312B1 NO 20150255 A NO20150255 A NO 20150255A NO 20150255 A NO20150255 A NO 20150255A NO 339312 B1 NO339312 B1 NO 339312B1
- Authority
- NO
- Norway
- Prior art keywords
- application
- pixels
- display
- screen
- displayed
- Prior art date
Links
- 238000000034 method Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 description 2
- 239000003550 marker Substances 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
- G06F3/1415—Digital output to display device ; Cooperation and interconnection of the display device with other functional units with means for detecting differences between the image stored in the host and the images displayed on the displays
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/14—Digital output to display device ; Cooperation and interconnection of the display device with other functional units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T1/00—General purpose image data processing
- G06T1/0021—Image watermarking
- G06T1/0042—Fragile watermarking, e.g. so as to detect tampering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/44008—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving operations for analysing video streams, e.g. detecting features or characteristics in the video stream
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8358—Generation of protective data, e.g. certificates involving watermark
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T2201/00—General purpose image data processing
- G06T2201/005—Image watermarking
- G06T2201/0051—Embedding of the watermark in the spatial domain
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T2201/00—General purpose image data processing
- G06T2201/005—Image watermarking
- G06T2201/0081—Image watermarking whereby both original and watermarked images are required at decoder, e.g. destination-based, non-blind, non-oblivious
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09G—ARRANGEMENTS OR CIRCUITS FOR CONTROL OF INDICATING DEVICES USING STATIC MEANS TO PRESENT VARIABLE INFORMATION
- G09G2358/00—Arrangements for display data security
Description
Technical field
The present invention regards a method for analyzing if data generated by an application has been tampered with before it is displayed to the user by securing that a dataset produced by an application and sent to the screen of an end users device actually is displayed and presented on screen.
Background of the invention
Tampering is the deliberate altering or adulteration of information, and today there is no single solution that can be considered as tamper proof.
Often several levels of security are needed to be addressed to reduce the risk of tampering. Usually the following considerations are tåken in order to prevent tampering: • Identify who a potential tampering attacker might be and what level of knowledge they might they have. • Identify all feasible methods of unauthorized access into a system. In addition to the primary means of entry, also consider back door methods.
Control or limit access to systems of interest.
Improve the tamper resistance by making tampering more difficult, time-consuming, etc.
Add tamper-evident features to help indicate the existence of tampering. Educate people to watch for evidence of tampering.
A problem regarding tampering with displayed data is that it is usually hard to detect and check if data has been tampered with or not.
From Alzomai, M. et al: "Display security for online transactions: SMS-based authentication scheme", 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 20101108 IEEE, Piscataway, NJ, USA there is known a method for secure online transactions. Among other, the method includes to verify and authenticate transactions by comparing image information, the images being captured from a display screen.
US 2014/201527 describes a system and method for secure delivery of information between a sender and receiver via a network. The method includes entering additional information preventing displayed information from being retransmitted or copied.
GB 2512140 describes a system and method for handling the display of messages. The system includes an image memory for storing images and metadata associated with the images, the metadata including a time stamp showing when the image was captured, and a device taking a screen shot of an image displayed on a screen, wherein the screen shot and the time stamp is stored in the image memory, and a device for comparing image data tåken from the screen shot.
Summary of the invention
It is therefore an object of the invention, as it is stated in the set of claims, to solve the problems stated above. This is done by the application by adding randomly positioning pixels into the screen of the device in question, the application executes display operations and presents the display data to the end user, the application takes screen shots of what actually is displayed and compares the number and position of the pixels with that generated by the application.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
Detailed description
The application generates the data to be display on the screen of a device.
The application generates randomized addresses for positioning pixels on the screen of the device in question.
The application analyses the addressing and inserts the pixels in the blue channel (RGB) into the data that is going to be displayed in order to make the pixels as invisible for humans as possible.
The application executes display operations and presents the data to the end user.
The application takes screen shot of what actually is displayed to the end user The application analyses the screen shot in order to detect the inserted pixels and compares the number and position of the pixels with the pixels that the application generated and processed for display to the end user.
If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.
An example of a scenario is a hacker interfering with a bank transaction between a user and a bank. When a user tries to pay a bill using net banking, the hacker intercepts the transaction and changes the amount to be paid and the account number it is to be paid to. The bank sees the information the hacker has entered and thinks it is from the user. The user only sees the information originally entered and approves the falsified transaction of the money.
With the present invention, a screenshot is tåken of what is actually displayed at the other side. By checking if a set of marker pixels inserted into the picture at the user side corresponds with a set of marker pixels in the screen shot of what is displayed at the banking side it is possible to detect if the information in the picture has been tampered with, and hence stop the transaction.
