WO2009000223A3 - Device and method for tap-proof and manipulation-proof encoding of online accounts - Google Patents

Device and method for tap-proof and manipulation-proof encoding of online accounts Download PDF

Info

Publication number
WO2009000223A3
WO2009000223A3 PCT/DE2008/000885 DE2008000885W WO2009000223A3 WO 2009000223 A3 WO2009000223 A3 WO 2009000223A3 DE 2008000885 W DE2008000885 W DE 2008000885W WO 2009000223 A3 WO2009000223 A3 WO 2009000223A3
Authority
WO
WIPO (PCT)
Prior art keywords
proof
tap
client
server
message
Prior art date
Application number
PCT/DE2008/000885
Other languages
German (de)
French (fr)
Other versions
WO2009000223A9 (en
WO2009000223A2 (en
Inventor
Bernd Borchert
Klaus Reinhardt
Original Assignee
Universität Tübingen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universität Tübingen filed Critical Universität Tübingen
Priority to DE112008002306T priority Critical patent/DE112008002306A5/en
Publication of WO2009000223A2 publication Critical patent/WO2009000223A2/en
Publication of WO2009000223A3 publication Critical patent/WO2009000223A3/en
Publication of WO2009000223A9 publication Critical patent/WO2009000223A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer And Data Communications (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Input From Keyboards Or The Like (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The invention relates to a method and a device for the tap-proof and manipulation-proof transmission of messages between a server and the computer of a client, over a computer network, and for the decoding of encoded messages by clients. The method and the device can be especially used for encoding online accounts, especially for online banking. The device, described as a cryptocard, is preferably a flat appliance comprising photosensory elements on the rear side and a display on the front side. The device also contains a logic element/processor and an electronic memory containing codes. It is placed on the screen of the computer of the client, on which the following is displayed in image format: (1) an encoded message, (2) the number of the code required for the decoding, and (3) the co-ordinates of the actual position of the indicator symbol. This information received by the photosensors is decoded by the logic element/processor by means of the code, and the message is decoded and displayed in a clearly visible manner on the display. The indicator symbol on the screen is simulated on the display. By clicking buttons marked with characters on the cryptocard, a message can be transmitted from the client to the server. As the marking of the buttons by the characters is fixed previously at random by the server and transmitted in a tap-proof manner to the cryptocard, the transmission of the message from the client to the server is also tap-proof. The tap-proofness in both directions allows a protocol for online banking to be implemented, which renders the PIN tap-proof and prevents the falsification of transfers.
PCT/DE2008/000885 2007-06-27 2008-05-27 Device and method for tap-proof and manipulation-proof encoding of online accounts WO2009000223A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE112008002306T DE112008002306A5 (en) 2007-06-27 2008-05-27 Device and method for tapping and tamper-proof encryption for online accounts

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102007029759 2007-06-27
DE012007029759.0 2007-06-27

Publications (3)

Publication Number Publication Date
WO2009000223A2 WO2009000223A2 (en) 2008-12-31
WO2009000223A3 true WO2009000223A3 (en) 2009-10-01
WO2009000223A9 WO2009000223A9 (en) 2009-12-10

Family

ID=39773043

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2008/000885 WO2009000223A2 (en) 2007-06-27 2008-05-27 Device and method for tap-proof and manipulation-proof encoding of online accounts

Country Status (2)

Country Link
DE (2) DE102007052734B4 (en)
WO (1) WO2009000223A2 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007043843A1 (en) 2007-07-21 2009-01-22 Borchert, Bernd, Dr. Character string tap-proof transmitting method for e.g. on-line bank account, involves providing information with image to position client, and inputting reconstruction of character string by client using server
DE102009004058A1 (en) 2009-01-08 2010-07-15 Borchert, Bernd, Dr. Transaction data manipulation-proof verifying method for online-account i.e. online-bank account, involves transmitting verified transaction data from recorder to server, and verifying input value with respect to data at server
DE102009033919A1 (en) * 2009-07-20 2011-01-27 Giesecke & Devrient Gmbh Secure display of user data on a telecommunication terminal
DE102009040009B4 (en) * 2009-09-03 2011-05-19 Eberhard-Karls-Universität Tübingen Secure encryption for online accounts through a device with camera, display and wireless as a mediator between the computer and the secret
DE102010022794A1 (en) * 2010-06-05 2011-12-15 Günther Schmalz System and device for verifying data
WO2012176082A1 (en) * 2011-06-22 2012-12-27 International Business Machines Corporation Mobile touch-generating device and communication with a touchscreen
US8746217B2 (en) 2011-10-07 2014-06-10 Deere & Company Power system comprising an air cooled HT EGR cooler and LT EGR cooler
GB201212878D0 (en) 2012-07-20 2012-09-05 Pike Justin Authentication method and system
DE102013015861A1 (en) * 2013-09-24 2015-03-26 Giesecke & Devrient Gmbh Method for making information available
EP3140766A1 (en) * 2014-05-08 2017-03-15 Thumbzup UK Limited Authentication code entry system and method
GB201520741D0 (en) 2015-05-27 2016-01-06 Mypinpad Ltd And Licentia Group Ltd Authentication methods and systems
DE102015011183A1 (en) 2015-08-27 2017-03-16 Borchert IT-Sicherheit UG (haftungsbeschränkt) Inaudible password entry on an insecure terminal using a radio / display token

