US20180198774A1 - Method for authenticating a user via a non-secure terminal - Google Patents
Method for authenticating a user via a non-secure terminal Download PDFInfo
- Publication number
- US20180198774A1 US20180198774A1 US15/801,061 US201715801061A US2018198774A1 US 20180198774 A1 US20180198774 A1 US 20180198774A1 US 201715801061 A US201715801061 A US 201715801061A US 2018198774 A1 US2018198774 A1 US 2018198774A1
- Authority
- US
- United States
- Prior art keywords
- user
- software component
- user terminal
- terminal
- displayed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 230000004044 response Effects 0.000 claims abstract description 29
- 238000010200 validation analysis Methods 0.000 claims description 43
- 230000006870 function Effects 0.000 claims description 28
- 230000005540 biological transmission Effects 0.000 claims description 12
- 230000015654 memory Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 description 28
- 238000010586 diagram Methods 0.000 description 12
- 230000000007 visual effect Effects 0.000 description 9
- 239000011159 matrix material Substances 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000001413 cellular effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 208000026760 granular corneal dystrophy type I Diseases 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000002688 persistence Effects 0.000 description 3
- 230000002441 reversible effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000004397 blinking Effects 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 239000000758 substrate Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 229910001218 Gallium arsenide Inorganic materials 0.000 description 1
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000012508 change request Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 210000003811 finger Anatomy 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 230000002207 retinal effect Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C5/00—Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/13—Sensors therefor
- G06V40/1318—Sensors therefor using electro-optical elements or layers, e.g. electroluminescent sensing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/1365—Matching; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/168—Feature extraction; Face representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/172—Classification, e.g. identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/18—Eye characteristics, e.g. of the iris
-
- G—PHYSICS
- G10—MUSICAL INSTRUMENTS; ACOUSTICS
- G10L—SPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
- G10L17/00—Speaker identification or verification techniques
- G10L17/22—Interactive procedures; Man-machine interfaces
- G10L17/24—Interactive procedures; Man-machine interfaces the user being prompted to utter a password or a predefined phrase
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Definitions
- This disclosure relates to methods and devices for securely authenticating a user from a non-secure terminal, and in particular, for executing a secure transaction involving a non-secure terminal and a remote server, based on a user authentication.
- mobile terminals such as, for example, smartphones, personal computers, digital tablets, or the like, or any other connected device including devices belonging to the Internet of Things (IoT) may execute transactions, such as e-commerce transaction or fund transfer.
- transactions such as e-commerce transaction or fund transfer.
- processor e.g., CPU
- the malware may be able to access all or a part of the memories accessible by the processor, and thus may be maliciously configured to spy on any transactions executed by the terminal and obtain any data manipulated during these transactions over a network.
- one method is to entrust cryptographic computations to a dedicated secure element, such as a processor of, for example, a UICC (“Universal Integrated Circuit Card”) card, and a SIM (subscriber identification module) card, in which cell phones are generally equipped.
- a dedicated secure element such as a processor of, for example, a UICC (“Universal Integrated Circuit Card”) card, and a SIM (subscriber identification module) card, in which cell phones are generally equipped.
- the secure processor in order to be able to execute one or more payment applications, the secure processor must be able to store as many secret cryptographic keys as there are payment applications.
- loading an application into the memory of the above-mentioned secure processor is a complex operation that needs to be highly secure. Specifically, it involves external parties such as Trusted Service Managers. For instance, since SIM cards are issued by cell phone operators, the latter may refuse to have such applications installed in the card.
- the processor of the SIM card may be hacked by a hacker seeking to discover the secret keys stored in its
- accessing the secure functions installed in the processor of a SIM card generally entails inputting a secret code (PIN code) by means of a keypad or a touch-sensitive surface connected to the main processor of the terminal.
- PIN code secret code
- the secret code input by the user necessarily passes through the main processor. Malware executed by the main processor can therefore access this secret code.
- one method may be to use a single-use secret code which is transmitted to the user each time a transaction needs to be validated.
- One solution is to transmit the single-use secret code to the user via a distinct communication channel, e.g., via a phone link or SMS (Short Message Service). The user may be required to input the received secret code on the terminal to validate the transaction.
- Another solution is to provide an additional hardware device to each of the users. This device may generate a single-use secret code after an authentication of the user by means of credentials, such as a password or biometric data.
- a method for authenticating a user from a user terminal including: receiving by the user terminal, from a secure processor, a software component protected against tampering and reverse-engineering and configured to generate an image frame including random pixels having a probability lower than 100% to be visible in the image frame; executing the software component by the user terminal a plurality of times to generate a plurality of image frames; displaying the plurality of image frames at a frame display rate, the image frames including information which is machine unintelligible as being formed of the random pixels, the frame display rate being such that the information becomes intelligible to a user; acquiring a response from the user in relation with the information; and transmitting by the user terminal the response to the secure processor, the user being authenticated when the response corresponds to the information.
- the software component may be configured to generate a plurality of frame image parts each comprising the random pixels.
- the method may further include inserting each generated image frame part into an image frame background to generate the plurality of image frames.
- the software component may be configured to generate encrypted frame image parts including the random pixels.
- the method may further include: decrypting, by the user terminal, each generated encrypted image frame part, by applying to each pixel of the encrypted image frame part an XOR operation with a corresponding pixel of a decrypting mask; and each decrypted image frame part being inserted into an image frame background to generate one of the plurality of image frames.
- the decrypting mask may be configured to produce a message in the displayed image frames, when decrypting one of the generated encrypted image frame parts.
- the machine unintelligible information in the displayed image frames may include segments arranged to form symbols, or numeric or alphanumeric characters, at least a part of the segments being formed with the random pixels.
- the segments may be arranged to form labels of keys of a keypad having a random key layout.
- the response from the user may include positions of keys of the keypad successively selected by the user.
- the response from the user may include positions of keys of the keypad corresponding with a validation code displayed with segments formed with the random pixels.
- the software component may be configured to set a probability of the random pixels to be visible in the displayed image frames.
- the probability may be selected in a set of visible probability values.
- the software component may be configured to provide the random pixels with a probability set to a value equal to 50% or comprised between 12.5% and 87.5%, to be visible in the displayed image frames.
- the software component may be encoded as a garbled circuit including circuit inputs, circuit outputs, logic gates and wires, each logic gate having two inputs and one output, each wire having a first end connected to one of the circuit inputs or to one of the logic gate outputs and a second end connected to one of the logic gate inputs or to one of the circuit outputs.
- the garbled circuit may be generated by randomly generating a valid data representing each binary state of each of the wires, and by computing for one logic gate of the garbled circuit, truth table values as a function of each valid data of each input of the logic gate, each valid data of the output of the logic gate and a logic operation performed by the logic gate.
- the software component may include a pixel set generation circuit for a set of random pixels to generate.
- Each generation circuit may include a first logic gate and a set of second logic gates, the first logic gate combining a first input data to a randomly selected second input data, and providing an output data to a first input of each of the second logic gates, a second input of each of the second logic gates receiving a third input data, each of the outputs of the second logic gates providing a pixel value of the set of random pixels.
- the software component may be executed within a web browser executed by the user terminal.
- a user terminal may include a processor configured to: receive from a secure processor a software component protected against tampering and reverse-engineering and configured to generate an image frame including random pixels having a probability lower than 100% to be visible in the image frame; execute the software component a plurality of times to generate a plurality of image frames; display the plurality of image frames at a frame display rate, the image frames including information which is machine unintelligible as being formed of the random pixels, the frame display rate being such that the information becomes intelligible to a user; acquire a response from the user in relation with the displayed information; and transmit the response to the secure processor, the user being authenticated when the response corresponds to the information and to a secret data shared by the user and the secure processor.
- the terminal may be configured to execute the operations performed by a user terminal in the previously defined method.
- the secure processor may be a secure element connected to a main processor of the terminal.
- the secure processor may belong to a remote server linked to the terminal through a data transmission network.
- a secure element configured to execute the operations performed by a secure processor.
- the secure element may be connected to a main processor of a terminal.
- a server configured to execute the operations performed by a secure processor.
- the server may be linked to the terminal through a data transmission network.
- a computer program product may be loadable into a computer memory and comprising code portions which, when carried out by a computer, configure the computer to carry out the operations performed by the user terminal.
- FIG. 1 is a block diagram of user terminals performing transactions with remote servers according to example embodiments
- FIG. 2 is a block diagram of a user terminal according to example embodiments
- FIG. 3 is a sequential diagram of initialization steps performed by a user terminal, an authentication server and an application server, according to example embodiments;
- FIG. 4 is a sequential diagram showing authentication steps, according to example embodiments.
- FIG. 5 is a block diagram of a database managed by the authentication server, according to example embodiments.
- FIGS. 6 and 7 are sequential diagrams showing authentication steps, according to other example embodiments.
- FIGS. 8A and 8B represent respectively an image frame displayed by the user terminal, and a corresponding resultant image which can be observed by a user of the user terminal, according to example embodiments;
- FIG. 9 represents two layers of a part of an image frame which are displayed superimposed by the user terminal, a corresponding part of a resultant image frame which is displayed by the user terminal, and a corresponding part of a resultant image which can be observed by a user of the user terminal, according to example embodiments;
- FIG. 10 is a block diagram of an application program executed by the user terminal, according to example embodiments.
- FIG. 11 is a block diagram of a circuit implemented by software in the user terminal, according to example embodiments.
- FIG. 12 is a block diagram of a database describing the circuit implemented in the user terminal, according to example embodiments.
- FIG. 13 is a block diagram illustrating a processing performed by the application program for displaying the image frame of FIG. 8A , according to example embodiments;
- FIG. 14 is a block diagram of a part of the circuit of FIG. 11 , according to another example embodiment.
- FIG. 15 is a sequential diagram showing authentication steps, according to another example embodiment.
- secure may be employed according to its plain meaning to those of ordinary skill in the art and may encompass, in different embodiments, security arising from techniques such as encryption, or other types of software or hardware control used to isolate information from the public or to protect it against unauthorized access or operation.
- secure communication and “secure communication link” may refer to communications that are encrypted using public/private key pairs, or symmetrical key encryption with keys shared between communicating points.
- Secured communications can also involve virtual private networks, and other methods and techniques used to establish authenticated and encrypted communications between the communicating points.
- such methods to protect transaction data transmitting through a non-secure terminal may include using a graphic processor of the terminal as a secure element to perform transactions.
- This method may include establishing a secure communication link between the graphic processor of the terminal and an authentication server, and displaying a virtual keypad with keys arranged in random order.
- the image of the keypad is displayed using visual cryptography, by successively displaying complementary frames in which the labels of the keys are not intelligible.
- the complementary frames may be combined into an intelligible image by the visual system of the user due to a retinal remanence thereof.
- FIG. 1 represents user terminals UT that can perform transactions with remote service provider servers or application servers SSRV through communication networks NT.
- the term “user terminal” shall be synonymous and refer to any device that can communicate with one or more remote servers such as application servers and service provider servers.
- a user terminal can be, for example, a mobile phone, a smartphone, a payment terminal, a personal computer, a digital tablet equipped with communication circuits, etc.
- the communications networks may include IP (Internet Protocol) networks, such as Internet, mobile or cellular networks, wireless networks, and any kind of network that can be used to establish a communication link between a user terminal and a remote server.
- IP Internet Protocol
- an authentication server ASRV may be configured to implement a method for authenticating a user during transactions involving an application or service provider server SSRV and a user terminal UT, based on a two-factor authentication scheme.
- FIG. 2 represents a conventional terminal UT, including communication circuits NIT for communicating with a remote server such as the server ASRV, through a transmission network such as the network NT.
- the terminal UT can be, for example, a cellular phone, a smartphone or a PDA (Personal Digital Assistant) or any other device such as a digital tablet or a personal computer including communication circuits to be connected to a network such as Internet network.
- the user terminal UT may further include a main processor HP (also called “Central Processing Unit”-CPU) connected to the communication circuits NIT, a display screen DSP, a graphic processor GP connected to the processor HP and controlling the display screen DSP, and a control device CM connected to the processor HP.
- main processor HP also called “Central Processing Unit”-CPU
- the control device CM can include a keyboard or keypad, or a touch-sensitive surface. In some implementations, the control device CM can be transparent and disposed on the display screen DSP. The control device CM can further include a pointing device such as a mouse, a pencil, a pen, or the like.
- the terminal UT can further include a secure element SE, such as, for example, a secure processor that can be standalone or embedded into a smartcard UICC.
- the secure processor SE can be, for example, a SIM (“Subscriber Identity Module”) card, providing an access to a cellular network.
- the secure processor SE can include an NFC (“Near Field Communication”) circuit to communicate with a contactless reader.
- the NFC circuit can be embedded into a SIM card (SIM-NFC) or UICC, or in a SoC (“System on Chip”) circuit, or in an external memory card, for example an “SD card”.
- the circuits NIT can include a mobile telecommunication circuit giving access to a mobile cellular network and/or to the Internet network, through the cellular network, and/or a wireless communication circuit (Wi-Fi, BluetoothTM, or any other radio frequency or wireless communication methodology), and/or any other wired or wireless connection circuit that can be linked to a data transmission network such as the Internet.
- a wireless communication circuit Wi-Fi, BluetoothTM, or any other radio frequency or wireless communication methodology
- FIG. 3 represents registration steps S 1 to S 8 provided for registering a user terminal UT to be used for authenticating a user to validate a transaction or to access a service, in accordance with example embodiments.
- steps S 1 to S 8 can be successively performed and/or can be executed only once.
- the user may download and install and/or launch execution of an application APP dedicated to or involving user authentication in a user terminal UT to be used for authentication.
- the application APP may generate a unique device identifier DID of the terminal UT.
- Steps S 2 to S 7 may be performed at a first execution of the application APP by the terminal UT.
- the application APP may connect the user terminal UT to the service provider or application server SSRV, e.g., to a web site of the service provider, and may transmit a terminal enrollment request ERQ to the server SSRV.
- the terminal enrollment request may include user credentials, such as, a user identifier UID and a corresponding password UPW, and the device identifier DID.
- the server SSRV may receive the enrollment request ERQ and may check the received user credential UID, UPW.
- the server SSRV may send at step S 5 to the authentication server ASRV, a registration request RGRQ containing the user credentials UID, UPW, the device identifier DID and a service identifier SID related to the service provider server SSRV.
- the communication link between the servers SSRV may be ASRV is secured in a suitable way (e.g. using encryption means), such that a hacker cannot retrieve the transmitted data.
- the following steps S 6 , S 7 performed by the server ASRV may be executed by a secure processor of the server ASRV or within a secure domain thereof.
- the links between the terminal UT and the server SSRV and between the terminal UT and the server ASRV which may not be required to be secure links.
- the authentication server ASRV may receive the registration request RGRQ and may store the received data, i.e., the user credentials UID, UPW the identifier DID of the user terminal and the service identifier SID in a user database UDB.
- the server ASRV may transmit a message RP in response to the request RGRQ to the service provider server SSRV.
- the message RP may contain the user identifier UID and a status of the registration.
- the message RP can be retransmitted by the server SSRV to the user terminal UT.
- FIG. 4 represents authentication steps S 21 to S 33 , which may be successively performed to authenticate the user during a transaction conducted by the application APP or for executing an operation of this application, requiring the user to be authenticated.
- the authentication of the user may require that the user terminal UT is registered by the authentication server ASRV, by executing steps S 1 to S 6 of FIG. 3 , for example.
- the user terminal UT may launch execution of the application APP.
- the application APP may be required to authenticate the user and may transmit an authentication request ARQ to the authentication server ASRV.
- the authentication request ARQ may contain an identifier SID of the service, the credentials UID, UPW of the user involved in the transaction, the service provider identifier SID for which the authentication should be performed, and the device identifier DID of the user terminal UT.
- a message (MSG in FIGS. 8A, 8B and 9 ) may be displayed to the user and presented, for example, information related to the transaction to be validated by the user, and an address SURL of a service provider server where a result of the authentication is to be transmitted by the authentication server ASRV.
- the authentication server ASRV may receive the request ARQ, and may check the consistency of the data transmitted in the authentication request ARQ. To this end, the authentication server ASRV may use the data stored in the database UDB or send an authentication request message to the server SSRV, containing the user credentials UID, UPW, the server SSRV verifying the consistency of the user credentials and providing a response to the server ASRV containing a result of the verification. If the transmitted data are not consistent, the server ASRV may transmit an error message ERM to the user terminal UT and the execution of the application APP ends.
- ERM error message
- the authentication server ASRV may perform step S 24 where it generates a transaction validation code CC, preferably of, for example, single-use, and a distinct dedicated software component GC specific to the user terminal UT corresponding to the device identifier DID.
- the software component GC may be designed to display the validation code CC, and software component GC may be specific to this code.
- the authentication server ASRV can also generate a unique transaction identifier TID which may be stored in the database UDB.
- the server ASRV may send to the terminal UT structure and content data GCD defining the software component GC and including input data of the software component in an encrypted form, a final mask IMSK to be applied to image frame parts generated by the software component circuit, and a cryptographic data GCK to be used to execute the software component.
- the server ASRV may send an acknowledge message ACK to the server SSRV.
- the acknowledge message ACK may contain the user identifier UID and the transaction identifier TID.
- the application APP executed by the terminal UT may receive the data GCD, IMSK, GCK related to the software component GC and transmitted at step S 25 , and may send an acknowledge message AKM to the server ASRV.
- the reception of the data related to the software component may trigger the execution of the application APP.
- the user terminal UT may transmit an acknowledge message AKM to the server ASRV in response to the data received at step S 25 .
- the server ASRV may send to the terminal UT a request RGC to execute the software component GC.
- the reception of the notification RGC may trigger the execution by the application APP of the software component GC which may display image frames showing, for example, a keypad having keys, the message MSG and the single-use transaction validation code CC, for example, of two or more digits.
- the application APP executed by the terminal UT may also trigger the execution of the software component GC when it is received at step S 25 .
- the keys of the keypad displayed by the software component may be arranged in a randomly selected layout in the displayed frames, and only parts of labels of the keys and of the validation code may be displayed in each frame, such that the key labels and the validation code are intelligible to the human visual system due to the persistence of the latter, but not in screenshots of the display screen DSP.
- the validation code CC may be superimposed on the message MSG (or vice-versa), such that the message cannot be changed without disturbing the validation display.
- the user of the terminal UT may input the displayed validation code CC.
- the user may use the displayed keypad, and may touch corresponding positions POSi of the keys of the displayed keypad.
- the application APP may transmit the sequence of positions POSi selected by the user and the device identifier DID to the server ASRV.
- the server ASRV may determine the code CC1 corresponding to the positions POSi typed by the user.
- the server ASRV may recognize the displayed keypad layout, and thus, can determine the keys labels corresponding to the positions POSi, and consequently the value of the validation code CC1 typed by the user.
- the server ASRV may compare the entered validation code CC1 with the validation code CC generated at step S 24 and which can be stored in the database UDB in association with the device identifier DID.
- the server ASRV may transmit to the service provider server SSRV using an address SURL of the server SSRV, an authentication response ARP containing the user identifier UID, the result of the comparison performed at step S 32 , and possibly, the transaction identifier TID.
- the transmission response ARP may be also transmitted to the application APP executed by the user terminal UT.
- the user corresponding to the identifier UID may be authenticated and the transaction TID may be validated only when the typed validation code CC1 match the validation code CC corresponding to the software component GC sent by the server ASRV to the user terminal UT at step S 24 .
- the server ASRV can receive two messages ARP for a same transaction or from the same user terminal UT, e.g., one from the authenticated user and one from the hacker, and can invalidate the transaction.
