NO346103B1 - Method for protection of the visual user interface of mobile applications - Google Patents
Method for protection of the visual user interface of mobile applications Download PDFInfo
- Publication number
- NO346103B1 NO346103B1 NO20200974A NO20200974A NO346103B1 NO 346103 B1 NO346103 B1 NO 346103B1 NO 20200974 A NO20200974 A NO 20200974A NO 20200974 A NO20200974 A NO 20200974A NO 346103 B1 NO346103 B1 NO 346103B1
- Authority
- NO
- Norway
- Prior art keywords
- module
- parameters
- assembling
- purpose device
- relying
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 36
- 230000000007 visual effect Effects 0.000 title description 3
- 238000004891 communication Methods 0.000 claims description 26
- 238000012800 visualization Methods 0.000 claims description 25
- 238000010200 validation analysis Methods 0.000 claims description 20
- YTAHJIFKAKIKAV-XNMGPUDCSA-N [(1R)-3-morpholin-4-yl-1-phenylpropyl] N-[(3S)-2-oxo-5-phenyl-1,3-dihydro-1,4-benzodiazepin-3-yl]carbamate Chemical compound O=C1[C@H](N=C(C2=C(N1)C=CC=C2)C1=CC=CC=C1)NC(O[C@H](CCN1CCOCC1)C1=CC=CC=C1)=O YTAHJIFKAKIKAV-XNMGPUDCSA-N 0.000 claims description 4
- 230000001131 transforming effect Effects 0.000 claims description 2
- 230000003993 interaction Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000282412 Homo Species 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/84—Protecting input, output or interconnection devices output devices, e.g. displays or monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
Description
Technical field
The disclosure relates to the field of cyber security.
Background
[0001] On a multi-purpose device, e.g. a mobile phone, tablet or similar, the screen is shared between multiple applications on the device. When providing securityrelated functionalities on such a device that require user interaction and user consent, it is important to make sure the user and the service provider can trust the information shown on the screen. Often, the user consent has a legal meaning, and thus, should be protected by strong security measures.
[0002] If a user wants to give consent to a specific information shown on the screen of a multi-purpose device, it should be the very same information processed on the device and sent to the relying service which the user gave consent to. The information on the screen should not be fraudulently replaced by other information behind the scenes. Attackers may aim to manipulate the information displayed and inject overlays with false information.
[0003] US 2016380774 A1 describes a method of providing virtualized credentials of a holder, comprising authorizing a subset of credential data to be sent to a device of a relying party that is different from the holder, wherein the subset of credential data depends on at least one of: a role of the relying party, selection by the holder, and contextual data of the relying party; and displaying at least some of the subset of credential data on a screen of the device of the relying party.
[0004] US 2013125197 A1 describes methods and systems of a security component associated with a network-enabled application. A security component may be installed on a client system and execute in conjunction with the network-enabled application. A network-enabled application may be defined as any application program that may receive information from a user and convey it over a network (e.g., the Internet).
[0005] US 2012323717 A1 describes a method for determining a transaction authentication level includes receiving transaction information associated with a transaction between a user and a relying party, receiving relying party preferences, and determining a relying party authentication level based on the transaction information and the relying party preferences.
[0006] It is an aim of the present invention to provide a method for determining whether display information sent to a multi-purpose device by a relying service is visually displayed in an untampered manner on a screen of the multi-purpose device.