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0338936A1 (en) * 1988-04-21 1989-10-25 Telecash Hand-held electronic device to be used in conjuction with a screen
WO2004040903A1 (en) * 2002-11-01 2004-05-13 Koninklijke Philips Electronics N.V. Image decryption device and method
WO2004081767A1 (en) * 2003-03-11 2004-09-23 Koninklijke Philips Electronics N.V. Method and system for enabling remote message composition
US20060176274A1 (en) * 2003-02-25 2006-08-10 Chiu-Hao Cheng Photographic type pointer positioning device
GB2427333A (en) * 2005-06-16 2006-12-20 Hewlett Packard Development Co Encryption using a combination of first and second One-Time Pad (OTP) data
US20070040801A1 (en) * 2005-08-17 2007-02-22 Samsung Electronics Co., Ltd. Method and apparatus for displaying movement of input device in on-screen display (OSD) area
EP1785819A2 (en) * 2005-10-24 2007-05-16 Sony Ericsson Mobile Communications Japan, Inc. Mobile terminal, mouse application program, and method for utilizing mobile terminal as wireless mouse device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002039656A1 (en) * 2000-11-11 2002-05-16 Threewin.Com Co., Ltd. Method and apparatus for inputting secret information
AU2002351145A1 (en) 2002-01-17 2003-07-30 Koninklijke Philips Electronics N.V. Secure data input dialogue using visual cryptography
AU2003209956A1 (en) 2002-04-08 2003-10-20 Koninklijke Philips Electronics N.V. Device for reconstructing a graphical message
US20060026428A1 (en) * 2002-11-29 2006-02-02 Koninklijke Philips Electronics N.V. Key synchronization in an image cryptographic systems
US20060031174A1 (en) * 2004-07-20 2006-02-09 Scribocel, Inc. Method of authentication and indentification for computerized and networked systems
DE102007018802B3 (en) 2007-04-20 2008-08-28 Universität Tübingen Method for tap-proof transmission of character string from client to server through computer network, involves producing shadow image on screen through server according to visual cryptography process

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0338936A1 (en) * 1988-04-21 1989-10-25 Telecash Hand-held electronic device to be used in conjuction with a screen
WO2004040903A1 (en) * 2002-11-01 2004-05-13 Koninklijke Philips Electronics N.V. Image decryption device and method
US20060176274A1 (en) * 2003-02-25 2006-08-10 Chiu-Hao Cheng Photographic type pointer positioning device
WO2004081767A1 (en) * 2003-03-11 2004-09-23 Koninklijke Philips Electronics N.V. Method and system for enabling remote message composition
GB2427333A (en) * 2005-06-16 2006-12-20 Hewlett Packard Development Co Encryption using a combination of first and second One-Time Pad (OTP) data
US20070040801A1 (en) * 2005-08-17 2007-02-22 Samsung Electronics Co., Ltd. Method and apparatus for displaying movement of input device in on-screen display (OSD) area
EP1785819A2 (en) * 2005-10-24 2007-05-16 Sony Ericsson Mobile Communications Japan, Inc. Mobile terminal, mouse application program, and method for utilizing mobile terminal as wireless mouse device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MCCUNE J M ET AL: "Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication", SECURITY AND PRIVACY, 2005 IEEE SYMPOSIUM ON OAKLAND, CA, USA 08-11 MAY 2005, PISCATAWAY, NJ, USA,IEEE, 8 May 2005 (2005-05-08), pages 110 - 124, XP010798367 *

Also Published As

Publication number Publication date
WO2009000223A9 (en) 2009-12-10
DE102007052734A1 (en) 2009-01-02
WO2009000223A2 (en) 2008-12-31
DE102007052734B4 (en) 2010-12-30
DE112008002306A5 (en) 2010-05-27

Similar Documents

Publication Publication Date Title
WO2009000223A9 (en) Device and method for tap-proof and manipulation-proof encoding of online accounts
US20220180336A1 (en) Emoji commanded action
WO2016124074A1 (en) Information processing method, client, server and computer storage medium
US20050192078A1 (en) SMS-based mobile lottery games
CN104320703A (en) Method, device and system for logging in intelligent television terminal
AU2003275390A8 (en) System and method for delivery of information based on web page content
WO2005045709A8 (en) Distributed document version control
WO2007052264A3 (en) Sending and receiving text messages using a variety of fonts
WO2002101701A3 (en) Smart interactive billboard device
CN110772800B (en) Method and device for sending skill information in game and electronic equipment
HK1085816A1 (en) A communication apparatus and a method of indicating receipt of an electronic message, and a server, a method and a computer program product for providing a computerized icon ordering service
PL2166697T3 (en) Method and system for authenticating a user by means of a mobile device
WO2008094645A3 (en) Method and apparatus for enabling interaction between a mobile device and another device
JP2014523669A5 (en)
WO2007113617A3 (en) On-line predictive text dictionary
WO2013016370A3 (en) Facilitating user support of electronic devices matrix codes
CN102420778A (en) Method and system for marking instant communication read message as unread state
CN102096683A (en) Method for realizing nameplate at browser address bar
GB2446706A8 (en) Data processing
CN108964915A (en) A kind of printed matter non-intrusive interaction method based on two dimensional code auxiliary
CN112422402A (en) Message forwarding tracing method and device, storage medium and terminal
EP1632859A4 (en) Digital information distribution control method and distribution control system
JP2005158032A5 (en)
TWM394176U (en) Block-type multi-media interactive jigsaw puzzle
US20100292003A1 (en) Method, maker, server, system and recording medium for sharing and making game image

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08758125

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 1120080023069

Country of ref document: DE

REF Corresponds to

Ref document number: 112008002306

Country of ref document: DE

Date of ref document: 20100527

Kind code of ref document: P

122 Ep: pct application non-entry in european phase

Ref document number: 08758125

Country of ref document: EP

Kind code of ref document: A2

REG Reference to national code

Ref country code: DE

Ref legal event code: 8629