Claims (2)
1. A method for analyzing if display data generated by an application has been tampered with, comprising an application and a device with a screen and a channel of communication,characterized in that: • said application generates data to be displayed on the screen of a device, • said application generates randomized addresses for positioning pixels on the screen of the device in question, • pixels is according to the pixel addressing information inserted into the data that is going to be displayed, • the display operations are executed and the data presented to the end user, • a screen shot of what is displayed is tåken, and • said screen shot is analyzed by the application, and the number and position of the pixels are co m pa red with the pixels that the application generated and processed for display to the end user.
2. A method according to claim 1, wherein the inserted pixels is in the blue channel in the RGB color model.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NO20150255A NO339312B1 (en) | 2015-02-24 | 2015-02-24 | Secure data for display |
PCT/EE2016/000001 WO2016134730A1 (en) | 2015-02-24 | 2016-02-25 | Method for analysing if display data generated by an application has been tampered with |
EP16710672.3A EP3262502A1 (en) | 2015-02-24 | 2016-02-25 | Method for analysing if display data generated by an application has been tampered with |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NO20150255A NO339312B1 (en) | 2015-02-24 | 2015-02-24 | Secure data for display |
Publications (2)
Publication Number | Publication Date |
---|---|
NO20150255A1 NO20150255A1 (en) | 2016-08-25 |
NO339312B1 true NO339312B1 (en) | 2016-11-21 |
Family
ID=55586110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
NO20150255A NO339312B1 (en) | 2015-02-24 | 2015-02-24 | Secure data for display |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3262502A1 (en) |
NO (1) | NO339312B1 (en) |
WO (1) | WO2016134730A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109544170B (en) * | 2018-11-26 | 2023-08-11 | 努比亚技术有限公司 | Transaction snapshot verification method, device and computer readable storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140201527A1 (en) * | 2013-01-17 | 2014-07-17 | Zohar KRIVOROT | Systems and methods for secure and private delivery of content |
GB2512140A (en) * | 2013-03-22 | 2014-09-24 | Classfiedapp Ltd | Messaging system and method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001148776A (en) * | 1999-11-18 | 2001-05-29 | Canon Inc | Image processing unit and method and storage medium |
-
2015
- 2015-02-24 NO NO20150255A patent/NO339312B1/en unknown
-
2016
- 2016-02-25 WO PCT/EE2016/000001 patent/WO2016134730A1/en active Application Filing
- 2016-02-25 EP EP16710672.3A patent/EP3262502A1/en not_active Ceased
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140201527A1 (en) * | 2013-01-17 | 2014-07-17 | Zohar KRIVOROT | Systems and methods for secure and private delivery of content |
GB2512140A (en) * | 2013-03-22 | 2014-09-24 | Classfiedapp Ltd | Messaging system and method |
Non-Patent Citations (1)
Title |
---|
Display security for online transactions: SMS-based authentication scheme. Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, 20101108 IEEE, Piscataway, NJ, USA , Dated: 01.01.0001 * |
Also Published As
Publication number | Publication date |
---|---|
WO2016134730A1 (en) | 2016-09-01 |
NO20150255A1 (en) | 2016-08-25 |
EP3262502A1 (en) | 2018-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8306256B2 (en) | Using camera signatures from uploaded images to authenticate users of an online system | |
US10198783B2 (en) | Dynamic digital watermark | |
US8397275B1 (en) | Time-varying sequenced image overlays for CAPTCHA | |
US10320778B2 (en) | Digital identification document | |
US10204390B2 (en) | Dynamic digital watermark | |
US20190362458A1 (en) | Digital Identification Document | |
US20190188821A1 (en) | System and Method for Digitally Watermarking Digital Facial Portraits | |
US20150063658A1 (en) | System and Method for Digital Watermarking | |
US9672581B2 (en) | Multimodal biometric profiling | |
US10977214B2 (en) | Document image security processing | |
WO2022222806A1 (en) | Insurance verification method and apparatus for electronic device | |
US20180300545A1 (en) | System and Method for Digitally Watermarking Digital Facial Portraits | |
NO339312B1 (en) | Secure data for display | |
US8898733B2 (en) | System security process method and properties of human authorization mechanism | |
US20200389493A1 (en) | Spoofed webpage detection | |
Abi Din et al. | Boxer: Preventing fraud by scanning credit cards | |
Park | THE LAZARUS GROUP | |
CN109271811A (en) | A kind of anti-tamper storage method of electronic material evidence based on group ranking | |
US20170348994A1 (en) | Invisible Luminescent Protection for Financial and Identification Documents | |
US20230362012A1 (en) | Systems and methods for token authentication | |
US20230356539A1 (en) | Systems and methods for token authentication | |
US20230362013A1 (en) | Systems and methods for token authentication | |
CN110149203A (en) | Evidence processing method and processing device | |
WO2019201898A1 (en) | Method for securing a computer system | |
GB2517136A (en) | Authentication System and Method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
CHAD | Change of the owner's name or address (par. 44 patent law, par. patentforskriften) |
Owner name: OKAY AS, NO |