Summary of the invention
[0007] The present invention provides a method for determining whether display information sent to a multi-purpose device by a relying service is visually displayed in an untampered manner on a screen of the multi-purpose device, the method comprising the steps of; a) generating, by an assembling module of the relying service, display information in the form of a set of assembling parameters, b) storing, by a storing module of the relying service, the set of assembling parameters as a set of secure assembling parameters, c) transmitting, by a communication module of the relying service, the set of assembling parameters, to a communication module of the multi-purpose device, d) transforming, by a reassembling and visualisation module of the multi-purpose device, the set of assembling parameters into a set of display parameters, e) generating and outputting, by the reassembling and visualisation module of the multi-purpose device, an image signal based on the set of display parameters to the screen of the multi-purpose device, f) visually displaying, by the screen of the multi-purpose device, using the image signal, a physical representation of the set of display parameters, g) capturing, by a screenshot module of the multi-purpose device, a screenshot of the physical representation of the set of display parameters displayed on the screen of the multi-purpose device, h) transmitting, by the communication module of the multi-purpose device, the screenshot to the communication module of the relying service, i) determining, by the validation module of the relying service, any discrepancies between the screenshot received from the multi-purpose device and a secure digitalized physical representation based on the set of secure assembling parameters stored by the storing module of the relying service, and j) determining, based on the discrepancies, by the validation module of the relying service, whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device. The steps may follow one another a different order than the one indicated above.
[0008] In an embodiment of the invention the set of assembling parameters is prepared by the assembling module of the relying service from at least an assembling module input comprising a user-specific parameter and/or a device-specific parameter, and the set of assembling parameters may be transformed by the reassembling and visualisation module of the multi-purpose device into the set of display parameters by employment of the user-specific parameter and/or the device-specific parameter, where the device-specific parameter is a devicespecific parameter of the multi-purpose device.
[0009] In another embodiment of the invention a watermark configuration is created in the set of assembling parameters, the watermark configuration in the set of assembling parameters is a change in a set of pixels in the physical representation of the set of assembling parameters relative to a physical representation of the set of assembling parameters without any watermark configuration.
[0010] In yet another embodiment of the invention the user-specific parameter and the device-specific parameter is employed together with a random number by the assembling module of the relying service to create the watermark configuration in the set of assembling parameters.
[0011] In yet another embodiment of the invention the change in the set of pixels in the physical representation of the set of assembling parameters is a change of pixel colour relative to a physical representation of the set of assembling parameters without any watermark configuration.
[0012] In yet another embodiment of the invention the reassembling and visualisation module of the multi-purpose device comprises a DSL-interpreter.
[0013] In yet another embodiment of the invention the individual pixels that constitute the set of pixels is chosen based on an instruction set comprising ops codes for the DSL-interpreter and where the instruction set is at least a part of a program for the DSL-interpreter.
[0014] In yet another embodiment of the invention the set of assembling parameters constitute at least a part of a program for the DSL-interpreter.
[0015] In yet another embodiment of the invention the reassembling and visualisation module comprises a reassembling module and a visualisation module, and wherein step d) is performed by the reassembling module, step e) is performed by the visualization module.
[0016] In yet another embodiment of the invention the method further comprising the steps of; recording, by a sensor module of the multi-purpose device, a device environment parameter of the multi-purpose device, and transmitting, by the communication module of the multi-purpose device, the device environment parameter to the communication module of the relying service, and wherein step j) the validation module of the relying service determines, based on the discrepancies and the device environment parameter, whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device.
[0017] In yet another embodiment of the invention the set of assembling parameters is prepared by the assembling module of the relying service from at least a text string set, a graphics parameter and one or more layout instructions.
[0018] In yet another embodiment of the invention the step j) comprises the sub-steps of j1) assigning a score value based on the discrepancies between the screenshot and the secure digitalized physical representation, where the score value is a measure of the level of discrepancy between the screenshot and the secure digitalized physical representation, and j2) determining whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device based on the score value.