- the message ARP may be transmitted by the user to the server ASRV (step S 30 ) by another transmission channel.
- FIG. 5 represents different tables DEV, SVC, TT, GCP of the database UDB in accordance with example embodiments.
- the table DEV may contain one record for each registered user device or terminal UT. Each record may include a device identifier DID, and the corresponding user credentials UID, UPW.
- the table SVC may contain one record for each service provider registered with the authentication server ASRV. Each record of the table SVC may include a service identifier SID and a service name.
- the table TT may contain one record for each current transaction.
- Each record may include a transaction identifier TID, a device identifier DID, a service identifier SID, the message MSG to be displayed by the software component GC triggered by the application APP and executed by the terminal having the identifier DID, the address SURL provided at step S 22 , an identifier GCID identifying the software component generated for the transaction TID, and a single-use transaction validation code CC.
- the table GCP may contain one record for each software component generated by the server ASRV. Each record may include an identifier GCID identifying the software component, a device identifier DID of the device UT for which the software component GC was generated at step S 24 , and the identifier TID of the transaction for which the software component GC was generated.
- the records corresponding to an already ended transaction can be deleted from the table GCP.
- the records may be kept for statistical purposes and/or to ensure the unicity of each transaction.
- the operations performed by the authentication server ASRV can be implemented in the service provider server SSRV.
- the server SSRV does not need to be identified in the steps S 23 and S 33 , and in the data base UDB.
- the user terminal may communicates only with the service provider server SSRV. Therefore, the user credential check (step S 23 ) may be performed by the service provider server SSRV, and thus, the authentication server ASRV does not have to know the user password UPW to be used to access the service provided by the server SSRV.
- step S 5 is modified to remove the user password UPW from the registration message RGRQ.
- FIG. 6 represents the authentication steps S 21 to S 33 , which are successively performed to authenticate the user during a transaction in accordance with example embodiments.
- the authentication request may be transmitted from the user terminal UT to the service provider server SSRV.
- the user authentication step S 23 on the basis of the user credentials UID, UPW may be performed by the server SSRV.
- the server SSRV may transmit an authentication request ARQ1 to the authentication server ASRV.
- the authentication request ARQ1 may include only the identifier SID of the service provider and the user device identifier DID.
- the server ASRV may execute step S 24 as in the example embodiment of FIG. 4 .
- the server ASRV may transmit the structure and content data GCD defining the software component GC and including input data of the software component in an encrypted form, the final mask IMSK to be applied to image frame parts generated by the software component circuit, and the cryptographic data GCK to be used to execute the software component.
- These data can be transmitted directly to the user terminal UT or by means of the server SSRV which may retransmit them to the user terminal UT in step S 25 ′.
- the steps S 26 and S 27 can be performed between the user terminal UT and the server ASRV or as represented in FIG. 6 , between the user terminal UT and the server SSRV.
- the user terminal UT may perform the steps S 28 to S 30 .
- the authentication response ARP sent in step S 30 by the user terminal UT can be transmitted directly to the server ASRV or as represented in FIG. 6 , received first by the server SSRV which may retransmit it to the server ASRV.
- the server ASRV may perform the steps S 31 to S 33 as illustrated in FIG. 4 .
- An authentication report can be transmitted to the user terminal UT either by the server ASRV or by the server SSRV.
- the steps S 22 , S 26 , S 28 and S 30 can be performed within or by a web browser installed in the terminal UT, the steps S 26 , S 28 and S 30 being performed by a script executed by the web browser, such as, a script written in “JavaScript”, and transmitted in a web page by the server ASRV.
- a script executed by the web browser such as, a script written in “JavaScript”, and transmitted in a web page by the server ASRV.
- Example embodiments can be adapted to prevent a phishing attack by which a hacker steals a user account with a service provider, such as, for example, a banking or payment account or an email account.
- a service provider such as, for example, a banking or payment account or an email account.
- the hacker may connect to the service provider using a true user identifier and may repeatedly activate a link to regenerate the password corresponding to the user identifier.
- the service provider may transmit to a registered email address or a registered phone number corresponding to the user identifier a message containing a single-use secret number to be introduced in a web page of a web site of the service provider.
- the hacker transmits to the user a fake message indicating that the user's account is subjected to attacks and requesting the user to activate a link to be clicked on provided in the message. Since the user received several messages providing a secret number to enable the generation of a new password, the user is aware of the attack announced by the hacker, and thus, the user does not suspect that the message from the hacker is a trap.
- the user activates the link, the user receives a fake web page looking like a true web page from the service provider web site and requesting the secret code provided in the last message received by the user from the service provider.
- the hacker gets the secret code and can use it to generate a new password for the user account from the web site of the service provider. From this time, the hacker gets access to the user account on the server of the service provider instead of the user.
- FIG. 7 represents an embodiment that can prevent such a phishing attack in accordance with example embodiments.
- the embodiment of FIG. 7 comprises steps S 41 to S 65 performed successively by the user terminal UT, the service provider server SSRV and the authentication server ASRV together.
- a web browser installed in the user terminal may display a web page from a web site of the service provider.
- the displayed web page may contain a link enabling the user to generate a new password for accessing a user account with the service provider.
- a message NPWR requesting a new password may be transmitted to the server SSRV in step S 42 .
- the message NPWR may contain a user identifier UID and a device identifier of the user terminal UT used by the user in steps S 41 , S 42 .
- the server SSRV may transmit an authentication request ARQ to the authentication server ASRV.
- the request ARQ may contain an identifier SID of the service provider, an identifier UID of the user (e.g. an email address of the user).
- the server ARSV may receive the request ARQ and may generate a transaction identifier TID and a link LNK to request an authentication.
- the transaction identifier TID may identify the current user authentication transaction.
- step S 45 an acknowledge message AK containing the transaction identifier TID, the user identifier UID and the link LNK may be transmitted by the server ASRV to the server SSRV.
- step S 46 the server SSRV may transmit to the user terminal UT a message M(LNK) containing the link LNK and the transaction identifier TID, using an email address of the user that can be transmitted by the user terminal UT at step S 42 .
- the user terminal UT may display the received message M(LNK). Then the user may activate the link LNK in the displayed message in step S 47 ′.
- the activation of the link LNK may trigger the transmission by the user terminal to the server ASRV of a message containing the transaction identifier TID.
- the server ASRV may transmit to the user terminal a script SCPT, for example, written in the language “JavaScript” to be executed by a web browser installed in the user terminal UT.
- the steps S 50 , S 51 , S 54 , S 56 , S 62 and S 64 may be performed within or by a web browser installed in the terminal (or by the script SCPT executed in the web browser).
- the web browser of the user terminal UT may launch execution of the received script SCPT.
- the user terminal UT controlled by the script SCPT may send a request RQGC for a dedicated software component GC specific to the user terminal UT.
- the request RQGC contains the identifiers TID and UID, and information about the user terminal UT, such as, for example, personal computer, smartphone, digital tablet, etc.
- the authentication server ASRV may receive the request RQGC and may generate au authentication code CC, preferably, for example, of single-use, and a distinct dedicated software component GC specific to the user terminal UT and the application requesting the software component (dedicated application or web browser), as in previously described step S 24 .
- the server ASRV may send to the user terminal UT structure and content data GCD defining the software component GC and including input data of the software component GC in an encrypted form, a final mask IMSK to be applied to image frame parts generated by the software component circuit, and a cryptographic data GCK to be used to execute the software component.
- the script SCPT executed by the web browser in the user terminal UT may receive the data GCD, IMSK, GCK related to the software component GC and transmitted in step S 53 .
- the user terminal UT may send an acknowledge message to the server ASRV in response to the data received at step S 53 .
- the script SCPT may execute the software component GC which may display image frames showing, for example, a keypad having keys, and the single-use authentication code CC, for example, of two or more digits.
- the user of the terminal UT may input the displayed authentication code CC.
- step S 56 the script SCPT executed by the terminal UT may transmit the sequence of positions POSi selected by the user and the transaction identifier TID to the server ASRV.
- step S 57 the server ASRV may determine the code CC1 corresponding to the positions POSi typed by the user. Since the keypad used to input the positions POSi was displayed by the software component GC which was generated by the server ASRV, the server ASRV may recognize the displayed keypad layout, and thus, can determine the keys labels corresponding to the positions POSi, and consequently the value of the authentication code CC1 typed by the user.
- step S 58 the server ASRV may compare the entered code CC1 with the authentication code CC generated at step S 52 .
- the server ASRV may transmit to the service provider server SSRV, an authentication response ARP containing the user and transaction identifiers UID, TID, and the result CMP of the comparison performed at step S 58 .
- the server SSRV may transmit in step S 61 , to the user terminal UT a web page WP(NPW) enabling the user to enter a new password for his account with the service provider.
- the user terminal UT to which the web page WP(NPW) is to be transmitted is known by the server SSRV from the step S 42 at which it receives the new password request.
- step S 62 the web browser of the user terminal UT may display the received web page WP(NPW).
- step S 63 the user may introduce a new password NPW in the displayed web page WP(NPW).
- step S 64 the user terminal UT may transmit the new password NPW to the server SSRV, together with the user identifier UID in a password change request NPWR.
- step S 65 the server ASRV may send an acknowledge message ACK to the terminal UT.
- steps S 43 to S 61 may require the authentication code CC to be read on the user terminal UT and introduced in the latter using the keypad which is displayed with the authentication code CC. Therefore, a hacker is prevented to get and use the authentication code, to be authenticated instead of the true user. In addition, a human could be required to perform these operations, which prevents automatic attacks directed to a large number of user accounts.
- the operations performed by the authentication server ASRV can be implemented in the service provider server SSRV.
- the communications between the user terminal UT and the server ASRV may be secured, e.g., using the SSL protocol, at least from step S 49 to step S 56 , thereby preventing a man-in-the-middle attack.
- Such a man-in-the-middle attack can also be prevented using an additional secret code previously provided to the user, for instance, by another communication channel and/or by another device, or during a user enrollment procedure.
- This additional secret code can be required for authenticating the user in steps S 54 to S 58 , and introduced at step S 55 using the keypad displayed by the software component GC.
- Steps S 43 to S 61 can be also performed each time the user terminal is connected to a server (e.g. the service provider server SSRV) by means of a web browser and the server needs a second factor authentication to authenticate the user.
- a server e.g. the service provider server SSRV
- FIG. 8A represents an example of an image frame FRM displayed by the user terminal UT when it executes the software component GC in accordance with example embodiments.
- the image frame FRM may include a banner frame BNF displaying the message MSG and the single-use code CC superimposed on the message MSG.
- the image frame FRM may further include a keypad image frame KYPF showing, for example, a twelve-key keypad. Each key of the keypad may be displayed with a label KYL indicating the function of the key to the user.
- the keypad may be an erase key “C” and a validation key “V”, and ten keys corresponding to a digit, and having a layout specific to the software component GC which generates the image frame FRM.
- the image frame FRM may further comprises a display zone FBD where a dot is displayed each time the user touches a new one of the keys KY. In the example of FIG. 8A , the display zone FBD may show that three keys were already typed by the user.
- the keypad may include four lines of three keys, the first line of the keypad comprising (from left to right) the digits “9”, “3” and “6”, the second line comprising the digits “2”, “0” and “1”, the third line comprising the digits “4”, “7”, and “8” and the fourth line, the validation key “V”, the digit “5” and the erase key “C”.
- the label KYL of each digit key may be displayed by several segments SG (e.g. seven segments), visible or not, according to the key label KYL to be displayed.
- each visible segment to be displayed may be present in an image frame FRM generated by the software component GC with a probability lower than 100%, for example equal to 50%. Due to its persistence property, the human visual system may combine the image frames successively displayed by the user terminal UT. Thus, the displayed key labels KYL may become intelligible to the user.
- FIG. 8B represents the displayed image IMG as it is perceptible by the human visual system when the image frames FRM generated by the software component GC are displayed at a sufficiently high frequency, for example, greater than 30 Hz.
- the frequency may be, for example, at 60 Hz, such that a new frame generated by the software component GC is displayed every 16.6 ms.
- the key labels KYL may appear in grey to a user when visible segments to be displayed of the key labels are inserted in the frames FRM with a probability lower than 100%.
- FIG. 9 at the top shows one example of two superimposed layers of the banner frame BNF produced by the software component GC and displayed by the user terminal UT in accordance with example embodiments.
- the central part of FIG. 9 shows the banner frame as it is generated and displayed.
- the bottom part of FIG. 9 shows the banner BN as it can be perceived by the user.
- the first layer of the banner frame BNF (at the top left of FIG. 9 ) includes a message MSG to be displayed, for example the message “Order: transfer xx € to yyyy”.
- the second layer (at the top right of FIG. 9 ) includes a number of several digits, for example, four digits, corresponding to the validation code CC to be entered by the user in the user terminal UT.
- each digit of the validation code CC may be displayed using several segments SG (e.g., seven segments) which may be displayed or not as a function of the digit to be displayed.
- segments SG e.g., seven segments
- only a part of the visible segments SG may be displayed in each image frame FRM generated by the software component GC, such that each visible segment SG to be displayed is present in an image frame FRM generated by the software component GC with a probability lower than approximately 100%, for example, equal to approximately 50% (1 ⁇ 2).
- the pixels of the first and second layers may be combined together by a XOR operation.
- the pixels belonging both to the message MSG and to a segment SG of the validation code CC may be displayed in the background color, when the pixels belonging only to the message MSG or the segments SG may be displayed in a color different from the background color.
- the bottom part of FIG. 9 represents the displayed banner BN as it is perceptible by the human visual system, when the image frames FRM generated by the software component GC are displayed at a sufficiently high frequency (e.g., greater than 30 Hz).
- the frequency can beat 60 Hz, such that a new frame FRM is displayed every 16.6 ms.
- four digits labels DL of the validation code CC may appear in grey to the user, when visible segments to be displayed are inserted in the banner frames BNF with a probability lower than approximately 100%.
- the validation code CC is 4279.
- visible and invisible segments of each digit KYL, DL to be displayed appear in the frames FRM with respective probabilities such that the displayed digits are intelligible for the human visual system, due to the persistence of the latter.
- the generated software components GC may be configured to display the invisible segments with a probability of approximately 0 to 15%, and the visible segments with a probability of approximately 50 to 100%.
- the visible segments forming a key label KYL or a digit of the validation code CC can be displayed with respective probabilities comprised between approximately 50 and 100%, and the invisible segments in a key label or a digit of the validation code CC can be displayed with respective probabilities comprised between approximately 0 and 15%.
- the display probabilities of the segments forming the digits of the key labels and the validation code CC can be adjusted as a function of the frame display frequency, such that the labels of the displayed digits remain intelligible for the human visual system.
- Segments or pixels may be invisible or visible in the image frame FRM when they are displayed respectively with a background color of the image frame, or with a color different from the background color.
- the background color may be defined by the color of the pixels around the considered segment SG, and may vary as a function of the position of the segment within the image frame FRM.
- the displayed keypad KYPF may not need to have a validation key “V”, the validation of the typed codes being performed when the user inputs the last digit of the validation code CC to be typed.
- the validation code comprises four digits
- the execution of the software component GC can be ended when the user inputs four digits.
- the cancel key “C” can be managed either to delete the last typed digit or all the previously typed digits. The effects of the cancel key “C” may be shown to the user by erasing one or all dots in the display zone FBD.
- FIG. 10 represents a functional architecture of the application APP, according to an example embodiment.
- the application APP may include a management module MGM, an initialization module INM, an authentication module AUTM, a link module LKM, and a software component execution module GCM.
- the management module MGM may control other modules INIM, RGM, LKM and GCM, and the communications between the application APP and the server ASRV through the communication circuits NIT.
- the initialization module INM may perform step S 9 .
- the link module LKM may perform steps S 11 and S 12 .
- the link module can be connected to an image sensor IMS of user terminal UT to acquire an optical code corresponding to the link token LTK to be received by the user terminal UT, and displayed by the terminal OT.
- the authentication module AUTM may perform steps S 25 to S 29 to process the authentication request received at step S 23 , to trigger the execution of the software component GC, and to receive and transmit the positions POSi typed by the user.
- the module AUTM may be connected to the keypad or a touch-sensitive surface TSIN of the terminal UT.
- the module GCM may perform the step S 27 to generate and display the image frames FRM at a suitable refresh rate, the module GCM selecting at each frame, input values to be applied to the software component GC and executing the latter.
- the module GCM may produce the image frames FRM which may be displayed on the display screen DSP of the terminal UT.
- FIG. 11 represents an example of a software component GC according to an example embodiment.
- the software component GC may be a software-implemented Boolean circuit encrypted as a garbled circuit.
- the software component GC may include two circuit layers L1, L2, and two interconnection matrices XM1, XM2.
- a first interconnection matrix XM1 may receive input data INi, INj, SGi, RNi of the software component GC.
- the first layer L1 may include logic gates AGi, each gate receiving two input values SGi, RNi from the matrix XM1 and providing one output value Di to the second interconnection matrix XM2.
- the second layer L2 may include logic gates XGi, XGj, each gate receiving two input values from the matrix XM2, and providing one output value PXi, PXj representing a pixel value.
- Each logic gates AGi of the first layer L1 may receive input values SGi, RNi of the software component GC, selected by the matrix XM1.
- Each of the logic gates XGi of the other layer L2 may receive one input value INi of the software component and one output value provided by one logic gate AGi belonging to a previous layer (L1).
- the input values INi may be selected by the matrix XM2.
- Each of the logic gates XGj of the layer L2 may receive two input values INj1, INj2 of the software component.
- the input values INj1, INj2 may be selected by the matrix XM1 and/or XM2.
- the software component GC may include one circuit SGCi for each of the segments SG that can be visible or invisible in the image frames FRM, and one circuit FPCj for each pixel PXj distinct from a segment pixel PXi, for example, around the segments SG or in the banner frame BNF.
- the software component may include 98 circuits SGCi.
- Each of the circuits SGCi may include one logic gate AGi in the circuit layer L1, and as much logic gates XGi in the circuit layer L2, as the number of pixels PXi1, PXi2, PXip forming the segment SG as displayed in the image frames FRM.
- the gate AGi may perform, for example, a logical operation such as AND, OR, NAND, NOR, to display each visible segment with a probability of approximately 50% (1 ⁇ 2), and each invisible segment with a probability of approximately 0% to be visible.
- Each of the gates XGi may perform a logical XOR operation with an input INi of the software component.
- the gate AGi receives one segment input value SGi and a corresponding random input value RNi.
- the output Di of the gate AGi may be connected to an input of all gates XGi of the circuit SGCi.
- Each gate XGi may also receive one of the input values INi1-INip and may provide one pixel value PXi1-PXip to the output of the circuit GC.
- Each of the circuits FPCj may include one logic gate XGj performing a logical XOR operation per pixel PXj controlled by the software component GC and distinct from a segment pixel in the image frames FRM.
- Each of the gates XGj may receive two input values INj1, INj2 of the software component GC and may provide one pixel value PXj.
- Each of the gates XGj can be located either in layer L1 or in layer L2.
- the number of input values INi, INj can be limited to a value around the square root of the number of pixels PXi, PXj controlled by the software component GC.
- the circuits SGCi may be configured to display the visible segments of the digits of the key labels KYL and validation code SG with a probability of approximately 50% and the invisible segments of these digits with a probability of approximately 0%.
- the structure of the software component GC can be adapted to apply other display probabilities to the visible and invisible segments of the digits to be displayed.
- the digits can also be controlled and/or arranged (e.g., with more segments) to display other signs than numbers such as alphabetic characters or more generally symbols including ASCII characters.
- one input INi or INj can be connected to several logic gates XGi, XGj, such that there are fewer inputs INi, INj than the number of logic gates XGi plus twice the number of logic gates XGj.