Brief description of the drawings
[0019] In order to make the invention more readily understandable, the description that follows will refer to accompanying drawings, in which:
[0020] Figure 1 is a schematic representation comprising the method according to the invention, where the timescale is defined from top to bottom,
[0021] Figure 2 comprises three schematic illustrations of the various modules that may be involved in the method according to the invention,
[0022] Figure 3 is a schematic illustration of an assembling module according to an embodiment of the invention together with its inputs and output, where the stipulated boxes and lines illustrate optional embodiments within the illustrated embodiment,
[0023] Figure 4 is a schematic illustration of an assembling module according to an embodiment of the invention together with its inputs and output, where the stipulated boxes and lines illustrate optional embodiments within the illustrated embodiment,
[0024] Figure 5 is a schematic illustration of a reassembling and visualization module according to an embodiment of the invention together with its inputs and output, where the stipulated boxes and lines illustrate optional embodiments within the illustrated embodiment,
[0025] Figure 6 is a schematic illustration of a screen according to an embodiment of the invention together with its inputs and output, where the stipulated boxes and lines illustrate optional embodiments within the illustrated embodiment, and [0026] Figure 7 is a schematic illustration of a validation module according to an embodiment of the invention together with its inputs and output, where the stipulated boxes and lines illustrate optional embodiments within the illustrated embodiment.
Detailed description of the invention
[0027] In the following, general embodiments as well as particular exemplary embodiments of the invention will be described. References will be made to the accompanying drawings. It shall be noted, however, that the drawings are exemplary embodiments only, and that other features and embodiments may well be within the scope of the invention as claimed.
[0028] Unless otherwise defined, all terms of art, notations and other scientific terms or terminology used herein are intended to have the meanings commonly understood by those of skill in the art to which this invention pertains. Certain terms of art, notations, and other scientific terms or terminology may be defined as indicated below.
[0029] The present invention provides a method for determining whether display information sent to a multi-purpose device by a relying service is visually displayed in an untampered manner on a screen of the multi-purpose device.
[0030] The method of the present invention is described though the employment of modules, where a module may be considered as a part of a software, or hardware, designed to perform one or more specific tasks. A module may thus be considered as the functional scope of a software or hardware. A person skilled in the art with knowledge of the present invention will appreciate that any module as herein described may be combined with another module to form a more general module, or be split up into two or more sub-modules. The exact functional organization, i.e. division, into modules used to describe the method of the present invention is largely chosen to improve readability.
[0031] The method of the present invention may be described in the following simplified manner: Display information is initially generated and stored by a relying service, and communicated to a multi-purpose device where it is physically displayed on a screen of the multi-purpose device. A screenshot is subsequently taken of said screen and this screenshot is communicated back to the relying service. When received by the relying service, the screen shot is compared with the display information stored by the relying service in order to determine any discrepancies between the screenshot and the display information stored by the relying service. Said discrepancies may subsequently be used to give an evaluation of whether the information shown on the screen of the multi-purpose device has been tampered with.
[0032] The multi-purpose device may in the context of the present invention be considered as a device that may facilitate multiple applications that share common resources on the device. A multi-purpose device may be a device such as a smart phone, laptop, tablet, smart watch or similar.
[0033] The relying service may in the context of the present invention be considered as a device, collection of devices or fractions of devices that is/are located remotely to the multi-purpose device. Examples of a relying service is a server or a cloud service. The relying service is in the context of the present invention configured to run a computer program.
[0034] Figure 1 is a schematic illustration of the method according to an embodiment of the invention, where the method comprises a step of generating a set of assembling parameters by an assembling module of a relying service. After being generated, the set of assembling parameters is subsequently stored by a storing module of the relying service and transmitted by a communication module of the relying service to a communication module of the multi-purpose device. Upon receipt by the multi-purpose device, the set of assembling parameters is then transformed into a set of display parameters by a reassembling and visualisation module of the multi-purpose device. The reassembling and visualisation module of the multi-purpose device further generates an image signal based on the set of display parameters and outputs this signal to a screen of the multi-purpose device that visually displays a physical representation of the set of display parameters using the image signal. A person skilled in the art with knowledge of the present invention will appreciate that the term image signal may be
interpreted broadly, and that an image signal may e.g. be a signal, message or data that may be used to generate the physical representation by the screen. A screenshot module is then employed to capture a screenshot of the physical representation, and the screenshot is then transmitted by the communication module of the multi-purpose device to the communication module of the relying service. Upon receipt by the relying service, the screenshot is, by a validation module of the relying service, compared with a secure digitalized physical representation based on the set of secure assembling parameters stored by the storage module. Any discrepancies between the screenshot and the secure digitalized physical representation is determined by the validation module of the relying service, and the discrepancies are used by the validation module of the relying service to determine whether the display information sent to the multipurpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device. Figure 2 shows examples of which modules that may be involved in the method.