- the interconnection matrix XM2 may define which pixel generated by the software component belongs to a segment SG.
- the position, orientation and shape of each segment SG may be varied by one or several pixels, depending on the display resolution of the user terminal, from one software component to another. This provision makes it more difficult to perform a machine optical recognition of the displayed symbols.
- segment designates a set of pixels that may be controlled by a same one of the segment input values SGi.
- the set of pixels forming a segment may not be necessarily formed of adjacent pixels, but can include groups of adjacent pixels as the segments forming a key label KYL.
- the pixels forming a segment may all be visible or all invisible in one displayed image frame FRM.
- FIG. 12 represents the structure and content data GCD defining the software component (which is transmitted at step S 23 ), when it is designed as a garbled circuit, according to an example embodiment.
- the data GCD may include:
- a number set DIM including a number n of input values INi, INj, a number of output values m, a number s of segment input values SGi or random input values RNi, a number g of gates AGi, XGi, XGj, a number k of gates AGi, a number w of wires in the circuit, and a number 1 of circuit layers L1, L2 in the circuit GC,
- an input data table INLB including all values of the inputs INi, INj of the circuit GC, for example numbered from 1 to n, as specified for the execution of the software component,
- segment table SGLB including all values of the segment inputs SGi of the software component GC, numbered from 1 to s, as specified for the execution of the software component,
- a random data table RNLB including the random values RNi, numbered from 1 to s,
- a gate wire table GTW defining two input wires numbers IN1, IN2, an output wire number ON and a type identifier GTYP of each logic gate AG, XG of the software component GC, the gates of the circuit being numbered from 1 to g, and
- a gate truth table including four values OV00, OV01, OV10, OV11 for each of the logic gates AG of the software component GC.
- the type GTYP may specify that the corresponding logic gate performs either an XOR operation or another logical operation such as AND, OR, NOR, NAND.
- the input values INi, SGi, RNi, INj and the output values Di, PXi, PXj of the logic gates AGi, XGi, XGj, each representing a binary logical state 0 or 1 may be defined by numbers of several bits, for example, 64 or 128 bits.
- each input and output within the garble circuit GC may have only two valid values, and all the other possible values, when considering the size in bits of these values, are invalid.
- the software component GC is generated, the two valid values of each input SGi, RNi, INi, INj of the software component may be randomly chosen, provided that the least significant bit of the two valid values are different. The least significant bits may be used, when computing the output value of one of the logic gates, to select one value in the truth table of the logic gate.
- the truth table GTT[i] of each logic gate AGi may include four values OV00, OV01, OV10, OV11, each corresponding to a combination (0, 0), (0, 1), (1, 0), (1, 1) of binary input values corresponding to the input values of the logic gate.
- the topology of the software component may be defined in the table GTW, by numbering each wire of the software component, i.e., each input wire of the software component from 1 to (n+2s) and each output of the logic gates from (n+2s+1) to (n+2s+g), and by associating to each logic gate AGi, XGi, XGj one record of the table GTW including two wire numbers IN1, IN2 to the two inputs of the gate and one wire number ON to the output of the gate.
- the wire numbers of the outputs of the software component GC may be numbered from (n+2s+g-m+1) to (n+2s+g).
- the table RNLB may contain both valid values RNV1, RNV2 of each of the random values RNi, corresponding to the logical states 0 and 1.
- Each value RNV1, RNV2 can be equal with a same probability to either one or the other of the two valid values of the random value RNi corresponding respectively to the states 0 and 1.
- the XOR gates XGi, XGj can be executed either by using a truth table which is encoded in the table GTT or by applying XOR operations to each pairs of bits of same rank in the input values of the gate.
- the field GTYP of the table GTW may define whether the gate is a XOR gate or another gate, and the table GTT may include one record for each gate AGi only.
- each value in the tables INLB, SGLB, RNLB, GTT may be encoded by a 128-bit word, and each record of the table GTW may be encoded on a 64-bit word.
- the wire numbers IN1, IN2, ON may be encoded on 21-bit words.
- the table GTW can be transmitted from the server ASRV to the terminal UT in a compressed form, for example, using a gzip compression scheme.
- the order of the logic gates in the gate tables GTW, and GTT can be defined randomly, provided that the table records GTW[i] and GTT[i] at the index i refer to the same gate.
- FIG. 13 represents the module GCM, configured to execute a software component and to generate the image frames FRM, according to an example embodiment.
- the module GCM may execute the software component each time a new image frame is to be generated, i.e., at a frame refresh rate equal to or greater than 30 Hz, for example.
- the module GCM can be activated by a synchronization signal SNC having, for example, a rising edge each time a new image frame must be generated.
- the module GCM may include a switching module SWC, a software component interpreter GCI, an XOR masking circuit XRG and a pixel mapping module MPF.
- the switching module SWC may receive the synchronization signal SNC and the structure and content data GCD defining the software component GC to be executed, and may load the data to be processed by the next execution of the software component GC in an input data structure GCDI. Thus, the switching module SWC may transmit the data DIM, INLB, SGLB, NBGL, GTW, GTT and GCK without modification to the structure GCDI.
- the switching module SWC may perform switching operations SWi to select one or the other of the two valid values RNiV1, RNiV2 of each input random value RNi.
- Each switching function SWi may be controlled by a respective bit RNBi of a random number RNB having s bits, generated by a random number generation function RNG, s being the number of the random values RNi to be input to the software component GC or the total number of segments SGi of all the digits to be displayed.
- Each switching operation SWi provides for each of the random values RNi a randomly selected value RNiVk which is stored in the structure GCDI.
- the output of the corresponding AND gate AGi may be set to state either 0 or 1, depending on the logical state of the selected random value RNiVk.
- the visible segments SGi may appear in each frame FRM with a probability equal to the probability of the random input value RNi to be set to state 1. If the number RNB is a true random number, this probability is equal to approximately 50%.
- the module GCI may be a dedicated interpreting module configured to successively execute each of the logic gates of the first circuit layer L1, as defined by the data in the input data structure GCDI, and then each of the logic gates of second circuit layer L2.
- the interpreting module GCI can use a wire table receiving the value of each wire of the software component GC, written in the table at an index corresponding to the wire number of the wire value.
- the wire table may be first loaded with the input values INi, INj, SGi, RNiVk of the software component, written in the table at indexes (between 1 and n+2s) corresponding to wire numbers assigned to the input values.
- the wire table may include the values of the outputs of the software component at indexes from (n+2s+g-m+1) to (n+2s+g).
- each logic gate can be computed by applying a non-reversible function applied to both input values of the gate and to one value selected in the truth table of the gate, as a function of the least significant bit of each of the two input values:
- IN1 and IN2 represent the input values of the gate
- GTT represents the four-element truth table of the gate
- PF1 represents the non-reversible function.
- the function PF1 can use an encryption function such as AES (Advanced Encryption Standard) using an encryption key assigned to the software component.
- the encryption key GCK can be stored in the structure and content data GCD of the software component GC.
- the output value OV of a logic gate can be computed as follows:
- T represents a number assigned to logic gate, for example the number of the logic gate, and can also depend on the values of the inputs IN1, IN2, CF represents a combination function, and AES(GCK, K) represents an encrypted value of K by the AES encryption algorithm using the encryption key GCK.
- the combination function can be an XOR operation or an operation in the form:
- SH(X,a) representing a left shift operation of X by a number a of bits.
- the least significant bit of each output data of the software component GC provided by the module GCI is considered as a pixel value PXi, PXj.
- the module XRG combines each pixel value PXi (least significant bit of each output value provided by the software component) with a respective mask bit value MKi belonging to an image mask IMSK provided in the structure and content data GCD.
- the combination operation used can be an XOR operation XRi.
- the respective least significant bits of the output values PXi, PXj of the software component may represent white noise since the output values of the software component including the least significant bit thereof may be randomly chosen.
- the image parts generated by the software component may be in an encrypted form, and may be decrypted using the image mask IMSK.
- the image mask IMSK may include the message MSG, such that when combined with the pixels PXj provided by the software component GC, the message MSG may become intelligible and combined with segments SG of the validation code CC.
- the image mask IMSK can also be configured to make visible the pixels PXi of a digit segment SG corresponding to a segment input value SGi fixed to the binary state 0 (segment configured to be invisible). In this way, the segment may always be visible (with a probability of approximately 100%) in the generated image frames FRM.
- Another way to configure a segment always visible or invisible is to attribute a same value to the two random values RNiV1, RNiV2 corresponding to the related segment input value SGi in the transmitted structure and content data GCD.
- the final mask IMSK may be transmitted to the terminal UT at step S 23 using another communication channel, for higher security.
- the interconnection matrices XM1, XM2 define where the pixels PXj corresponding to the input values INj and the pixels PXi corresponding to the segment input values SGi may be displayed in the image frames FRM.
- the input values INi, INj define in relation with the image mask IMSK if the corresponding pixel PXi, PXj in output of the software component GC may be visible or invisible.
- the visibility of the pixels PXi may also depend on the corresponding value of the random input RNi.
- the respective binary states of the input values INi, INj can be randomly selected at the time the software component may be generated.
- the image mask IMSK may be then generated as a function of the selected binary states of the input values INi, INj, the interconnection matrices XM1, XM2 and the image frame FRM to be displayed which defines the visible and invisible pixels in the image frame.
- the mapping module MPF may insert groups of pixels values PXi′ provided by the module XRG, at suitable positions into a background image frame BCKF to generate one of the image frames FRM to be displayed.
- the module XRG may provide a group of pixels PXi′ which forms the banner frame BNF as shown in FIG. 9 , and groups of pixels PXi′ which form each of the key labels KYL of one keypad frame KYPF to be displayed in a frame FRM.
- the mapping module MPF may insert these groups of pixels in respective predefined locations in the background image frame BCKF to generate one of the image frames FRM as shown in FIG. 8A .
- the module XRG may output a directly displayable image frame. In this case, the mapping module is not mandatory.
- the transmission in the structure and content data GCD of the software component of the two valid values of the random inputs RNi enables introduction of randomness in the execution and output data of the software component at a very low cost.
- a software component producing random output data would require to introduce a random generator in the software component, which cannot be obviously realized without adding complexity to the garbled circuit, and thus, without increasing the size of the structure and content data GCD defining the software component.
- the transmission of the two valid values RNiV1, RNiV2 of the random inputs RNi does not reduce the security of the introduction of the validation code CC, since the correspondence between each random input value RNiV1, RNiV2 and a binary value 0 or 1 thereof cannot be established easily.
- each time the user terminal UT may have to perform a new authentication a new software component GC displaying a keypad KYP with a different key layout and displaying a different validation code CC is executed at step S 27 .
- each time the user terminal UT is required to perform a new authentication several alternative software components (defined by the structure and content data GCD) can be downloaded in the user terminal UT in one time, and the user terminal UT selects a non-already executed software component each time it has to perform a new authentication.
- several software components are downloaded with the application APP when the latter is downloaded and installed in a user terminal UT.
- a new set of software components can be downloaded from the server ASRV to the terminal user UT, e.g., when the terminal has an efficient network connection.
- several alternative software components may be stored in the user terminal UT in an encrypted form, and each time the user terminal UT execute a new software component, the server ASRV may send a corresponding decryption key to the user terminal.
- each of the software components may be downloaded into the user terminal UT.
- the downloaded part of each software component can include the data GCID, DIM, NBGL, GTW with or without the table RNLB.
- the server ASRV may only transmit to the terminal the data INLB, SGLB, GCK and IMSK, at step S 23 . Then, the user terminal UT may transmit the identifier GCID of the software component used for authentication to the server ASRV, for example at step S 25 or S 29 .
- the server ASRV When the server ASRV receives a software component identifier GCID from a user terminal UT, it may check in the database UDB that the received identifier corresponds with a next unexecuted or valid software component previously transmitted to the user terminal UT. If the received identifier does not correspond with a next unexecuted or valid software component previously transmitted to the terminal UT, the server ASRV may invalidate the user authentication and the corresponding transaction. in some implementations, the server ASRV may also invalidate a previous transaction performed with the same software component (corresponding to the same identifier GCID).
- the server ASRV can assign a validity indicator (for example in the table GCP of FIG. 5 ) to each software component it generates for a user terminal.
- the server ARSV may set the validity indicator to valid when it transmits the corresponding software component to a user terminal at step S 23 , and to invalid when it receives the corresponding message ARP at step S 29 .
- the server ARSV can assign a validity period to each generated software component, in which a software component may be set to invalid when its validity period has elapsed.
- the server ASRV may be configured to rejects a message ARP transmitted at step S 29 when it corresponds to a software component set to invalid.
- FIG. 14 represents a part of the software component GC according to another example embodiment.
- the circuit part disclosed in FIG. 14 is intended to replace one logic gate AGi in the circuit of FIG. 11 .
- the circuit part may include three AND gates AGi1, AGi2 and AGi3 and two OR gates OGi1, OGi2.
- this circuit part may include for one segment, three segment inputs SGi1, SGi2, SGi3 and three corresponding random inputs RNi1, RNi2, RNi3.
- Each of the gates AGi1, AGi2, AGi3 may combine one respective segment input SGi1, SGi2, SGi3 with one respective random input RNi1, RNi2, RNi3.
- the outputs of the gates AGi1 and AGi2 may be connected to the inputs of the gate OGi1, and the outputs of the gates AGi3 and OGi1 may be connected to the inputs of the gate OGi2.
- the output Di of the gate OGi2 may be connected to as much gates XGi as the number of pixels forming the segment controlled by the inputs SGi1, SGi2, SGi3.
- the output Di of the gate OGi2 may be set to the binary state 1 with a probability of approximately 0%.
- the output Di of the gate OGi2 may be set to the binary state 1 with a probability of approximately 50% (1 ⁇ 2).
- the output Di of the gate OGi2 may be set to the binary state 1 with a probability of approximately 75% (3 ⁇ 4), and when all the three segment inputs SGi1, SGi2, SGi3 are set to the binary state 1, the output Di of the gate OGi2 may be set to the binary state 1 with a probability of approximately 87.5% (7 ⁇ 8).
- the visible segments SG may be displayed in the image frames FRM with a probability selected in a set of visible probability values comprising at least 12.5%, 25%, 50%, 75%, 82.5% or 100%.
- other probability values can be reached by the software component, by increasing the number of inputs for one segment, and thus, by increasing the number of AND gates in the first circuit layer L1 and the number of combining OR gates in following circuit layers.
- the visible segments may be displayed with a probability decreasing as a function of the experience level of the user.
- the visible segments SG can be displayed in the image frames FRM with high probabilities, e.g., between approximately 75% and 100%. As the experience level of the user grows, these probabilities can be progressively reduced and finally set to randomly-selected values, for example, between approximately 12.5% and 50%.
- the generation of a software component may include generating random values representing the binary states 0 and 1 of the input bits and of the output bits of the logic gates of the software component. Some of the logic gate outputs may correspond to outputs of the garbled circuit.
- the generation of a software component may further include randomly selecting the interconnection matrices XM1, XM2, i.e., randomly selecting the links between the inputs of the software component and the inputs of the logic gates of the software component, and between the outputs of some logic gates and the inputs of other logic gates (definition of the table GTW).
- the generation of a software component may further include defining the truth tables GTT of the logic gates of the software component, and encrypting each value of these truth tables using an encryption key.
- each four values G of the truth table of a logic gate can be computed as follows:
- the software component GC cannot be easily determined.
- the software component can process only the two valid values of each input of the circuit, among a huge number of invalid values. Therefore, it is not possible to apply any values to the inputs of the software component.
- a hacker or a malware program executed by the terminal UT has a very short time to get the displayed validation code CC to be typed and the keypad key layout, by analyzing the displayed image frames FRM or by executing or analyzing the software component GC. Therefore, it appears to be very difficult for a hacker to be authenticated at steps S 21 to S 33 since the typed positions POSi must correspond to the keypad KYP and validation code CC displayed by the execution of the software component GC transmitted to the terminal UT at step S 24 .
- the server ASRV When the server ASRV generates the software component GC, it can be decided to use another bit rank in the values of the wires of the software component for defining the corresponding binary state of these values.
- the bits at the selected bit rank in the input values a logic gate AGi may be used to select a data in the truth table GTT of the logic gate, and the bits at the selected bit rank in the output values PXi of the software component GC are extracted and applied to the module XRG.
- the methods disclosed herein may be implemented by software programs executable by the main processor HP (CPU) of the user terminal UT, or at least partially by the graphic processor GP of the user terminal UT.
- the methods disclosed herein are not limited to displaying sensitive information such as a keypad with a randomly selected layout and a validation code.
- One objective of such a display is to check that the user knows a secret data shared with the server ASRV and perceives information presented by the terminal in a way perceptible by a human.
- Alternative challenge-response schemes can be implemented in other embodiments.
- the displayed message MSG may conduct the user to input a combination such as the sum or the multiplication of the digits of the displayed validation code CC.
- the generated frames may be formed with differences with a previously generated frame.
- the flickering or blinking of segments may be controlled directly in/by the graphic processor, by setting pixel intensity, additive or subtractive pixel color, pixel refresh rate, or pixel flickering parameters of the graphic processor.
- the challenge can be transmitted to the user using other means than by displaying it on a display screen.
- the challenge can be transmitted to the user by audio means using an audio cryptographic algorithm.
- an original audio sequence may be decomposed into a number of source audio sequences of the same length as the original audio sequence, in a way such that the original audio sequence can be reconstructed only by simultaneously playing all the source audio sequences generated by the decomposition. As such, it may be difficult to reconstruct the original audio sequence if any one of the source audio sequence is missing.
- the user may record his fingerprints at step S 10 .
- the software component GC displayed a message requesting the user to input one or two particular fingerprints, for example, the thumb print and the ring finger print. This message may be displayed using segments, as the digits representing the key labels KYL and validation code CC.
- the user may input the requested fingerprints, and at the verification steps S 30 and S 31 , the server ASRV may compare the input fingerprints with the one it stored after step S 10 .
- the shared secret data may be the fingerprints and the information to be perceived by the user may be the designation of the requested fingers.
- the methods disclosed herein are not limited to authenticating a user in view of validating a transaction.
- the methods disclosed herein may be applied to securely transmit secret information to or from a user, or more generally to securely perform a sensitive operation in a non-secure environment.
- the methods disclosed herein are not limited to a method comprising displaying image frames and introduction of secret data (CC) using a single user terminal.
- the methods disclosed herein may be applied to securely authenticate a user on another connected device, the frame images being displayed on the user terminal or on a remote display such as a smartwatch, virtual reality glasses or lenses, or projected on a surface or in the form of a 3D image.
- the secret data may be input in another device connected to the user terminal or using voice or gesture. Therefore, the words “user terminal” may designate a single device or a set of devices including a terminal without a display, an IoT (Internet of Things) terminal, a smart home terminal, and any input terminal that allows the user to enter data.
- IoT Internet of Things
- the user terminal UT may be controlled by voice or gesture.
- Voice command may be translated to command.
- Each recognized command being equivalent to one of the positions POSi.
- the keypad may be replaced by any other representations such as the ones requiring a gesture, following a geometric figure or tracing links between dots.
- the input terminal may be a 3D input terminal with which the user may interact by 3D gestures in the air. Therefore the positions POSi may be 3D coordinate positions in space.
- the display may be any display including for example an ATM, a vending machine, a TV, a public display, a projected display, and/or a virtual display a 3D display or a hologram.
- the terminal may be any input equipment including, for example, a touch screen, a game accessory, a gesture acquisition system, and/or a voice or sound command system.
- the images frames FRM may be generated without applying the mask IMSK, and may be displayed separately from the mask IMSK using two display devices.
- one of the two display devices may be transparent, such as, a display device in the form of eye lenses.
- the displayed images may become intelligible to the user when the displayed image frames are superimposed with the display mask IMSK.
- the methods disclosed herein are not limited to generate blinking pixel in an image or an image frame. More generally, the methods disclosed herein can be used in any application in which a random state is required in a sensitive software function, protected against reverse-engineering and tampering, the software function receiving input data and providing output data. For example, these methods can be applied to protection of data without using encryption or decryption keys which may be exposed to key theft.
- the software component may be configured to provide a part of the protected data as a function of a set of random input data, each random input data having two possible values.
- Each combination of the random input values applied to the software component may be used to compute a respective part of the protected data.
- the number of combinations of the random input values may define the number of data parts that can be computed by executing the software component.
- the data to be protected can be images, and the data parts of such images can be pixel values of an image or color component values of the image pixels.
- the execution of the software component may provide a pixel value or a part thereof and a position of the pixel in the image.
- the parts of the data to be protected that are each computed by one execution of the software component applied to one combination of the input values can be as small as desired.
- the software component can be configured to provide by one execution a point of a Gaussian curve or a value that is used to compute a histogram.
- the data part value may correspond to the highest value computed by the software component or to the value having the highest occurrence number in the histogram. Only a part of the protected data can be made accessible when only a part of the two alternative values of the input data of the software component is provided, only one value being provided for the other input data of the software component.
- FIG. 15 represents authentication steps S 41 to S 44 performed by the user terminal UT and a secure element SE connected to the main processor HP of the terminal UT, and enabling the secure element to authenticate the user.
- the terminal UT transmits a command CMD to the secure element SE, this command requiring an authentication of the user before being executed by the secure element.
- the terminal UT performs steps S 26 and S 28 to S 30 , as previously disclosed.
- the secure element SE performs steps S 24 , S 25 , S 27 and S 31 , in place of the server ASRV.
- the secure element SE performs steps S 42 to S 44 .
- the secure element SE compares the validation code CC1 input by the user to corresponding value CC securely stored by secure element SE. If the validation code CC1 typed by the user match the value CC stored by the secure element SE, the latter performs step S 43 in which it executes the command CMD requested at step S 41 .
- the secure element SE transmits an execution report RS of the command CMD. In this way, the secure element SE executes the command CMD only when the user of the terminal UT authorizes it.
- the secure element SE in FIG. 15 can be implemented by or can be part of an external terminal connected to the user terminal UT by means of a communication link such as NFC (Near Field Communication) or Bluetooth.
- the external terminal can be a point-of-sale terminal.
- the methods disclosed herein are not limited to garbled circuits comprising gates having only two inputs and one output.
- Other types of gates with three or more inputs and one or more outputs or receiving data having more than two valid states may be implemented using truth tables having more than four lines. Therefore, the randomness obtained by transmitting and selecting one of the possible values RNiV1 and RNiV2 of the input RNi, may also be obtained by transmitting and randomly selecting one value among three or more valid values of an input of the garbled circuit.
- the methods disclosed herein are not limited to an implementation of the software component by a garbled circuit.
- Other implementations of the software component such as including obfuscated programs can be used to hide parts of the program loaded in the main processor of the terminal UT, and/or to prevent sensitive parts of the program from being unveiled or modified by unauthorized persons.
- the conception of a garbled circuit can be perform by translating a program written in language such as C or C++ into a circuit design language such as VHDL or Verilog to obtain a logic or Boolean circuit comprising logic gates.
- the methods disclosed herein are not limited to the use of a software component protected against tampering and reverse-engineering, such as, generated using obfuscation and/or garbled circuit methods.
- the methods disclosed herein may be used to perform operations that do not require high security level, such as video games or medical eye testing.
- the methods disclosed herein are not limited to an implementation involving a mask such the image mask IMSK to decrypt output values of the software component.
- Other implementations can generate and execute a software component directly outputting the pixels values to be displayed.
- the message MSG can be directly provided in the output pixel values.
- the mask can be transmitted separately from the software component or the structure and content data thereof, even after the execution of the software component.
- the methods disclosed herein can be implemented with a user terminal UT that only comprises a hardware keypad, the displayed frames FRM being displayed just to assign other key labels to the physical keypad.
- the user instead to touch positions of the display screen to input the positions POSi, the user activates hardware keys of the keypad in correspondence with the assigned labels shown in the displayed frames FRM.
- pixel as used herein for a standard display screen, may be understood as coordinates, either 2D coordinates for a 2D display or 3D coordinates for a 3D or stereo display or for a projected display.
- Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
- Various implementations of the systems and techniques described here can be realized as and/or generally be referred to herein as a controller, a circuit, a module, a block, or a system that can combine software and hardware aspects.
- a module may include the functions/acts/computer program instructions executing on a processor (e.g., a processor formed on a silicon substrate, a GaAs substrate, and the like) or some other programmable data processing apparatus.
- Methods discussed above may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof.
- the program code or code segments to perform the necessary tasks may be stored in a machine or computer readable medium such as a storage medium.
- a processor(s) may perform the necessary tasks.
- processors suitable for the processing of a computer program include, by way of example, both general and special-purpose microprocessors, and any one or more processors of any kind of digital computer.
- a processor will receive instructions and data from a read-only memory or a random access memory or both.
- Elements of a computer may include at least one processor for executing instructions and one or more memory devices for storing instructions and data.
- a computer also may include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data (e.g., magnetic, magneto-optical disks, or optical disks).
- Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices; magnetic disks (e.g., internal hard disks or removable disks); magneto-optical disks; and CD-ROM and DVD-ROM disks.
- semiconductor memory devices e.g., EPROM, EEPROM, and flash memory devices
- magnetic disks e.g., internal hard disks or removable disks
- magneto-optical disks e.g., CD-ROM and DVD-ROM disks.
- the processor and the memory may be supplemented by, or incorporated in special-purpose logic circuitry.
- implementations may be implemented on a computer having a display device (e.g., a cathode ray tube (CRT), a light-emitting diode (LED), or liquid crystal display (LCD) display device) for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
- a display device e.g., a cathode ray tube (CRT), a light-emitting diode (LED), or liquid crystal display (LCD) display device
- CTR cathode ray tube
- LED light-emitting diode
- LCD liquid crystal display
- Other kinds of devices can be used to provide for interaction with a user, as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input
- Implementations may be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation), or any combination of such back-end, middleware, or front-end components.
- Components may be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (LAN) and a wide area network (WAN) (e.g., the Internet).
- LAN local area network
- WAN wide area network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Multimedia (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Computing Systems (AREA)
- Biomedical Technology (AREA)
- Oral & Maxillofacial Surgery (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Technology Law (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Acoustics & Sound (AREA)
- Ophthalmology & Optometry (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Telephonic Communication Services (AREA)
- Bioethics (AREA)
- User Interface Of Digital Computer (AREA)
- Storage Device Security (AREA)
- Mathematical Physics (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
Abstract
Description
- This application claims priority to European Application Nos. EP16196947.2, EP16196945.6, EP 16196950.6, EP 16196957.1, filed Nov. 2, 2016, and EP Application No. EP17172856.1, filed May 24, 2017, the disclosures of which are incorporated herein by reference in their entireties.
- This disclosure relates to methods and devices for securely authenticating a user from a non-secure terminal, and in particular, for executing a secure transaction involving a non-secure terminal and a remote server, based on a user authentication.
- In general, mobile terminals, such as, for example, smartphones, personal computers, digital tablets, or the like, or any other connected device including devices belonging to the Internet of Things (IoT) may execute transactions, such as e-commerce transaction or fund transfer. These transactions, however, raise security problems, notably because “malicious software” or “malware” may be executed by a processor (e.g., CPU) of the terminal. The malware may be able to access all or a part of the memories accessible by the processor, and thus may be maliciously configured to spy on any transactions executed by the terminal and obtain any data manipulated during these transactions over a network.
- To ensure the security of such transactions, one method is to entrust cryptographic computations to a dedicated secure element, such as a processor of, for example, a UICC (“Universal Integrated Circuit Card”) card, and a SIM (subscriber identification module) card, in which cell phones are generally equipped. Further, in order to be able to execute one or more payment applications, the secure processor must be able to store as many secret cryptographic keys as there are payment applications. However, loading an application into the memory of the above-mentioned secure processor is a complex operation that needs to be highly secure. Specifically, it involves external parties such as Trusted Service Managers. For instance, since SIM cards are issued by cell phone operators, the latter may refuse to have such applications installed in the card. Furthermore, in the event of theft, or during maintenance of the telephone, the processor of the SIM card may be hacked by a hacker seeking to discover the secret keys stored in its memory.
- In addition, accessing the secure functions installed in the processor of a SIM card generally entails inputting a secret code (PIN code) by means of a keypad or a touch-sensitive surface connected to the main processor of the terminal. In a typical configuration, the secret code input by the user necessarily passes through the main processor. Malware executed by the main processor can therefore access this secret code.
- Further, to secure transactions performed using a terminal connected to a web site, one method may be to use a single-use secret code which is transmitted to the user each time a transaction needs to be validated. One solution is to transmit the single-use secret code to the user via a distinct communication channel, e.g., via a phone link or SMS (Short Message Service). The user may be required to input the received secret code on the terminal to validate the transaction. Another solution is to provide an additional hardware device to each of the users. This device may generate a single-use secret code after an authentication of the user by means of credentials, such as a password or biometric data. However, the above-mentioned solutions are burdensome for the users who do not always have nearby a phone or mobile or wireless network coverage (or the additional hardware device), when validating a transaction. Further, the solution requiring the additional hardware device is costly for organizations (e.g., banking). In addition, the solution using a secret code transmitted by SMS does not provide sufficient high security level since it has already been subjected to successful attacks.
- In a general aspect, a method for authenticating a user from a user terminal, including: receiving by the user terminal, from a secure processor, a software component protected against tampering and reverse-engineering and configured to generate an image frame including random pixels having a probability lower than 100% to be visible in the image frame; executing the software component by the user terminal a plurality of times to generate a plurality of image frames; displaying the plurality of image frames at a frame display rate, the image frames including information which is machine unintelligible as being formed of the random pixels, the frame display rate being such that the information becomes intelligible to a user; acquiring a response from the user in relation with the information; and transmitting by the user terminal the response to the secure processor, the user being authenticated when the response corresponds to the information.
- In some implementations, the software component may be configured to generate a plurality of frame image parts each comprising the random pixels. The method may further include inserting each generated image frame part into an image frame background to generate the plurality of image frames.
- In some implementations, the software component may be configured to generate encrypted frame image parts including the random pixels. The method may further include: decrypting, by the user terminal, each generated encrypted image frame part, by applying to each pixel of the encrypted image frame part an XOR operation with a corresponding pixel of a decrypting mask; and each decrypted image frame part being inserted into an image frame background to generate one of the plurality of image frames.
- In some implementations, the decrypting mask may be configured to produce a message in the displayed image frames, when decrypting one of the generated encrypted image frame parts.
- In some implementations, the machine unintelligible information in the displayed image frames may include segments arranged to form symbols, or numeric or alphanumeric characters, at least a part of the segments being formed with the random pixels.
- In some implementations, the segments may be arranged to form labels of keys of a keypad having a random key layout. The response from the user may include positions of keys of the keypad successively selected by the user.
- In some implementations, the response from the user may include positions of keys of the keypad corresponding with a validation code displayed with segments formed with the random pixels.
- In some implementations, the software component may be configured to set a probability of the random pixels to be visible in the displayed image frames. The probability may be selected in a set of visible probability values.
- In some implementations, the software component may be configured to provide the random pixels with a probability set to a value equal to 50% or comprised between 12.5% and 87.5%, to be visible in the displayed image frames.
- In some implementations, the software component may be encoded as a garbled circuit including circuit inputs, circuit outputs, logic gates and wires, each logic gate having two inputs and one output, each wire having a first end connected to one of the circuit inputs or to one of the logic gate outputs and a second end connected to one of the logic gate inputs or to one of the circuit outputs. The garbled circuit may be generated by randomly generating a valid data representing each binary state of each of the wires, and by computing for one logic gate of the garbled circuit, truth table values as a function of each valid data of each input of the logic gate, each valid data of the output of the logic gate and a logic operation performed by the logic gate.
- In some implementations, the software component may include a pixel set generation circuit for a set of random pixels to generate. Each generation circuit may include a first logic gate and a set of second logic gates, the first logic gate combining a first input data to a randomly selected second input data, and providing an output data to a first input of each of the second logic gates, a second input of each of the second logic gates receiving a third input data, each of the outputs of the second logic gates providing a pixel value of the set of random pixels.
- In some implementations, the software component may be executed within a web browser executed by the user terminal.
- In another general aspect, a user terminal may include a processor configured to: receive from a secure processor a software component protected against tampering and reverse-engineering and configured to generate an image frame including random pixels having a probability lower than 100% to be visible in the image frame; execute the software component a plurality of times to generate a plurality of image frames; display the plurality of image frames at a frame display rate, the image frames including information which is machine unintelligible as being formed of the random pixels, the frame display rate being such that the information becomes intelligible to a user; acquire a response from the user in relation with the displayed information; and transmit the response to the secure processor, the user being authenticated when the response corresponds to the information and to a secret data shared by the user and the secure processor.
- In some implementations, the terminal may be configured to execute the operations performed by a user terminal in the previously defined method.
- In some implementations, the secure processor may be a secure element connected to a main processor of the terminal.
- In some implementations, the secure processor may belong to a remote server linked to the terminal through a data transmission network.
- In another general aspect, a secure element configured to execute the operations performed by a secure processor. The secure element may be connected to a main processor of a terminal.
- In still another general aspect, a server configured to execute the operations performed by a secure processor. The server may be linked to the terminal through a data transmission network.
- In still another general aspect, a computer program product may be loadable into a computer memory and comprising code portions which, when carried out by a computer, configure the computer to carry out the operations performed by the user terminal.
- The method and/or device may be better understood with reference to the following drawings and description. Non-limiting and non-exhaustive descriptions are described with the following drawings.
-
FIG. 1 is a block diagram of user terminals performing transactions with remote servers according to example embodiments; -
FIG. 2 is a block diagram of a user terminal according to example embodiments; -
FIG. 3 is a sequential diagram of initialization steps performed by a user terminal, an authentication server and an application server, according to example embodiments; -
FIG. 4 is a sequential diagram showing authentication steps, according to example embodiments; -
FIG. 5 is a block diagram of a database managed by the authentication server, according to example embodiments; -
FIGS. 6 and 7 are sequential diagrams showing authentication steps, according to other example embodiments; -
FIGS. 8A and 8B represent respectively an image frame displayed by the user terminal, and a corresponding resultant image which can be observed by a user of the user terminal, according to example embodiments; -
FIG. 9 represents two layers of a part of an image frame which are displayed superimposed by the user terminal, a corresponding part of a resultant image frame which is displayed by the user terminal, and a corresponding part of a resultant image which can be observed by a user of the user terminal, according to example embodiments; -
FIG. 10 is a block diagram of an application program executed by the user terminal, according to example embodiments; -
FIG. 11 is a block diagram of a circuit implemented by software in the user terminal, according to example embodiments; -
FIG. 12 is a block diagram of a database describing the circuit implemented in the user terminal, according to example embodiments; -
FIG. 13 is a block diagram illustrating a processing performed by the application program for displaying the image frame ofFIG. 8A , according to example embodiments; -
FIG. 14 is a block diagram of a part of the circuit ofFIG. 11 , according to another example embodiment; and -
FIG. 15 is a sequential diagram showing authentication steps, according to another example embodiment. - In the figures, like referenced signs may refer to like parts throughout the different figures unless otherwise specified.
- In the following, the term “secure” may be employed according to its plain meaning to those of ordinary skill in the art and may encompass, in different embodiments, security arising from techniques such as encryption, or other types of software or hardware control used to isolate information from the public or to protect it against unauthorized access or operation. The expressions “secure communication” and “secure communication link” may refer to communications that are encrypted using public/private key pairs, or symmetrical key encryption with keys shared between communicating points. “Secured communications” can also involve virtual private networks, and other methods and techniques used to establish authenticated and encrypted communications between the communicating points.
- In view of the drawbacks and considerations noted above, it may be desirable to propose methods and devices for authenticating a user of a non-secure user terminal. It may also be desirable to protect secret data input by users and transaction data transiting through such a non-secure terminal. Further, it may be desirable to make the proposed method compatible with all existing terminals, even with terminals of low computation power.
- For instance, such methods to protect transaction data transmitting through a non-secure terminal may include using a graphic processor of the terminal as a secure element to perform transactions. This method may include establishing a secure communication link between the graphic processor of the terminal and an authentication server, and displaying a virtual keypad with keys arranged in random order. The image of the keypad is displayed using visual cryptography, by successively displaying complementary frames in which the labels of the keys are not intelligible. The complementary frames may be combined into an intelligible image by the visual system of the user due to a retinal remanence thereof. In this way, even if a malicious program running on the main processor of the terminal is able to access the positions of the keys touched by the user during input of a secret code, it cannot, by taking a succession of screenshots, determine which labels correspond to the touched keys. However, this method requires important calculation resources that are not available in all portable devices (e.g., existing smartphones on the market).
-
FIG. 1 represents user terminals UT that can perform transactions with remote service provider servers or application servers SSRV through communication networks NT. In the following, the term “user terminal” shall be synonymous and refer to any device that can communicate with one or more remote servers such as application servers and service provider servers. Thus, a user terminal can be, for example, a mobile phone, a smartphone, a payment terminal, a personal computer, a digital tablet equipped with communication circuits, etc. The communications networks may include IP (Internet Protocol) networks, such as Internet, mobile or cellular networks, wireless networks, and any kind of network that can be used to establish a communication link between a user terminal and a remote server. - In some implementation, an authentication server ASRV may be configured to implement a method for authenticating a user during transactions involving an application or service provider server SSRV and a user terminal UT, based on a two-factor authentication scheme.
-
FIG. 2 represents a conventional terminal UT, including communication circuits NIT for communicating with a remote server such as the server ASRV, through a transmission network such as the network NT. The terminal UT can be, for example, a cellular phone, a smartphone or a PDA (Personal Digital Assistant) or any other device such as a digital tablet or a personal computer including communication circuits to be connected to a network such as Internet network. The user terminal UT may further include a main processor HP (also called “Central Processing Unit”-CPU) connected to the communication circuits NIT, a display screen DSP, a graphic processor GP connected to the processor HP and controlling the display screen DSP, and a control device CM connected to the processor HP. The control device CM can include a keyboard or keypad, or a touch-sensitive surface. In some implementations, the control device CM can be transparent and disposed on the display screen DSP. The control device CM can further include a pointing device such as a mouse, a pencil, a pen, or the like. - The terminal UT can further include a secure element SE, such as, for example, a secure processor that can be standalone or embedded into a smartcard UICC. In some implementations, the secure processor SE can be, for example, a SIM (“Subscriber Identity Module”) card, providing an access to a cellular network. The secure processor SE can include an NFC (“Near Field Communication”) circuit to communicate with a contactless reader. The NFC circuit can be embedded into a SIM card (SIM-NFC) or UICC, or in a SoC (“System on Chip”) circuit, or in an external memory card, for example an “SD card”. The circuits NIT can include a mobile telecommunication circuit giving access to a mobile cellular network and/or to the Internet network, through the cellular network, and/or a wireless communication circuit (Wi-Fi, Bluetooth™, or any other radio frequency or wireless communication methodology), and/or any other wired or wireless connection circuit that can be linked to a data transmission network such as the Internet.