[0035] A set of assembling parameters may in the context of the present invention be considered as data or metadata that may be employed in order to generate an input signal to a screen for the screen to display a physical, i.e. visual, representation of display information. A physical representation of a set of assembling parameters may thus be considered as a physical representation obtained at least in part from a set of assembling parameters. A set of assembling parameters can be instructions for a reassembling and visualisation module of the multi-purpose device to generate a set of display parameters. A set of assembling parameters may as illustrated in figure 1 and 3 be generated from a service input from a service, where the service e.g. may be a bank application or any other application that relies on presenting information to a user on a multi-purpose device. The service input may comprise any one or more of text, graphics and layout instruction.
[0036] Upon receiving, by the multi-purpose device, a set of assembling parameters from the relying service, the multi-purpose device may transform the set of assembling parameters into a set of display parameters. Display parameters may according to the invention may be considered as data that may be employed in order to create an input signal to a screen. Display parameters may comprise one or more of a text parameter, graphics parameter and/or a layout parameter, i.e. comprise one or more of the input that was used by the assembling module to generate the set of assembling parameters from which said display parameters were transferred.
[0037] A set of assembling parameters may as illustrated in figure 3 be generated through employment of a user-specific parameter and/or a device specific parameter. The user-specific parameter and/or the device specific parameter may here act as keys, which may be considered as employed to encrypt, or in other words “sign”, the assembling parameters prior to the assembling parameters being communicated to the multi-purpose device. Upon receiving by the multi-purpose device, a set of assembling parameters from the relying service, the multi-purpose device may transform the set of assembling parameters into a set of display parameters by utilization of the user-specific parameter and/or the device specific parameter. The device parameters may already be present at the multi-purpose device, while the user parameter may for example be supplied by the used as a private code or deployed by the relying service to a device mapping user data to the multi-purpose device. The userspecific parameter and/or the device specific parameter may here be considered as employable for decrypting the assembling parameters generated by the assembling module in order to obtain said set of display parameters. The userspecific parameter and/or the device specific parameter may in other words be employed by the reassembling and visualisation module of the multi-purpose device to extract the service input used to generate the assembling parameters.
[0038] Figure 4 is a schematic illustration of an embodiment of the invention where a watermark configuration is created in the set of assembling parameters. The watermark configuration may here be created using a random number, optionally together with a user-specific parameter and/or a device specific parameter. The use of a random number makes the watermark configuration session-specific, while the user-specific parameter and the device specific parameter makes the watermark configuration user-specific and device specific respectively. The watermark configuration in the set of assembling parameters results in a change in a set of pixels, i.e. watermark pixels, in the physical representation of the set of assembling parameters relative to a physical representation of the set of assembling parameters without any watermark configuration. The change in the set of pixels in the physical representation of the set of display parameters may be a change of pixel colour relative to a physical representation of the set of display parameters without any watermark configuration. The change in colour may here be a change in colour in the RGB-space. The change in colour may here be a change in colour that is sufficiently small for a human eye not to notice a difference between a physical representation with a watermark configuration and a physical representation without a watermark representation, e.g. a value difference of less than 5 in a 0-255 valued RGB coloration.
[0039] Figure 5 is a schematic illustration of an embodiment of the invention where the reassembling and visualization module of the multi-purpose device comprises a DSL interpreter. The assembling parameters may here constitute at least in part an instruction set of DSL-instructions, which for example may be transformed into display parameters by the reassembling and visualization module using the DSL-interpreter. The assembling parameters may according to the invention be instructions, e.g. ops codes, in a domain specific language, where the specific domain is considered as the multi-purpose device or the reassembling and visualization module of the multi-purpose device.