-
FIG. 3 represents registration steps S1 to S8 provided for registering a user terminal UT to be used for authenticating a user to validate a transaction or to access a service, in accordance with example embodiments. In some implementations, steps S1 to S8 can be successively performed and/or can be executed only once. At step S1, the user may download and install and/or launch execution of an application APP dedicated to or involving user authentication in a user terminal UT to be used for authentication. At step S2, the application APP may generate a unique device identifier DID of the terminal UT. Steps S2 to S7 may be performed at a first execution of the application APP by the terminal UT. At step S3, the application APP may connect the user terminal UT to the service provider or application server SSRV, e.g., to a web site of the service provider, and may transmit a terminal enrollment request ERQ to the server SSRV. The terminal enrollment request may include user credentials, such as, a user identifier UID and a corresponding password UPW, and the device identifier DID. At step S4, the server SSRV may receive the enrollment request ERQ and may check the received user credential UID, UPW. If the received user credentials correspond to a valid registered user, the server SSRV may send at step S5 to the authentication server ASRV, a registration request RGRQ containing the user credentials UID, UPW, the device identifier DID and a service identifier SID related to the service provider server SSRV. The communication link between the servers SSRV may be ASRV is secured in a suitable way (e.g. using encryption means), such that a hacker cannot retrieve the transmitted data. The following steps S6, S7 performed by the server ASRV may be executed by a secure processor of the server ASRV or within a secure domain thereof. The links between the terminal UT and the server SSRV and between the terminal UT and the server ASRV, which may not be required to be secure links. - At step S6, the authentication server ASRV may receive the registration request RGRQ and may store the received data, i.e., the user credentials UID, UPW the identifier DID of the user terminal and the service identifier SID in a user database UDB. At step S7, the server ASRV may transmit a message RP in response to the request RGRQ to the service provider server SSRV. The message RP may contain the user identifier UID and a status of the registration. The message RP can be retransmitted by the server SSRV to the user terminal UT.
-
FIG. 4 represents authentication steps S21 to S33, which may be successively performed to authenticate the user during a transaction conducted by the application APP or for executing an operation of this application, requiring the user to be authenticated. The authentication of the user may require that the user terminal UT is registered by the authentication server ASRV, by executing steps S1 to S6 ofFIG. 3 , for example. At step S21, the user terminal UT may launch execution of the application APP. At step S22, the application APP may be required to authenticate the user and may transmit an authentication request ARQ to the authentication server ASRV. The authentication request ARQ may contain an identifier SID of the service, the credentials UID, UPW of the user involved in the transaction, the service provider identifier SID for which the authentication should be performed, and the device identifier DID of the user terminal UT. In some implementations, a message (MSG inFIGS. 8A, 8B and 9 ) may be displayed to the user and presented, for example, information related to the transaction to be validated by the user, and an address SURL of a service provider server where a result of the authentication is to be transmitted by the authentication server ASRV. - At step S23, the authentication server ASRV may receive the request ARQ, and may check the consistency of the data transmitted in the authentication request ARQ. To this end, the authentication server ASRV may use the data stored in the database UDB or send an authentication request message to the server SSRV, containing the user credentials UID, UPW, the server SSRV verifying the consistency of the user credentials and providing a response to the server ASRV containing a result of the verification. If the transmitted data are not consistent, the server ASRV may transmit an error message ERM to the user terminal UT and the execution of the application APP ends. If the data in the received request ARQ are consistent, the authentication server ASRV may perform step S24 where it generates a transaction validation code CC, preferably of, for example, single-use, and a distinct dedicated software component GC specific to the user terminal UT corresponding to the device identifier DID. The software component GC may be designed to display the validation code CC, and software component GC may be specific to this code. The authentication server ASRV can also generate a unique transaction identifier TID which may be stored in the database UDB. At step S25, the server ASRV may send to the terminal UT structure and content data GCD defining the software component GC and including input data of the software component in an encrypted form, a final mask IMSK to be applied to image frame parts generated by the software component circuit, and a cryptographic data GCK to be used to execute the software component. At step S26, the server ASRV may send an acknowledge message ACK to the server SSRV. The acknowledge message ACK may contain the user identifier UID and the transaction identifier TID. At step S27, the application APP executed by the terminal UT may receive the data GCD, IMSK, GCK related to the software component GC and transmitted at step S25, and may send an acknowledge message AKM to the server ASRV. If the application APP is not currently running on the terminal UT, the reception of the data related to the software component may trigger the execution of the application APP. At step S26, the user terminal UT may transmit an acknowledge message AKM to the server ASRV in response to the data received at step S25. At step S27, the server ASRV may send to the terminal UT a request RGC to execute the software component GC. At step S28, the reception of the notification RGC may trigger the execution by the application APP of the software component GC which may display image frames showing, for example, a keypad having keys, the message MSG and the single-use transaction validation code CC, for example, of two or more digits. The application APP executed by the terminal UT may also trigger the execution of the software component GC when it is received at step S25.
- In some implementations, the keys of the keypad displayed by the software component may be arranged in a randomly selected layout in the displayed frames, and only parts of labels of the keys and of the validation code may be displayed in each frame, such that the key labels and the validation code are intelligible to the human visual system due to the persistence of the latter, but not in screenshots of the display screen DSP. In some implementations, the validation code CC may be superimposed on the message MSG (or vice-versa), such that the message cannot be changed without disturbing the validation display.
- At step S29, the user of the terminal UT may input the displayed validation code CC. In the example of a smartphone, the user may use the displayed keypad, and may touch corresponding positions POSi of the keys of the displayed keypad. At step S30, the application APP may transmit the sequence of positions POSi selected by the user and the device identifier DID to the server ASRV. At step S31, the server ASRV may determine the code CC1 corresponding to the positions POSi typed by the user. Since the keypad used to input the positions POSi was displayed by the software component GC which was generated by the server ASRV, the server ASRV may recognize the displayed keypad layout, and thus, can determine the keys labels corresponding to the positions POSi, and consequently the value of the validation code CC1 typed by the user. At step S32, the server ASRV may compare the entered validation code CC1 with the validation code CC generated at step S24 and which can be stored in the database UDB in association with the device identifier DID. At step S33, the server ASRV may transmit to the service provider server SSRV using an address SURL of the server SSRV, an authentication response ARP containing the user identifier UID, the result of the comparison performed at step S32, and possibly, the transaction identifier TID. The transmission response ARP may be also transmitted to the application APP executed by the user terminal UT. In this way, the user corresponding to the identifier UID may be authenticated and the transaction TID may be validated only when the typed validation code CC1 match the validation code CC corresponding to the software component GC sent by the server ASRV to the user terminal UT at step S24.
- In this way, only the positions POSi typed by the user may be transmitted from the user terminal UT to the server ASRV. Therefore, a malware installed in the terminal UT or a man-in-the-middle attack between the server ASRV and the user terminal UT cannot discover the typed code CC1 without executing the software component GC. If this happens, the hacker performing the attack must send a message ARP to the server ASRV (as in step S30). Thus, the server ASRV can receive two messages ARP for a same transaction or from the same user terminal UT, e.g., one from the authenticated user and one from the hacker, and can invalidate the transaction.
- In some implementations, the message ARP may be transmitted by the user to the server ASRV (step S30) by another transmission channel.
-
FIG. 5 represents different tables DEV, SVC, TT, GCP of the database UDB in accordance with example embodiments. The table DEV may contain one record for each registered user device or terminal UT. Each record may include a device identifier DID, and the corresponding user credentials UID, UPW. The table SVC may contain one record for each service provider registered with the authentication server ASRV. Each record of the table SVC may include a service identifier SID and a service name. The table TT may contain one record for each current transaction. Each record may include a transaction identifier TID, a device identifier DID, a service identifier SID, the message MSG to be displayed by the software component GC triggered by the application APP and executed by the terminal having the identifier DID, the address SURL provided at step S22, an identifier GCID identifying the software component generated for the transaction TID, and a single-use transaction validation code CC. The table GCP may contain one record for each software component generated by the server ASRV. Each record may include an identifier GCID identifying the software component, a device identifier DID of the device UT for which the software component GC was generated at step S24, and the identifier TID of the transaction for which the software component GC was generated. Since the software components are dedicated to one transaction and consequently generated and executed for only one user authentication, the records corresponding to an already ended transaction can be deleted from the table GCP. In some implementations, the records may be kept for statistical purposes and/or to ensure the unicity of each transaction. - In some implementations, the operations performed by the authentication server ASRV (in
FIGS. 3 and 4 ) can be implemented in the service provider server SSRV. In such a case, the server SSRV does not need to be identified in the steps S23 and S33, and in the data base UDB. - In some implementations, the user terminal may communicates only with the service provider server SSRV. Therefore, the user credential check (step S23) may be performed by the service provider server SSRV, and thus, the authentication server ASRV does not have to know the user password UPW to be used to access the service provided by the server SSRV. In this example embodiment illustrated in
FIG. 6 , step S5 is modified to remove the user password UPW from the registration message RGRQ. -
FIG. 6 represents the authentication steps S21 to S33, which are successively performed to authenticate the user during a transaction in accordance with example embodiments. At step 22, the authentication request may be transmitted from the user terminal UT to the service provider server SSRV. The user authentication step S23 on the basis of the user credentials UID, UPW may be performed by the server SSRV. In a following step S23′, the server SSRV may transmit an authentication request ARQ1 to the authentication server ASRV. The authentication request ARQ1 may include only the identifier SID of the service provider and the user device identifier DID. After receiving the authentication request ARQ1, the server ASRV may execute step S24 as in the example embodiment ofFIG. 4 . In step S25, the server ASRV may transmit the structure and content data GCD defining the software component GC and including input data of the software component in an encrypted form, the final mask IMSK to be applied to image frame parts generated by the software component circuit, and the cryptographic data GCK to be used to execute the software component. These data can be transmitted directly to the user terminal UT or by means of the server SSRV which may retransmit them to the user terminal UT in step S25′. Then the steps S26 and S27 can be performed between the user terminal UT and the server ASRV or as represented inFIG. 6 , between the user terminal UT and the server SSRV. - Then the user terminal UT may perform the steps S28 to S30. The authentication response ARP sent in step S30 by the user terminal UT can be transmitted directly to the server ASRV or as represented in
FIG. 6 , received first by the server SSRV which may retransmit it to the server ASRV. Upon reception of the authentication response ARP, the server ASRV may perform the steps S31 to S33 as illustrated inFIG. 4 . An authentication report can be transmitted to the user terminal UT either by the server ASRV or by the server SSRV. - Instead of being performed by the application APP, the steps S22, S26, S28 and S30 can be performed within or by a web browser installed in the terminal UT, the steps S26, S28 and S30 being performed by a script executed by the web browser, such as, a script written in “JavaScript”, and transmitted in a web page by the server ASRV.
- Example embodiments can be adapted to prevent a phishing attack by which a hacker steals a user account with a service provider, such as, for example, a banking or payment account or an email account. According to this attack, the hacker may connect to the service provider using a true user identifier and may repeatedly activate a link to regenerate the password corresponding to the user identifier. When such a link is activated, the service provider may transmit to a registered email address or a registered phone number corresponding to the user identifier a message containing a single-use secret number to be introduced in a web page of a web site of the service provider. Then the hacker transmits to the user a fake message indicating that the user's account is subjected to attacks and requesting the user to activate a link to be clicked on provided in the message. Since the user received several messages providing a secret number to enable the generation of a new password, the user is aware of the attack announced by the hacker, and thus, the user does not suspect that the message from the hacker is a trap. When the user activates the link, the user receives a fake web page looking like a true web page from the service provider web site and requesting the secret code provided in the last message received by the user from the service provider. If the user types the secret code in the fake web page, the hacker gets the secret code and can use it to generate a new password for the user account from the web site of the service provider. From this time, the hacker gets access to the user account on the server of the service provider instead of the user.
-
FIG. 7 represents an embodiment that can prevent such a phishing attack in accordance with example embodiments. The embodiment ofFIG. 7 comprises steps S41 to S65 performed successively by the user terminal UT, the service provider server SSRV and the authentication server ASRV together. In step S41, a web browser installed in the user terminal may display a web page from a web site of the service provider. The displayed web page may contain a link enabling the user to generate a new password for accessing a user account with the service provider. When the user activates this link, a message NPWR requesting a new password may be transmitted to the server SSRV in step S42. The message NPWR may contain a user identifier UID and a device identifier of the user terminal UT used by the user in steps S41, S42. When it receives the message NPWR in step S43, the server SSRV may transmit an authentication request ARQ to the authentication server ASRV. The request ARQ may contain an identifier SID of the service provider, an identifier UID of the user (e.g. an email address of the user). In step S44, the server ARSV may receive the request ARQ and may generate a transaction identifier TID and a link LNK to request an authentication. The transaction identifier TID may identify the current user authentication transaction. In step S45, an acknowledge message AK containing the transaction identifier TID, the user identifier UID and the link LNK may be transmitted by the server ASRV to the server SSRV. In step S46, the server SSRV may transmit to the user terminal UT a message M(LNK) containing the link LNK and the transaction identifier TID, using an email address of the user that can be transmitted by the user terminal UT at step S42. - At step S47, the user terminal UT (e.g., an email application or a web browser installed in the terminal) may display the received message M(LNK). Then the user may activate the link LNK in the displayed message in step S47′. In step S48, the activation of the link LNK may trigger the transmission by the user terminal to the server ASRV of a message containing the transaction identifier TID. At the reception of such a message at step S49, the server ASRV may transmit to the user terminal a script SCPT, for example, written in the language “JavaScript” to be executed by a web browser installed in the user terminal UT. The steps S50, S51, S54, S56, S62 and S64 may be performed within or by a web browser installed in the terminal (or by the script SCPT executed in the web browser). In step S50, the web browser of the user terminal UT may launch execution of the received script SCPT. In step S51, the user terminal UT controlled by the script SCPT may send a request RQGC for a dedicated software component GC specific to the user terminal UT. The request RQGC contains the identifiers TID and UID, and information about the user terminal UT, such as, for example, personal computer, smartphone, digital tablet, etc. In step S52, the authentication server ASRV may receive the request RQGC and may generate au authentication code CC, preferably, for example, of single-use, and a distinct dedicated software component GC specific to the user terminal UT and the application requesting the software component (dedicated application or web browser), as in previously described step S24. At step S53, the server ASRV may send to the user terminal UT structure and content data GCD defining the software component GC and including input data of the software component GC in an encrypted form, a final mask IMSK to be applied to image frame parts generated by the software component circuit, and a cryptographic data GCK to be used to execute the software component.
- At step S54, the script SCPT executed by the web browser in the user terminal UT may receive the data GCD, IMSK, GCK related to the software component GC and transmitted in step S53. The user terminal UT may send an acknowledge message to the server ASRV in response to the data received at step S53. Then the script SCPT may execute the software component GC which may display image frames showing, for example, a keypad having keys, and the single-use authentication code CC, for example, of two or more digits. At step S55, the user of the terminal UT may input the displayed authentication code CC. In step S56, the script SCPT executed by the terminal UT may transmit the sequence of positions POSi selected by the user and the transaction identifier TID to the server ASRV. In step S57, the server ASRV may determine the code CC1 corresponding to the positions POSi typed by the user. Since the keypad used to input the positions POSi was displayed by the software component GC which was generated by the server ASRV, the server ASRV may recognize the displayed keypad layout, and thus, can determine the keys labels corresponding to the positions POSi, and consequently the value of the authentication code CC1 typed by the user. In step S58, the server ASRV may compare the entered code CC1 with the authentication code CC generated at step S52. At step S59, the server ASRV may transmit to the service provider server SSRV, an authentication response ARP containing the user and transaction identifiers UID, TID, and the result CMP of the comparison performed at step S58. In step S60, if the typed code CC1 matches the authentication code CC, the server SSRV may transmit in step S61, to the user terminal UT a web page WP(NPW) enabling the user to enter a new password for his account with the service provider. The user terminal UT to which the web page WP(NPW) is to be transmitted is known by the server SSRV from the step S42 at which it receives the new password request. In step S62, the web browser of the user terminal UT may display the received web page WP(NPW). In step S63, the user may introduce a new password NPW in the displayed web page WP(NPW). In step S64, the user terminal UT may transmit the new password NPW to the server SSRV, together with the user identifier UID in a password change request NPWR. In step S65, the server ASRV may send an acknowledge message ACK to the terminal UT.
- In this way, steps S43 to S61 may require the authentication code CC to be read on the user terminal UT and introduced in the latter using the keypad which is displayed with the authentication code CC. Therefore, a hacker is prevented to get and use the authentication code, to be authenticated instead of the true user. In addition, a human could be required to perform these operations, which prevents automatic attacks directed to a large number of user accounts.
- In some implementations, the operations performed by the authentication server ASRV can be implemented in the service provider server SSRV.
- The communications between the user terminal UT and the server ASRV may be secured, e.g., using the SSL protocol, at least from step S49 to step S56, thereby preventing a man-in-the-middle attack.
- Such a man-in-the-middle attack can also be prevented using an additional secret code previously provided to the user, for instance, by another communication channel and/or by another device, or during a user enrollment procedure. This additional secret code can be required for authenticating the user in steps S54 to S58, and introduced at step S55 using the keypad displayed by the software component GC.
- Steps S43 to S61 can be also performed each time the user terminal is connected to a server (e.g. the service provider server SSRV) by means of a web browser and the server needs a second factor authentication to authenticate the user.
-
FIG. 8A represents an example of an image frame FRM displayed by the user terminal UT when it executes the software component GC in accordance with example embodiments. The image frame FRM may include a banner frame BNF displaying the message MSG and the single-use code CC superimposed on the message MSG. The image frame FRM may further include a keypad image frame KYPF showing, for example, a twelve-key keypad. Each key of the keypad may be displayed with a label KYL indicating the function of the key to the user. In some implementations, the keypad may be an erase key “C” and a validation key “V”, and ten keys corresponding to a digit, and having a layout specific to the software component GC which generates the image frame FRM. The image frame FRM may further comprises a display zone FBD where a dot is displayed each time the user touches a new one of the keys KY. In the example ofFIG. 8A , the display zone FBD may show that three keys were already typed by the user. - In the example of
FIG. 8A , the keypad may include four lines of three keys, the first line of the keypad comprising (from left to right) the digits “9”, “3” and “6”, the second line comprising the digits “2”, “0” and “1”, the third line comprising the digits “4”, “7”, and “8” and the fourth line, the validation key “V”, the digit “5” and the erase key “C”. The label KYL of each digit key may be displayed by several segments SG (e.g. seven segments), visible or not, according to the key label KYL to be displayed. In some implementations, to prevent the keypad layout from being acquired using a screenshot function of the user terminal UT, only a part of the visible segments in each key KY may be displayed in each image frame generated by the software component GC. To this purpose, each visible segment to be displayed may be present in an image frame FRM generated by the software component GC with a probability lower than 100%, for example equal to 50%. Due to its persistence property, the human visual system may combine the image frames successively displayed by the user terminal UT. Thus, the displayed key labels KYL may become intelligible to the user.FIG. 8B represents the displayed image IMG as it is perceptible by the human visual system when the image frames FRM generated by the software component GC are displayed at a sufficiently high frequency, for example, greater than 30 Hz. In some implementations, the frequency may be, for example, at 60 Hz, such that a new frame generated by the software component GC is displayed every 16.6 ms. In some implementations, as shown inFIG. 8B , the key labels KYL may appear in grey to a user when visible segments to be displayed of the key labels are inserted in the frames FRM with a probability lower than 100%. -
FIG. 9 at the top shows one example of two superimposed layers of the banner frame BNF produced by the software component GC and displayed by the user terminal UT in accordance with example embodiments. The central part ofFIG. 9 shows the banner frame as it is generated and displayed. The bottom part ofFIG. 9 shows the banner BN as it can be perceived by the user. The first layer of the banner frame BNF (at the top left ofFIG. 9 ) includes a message MSG to be displayed, for example the message “Order: transfer xx € to yyyy”. The second layer (at the top right ofFIG. 9 ) includes a number of several digits, for example, four digits, corresponding to the validation code CC to be entered by the user in the user terminal UT. Here again, each digit of the validation code CC may be displayed using several segments SG (e.g., seven segments) which may be displayed or not as a function of the digit to be displayed. To prevent the validation code CC from being acquired using a screenshot function of the user terminal UT, only a part of the visible segments SG may be displayed in each image frame FRM generated by the software component GC, such that each visible segment SG to be displayed is present in an image frame FRM generated by the software component GC with a probability lower than approximately 100%, for example, equal to approximately 50% (½). - The pixels of the first and second layers may be combined together by a XOR operation. Thus, in the generated banner frame BNF as shown in the central part of
FIG. 9 , the pixels belonging both to the message MSG and to a segment SG of the validation code CC, may be displayed in the background color, when the pixels belonging only to the message MSG or the segments SG may be displayed in a color different from the background color. - The bottom part of
FIG. 9 represents the displayed banner BN as it is perceptible by the human visual system, when the image frames FRM generated by the software component GC are displayed at a sufficiently high frequency (e.g., greater than 30 Hz). In some implementations, the frequency can beat 60 Hz, such that a new frame FRM is displayed every 16.6 ms. In some implementations, four digits labels DL of the validation code CC may appear in grey to the user, when visible segments to be displayed are inserted in the banner frames BNF with a probability lower than approximately 100%. In the example ofFIGS. 8A, 8B and 9 , the validation code CC is 4279. - In some implementations, visible and invisible segments of each digit KYL, DL to be displayed appear in the frames FRM with respective probabilities such that the displayed digits are intelligible for the human visual system, due to the persistence of the latter. For example, the generated software components GC may be configured to display the invisible segments with a probability of approximately 0 to 15%, and the visible segments with a probability of approximately 50 to 100%. The visible segments forming a key label KYL or a digit of the validation code CC can be displayed with respective probabilities comprised between approximately 50 and 100%, and the invisible segments in a key label or a digit of the validation code CC can be displayed with respective probabilities comprised between approximately 0 and 15%. The display probabilities of the segments forming the digits of the key labels and the validation code CC can be adjusted as a function of the frame display frequency, such that the labels of the displayed digits remain intelligible for the human visual system. Segments or pixels may be invisible or visible in the image frame FRM when they are displayed respectively with a background color of the image frame, or with a color different from the background color. The background color may be defined by the color of the pixels around the considered segment SG, and may vary as a function of the position of the segment within the image frame FRM.
- The displayed keypad KYPF may not need to have a validation key “V”, the validation of the typed codes being performed when the user inputs the last digit of the validation code CC to be typed. For example, if the validation code comprises four digits, the execution of the software component GC can be ended when the user inputs four digits. The cancel key “C” can be managed either to delete the last typed digit or all the previously typed digits. The effects of the cancel key “C” may be shown to the user by erasing one or all dots in the display zone FBD.
-
FIG. 10 represents a functional architecture of the application APP, according to an example embodiment. The application APP may include a management module MGM, an initialization module INM, an authentication module AUTM, a link module LKM, and a software component execution module GCM. The management module MGM may control other modules INIM, RGM, LKM and GCM, and the communications between the application APP and the server ASRV through the communication circuits NIT. The initialization module INM may perform step S9. The link module LKM may perform steps S11 and S12. To this purpose, the link module can be connected to an image sensor IMS of user terminal UT to acquire an optical code corresponding to the link token LTK to be received by the user terminal UT, and displayed by the terminal OT. The authentication module AUTM may perform steps S25 to S29 to process the authentication request received at step S23, to trigger the execution of the software component GC, and to receive and transmit the positions POSi typed by the user. The module AUTM may be connected to the keypad or a touch-sensitive surface TSIN of the terminal UT. The module GCM may perform the step S27 to generate and display the image frames FRM at a suitable refresh rate, the module GCM selecting at each frame, input values to be applied to the software component GC and executing the latter. The module GCM may produce the image frames FRM which may be displayed on the display screen DSP of the terminal UT. -
FIG. 11 represents an example of a software component GC according to an example embodiment. The software component GC may be a software-implemented Boolean circuit encrypted as a garbled circuit. The software component GC may include two circuit layers L1, L2, and two interconnection matrices XM1, XM2. A first interconnection matrix XM1 may receive input data INi, INj, SGi, RNi of the software component GC. The first layer L1 may include logic gates AGi, each gate receiving two input values SGi, RNi from the matrix XM1 and providing one output value Di to the second interconnection matrix XM2. The second layer L2 may include logic gates XGi, XGj, each gate receiving two input values from the matrix XM2, and providing one output value PXi, PXj representing a pixel value. Each logic gates AGi of the first layer L1 may receive input values SGi, RNi of the software component GC, selected by the matrix XM1. Each of the logic gates XGi of the other layer L2 may receive one input value INi of the software component and one output value provided by one logic gate AGi belonging to a previous layer (L1). The input values INi may be selected by the matrix XM2. Each of the logic gates XGj of the layer L2 may receive two input values INj1, INj2 of the software component. The input values INj1, INj2 may be selected by the matrix XM1 and/or XM2. This structure of the software component may enable parallel processing, since all logic gates in a same circuit layer L1, L2 can be processed at the same time. - In some implementations, to generate image frames FRM as shown in
FIG. 8A , the software component GC may include one circuit SGCi for each of the segments SG that can be visible or invisible in the image frames FRM, and one circuit FPCj for each pixel PXj distinct from a segment pixel PXi, for example, around the segments SG or in the banner frame BNF. Thus, when the image frames FRM to be displayed include 70 segments (10 key label digit×7 segments per digit) for the keypad KYP, plus 28 segments (4 digits×7 segment per digit) for the validation code CC, the software component may include 98 circuits SGCi. Each of the circuits SGCi may include one logic gate AGi in the circuit layer L1, and as much logic gates XGi in the circuit layer L2, as the number of pixels PXi1, PXi2, PXip forming the segment SG as displayed in the image frames FRM. - The gate AGi may perform, for example, a logical operation such as AND, OR, NAND, NOR, to display each visible segment with a probability of approximately 50% (½), and each invisible segment with a probability of approximately 0% to be visible. Each of the gates XGi may perform a logical XOR operation with an input INi of the software component. The gate AGi receives one segment input value SGi and a corresponding random input value RNi. The output Di of the gate AGi may be connected to an input of all gates XGi of the circuit SGCi. Each gate XGi may also receive one of the input values INi1-INip and may provide one pixel value PXi1-PXip to the output of the circuit GC.
- Each of the circuits FPCj may include one logic gate XGj performing a logical XOR operation per pixel PXj controlled by the software component GC and distinct from a segment pixel in the image frames FRM. Each of the gates XGj may receive two input values INj1, INj2 of the software component GC and may provide one pixel value PXj. Each of the gates XGj can be located either in layer L1 or in layer L2. The number of input values INi, INj can be limited to a value around the square root of the number of pixels PXi, PXj controlled by the software component GC.
- The circuits SGCi may be configured to display the visible segments of the digits of the key labels KYL and validation code SG with a probability of approximately 50% and the invisible segments of these digits with a probability of approximately 0%. The structure of the software component GC can be adapted to apply other display probabilities to the visible and invisible segments of the digits to be displayed. In some implementations, the digits can also be controlled and/or arranged (e.g., with more segments) to display other signs than numbers such as alphabetic characters or more generally symbols including ASCII characters.
- In the example of the software component of
FIG. 11 , one input INi or INj can be connected to several logic gates XGi, XGj, such that there are fewer inputs INi, INj than the number of logic gates XGi plus twice the number of logic gates XGj. - The interconnection matrix XM2 may define which pixel generated by the software component belongs to a segment SG. In some implementations, the position, orientation and shape of each segment SG may be varied by one or several pixels, depending on the display resolution of the user terminal, from one software component to another. This provision makes it more difficult to perform a machine optical recognition of the displayed symbols.
- It may be observed that the term “segment” as used herein designates a set of pixels that may be controlled by a same one of the segment input values SGi. The set of pixels forming a segment may not be necessarily formed of adjacent pixels, but can include groups of adjacent pixels as the segments forming a key label KYL. In addition, the pixels forming a segment may all be visible or all invisible in one displayed image frame FRM.
-
FIG. 12 represents the structure and content data GCD defining the software component (which is transmitted at step S23), when it is designed as a garbled circuit, according to an example embodiment. The data GCD may include: - a unique software component identifier GCID,
- a number set DIM including a number n of input values INi, INj, a number of output values m, a number s of segment input values SGi or random input values RNi, a number g of gates AGi, XGi, XGj, a number k of gates AGi, a number w of wires in the circuit, and a
number 1 of circuit layers L1, L2 in the circuit GC, - an input data table INLB including all values of the inputs INi, INj of the circuit GC, for example numbered from 1 to n, as specified for the execution of the software component,
- a segment table SGLB including all values of the segment inputs SGi of the software component GC, numbered from 1 to s, as specified for the execution of the software component,
- a random data table RNLB including the random values RNi, numbered from 1 to s,
- a gate wire table GTW defining two input wires numbers IN1, IN2, an output wire number ON and a type identifier GTYP of each logic gate AG, XG of the software component GC, the gates of the circuit being numbered from 1 to g, and
- a gate truth table including four values OV00, OV01, OV10, OV11 for each of the logic gates AG of the software component GC.
- In the example of
FIG. 11 , the type GTYP may specify that the corresponding logic gate performs either an XOR operation or another logical operation such as AND, OR, NOR, NAND. - In some implementations, the input values INi, SGi, RNi, INj and the output values Di, PXi, PXj of the logic gates AGi, XGi, XGj, each representing a binary
logical state 0 or 1, may be defined by numbers of several bits, for example, 64 or 128 bits. In this way, each input and output within the garble circuit GC may have only two valid values, and all the other possible values, when considering the size in bits of these values, are invalid. When the software component GC is generated, the two valid values of each input SGi, RNi, INi, INj of the software component may be randomly chosen, provided that the least significant bit of the two valid values are different. The least significant bits may be used, when computing the output value of one of the logic gates, to select one value in the truth table of the logic gate. - The truth table GTT[i] of each logic gate AGi, may include four values OV00, OV01, OV10, OV11, each corresponding to a combination (0, 0), (0, 1), (1, 0), (1, 1) of binary input values corresponding to the input values of the logic gate. The topology of the software component may be defined in the table GTW, by numbering each wire of the software component, i.e., each input wire of the software component from 1 to (n+2s) and each output of the logic gates from (n+2s+1) to (n+2s+g), and by associating to each logic gate AGi, XGi, XGj one record of the table GTW including two wire numbers IN1, IN2 to the two inputs of the gate and one wire number ON to the output of the gate. The wire numbers of the outputs of the software component GC may be numbered from (n+2s+g-m+1) to (n+2s+g).
- In some implementations, the table RNLB may contain both valid values RNV1, RNV2 of each of the random values RNi, corresponding to the
logical states 0 and 1. Each value RNV1, RNV2 can be equal with a same probability to either one or the other of the two valid values of the random value RNi corresponding respectively to thestates 0 and 1. - The XOR gates XGi, XGj can be executed either by using a truth table which is encoded in the table GTT or by applying XOR operations to each pairs of bits of same rank in the input values of the gate. In the latter case, the field GTYP of the table GTW may define whether the gate is a XOR gate or another gate, and the table GTT may include one record for each gate AGi only.
- In some implementations, each value in the tables INLB, SGLB, RNLB, GTT may be encoded by a 128-bit word, and each record of the table GTW may be encoded on a 64-bit word. The wire numbers IN1, IN2, ON may be encoded on 21-bit words. The table GTW can be transmitted from the server ASRV to the terminal UT in a compressed form, for example, using a gzip compression scheme.
- In some implementations, the order of the logic gates in the gate tables GTW, and GTT can be defined randomly, provided that the table records GTW[i] and GTT[i] at the index i refer to the same gate.
-
FIG. 13 represents the module GCM, configured to execute a software component and to generate the image frames FRM, according to an example embodiment. The module GCM may execute the software component each time a new image frame is to be generated, i.e., at a frame refresh rate equal to or greater than 30 Hz, for example. To this purpose, the module GCM can be activated by a synchronization signal SNC having, for example, a rising edge each time a new image frame must be generated. The module GCM may include a switching module SWC, a software component interpreter GCI, an XOR masking circuit XRG and a pixel mapping module MPF. The switching module SWC may receive the synchronization signal SNC and the structure and content data GCD defining the software component GC to be executed, and may load the data to be processed by the next execution of the software component GC in an input data structure GCDI. Thus, the switching module SWC may transmit the data DIM, INLB, SGLB, NBGL, GTW, GTT and GCK without modification to the structure GCDI. - In some implementations, the switching module SWC may perform switching operations SWi to select one or the other of the two valid values RNiV1, RNiV2 of each input random value RNi. Each switching function SWi may be controlled by a respective bit RNBi of a random number RNB having s bits, generated by a random number generation function RNG, s being the number of the random values RNi to be input to the software component GC or the total number of segments SGi of all the digits to be displayed. Each switching operation SWi provides for each of the random values RNi a randomly selected value RNiVk which is stored in the structure GCDI. As a result of the selection of one of the two valid values RNiV1, RNiV2 of the random values RNi (the visible segments SG to be displayed corresponding to an input data SGi set to the state one), the output of the corresponding AND gate AGi may be set to state either 0 or 1, depending on the logical state of the selected random value RNiVk. Thus, the visible segments SGi may appear in each frame FRM with a probability equal to the probability of the random input value RNi to be set to
state 1. If the number RNB is a true random number, this probability is equal to approximately 50%. - The module GCI may be a dedicated interpreting module configured to successively execute each of the logic gates of the first circuit layer L1, as defined by the data in the input data structure GCDI, and then each of the logic gates of second circuit layer L2. To this purpose, the interpreting module GCI can use a wire table receiving the value of each wire of the software component GC, written in the table at an index corresponding to the wire number of the wire value. The wire table may be first loaded with the input values INi, INj, SGi, RNiVk of the software component, written in the table at indexes (between 1 and n+2s) corresponding to wire numbers assigned to the input values. Then the computed output value of each executed logic gate may be written in the wire table at an index corresponding to the wire number of the output value. At the end of the software component execution. The wire table may include the values of the outputs of the software component at indexes from (n+2s+g-m+1) to (n+2s+g).
- The output value of each logic gate can be computed by applying a non-reversible function applied to both input values of the gate and to one value selected in the truth table of the gate, as a function of the least significant bit of each of the two input values:
-
OV=PF1(IN1,IN2,G) (1) - where IN1 and IN2 represent the input values of the gate, G=GTT[IN1{0}//IN2{0}], IN1{0} and IN2{0} represent the least significant bit of the input values IN1, IN2, “//” represents the bit concatenation operator, GTT represents the four-element truth table of the gate, and PF1 represents the non-reversible function.
- In some implementations, the function PF1 can use an encryption function such as AES (Advanced Encryption Standard) using an encryption key assigned to the software component. In this case, the encryption key GCK can be stored in the structure and content data GCD of the software component GC. For example, the output value OV of a logic gate can be computed as follows:
-
OV=AES(GCK,K)⊕K⊕G (2) - with K=CF(IN1,IN2)⊕T, “⊕” represents the Exclusive OR (XOR) operator, T represents a number assigned to logic gate, for example the number of the logic gate, and can also depend on the values of the inputs IN1, IN2, CF represents a combination function, and AES(GCK, K) represents an encrypted value of K by the AES encryption algorithm using the encryption key GCK. The combination function can be an XOR operation or an operation in the form:
-
CF(IN1,IN2)=SH(IN1,a)⊕SH(IN2,b), (3) - SH(X,a) representing a left shift operation of X by a number a of bits.
- The least significant bit of each output data of the software component GC provided by the module GCI is considered as a pixel value PXi, PXj. The module XRG combines each pixel value PXi (least significant bit of each output value provided by the software component) with a respective mask bit value MKi belonging to an image mask IMSK provided in the structure and content data GCD. The combination operation used can be an XOR operation XRi. The respective least significant bits of the output values PXi, PXj of the software component may represent white noise since the output values of the software component including the least significant bit thereof may be randomly chosen. Thus, the image parts generated by the software component may be in an encrypted form, and may be decrypted using the image mask IMSK.
- The image mask IMSK may include the message MSG, such that when combined with the pixels PXj provided by the software component GC, the message MSG may become intelligible and combined with segments SG of the validation code CC. The image mask IMSK can also be configured to make visible the pixels PXi of a digit segment SG corresponding to a segment input value SGi fixed to the binary state 0 (segment configured to be invisible). In this way, the segment may always be visible (with a probability of approximately 100%) in the generated image frames FRM. Another way to configure a segment always visible or invisible is to attribute a same value to the two random values RNiV1, RNiV2 corresponding to the related segment input value SGi in the transmitted structure and content data GCD.
- In some implementations, the final mask IMSK may be transmitted to the terminal UT at step S23 using another communication channel, for higher security.
- The interconnection matrices XM1, XM2 define where the pixels PXj corresponding to the input values INj and the pixels PXi corresponding to the segment input values SGi may be displayed in the image frames FRM. The input values INi, INj define in relation with the image mask IMSK if the corresponding pixel PXi, PXj in output of the software component GC may be visible or invisible. The visibility of the pixels PXi may also depend on the corresponding value of the random input RNi. The respective binary states of the input values INi, INj can be randomly selected at the time the software component may be generated. The image mask IMSK may be then generated as a function of the selected binary states of the input values INi, INj, the interconnection matrices XM1, XM2 and the image frame FRM to be displayed which defines the visible and invisible pixels in the image frame.
- The mapping module MPF may insert groups of pixels values PXi′ provided by the module XRG, at suitable positions into a background image frame BCKF to generate one of the image frames FRM to be displayed. In particular, the module XRG may provide a group of pixels PXi′ which forms the banner frame BNF as shown in
FIG. 9 , and groups of pixels PXi′ which form each of the key labels KYL of one keypad frame KYPF to be displayed in a frame FRM. The mapping module MPF may insert these groups of pixels in respective predefined locations in the background image frame BCKF to generate one of the image frames FRM as shown inFIG. 8A . In one implementation, the module XRG may output a directly displayable image frame. In this case, the mapping module is not mandatory. - The transmission in the structure and content data GCD of the software component of the two valid values of the random inputs RNi, enables introduction of randomness in the execution and output data of the software component at a very low cost. In contrast, a software component producing random output data would require to introduce a random generator in the software component, which cannot be obviously realized without adding complexity to the garbled circuit, and thus, without increasing the size of the structure and content data GCD defining the software component. In addition, the transmission of the two valid values RNiV1, RNiV2 of the random inputs RNi does not reduce the security of the introduction of the validation code CC, since the correspondence between each random input value RNiV1, RNiV2 and a
binary value 0 or 1 thereof cannot be established easily. - In some implementations, each time the user terminal UT may have to perform a new authentication, a new software component GC displaying a keypad KYP with a different key layout and displaying a different validation code CC is executed at step S27.
- In some implementations, in order to avoid the transmission of one software component GC (at step S23), each time the user terminal UT is required to perform a new authentication, several alternative software components (defined by the structure and content data GCD) can be downloaded in the user terminal UT in one time, and the user terminal UT selects a non-already executed software component each time it has to perform a new authentication. For example, several software components are downloaded with the application APP when the latter is downloaded and installed in a user terminal UT. Then, when one or several software components are used, a new set of software components can be downloaded from the server ASRV to the terminal user UT, e.g., when the terminal has an efficient network connection.