[0040] Figure 4b is a schematic illustration of an embodiment of the invention where a watermark configuration in a set of assembling parameters comprises an instruction set as a part of the set of assembling parameters. The watermark pixels may thus here be chosen based on an instruction set comprising ops codes for the DSL-interpreter. An ops code may in the context of the present invention be interpreted as a code based on operational instruction sets. Such ops codes are not code for an operating system such as android or iOS but are instructions for the DSL interpreter. The DSL interpreter may thus interpret ops codes as instruction to render graphics to be shown on the display. 'Rendering graphics may be considered as the domain and parameters of how to do this, e.g. ‘LINE, 0, 100, 0, 0, 10’ , which may denote a line from pixel 0 to pixel 100 with a more bluish colour value (0, 0, 10) = (R+0, G+0, B+5). Said instruction set comprises thus in this embodiment at least a part of a program for the DSL-interpreter, and the DSL interpreter will thus execute the program based at least in part on the set of ops codes.
[0041] Figure 2 is a schematic illustration of an embodiment of the invention where the reassembling and visualisation module comprises a reassembling module and a visualisation module. The reassembling module is in this embodiment configured to transform a set of assembling parameters into a set of display parameters, while the visualisation module is configured to generate an image signal based on the set of display parameters and to output this signal to a screen of the multipurpose device. A person skilled in the art will as previously stated appreciate that the exact modular division may vary.
[0042] Figure 1 illustrates the method according to the invention where a secure communication is established between a communication module of the relying service and a communication module of the multipurpose device. Said communication is also schematically illustrated in figure 2. The two communication modules may establish and control a secure communication channel to ensure confidentiality, authenticity, and integrity of what is communicated between the two. The communication may for example be made over public networks and is thus between the multi-purpose device and the relying service, e.g. between a mobile device and a server. The communication channel established between the two modules may bidirectionally secured for both sending and receiving of information, e.g. through the employment of a of transport layer security method, Diffie-Hellman key exchange, etc.
[0043] Figure 6 schematically illustrates screenshot module that captures a screenshot of the screen of the multi-purpose device, i.e. in other words that the screenshot module captures a screenshot of the physical representation of the set of display parameters displayed on the screen of the multi-purpose device. The screenshot may here be considered as a digital copy of the physical representation visualized on a screen, i.e. a digital image. The screenshot module may optionally check if the device health parameters, e.g. received from a sensor module of the multipurpose device, are in line with what is expected. What is expected may be a set of reference variables, e.g. stored at the multi-purpose device.
[0044] Figure 7 is a schematic representation of a validation module and its inputs and output according to the invention. The validation module is in figure 7 seen to receive as an input the screenshot from the multi-purpose device and the secure assembling parameters from the module of the relying service. Optionally, the secure assembling parameters input may be replaced by an input comprising a secure digitalized physical representation. The digitalized physical representation is here a physical representation generated from secure display parameters, which in other words may be considered as a digital image generated from the secure display parameters. If receiving as an input, the secure assembling parameters, the validation module may be configured to transfer the secure assembling parameters into a secure digitalized physical representation, optionally though employment of a user-specific parameter and/or a devicespecific parameter. The validation module may optionally receive as input one or more device environment parameters.
[0045] The validation module of the relying service determines according to the invention the discrepancies between the screenshot received from the multipurpose device and a secure digitalized physical representation, i.e. digital image, based on the secure assembling parameters. The screenshot will from hereon be termed as a first digital image, while the secure digitalized physical representation will be termed as a second digital image. The act of determining by the validation module may be considered as a mathematical comparison of the first digital image with the second digital image, e.g. through a pixel by pixel subtraction of one image by the other, or a generation of a third image that gives a visual representation of the discrepancies between the two compared digital images. A person skilled in the art with knowledge of the present invention will appreciate that the comparison between the first digital image and the second digital image may be performed in a variety of ways. The metric defining the discrepancies between the two images may thus also be defined in a variety of ways.
[0046] The validation module of the relying service further determines, based on the determined discrepancies between the screenshot, first image, and the secure digitalized physical representation, second image, whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device. The validation module may e.g. perform this act by assigning a score value based on said discrepancies. A sub-score may for example be allocated for each pixel based on the discrepancy between a pixel of the first image by the equivalent pixel of the second image. The total score would then be the sum of all the subscores for the number of pixels in each image. A simple score system could as a way of example be introduced, where sub-score for a given pixel is set as 1 if said pixel of the first image is not identical to the equivalent pixel of the second image. If the total score in this example exceeds a certain threshold value, e.g. 1 % of the total number of pixels in each image, the validation module will determine that the display information sent to the multi-purpose device by the relying service was not visually displayed in an untampered manner on the screen of the multi-purpose device. A person skilled in the art with knowledge of the present invention will appreciate that a measure, i.e. a score, for the discrepancies between the first and second image, i.e. the screenshot and the secure digitalized physical representation, may be given in a variety of ways. The exact score calculation, and threshold in the case of the above example, will be session dependent, e.g. may be dependent on the resolution of said images, thus leaving the exact determination of the exact score calculation and threshold to the skilled person.
[0047] It will be appreciated by a person skilled in the art that the method of the present invention does not necessarily result in an unequivocal conclusion that the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device. The method according to the invention may rather be considered as a method that gives an indication of whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device.
[0048] Figure 2 is a schematic illustration of an embodiment of the invention where a sensor module of the multi-purpose device records a device environment parameter of the multi-purpose device. A device environment parameter may according to the invention be considered as parameter, or variable that describes a state or condition of the multi-purpose device. A device environment parameter may e.g. be a measure of temperature, angle, geolocation, language settings, accelerator readings, screen size, device movement, power consumption, historic activity, information input rate etc. The sensor module of the multi-purpose may according to the invention transfer a device environment parameter of the multipurpose device to a communication module of the multi-purpose device that further may communicate it to a communication module of the relying service. The validation module of the relying service may further employ the device environment parameter to determine whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device. Indications of robot behaviour may be read from the device parameters, which again indicate that the display information sent to the multi-purpose device by the relying service may have been visually displayed in a tampered manner on the screen of the multi-purpose device. Robot behaviour can here be considered as the performance of a certain procedures in a highly automated way which can be distinguished from manual interaction from humans. Computers may e.g. input data much quicker and usually have a monotonous timing of entering data or input a sequence of information very fast. Human interactions with a multipurpose device are typically on the other hand slow and at least in part random.
Claims (12)
1. Method for determining whether display information sent to a multi-purpose device from a relying service is visually displayed in an untampered manner on a screen of the multi-purpose device, the method comprising the steps of;
a. generating, by an assembling module of the relying service, display information in the form of a set of assembling parameters,
b. storing, by a storing module of the relying service, the set of assembling parameters as a set of secure assembling parameters,
c. transmitting, by a communication module of the relying service, the set of assembling parameters, to a communication module of the multi-purpose device,
d. transforming, by a reassembling and visualisation module of the multipurpose device, the set of assembling parameters into a set of display parameters,
e. generating and outputting, by the reassembling and visualisation module of the multi-purpose device, an image signal based on the set of display parameters to the screen of the multi-purpose device,
f. visually displaying, by the screen of the multi-purpose device, using the image signal, a physical representation of the set of display parameters, g. capturing, by a screenshot module of the multi-purpose device, a screenshot of the physical representation of the set of display parameters displayed on the screen of the multi-purpose device,
h. transmitting, by the communication module of the multi-purpose device, the screenshot to the communication module of the relying service, i. determining, by the validation module of the relying service, any discrepancies between the screenshot received from the multi-purpose device and a secure digitalized physical representation based on the set of secure assembling parameters stored by the storing module of the relying service, and
j. determining, based on the discrepancies, by the validation module of the relying service, whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device.
2. The method according to claim 1, wherein
- the set of assembling parameters is prepared by the assembling module of the relying service from at least an assembling module input comprising a user-specific parameter and/or a device-specific parameter, and wherein - the set of assembling parameters is transformed by the reassembling and visualisation module of the multi-purpose device into the set of display parameters by employment of the user-specific parameter and/or the device-specific parameter,
where the device-specific parameter is a device-specific parameter of the multipurpose device.
3. The method according to any one of the preceding claims wherein a watermark configuration is created in the set of assembling parameters, the watermark configuration in the set of assembling parameters is a change in a set of pixels in the physical representation of the set of assembling parameters relative to a physical representation of the set of assembling parameters without any watermark configuration.
4. The method according to claim 2 and 3, wherein the user-specific parameter and the device-specific parameter is employed together with a random number by the assembling module of the relying service to create the watermark configuration in the set of assembling parameters.
5. The method according to claim 4, wherein the change in the set of pixels in the physical representation of the set of assembling parameters is a change of pixel colour relative to a physical representation of the set of assembling parameters without any watermark configuration.
6. The method according to any one of the preceding claims wherein the reassembling and visualisation module of the multi-purpose device comprises a DSL-interpreter.
7. The method according to claim 4 or 5, and 6, wherein the individual pixels that constitute the set of pixels is chosen based on an instruction set comprising ops codes for the DSL-interpreter and where the instruction set is at least a part of a program for the DSL-interpreter.
8. The method according to claim 6 or 7, wherein the set of assembling parameters constitute at least a part of a program for the DSL-interpreter.
9. The method according to any one of the preceding claims where the reassembling and visualisation module comprises a reassembling module and a visualisation module, and wherein
- step d) is performed by the reassembling module,
- step e) is performed by the visualization module.
10. The method according to any one of the preceding claims, further comprising the steps of;
i. recording, by a sensor module of the multi-purpose device, a device environment parameter of the multi-purpose device, and
ii. transmitting, by the communication module of the multi-purpose device, the device environment parameter to the communication module of the relying service,
and wherein step j) the validation module of the relying service determines, based on the discrepancies and the device environment parameter, whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device.
11. The method according to any one of the preceding claims, wherein the set of assembling parameters is prepared by the assembling module of the relying service from at least a text string set, a graphics parameter and one or more layout instructions.
12. The method according to any one of the preceding claims, wherein the step j) comprises the sub-steps of;
j1. assigning a score value based on the discrepancies between the screenshot and the secure digitalized physical representation, where the score value is a measure of the level of discrepancy between the screenshot and the secure digitalized physical representation, and
j2. determining whether the display information sent to the multi-purpose device by the relying service was visually displayed in an untampered manner on the screen of the multi-purpose device based on the score value.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| NO20200974A NO346103B1 (en) | 2020-09-07 | 2020-09-07 | Method for protection of the visual user interface of mobile applications |
| PCT/NO2021/050182 WO2022050847A1 (en) | 2020-09-07 | 2021-08-27 | Method for protection of the visual user interface of mobile applications |
| EP21864785.7A EP4211573A1 (en) | 2020-09-07 | 2021-08-27 | Method for protection of the visual user interface of mobile applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| NO20200974A NO346103B1 (en) | 2020-09-07 | 2020-09-07 | Method for protection of the visual user interface of mobile applications |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| NO346103B1 true NO346103B1 (en) | 2022-02-21 |
| NO20200974A1 NO20200974A1 (en) | 2022-02-21 |
Family
ID=80491361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| NO20200974A NO346103B1 (en) | 2020-09-07 | 2020-09-07 | Method for protection of the visual user interface of mobile applications |
Country Status (3)
| Country | Link |
|---|---|
| EP (1) | EP4211573A1 (en) |
| NO (1) | NO346103B1 (en) |
| WO (1) | WO2022050847A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120323717A1 (en) * | 2011-06-16 | 2012-12-20 | OneID, Inc. | Method and system for determining authentication levels in transactions |
| US20130125197A1 (en) * | 2008-02-29 | 2013-05-16 | James D. Pravetz | Relying Party Specifiable Format for Assertion Provider Token |
| US20160380774A1 (en) * | 2015-03-26 | 2016-12-29 | Assa Abloy Ab | Virtual credentials and licenses |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0212308D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Trusted user interface for a secure mobile wireless device |
| US8621242B2 (en) * | 2004-06-11 | 2013-12-31 | Arm Limited | Display of a verification image to confirm security |
| JP2013047859A (en) * | 2009-12-25 | 2013-03-07 | Konica Minolta Holdings Inc | Authentication device and authentication method |
| US8938780B2 (en) * | 2012-03-27 | 2015-01-20 | Telefonaktiebolaget L M Ericsson (Publ) | Display authentication |
| FR3026207B1 (en) * | 2014-09-22 | 2018-08-17 | Prove & Run | SECURE DISPLAY TERMINAL |
| US10769635B2 (en) * | 2016-08-05 | 2020-09-08 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
-
2020
- 2020-09-07 NO NO20200974A patent/NO346103B1/en unknown
-
2021
- 2021-08-27 WO PCT/NO2021/050182 patent/WO2022050847A1/en unknown
- 2021-08-27 EP EP21864785.7A patent/EP4211573A1/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130125197A1 (en) * | 2008-02-29 | 2013-05-16 | James D. Pravetz | Relying Party Specifiable Format for Assertion Provider Token |
| US20120323717A1 (en) * | 2011-06-16 | 2012-12-20 | OneID, Inc. | Method and system for determining authentication levels in transactions |
| US20160380774A1 (en) * | 2015-03-26 | 2016-12-29 | Assa Abloy Ab | Virtual credentials and licenses |
Also Published As
| Publication number | Publication date |
|---|---|
| EP4211573A1 (en) | 2023-07-19 |
| WO2022050847A1 (en) | 2022-03-10 |
| NO20200974A1 (en) | 2022-02-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017404207B2 (en) | Information processing device and information processing method | |
| CN111213139B (en) | Blockchain-based paperless document processing | |
| CN111226249B (en) | Trusted platform based on blockchain | |
| EP2836953B1 (en) | Method and device for generating a code | |
| US20210048973A1 (en) | Systems and methods for the secure synchronization of user interface state amongst computing devices | |
| US10637659B1 (en) | Preventing misrepresentation of input data by participants in a secure multi-party computation | |
| US11716197B2 (en) | System and method for generating a cryptographic key | |
| CN106575334A (en) | Accessing a secured software application | |
| WO2017128869A1 (en) | Information processing method, first terminal, second terminal, and server | |
| Radke et al. | Ceremony analysis: Strengths and weaknesses | |
| US11582266B2 (en) | Method and system for protecting privacy of users in session recordings | |
| Khanh Dang et al. | A survey on security visualization techniques for web information systems | |
| CN109613990A (en) | Soft keyboard secured inputting method, server, client, electronic equipment and medium | |
| McCarney | Password managers: Comparative evaluation, design, implementation and empirical analysis | |
| CN114240347A (en) | Business service secure docking method and device, computer equipment and storage medium | |
| Narayanan | What happened to the crypto dream?, part 2 | |
| NO346103B1 (en) | Method for protection of the visual user interface of mobile applications | |
| CN114845115A (en) | Information transmission method, device, equipment and storage medium | |
| CN117751551A (en) | System and method for secure internet communications | |
| Aanchal et al. | Topic: Scoping review of Blockchain based data storage technique in industrial IoT data management | |
| US20230344650A1 (en) | Validation of images via digitally signed tokens | |
| Ulybyshev | Data Protection in Transit and at Rest with Leakage Detection | |
| CN115834791B (en) | Image encryption and decryption transmission method using matrix key and electronic equipment | |
| Damsika et al. | A novel mechanism for secure e-tendering in an open electronic network | |
| Esche et al. | Conformity assessment of photo-optical measurement data registration in legal metrology: Ensuring admissibility as evidence of measurement data retrieved from legacy utility meters |