- In some implementations, several alternative software components may be stored in the user terminal UT in an encrypted form, and each time the user terminal UT execute a new software component, the server ASRV may send a corresponding decryption key to the user terminal.
- In some implementations, only a part of each of the software components may be downloaded into the user terminal UT. The downloaded part of each software component can include the data GCID, DIM, NBGL, GTW with or without the table RNLB. Each time the user terminal UT has to perform a new authentication, the server ASRV may only transmit to the terminal the data INLB, SGLB, GCK and IMSK, at step S23. Then, the user terminal UT may transmit the identifier GCID of the software component used for authentication to the server ASRV, for example at step S25 or S29. When the server ASRV receives a software component identifier GCID from a user terminal UT, it may check in the database UDB that the received identifier corresponds with a next unexecuted or valid software component previously transmitted to the user terminal UT. If the received identifier does not correspond with a next unexecuted or valid software component previously transmitted to the terminal UT, the server ASRV may invalidate the user authentication and the corresponding transaction. in some implementations, the server ASRV may also invalidate a previous transaction performed with the same software component (corresponding to the same identifier GCID).
- In some implementations, the server ASRV can assign a validity indicator (for example in the table GCP of
FIG. 5 ) to each software component it generates for a user terminal. The server ARSV may set the validity indicator to valid when it transmits the corresponding software component to a user terminal at step S23, and to invalid when it receives the corresponding message ARP at step S29. In addition, the server ARSV can assign a validity period to each generated software component, in which a software component may be set to invalid when its validity period has elapsed. The server ASRV may be configured to rejects a message ARP transmitted at step S29 when it corresponds to a software component set to invalid. -
FIG. 14 represents a part of the software component GC according to another example embodiment. The circuit part disclosed inFIG. 14 is intended to replace one logic gate AGi in the circuit ofFIG. 11 . In the example ofFIG. 14 , the circuit part may include three AND gates AGi1, AGi2 and AGi3 and two OR gates OGi1, OGi2. Instead of having one segment input SGi and one random input RNi for each segment of the image frame FRM to be displayed with a probability lower than approximately 100%, this circuit part may include for one segment, three segment inputs SGi1, SGi2, SGi3 and three corresponding random inputs RNi1, RNi2, RNi3. Each of the gates AGi1, AGi2, AGi3 may combine one respective segment input SGi1, SGi2, SGi3 with one respective random input RNi1, RNi2, RNi3. The outputs of the gates AGi1 and AGi2 may be connected to the inputs of the gate OGi1, and the outputs of the gates AGi3 and OGi1 may be connected to the inputs of the gate OGi2. The output Di of the gate OGi2 may be connected to as much gates XGi as the number of pixels forming the segment controlled by the inputs SGi1, SGi2, SGi3. In this way, when all the segment inputs SGi1, SGi2, SGi3 are set to the binary state 0, the output Di of the gate OGi2 may be set to thebinary state 1 with a probability of approximately 0%. When only one of the segment inputs SGi1, SGi2, SGi3 is set to thebinary state 1, the output Di of the gate OGi2 may be set to thebinary state 1 with a probability of approximately 50% (½). When only two of the segment inputs SGi1, SGi2, SGi3 are set to thebinary state 1, the output Di of the gate OGi2 may be set to thebinary state 1 with a probability of approximately 75% (¾), and when all the three segment inputs SGi1, SGi2, SGi3 are set to thebinary state 1, the output Di of the gate OGi2 may be set to thebinary state 1 with a probability of approximately 87.5% (⅞). Depending on the corresponding input values INi1-INip and corresponding mask bit values MKi1-MKip of the mask IMSK, and the segment input values SGi1, SGi2, SGi3, it may be possible to display a segment SGi with a probability fixed either to 0% (0), 12.5% (⅛), 25% (¼), 50% (½), 75% (¾), 82.5% (⅞) and 100% (1). In some implementations, the visible segments SG may be displayed in the image frames FRM with a probability selected in a set of visible probability values comprising at least 12.5%, 25%, 50%, 75%, 82.5% or 100%. - These probabilities or others can be obtained using other combinations of logic gates combining the three segment input values SGi1, SGi2, SGi3 and the three random input values RNi1, RNi2, RNi3.
- In some implementations, other probability values can be reached by the software component, by increasing the number of inputs for one segment, and thus, by increasing the number of AND gates in the first circuit layer L1 and the number of combining OR gates in following circuit layers.
- In some implementations, the visible segments may be displayed with a probability decreasing as a function of the experience level of the user. At first authentications, performed from a first installation of the application APP, the visible segments SG can be displayed in the image frames FRM with high probabilities, e.g., between approximately 75% and 100%. As the experience level of the user grows, these probabilities can be progressively reduced and finally set to randomly-selected values, for example, between approximately 12.5% and 50%.
- In the embodiment using garbled circuits, the generation of a software component, performed by the server ASRV at step S22, may include generating random values representing the
binary states 0 and 1 of the input bits and of the output bits of the logic gates of the software component. Some of the logic gate outputs may correspond to outputs of the garbled circuit. The generation of a software component may further include randomly selecting the interconnection matrices XM1, XM2, i.e., randomly selecting the links between the inputs of the software component and the inputs of the logic gates of the software component, and between the outputs of some logic gates and the inputs of other logic gates (definition of the table GTW). The generation of a software component may further include defining the truth tables GTT of the logic gates of the software component, and encrypting each value of these truth tables using an encryption key. In some implementations, each four values G (=GTT[IN{0}//IN2 {0}]) of the truth table of a logic gate of the software component GC can be computed as follows: -
G=PF2(IN1,IN2,OV) (4) - for each possible combination of the valid values of the inputs IN1, IN2 and the output OV, when considering the binary states corresponding to the valid values of IN1, IN2 and OV, and the logic operation performed by the logic gate, PF2 representing a non-reversible function. According to the example defined by equation (2), each four values G of the truth table of a logic gate can be computed as follows:
-
G=AES(GCK,K)⊕K⊕OV (5) - with K=CF(IN1,IN2)⊕T.
- As a consequence, it may be difficult to determine the binary states of the input and output values and the function of the logic gates of the software component. Thus, the functioning of the software component GC cannot be easily determined. In addition, the software component can process only the two valid values of each input of the circuit, among a huge number of invalid values. Therefore, it is not possible to apply any values to the inputs of the software component.
- A hacker or a malware program executed by the terminal UT has a very short time to get the displayed validation code CC to be typed and the keypad key layout, by analyzing the displayed image frames FRM or by executing or analyzing the software component GC. Therefore, it appears to be very difficult for a hacker to be authenticated at steps S21 to S33 since the typed positions POSi must correspond to the keypad KYP and validation code CC displayed by the execution of the software component GC transmitted to the terminal UT at step S24.
- When the server ASRV generates the software component GC, it can be decided to use another bit rank in the values of the wires of the software component for defining the corresponding binary state of these values. Thus, the bits at the selected bit rank in the input values a logic gate AGi may be used to select a data in the truth table GTT of the logic gate, and the bits at the selected bit rank in the output values PXi of the software component GC are extracted and applied to the module XRG.
- The illustrations described herein are intended to provide a general understanding of the structure of various embodiments. These illustrations are not intended to serve as a complete description of all of the elements and features of apparatus, processors and systems that utilizes the structures or methods described therein. Many other embodiments or combinations thereof may be apparent to those of ordinary skills in the art upon reviewing the disclosure by combining the disclosed embodiments. Other embodiments may be utilized and derived from the disclosure, such that structural and logical substitutions and changes may be made without departing from the scope of the disclosure.
- The methods disclosed herein may be implemented by software programs executable by the main processor HP (CPU) of the user terminal UT, or at least partially by the graphic processor GP of the user terminal UT.
- Further, the methods disclosed herein are not limited to displaying sensitive information such as a keypad with a randomly selected layout and a validation code. One objective of such a display is to check that the user knows a secret data shared with the server ASRV and perceives information presented by the terminal in a way perceptible by a human. Alternative challenge-response schemes can be implemented in other embodiments. According to an example embodiment, the displayed message MSG may conduct the user to input a combination such as the sum or the multiplication of the digits of the displayed validation code CC. In addition to this or in another embodiment, the generated frames may be formed with differences with a previously generated frame.
- According to another example embodiment, the flickering or blinking of segments may be controlled directly in/by the graphic processor, by setting pixel intensity, additive or subtractive pixel color, pixel refresh rate, or pixel flickering parameters of the graphic processor.
- The challenge can be transmitted to the user using other means than by displaying it on a display screen. For instance, the challenge can be transmitted to the user by audio means using an audio cryptographic algorithm. According to this algorithm, an original audio sequence may be decomposed into a number of source audio sequences of the same length as the original audio sequence, in a way such that the original audio sequence can be reconstructed only by simultaneously playing all the source audio sequences generated by the decomposition. As such, it may be difficult to reconstruct the original audio sequence if any one of the source audio sequence is missing. Provision may be made to play two source audio sequences simultaneously, one via the terminal UT and the other via other means such as a portable device having a memory storing a source audio sequence and a headphone playing the stored source audio sequence without a microphone of the terminal hearing it. If the user hears an intelligible audio message by playing the two source audio sequences simultaneously, it may mean that the source audio sequence played by the portable device complements the source audio sequence.
- In some implementations, the user may record his fingerprints at step S10. At step S27, the software component GC displayed a message requesting the user to input one or two particular fingerprints, for example, the thumb print and the ring finger print. This message may be displayed using segments, as the digits representing the key labels KYL and validation code CC. At step S28 or S54, the user may input the requested fingerprints, and at the verification steps S30 and S31, the server ASRV may compare the input fingerprints with the one it stored after step S10. Here, the shared secret data may be the fingerprints and the information to be perceived by the user may be the designation of the requested fingers.
- Further, the methods disclosed herein are not limited to authenticating a user in view of validating a transaction. The methods disclosed herein may be applied to securely transmit secret information to or from a user, or more generally to securely perform a sensitive operation in a non-secure environment.
- Further, the methods disclosed herein are not limited to a method comprising displaying image frames and introduction of secret data (CC) using a single user terminal. The methods disclosed herein may be applied to securely authenticate a user on another connected device, the frame images being displayed on the user terminal or on a remote display such as a smartwatch, virtual reality glasses or lenses, or projected on a surface or in the form of a 3D image. Similarly, the secret data may be input in another device connected to the user terminal or using voice or gesture. Therefore, the words “user terminal” may designate a single device or a set of devices including a terminal without a display, an IoT (Internet of Things) terminal, a smart home terminal, and any input terminal that allows the user to enter data.
- In some implementations, the user terminal UT may be controlled by voice or gesture. Voice command may be translated to command. Each recognized command being equivalent to one of the positions POSi. The keypad may be replaced by any other representations such as the ones requiring a gesture, following a geometric figure or tracing links between dots. Further, the input terminal may be a 3D input terminal with which the user may interact by 3D gestures in the air. Therefore the positions POSi may be 3D coordinate positions in space.
- In some implementations, the display may be any display including for example an ATM, a vending machine, a TV, a public display, a projected display, and/or a virtual display a 3D display or a hologram. In other implementations, the terminal may be any input equipment including, for example, a touch screen, a game accessory, a gesture acquisition system, and/or a voice or sound command system.
- In other implementations, the images frames FRM may be generated without applying the mask IMSK, and may be displayed separately from the mask IMSK using two display devices. For example, one of the two display devices may be transparent, such as, a display device in the form of eye lenses. The displayed images may become intelligible to the user when the displayed image frames are superimposed with the display mask IMSK.
- Further, the methods disclosed herein, introducing randomization in the execution of the software component protected against tampering and reverse-engineering, are not limited to generate blinking pixel in an image or an image frame. More generally, the methods disclosed herein can be used in any application in which a random state is required in a sensitive software function, protected against reverse-engineering and tampering, the software function receiving input data and providing output data. For example, these methods can be applied to protection of data without using encryption or decryption keys which may be exposed to key theft. In this example, the software component may be configured to provide a part of the protected data as a function of a set of random input data, each random input data having two possible values. Each combination of the random input values applied to the software component may be used to compute a respective part of the protected data. The number of combinations of the random input values may define the number of data parts that can be computed by executing the software component. As an example, the data to be protected can be images, and the data parts of such images can be pixel values of an image or color component values of the image pixels. The execution of the software component may provide a pixel value or a part thereof and a position of the pixel in the image. The parts of the data to be protected that are each computed by one execution of the software component applied to one combination of the input values can be as small as desired. For instance, the software component can be configured to provide by one execution a point of a Gaussian curve or a value that is used to compute a histogram. The data part value may correspond to the highest value computed by the software component or to the value having the highest occurrence number in the histogram. Only a part of the protected data can be made accessible when only a part of the two alternative values of the input data of the software component is provided, only one value being provided for the other input data of the software component.
- Further, the methods disclosed herein are not limited to an implementation involving an authentication server. Other implementations can involve a secure element within the user terminal, such as the secure processor SE shown in
FIG. 2 , or a secure domain within the main processor HP of the terminal. In the methods disclosed herein, all operations performed by the server ASRV can be performed by such a secure element.FIG. 15 represents authentication steps S41 to S44 performed by the user terminal UT and a secure element SE connected to the main processor HP of the terminal UT, and enabling the secure element to authenticate the user. At step S41, the terminal UT transmits a command CMD to the secure element SE, this command requiring an authentication of the user before being executed by the secure element. Then the terminal UT performs steps S26 and S28 to S30, as previously disclosed. The secure element SE performs steps S24, S25, S27 and S31, in place of the server ASRV. Then the secure element SE performs steps S42 to S44. At step S42, the secure element SE compares the validation code CC1 input by the user to corresponding value CC securely stored by secure element SE. If the validation code CC1 typed by the user match the value CC stored by the secure element SE, the latter performs step S43 in which it executes the command CMD requested at step S41. At step S44, the secure element SE transmits an execution report RS of the command CMD. In this way, the secure element SE executes the command CMD only when the user of the terminal UT authorizes it. - In some implementations, the secure element SE in
FIG. 15 can be implemented by or can be part of an external terminal connected to the user terminal UT by means of a communication link such as NFC (Near Field Communication) or Bluetooth. The external terminal can be a point-of-sale terminal. - Further, the methods disclosed herein are not limited to garbled circuits comprising gates having only two inputs and one output. Other types of gates with three or more inputs and one or more outputs or receiving data having more than two valid states may be implemented using truth tables having more than four lines. Therefore, the randomness obtained by transmitting and selecting one of the possible values RNiV1 and RNiV2 of the input RNi, may also be obtained by transmitting and randomly selecting one value among three or more valid values of an input of the garbled circuit.
- Further, the methods disclosed herein are not limited to an implementation of the software component by a garbled circuit. Other implementations of the software component such as including obfuscated programs can be used to hide parts of the program loaded in the main processor of the terminal UT, and/or to prevent sensitive parts of the program from being unveiled or modified by unauthorized persons.
- In some implementations, the conception of a garbled circuit can be perform by translating a program written in language such as C or C++ into a circuit design language such as VHDL or Verilog to obtain a logic or Boolean circuit comprising logic gates.
- Further, the methods disclosed herein are not limited to the use of a software component protected against tampering and reverse-engineering, such as, generated using obfuscation and/or garbled circuit methods. As an example of such an application, the methods disclosed herein may be used to perform operations that do not require high security level, such as video games or medical eye testing.
- Further, the methods disclosed herein are not limited to an implementation involving a mask such the image mask IMSK to decrypt output values of the software component. Other implementations can generate and execute a software component directly outputting the pixels values to be displayed. In addition, the message MSG can be directly provided in the output pixel values. In addition the mask can be transmitted separately from the software component or the structure and content data thereof, even after the execution of the software component.
- Further, the methods disclosed herein can be implemented with a user terminal UT that only comprises a hardware keypad, the displayed frames FRM being displayed just to assign other key labels to the physical keypad. Thus, instead to touch positions of the display screen to input the positions POSi, the user activates hardware keys of the keypad in correspondence with the assigned labels shown in the displayed frames FRM.
- The term pixel, as used herein for a standard display screen, may be understood as coordinates, either 2D coordinates for a 2D display or 3D coordinates for a 3D or stereo display or for a projected display.
- Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device. Various implementations of the systems and techniques described here can be realized as and/or generally be referred to herein as a controller, a circuit, a module, a block, or a system that can combine software and hardware aspects. For example, a module may include the functions/acts/computer program instructions executing on a processor (e.g., a processor formed on a silicon substrate, a GaAs substrate, and the like) or some other programmable data processing apparatus.
- These computer programs (also known as programs, software, software applications or code) include machine instructions for a programmable processor, and can be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term “machine-readable signal” refers to any signal used to provide machine instructions and/or data to a programmable processor.
- Some of the above example embodiments are described as processes or methods depicted as flowcharts. Although the flowcharts describe the operations as sequential processes, many of the operations may be performed in parallel, concurrently or simultaneously. In addition, the order of operations may be re-arranged. The processes may be terminated when their operations are completed, but may also have additional blocks not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, subprograms, etc.
- Methods discussed above, some of which are illustrated by the flow charts, may be implemented by hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof. When implemented in software, firmware, middleware or microcode, the program code or code segments to perform the necessary tasks may be stored in a machine or computer readable medium such as a storage medium. A processor(s) may perform the necessary tasks.
- Specific structural and functional details disclosed herein are merely representative for purposes of describing example embodiments. Example embodiments, however, may be embodied in many alternate forms and should not be construed as limited to only the embodiments set forth herein.
- Processors suitable for the processing of a computer program include, by way of example, both general and special-purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. Elements of a computer may include at least one processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer also may include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data (e.g., magnetic, magneto-optical disks, or optical disks). Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices; magnetic disks (e.g., internal hard disks or removable disks); magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory may be supplemented by, or incorporated in special-purpose logic circuitry.
- To provide for interaction with a user, implementations may be implemented on a computer having a display device (e.g., a cathode ray tube (CRT), a light-emitting diode (LED), or liquid crystal display (LCD) display device) for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user, as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
- Implementations may be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation), or any combination of such back-end, middleware, or front-end components. Components may be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (LAN) and a wide area network (WAN) (e.g., the Internet).
- While certain features of the described implementations have been illustrated as described herein, many modifications, substitutions, changes, and equivalents will now occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the scope of the implementations. It should be understood that they have been presented by way of example only, not limitation, and various changes in form and details may be made. Any portion of the apparatus and/or methods described herein may be combined in any combination, except mutually exclusive combinations. The implementations described herein can include various combinations and/or sub-combinations of the functions, components, and/or features of the different implementations described.
Claims (18)
Applications Claiming Priority (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16196950.6 | 2016-11-02 | ||
EP16196957.1 | 2016-11-02 | ||
EP16196950.6A EP3319001A1 (en) | 2016-11-02 | 2016-11-02 | Method for securely transmitting a secret data to a user of a terminal |
EP16196957.1A EP3319002B1 (en) | 2016-11-02 | 2016-11-02 | Method for securely performing a sensitive operation using a non-secure terminal |
EP16196945.6 | 2016-11-02 | ||
EP16196945.6A EP3319000A1 (en) | 2016-11-02 | 2016-11-02 | Method for securing a transaction performed from a non-secure terminal |
EP16196947.2 | 2016-11-02 | ||
EP16196947.2A EP3319067B1 (en) | 2016-11-02 | 2016-11-02 | Method for authenticating a user by means of a non-secure terminal |
EP17172856.1 | 2017-05-24 | ||
EP17172856.1A EP3319069B1 (en) | 2016-11-02 | 2017-05-24 | Method for authenticating a user by means of a non-secure terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
US20180198774A1 true US20180198774A1 (en) | 2018-07-12 |
Family
ID=61767971
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/801,030 Abandoned US20180165443A1 (en) | 2016-11-02 | 2017-11-01 | Methods for authenticating a user via a non-secure terminal |
US15/801,061 Abandoned US20180198774A1 (en) | 2016-11-02 | 2017-11-01 | Method for authenticating a user via a non-secure terminal |
US15/801,059 Abandoned US20180198784A1 (en) | 2016-11-02 | 2017-11-01 | Method for securely performing a sensitive operation using a non-secure terminal |
US15/801,041 Abandoned US20180196952A1 (en) | 2016-11-02 | 2017-11-01 | Method for securely transmitting a secret data to a user of a terminal |
US15/801,063 Abandoned US20180144112A1 (en) | 2016-11-02 | 2017-11-01 | Method for authenticating a user by means of a non-secure terminal |
US15/801,036 Expired - Fee Related US10565357B2 (en) | 2016-11-02 | 2017-11-01 | Method for securely transmitting a secret data to a user of a terminal |
US15/801,005 Abandoned US20180196927A1 (en) | 2016-11-02 | 2017-11-01 | Method for securing a transaction performed from a non-secure terminal |
US16/398,071 Abandoned US20190260748A1 (en) | 2016-11-02 | 2019-04-29 | Securing a transaction performed from a non-secure terminal |
US16/398,066 Abandoned US20190260747A1 (en) | 2016-11-02 | 2019-04-29 | Securing a transaction performed from a non-secure terminal |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/801,030 Abandoned US20180165443A1 (en) | 2016-11-02 | 2017-11-01 | Methods for authenticating a user via a non-secure terminal |
Family Applications After (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/801,059 Abandoned US20180198784A1 (en) | 2016-11-02 | 2017-11-01 | Method for securely performing a sensitive operation using a non-secure terminal |
US15/801,041 Abandoned US20180196952A1 (en) | 2016-11-02 | 2017-11-01 | Method for securely transmitting a secret data to a user of a terminal |
US15/801,063 Abandoned US20180144112A1 (en) | 2016-11-02 | 2017-11-01 | Method for authenticating a user by means of a non-secure terminal |
US15/801,036 Expired - Fee Related US10565357B2 (en) | 2016-11-02 | 2017-11-01 | Method for securely transmitting a secret data to a user of a terminal |
US15/801,005 Abandoned US20180196927A1 (en) | 2016-11-02 | 2017-11-01 | Method for securing a transaction performed from a non-secure terminal |
US16/398,071 Abandoned US20190260748A1 (en) | 2016-11-02 | 2019-04-29 | Securing a transaction performed from a non-secure terminal |
US16/398,066 Abandoned US20190260747A1 (en) | 2016-11-02 | 2019-04-29 | Securing a transaction performed from a non-secure terminal |
Country Status (5)
Country | Link |
---|---|
US (9) | US20180165443A1 (en) |
EP (4) | EP3319069B1 (en) |
KR (2) | KR20180048429A (en) |
CN (4) | CN109891418A (en) |
WO (2) | WO2018083088A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11223652B1 (en) * | 2021-01-27 | 2022-01-11 | BlackCloak, Inc. | Deception system |
US11374752B2 (en) * | 2019-06-07 | 2022-06-28 | Panasonic Avionics Corporation | Secure transactions for in-flight entertainment systems |
US20220374900A1 (en) * | 2016-06-03 | 2022-11-24 | Jpmorgan Chase Bank, N.A. | Systems, methods, and devices for integrating a first party service into a second party computer application |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018174901A1 (en) * | 2017-03-24 | 2018-09-27 | Visa International Service Association | Authentication system using secure multi-party computation |
US11818249B2 (en) * | 2017-12-04 | 2023-11-14 | Koninklijke Philips N.V. | Nodes and methods of operating the same |
EP3528161A1 (en) * | 2018-02-19 | 2019-08-21 | Skeyecode | Method for signing a transaction |
US11042626B2 (en) * | 2018-05-21 | 2021-06-22 | Nextek Power Systems, Inc. | Method of and system for authenticating a user for security and control |
CN110661764A (en) | 2018-06-29 | 2020-01-07 | 阿里巴巴集团控股有限公司 | Input acquisition method and device of secure multi-party computing protocol |
US10768951B2 (en) | 2018-08-29 | 2020-09-08 | Bank Of America Corporation | Providing augmented reality user interfaces and controlling automated systems based on user activity information and pre-staging information |
US11120496B2 (en) | 2018-09-06 | 2021-09-14 | Bank Of America Corporation | Providing augmented reality user interfaces and controlling back-office data processing systems based on augmented reality events |
US20200125705A1 (en) * | 2018-10-19 | 2020-04-23 | Ca, Inc. | User authentication based on an association of biometric information with a character-based password |
CN111639956B (en) * | 2018-11-16 | 2023-04-28 | 创新先进技术有限公司 | Method and device for providing and acquiring safety identity information |
CN110516775B (en) * | 2019-07-11 | 2023-07-25 | 西安邮电大学 | User secret information hiding method based on QR code |
GB201916413D0 (en) * | 2019-11-11 | 2019-12-25 | Mrb Corp Ltd | Improved human verification |
US11275945B2 (en) * | 2020-03-26 | 2022-03-15 | Varjo Technologies Oy | Imaging system and method for producing images with virtually-superimposed functional elements |
US10797866B1 (en) * | 2020-03-30 | 2020-10-06 | Bar-Ilan University | System and method for enforcement of correctness of inputs of multi-party computations |
WO2021205660A1 (en) * | 2020-04-10 | 2021-10-14 | 日本電気株式会社 | Authentication server, authentication system, authentication server control method, and storage medium |
JPWO2022018971A1 (en) * | 2020-07-22 | 2022-01-27 | ||
EP3979102A1 (en) * | 2020-09-30 | 2022-04-06 | Rubean AG | Electronic device for performing an authentication operation |
WO2022079657A1 (en) * | 2020-10-15 | 2022-04-21 | Vea Technologies Ltd | A method and system for authenticating a user |
CN112565265B (en) * | 2020-12-04 | 2022-11-01 | 国网辽宁省电力有限公司沈阳供电公司 | Authentication method, authentication system and communication method between terminal devices of Internet of things |
US12021861B2 (en) * | 2021-01-04 | 2024-06-25 | Bank Of America Corporation | Identity verification through multisystem cooperation |
CN112836627B (en) * | 2021-01-29 | 2022-07-19 | 支付宝(杭州)信息技术有限公司 | Living body detection method and apparatus |
CN114285558B (en) * | 2021-12-24 | 2023-09-08 | 浙江大学 | Multi-party privacy calculation method and device based on semi-trusted hardware |
EP4369223A1 (en) * | 2022-11-08 | 2024-05-15 | Telefónica Innovación Digital, S.L.U. | Multi-factor authentication method and system for virtual reality |
FR3143790A1 (en) * | 2022-12-19 | 2024-06-21 | Banks And Acquirers International Holding | Method and system for secure entry of a secret code using a keyboard |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060177060A1 (en) * | 2003-07-21 | 2006-08-10 | Koninklijke Philips Electronics N.V. | Image alignment |
US20080205644A1 (en) * | 2007-02-22 | 2008-08-28 | Korea University Industry And Academy Collaboration Foundation | Method for encrypting and decrypting an image frame |
US20090041380A1 (en) * | 2007-08-07 | 2009-02-12 | Hitachi-Omron Terminal Solutions, Corporation | Information display device and information display method |
US20090187757A1 (en) * | 2008-01-18 | 2009-07-23 | Sap Ag | Method and system for mediated secure computation |
US20100275010A1 (en) * | 2007-10-30 | 2010-10-28 | Telecom Italia S.P.A. | Method of Authentication of Users in Data Processing Systems |
US8448226B2 (en) * | 2005-05-13 | 2013-05-21 | Sarangan Narasimhan | Coordinate based computer authentication system and methods |
US20130301830A1 (en) * | 2012-05-08 | 2013-11-14 | Hagai Bar-El | Device, system, and method of secure entry and handling of passwords |
US20140250538A1 (en) * | 2011-02-10 | 2014-09-04 | Fireblade Ltd. | DISTINGUISH VALID USERS FROM BOTS, OCRs AND THIRD PARTY SOLVERS WHEN PRESENTING CAPTCHA |
US20150007088A1 (en) * | 2013-06-10 | 2015-01-01 | Lenovo (Singapore) Pte. Ltd. | Size reduction and utilization of software keyboards |
US20150293694A1 (en) * | 2012-11-27 | 2015-10-15 | Thomson Licensing | Adaptive virtual keyboard |
US20150310655A1 (en) * | 2014-02-18 | 2015-10-29 | Charles Hill | Techniques for displaying content on a display to reduce screenshot quality |
US20150371613A1 (en) * | 2014-06-19 | 2015-12-24 | Contentguard Holdings, Inc. | Obscurely rendering content using image splitting techniques |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6006328A (en) * | 1995-07-14 | 1999-12-21 | Christopher N. Drake | Computer software authentication, protection, and security system |
US20020188872A1 (en) * | 2001-06-06 | 2002-12-12 | Willeby Tandy G. | Secure key entry using a graphical user inerface |
US20060008086A1 (en) * | 2002-09-09 | 2006-01-12 | Koninklijke Philips Electronics N.V. | Image encryption method and visual decryption device |
CA2509706A1 (en) * | 2004-06-17 | 2005-12-17 | Ronald Neville Langford | Authenticating images identified by a software application |
US20080105644A1 (en) * | 2005-04-29 | 2008-05-08 | Douglas Marcus H L | Tamper-Evident Closure |
GB2426837A (en) * | 2005-06-01 | 2006-12-06 | Hewlett Packard Development Co | Checking the integrity of a software component |
US7484173B2 (en) * | 2005-10-18 | 2009-01-27 | International Business Machines Corporation | Alternative key pad layout for enhanced security |
US20080209227A1 (en) * | 2007-02-28 | 2008-08-28 | Microsoft Corporation | User Authentication Via Biometric Hashing |
US8456478B2 (en) * | 2008-10-30 | 2013-06-04 | Microchip Technology Incorporated | Microcontroller with integrated graphical processing unit |
CN102714592B (en) * | 2009-06-24 | 2016-03-16 | 亚洲凯普托服务有限公司 | Produce the method and system of visual key |
JP4950315B2 (en) * | 2010-02-26 | 2012-06-13 | 楽天株式会社 | DATA GENERATION DEVICE, DATA GENERATION METHOD, AND DATA GENERATION PROGRAM |
US8209743B1 (en) * | 2010-03-09 | 2012-06-26 | Facebook, Inc. | CAPTCHA image scramble |
WO2012033489A1 (en) * | 2010-09-08 | 2012-03-15 | Hewlett-Packard Development Company, L.P. | Secure upgrade supplies and methods |
FR2971599B1 (en) * | 2011-02-11 | 2013-03-15 | Jean Luc Leleu | SECURE TRANSACTION METHOD FROM UNSECURED TERMINAL |
US8682750B2 (en) * | 2011-03-11 | 2014-03-25 | Intel Corporation | Method and apparatus for enabling purchase of or information requests for objects in digital content |
EP2523140B1 (en) * | 2011-05-12 | 2014-09-24 | Konvax Corporation | Secure user credential control |
US9485237B1 (en) * | 2011-10-19 | 2016-11-01 | Amazon Technologies, Inc. | Confidence-based authentication |
CN102340402B (en) * | 2011-10-28 | 2013-09-18 | 中国人民解放军国防科学技术大学 | Identity authentication method based on visual cryptography |
US20150067786A1 (en) * | 2013-09-04 | 2015-03-05 | Michael Stephen Fiske | Visual image authentication and transaction authorization using non-determinism |
US9563926B2 (en) * | 2013-03-14 | 2017-02-07 | Applied Materials Technologies Limited | System and method of encoding content and an image |
US9003196B2 (en) * | 2013-05-13 | 2015-04-07 | Hoyos Labs Corp. | System and method for authorizing access to access-controlled environments |
CN103345602B (en) | 2013-06-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | A kind of client-side code integrality detection, device and system |
US9582716B2 (en) * | 2013-09-09 | 2017-02-28 | Delta ID Inc. | Apparatuses and methods for iris based biometric recognition |
US9483653B2 (en) * | 2014-10-29 | 2016-11-01 | Square, Inc. | Secure display element |
US10846696B2 (en) * | 2015-08-24 | 2020-11-24 | Samsung Electronics Co., Ltd. | Apparatus and method for trusted execution environment based secure payment transactions |
EP3144798B1 (en) * | 2015-09-18 | 2020-12-16 | Canon Kabushiki Kaisha | Image processing apparatus, method of controlling the same, and storage medium |
-
2017
- 2017-05-24 EP EP17172856.1A patent/EP3319069B1/en not_active Not-in-force
- 2017-10-09 EP EP17195479.5A patent/EP3319070A1/en not_active Withdrawn
- 2017-10-31 WO PCT/EP2017/077895 patent/WO2018083088A1/en unknown
- 2017-10-31 CN CN201780066980.7A patent/CN109891418A/en active Pending
- 2017-10-31 EP EP17800424.8A patent/EP3535680A1/en not_active Withdrawn
- 2017-10-31 EP EP17792064.2A patent/EP3535746A1/en not_active Withdrawn
- 2017-10-31 CN CN201780067275.9A patent/CN109891478A/en active Pending
- 2017-10-31 WO PCT/EP2017/077896 patent/WO2018083089A1/en unknown
- 2017-11-01 US US15/801,030 patent/US20180165443A1/en not_active Abandoned
- 2017-11-01 US US15/801,061 patent/US20180198774A1/en not_active Abandoned
- 2017-11-01 US US15/801,059 patent/US20180198784A1/en not_active Abandoned
- 2017-11-01 US US15/801,041 patent/US20180196952A1/en not_active Abandoned
- 2017-11-01 US US15/801,063 patent/US20180144112A1/en not_active Abandoned
- 2017-11-01 US US15/801,036 patent/US10565357B2/en not_active Expired - Fee Related
- 2017-11-01 US US15/801,005 patent/US20180196927A1/en not_active Abandoned
- 2017-11-02 CN CN201711064864.XA patent/CN108021793A/en active Pending
- 2017-11-02 KR KR1020170145524A patent/KR20180048429A/en unknown
- 2017-11-02 CN CN201711065166.1A patent/CN108021800A/en active Pending
- 2017-11-02 KR KR1020170145502A patent/KR20180048428A/en unknown
-
2019
- 2019-04-29 US US16/398,071 patent/US20190260748A1/en not_active Abandoned
- 2019-04-29 US US16/398,066 patent/US20190260747A1/en not_active Abandoned
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060177060A1 (en) * | 2003-07-21 | 2006-08-10 | Koninklijke Philips Electronics N.V. | Image alignment |
US8448226B2 (en) * | 2005-05-13 | 2013-05-21 | Sarangan Narasimhan | Coordinate based computer authentication system and methods |
US20080205644A1 (en) * | 2007-02-22 | 2008-08-28 | Korea University Industry And Academy Collaboration Foundation | Method for encrypting and decrypting an image frame |
US20090041380A1 (en) * | 2007-08-07 | 2009-02-12 | Hitachi-Omron Terminal Solutions, Corporation | Information display device and information display method |
US20100275010A1 (en) * | 2007-10-30 | 2010-10-28 | Telecom Italia S.P.A. | Method of Authentication of Users in Data Processing Systems |
US20090187757A1 (en) * | 2008-01-18 | 2009-07-23 | Sap Ag | Method and system for mediated secure computation |
US20140250538A1 (en) * | 2011-02-10 | 2014-09-04 | Fireblade Ltd. | DISTINGUISH VALID USERS FROM BOTS, OCRs AND THIRD PARTY SOLVERS WHEN PRESENTING CAPTCHA |
US20130301830A1 (en) * | 2012-05-08 | 2013-11-14 | Hagai Bar-El | Device, system, and method of secure entry and handling of passwords |
US20150293694A1 (en) * | 2012-11-27 | 2015-10-15 | Thomson Licensing | Adaptive virtual keyboard |
US20150007088A1 (en) * | 2013-06-10 | 2015-01-01 | Lenovo (Singapore) Pte. Ltd. | Size reduction and utilization of software keyboards |
US20150310655A1 (en) * | 2014-02-18 | 2015-10-29 | Charles Hill | Techniques for displaying content on a display to reduce screenshot quality |
US20150371613A1 (en) * | 2014-06-19 | 2015-12-24 | Contentguard Holdings, Inc. | Obscurely rendering content using image splitting techniques |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220374900A1 (en) * | 2016-06-03 | 2022-11-24 | Jpmorgan Chase Bank, N.A. | Systems, methods, and devices for integrating a first party service into a second party computer application |
US11374752B2 (en) * | 2019-06-07 | 2022-06-28 | Panasonic Avionics Corporation | Secure transactions for in-flight entertainment systems |
US11223652B1 (en) * | 2021-01-27 | 2022-01-11 | BlackCloak, Inc. | Deception system |
WO2022164504A1 (en) * | 2021-01-27 | 2022-08-04 | BlackCloak, Inc. | Deception system |
Also Published As
Publication number | Publication date |
---|---|
US20180144112A1 (en) | 2018-05-24 |
CN108021793A (en) | 2018-05-11 |
WO2018083089A1 (en) | 2018-05-11 |
EP3319069A1 (en) | 2018-05-09 |
US20180165443A1 (en) | 2018-06-14 |
CN109891478A (en) | 2019-06-14 |
CN109891418A (en) | 2019-06-14 |
US20180196927A1 (en) | 2018-07-12 |
US20190260747A1 (en) | 2019-08-22 |
US20180196952A1 (en) | 2018-07-12 |
US10565357B2 (en) | 2020-02-18 |
KR20180048429A (en) | 2018-05-10 |
CN108021800A (en) | 2018-05-11 |
US20180145827A1 (en) | 2018-05-24 |
US20180198784A1 (en) | 2018-07-12 |
EP3319070A1 (en) | 2018-05-09 |
EP3535746A1 (en) | 2019-09-11 |
EP3535680A1 (en) | 2019-09-11 |
KR20180048428A (en) | 2018-05-10 |
US20190260748A1 (en) | 2019-08-22 |
EP3319069B1 (en) | 2019-05-01 |
WO2018083088A1 (en) | 2018-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10565357B2 (en) | Method for securely transmitting a secret data to a user of a terminal | |
US20190050554A1 (en) | Logo image and advertising authentication | |
US20190258829A1 (en) | Securely performing a sensitive operation using a non-secure terminal | |
EP3319067B1 (en) | Method for authenticating a user by means of a non-secure terminal | |
EP3319000A1 (en) | Method for securing a transaction performed from a non-secure terminal | |
EP3319001A1 (en) | Method for securely transmitting a secret data to a user of a terminal | |
WO2019158397A1 (en) | Method for signing a transaction | |
EP3319068A1 (en) | Method for securely transmitting a secret data to a user of a terminal | |
EP3594838A1 (en) | Method for recovering a secret key securely stored in a secure element | |
EP3319002B1 (en) | Method for securely performing a sensitive operation using a non-secure terminal | |
EP3319269A1 (en) | Method for securely performing a sensitive operation using a non-secure terminal | |
KR101832815B1 (en) | Method and server for improving security of password authentication by real-time mapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
AS | Assignment |
Owner name: SKEYECODE, FRANCE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PITEL, GUILLAUME;LELEU, JEAN-LUC;REEL/FRAME:047479/0154 Effective date: 20180115 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |