DE102007043843A1 - Character string tap-proof transmitting method for e.g. on-line bank account, involves providing information with image to position client, and inputting reconstruction of character string by client using server - Google Patents

Abstract

The method involves delivering production of an image to client, and producing the image with a set of switching surfaces. The image is displayed on a screen of the client, where the switching surfaces of the image are activatable, and a row of n characters is input by the client via activating unlabelled switching surfaces at the screen for each character of a message. Information is transmitted to a server, where the information is provided with the image that positions the client. Reconstruction of the character string is input by the client using the server. Independent claims are also included for the following: (1) a device for displaying images (2) a computer program product has a set of instructions to perform a method for tap-proof transmitting a character string (3) a server for tap-proof coding during transmission of a character string from a client through a computer network, comprising a picture producing unit.

Description

The The present invention relates to a method for tap-proof transmission from messages from a client to the server of an online account. It is especially about the tap-proof transmission password or PIN.

The Listening security of online accounts (eg email accounts, Corporate Accounts, Online Bank Accounts) is getting bigger by the Expecting quantity and harmfulness of malware (i.e., viruses, etc.) on the users' computers. Worldwide There are currently several billion password-protected Online accounts. The present invention wants to their security against eavesdropping contribute to the security against eavesdropping the password.

The Privacy of the password or PIN (= password, the only consists of digits) when logging into an online account is obvious: watching the malware on the client's machine Secretly entering the password keystrokes. Later the intercepted password is secretly sent via computer network passed on another computer. From there can then on the account will be accessed. Procedures in which the password with mouse clicks on labeled buttons on the screen are also not tap-proof: the Malware simultaneously stops screen and mouse movement.

method such as HBCl-2 or HBCl-3 for bank accounts (with external number field to enter the PIN) save the PIN before listening, But they are laborious in production, implementation and Use. In addition, the connection of the device to a foreign computers often undesirable.

The so-called security tokens are another secure way to secure access to online accounts. However, the user needs to in addition to the one-time password supplied by the token Also enter the PIN (to prevent a finder or thief of the token into the account can). This PIN is but inaudible, because it is usually open on the computer only a few tokens have a keyboard for the password. In any case, the one-time password supplied by the token must be from the Users are tapped, which represents a certain user effort.

The patent US2006 / 0098841A1 describes a method by which n characters of an alphabet with m characters can be transmitted tap-proof with n mouse clicks. The method requires n times many buttons. This results in practice in a number of buttons that can no longer be displayed (example: text length n = 20, alphabet size m = 50 gives 1000 buttons).

The patent US20060020559A1 describes an encryption method for online accounts. In this method, punched paper cards are placed on the screen to show the user secret information (this principle is also known as "Richelieu board"). The method has, among other things, the drawback that the security against eavesdropping is obscured because of large parts of the card and therefore the mouse can not be followed.

The patents EP1472584B1 and US2005 / 0219149A1 describe an application of visual cryptography in which a transparent electronic display is mounted on the screen. A major disadvantage of this method is that the development and manufacturing costs for this technique are very high. Another disadvantage is that the adjustment on the screen is complex.

The patent application DE 10 2007 029 759.0 describes a method of sending inaudible message from the client to the server, and vice versa, by a device with a camera reading an encrypted message on the screen and decrypting it on the display of the device. A disadvantage of this method is that the device needs a camera: this increases the cost and requires a certain height of the device.

The patent application DE 10 2007 018 802.3 describes a method in which visual cryptography is used to send an inaudible message from the client to the server by placing a foil printed with coded information on the screen of the client. A disadvantage of this method is that the precise adjustment of the film on the screen is time consuming for the user.

The The object of this invention is to provide a method at which the privacy of a message from the client is guaranteed to the server, but no consuming Adjustment on the screen requires.

in the The following describes the method. Initial situation is an online account in a computer network (eg Internet) with one Server and a client. Server and client trust each other, but in the computer network are potential eavesdroppers. The client should be in the Be able to send the server a message, eg. For example, his access password, to be able to send without the potential eavesdroppers in the Computer network can hear this message.

A text with n characters from an alphabet consisting of m characters should be transferred with n mouse clicks absolutely tap-proof by the client through the computer network to the server. Here and in the following, under alphabet, as usual in computer science, a finite set of characters is understood. In this sense, for example, the set of digits 0, ..., 9 is an alphabet of 10 characters.

To transfer n characters from an alphabet with m characters, the server first creates an image in the following manner. Buttons are created on the image. The buttons serve as surfaces for later clicking through the mouse and do not overlap. The buttons carry labels. Each character of the alphabet appears as a caption on at least one of the buttons. In addition, there are optionally n - 1 buttons, each for a reference to a character that has already occurred. Ideally, these references are numbered with the positions 1 to n - 1 numbered (if the numbers themselves are part of the alphabet, these numbers are specially marked, eg by a prefix P for "position"). 1A (right) shows a picture with buttons for the numbers 0, ..., 9 and text length n = 8, 2A (right) shows an image for an alphabet with the letters A ..., Z, the numbers 0, ..., 9 plus a few special characters, and text length n = 10. In the general case, there is at least m + n - 1 many buttons. The assignment of labels and buttons is generated randomly. The server remembers this random assignment.

A special case occurs when the text to be transmitted is guaranteed to have no character repetition (a plausible example: only PINs consisting of the digits 0, ..., 9 are permitted, in which no digits occur multiple times). In this case, the buttons with the references to the previous position can be omitted, and one button is enough for each character of the alphabet. 3A (right) shows an image with a randomly generated array of buttons for the digits 0, ..., 9.

After this the server has created such an image, he puts it to the client in a safe way too. For example, the server may print the image on paper and send it to the client by mail. It can the client also several such generated images, their buttons each independently at random have received their labels are delivered. In that case Every picture has a name or a number.

When the client has received the pictures with the labeled buttons, he can send the server an inaudible message. To do this, he contacts the server online via the computer network on his computer and presents himself to the server as Client X. The server then generates an electronic image in which the buttons have a similar shape and position relative to the previously generated image. However, the captions with the characters are missing. The server sends this electronic image to the client via computer network on the screen, see 1A . 2A . 3A . 4A . 4B . 5A and 5B , left each. If the client has previously received several pictures, one of the assigned numbers will also be displayed, see 1A . 2A . 3A . 4A . 4B , left each.

Client X sees the picture with the unlabeled buttons and its name (number) on the screen, see 3A , He now looks at the picture sent to him with the given number: this picture shows the labels of the buttons with the characters. Because the shape and relative position of the buttons are similar to those on the screen, it can assign characters to unlabeled buttons on the screen, that is the character that appears on the corresponding labeled button on its delivered image (the one shown in the picture) Number).

It is particularly simple for the user that the buttons of the delivered image and those of the electronic image on the screen have the same shape and size, and the delivered image is printed on transparent film: in which case he can put the film on the image on the screen , please refer 1B . 2 B and 3B , So the assignment of the buttons is given directly.

Of the In any case, the client has a 1-1 assignment of the buttons the delivered image and the electronic image, and can Now enter his secret text via mouse clicks, after following rules.

A text with n or less characters is entered character by character as follows. For each character that has not previously existed, the corresponding screen button is clicked. If a character has already occurred, the rightmost position in the text where the character already stood is determined: the screen button whose corresponding label on the delivered image is a reference to that position is clicked. For example, in 1 Enter PIN 20041111 by clicking the following buttons: 2, 0, P2, 4, 1, P5, P6, P7. Following these simple rules, it is guaranteed that each button will only be clicked once.

A possible support for the user - as he knows it from the bank machine - a correction button and a progress bar, which indicates with an "asterisk", how many characters have already been entered.

The information about the clicked buttons and their order is sent to the server, e.g. By communicating the pixel positions of the n mouse clicks relatively in the image on the screen, or other clear description of the clicked buttons. For example, the in 1B clicked buttons with the labels 2, 0, P2, 4, 1, P5, P6, P7 are transmitted as coordinates of the illustrated 4 × 5 matrix (with (0,0) top left and (3,4) bottom right), ie as follows: (3,2), (3,1), (0,0), (3,4), (1,0), (0,1), (3,0), (1,1).

Because each button is clicked at most once and the Caption of buttons selected randomly Malware may be on the client's computer or in the computer network no information about the transmitted text open up: the malware would have to be delivered Spy image with the captions of the buttons, which is not possible.

The Information sent to the server can be there afterwards be decrypted: the server knows the delivered Image and knows what labels the buttons clicked to have. So he can from the transmitted n descriptions relative mouse-click positions or buttons reconstruct the client input message of n characters. In the example above, where the matrix coordinates (3,2), (3,1), (0,0), (3,4), (1,0), (0,1), (3,0), (1,1), The server can because of the knowledge of the original image from it directly read out the message 20041111. The message was therefore tap-proof from Transfer clients to the server.

One Advantage of the method described is thus that a Online account sure before listening to the password or the PIN can be protected. The reason is that Malware (on the bank client's computer or in the computer network) missed image does not know and definitely not spy can (a "scanning" via screen is absurd!).

Compared to in US2006 / 0098841A1 described method requires the inventive method only a maximum of n + m - 1 buttons. For the above example (text length n = 20, alphabet size m = 50 results in 1000 buttons) this means: 69 buttons in the present method instead of 1000, those in US2006 / 0098841A1 needed.

One Advantage of the slides and especially the paper version is in relative low production costs, as this only the images delivered just have to be printed out and sent.

Another way to provide the users with the buttons with the reversed labels is to provide him with an electronic device with a transparent display, see 6 , The image displayed by the device with the buttons may have previously been stored on the device, possibly together with many others, or calculated by a mathematical function from the time of a clock located on the device and an individual key (in this case the server has a synchronized clock and the same key and the same mathematical function), or is used in other secure ways, eg. B. by radio or SMS, the user delivered.

Further Advantages, features and applications of the invention will be described below with reference to the embodiments Referring to the drawings described. In the drawings show:

1 : Interception-proof exchange of information with repetition of characters, example: Entering a PIN with potentially multiple occurring digits. Delivered image is printed on foil.

2 : Interception-proof exchange of information with repetition of characters, Example: Entering a password with potentially duplicate characters. Delivered image is printed on foil.

3 : Secure interception of information without repetition of characters, example: Entering a PIN, where each digit appears only once. Delivered image is printed on foil.

4 : Secure interception of information without repetition of characters, example: Entering a PIN, where each digit appears only once. Attached images are printed on (A) and (B) on paper.

5 : Secure interception of information without repetition of characters, example: Entering a PIN, where each digit appears only once. The delivered image is sent in (A) from the server via SMS to the user's mobile phone. The delivered image is generated in (B) by a clock-controlled security token.

6 : Interception-proof exchange of information without repetition of characters, Example: Entering a PIN, with each digit only once before comes. The delivered image is to the user by means of an electronic device with a transparent display, which he - as with the film, see 1 . 2 . 3 - can put on the screen, displayed.

embodiment

The above procedure for sending secret messages between server and client is applied to the specific case of online banking ( 4 ). The method prevents listening to the PIN.

Of the Bank server generates for the bank customer X a lot of permuted number fields, d. H. Pictures with 10 buttons each, that have the shape and arrangement of the keypad of a keyboard, and their buttons at random, respectively exactly with the 10 numbers 0, ..., 9 are inscribed. The server Numbers the pictures and remembers the picture for each picture Permutation. Then she prints on slides to the bank customer per Mail to, preferably bundled as a sticky note: so have the slides equal an adhesive strip. In addition will the customer as the PIN / iTAN method a PIN delivered, this It is assumed that no digit occurs twice in the PIN (The number of options is still enough to guess the PIN to be hopeless)

If the customer X has received the slides and his PIN, he can start online banking. To log in, he goes to the web page of the bank and there gives his account number. at. The account no. will be sent to the bank server. The bank server now checks the authenticity of the customer X as follows:
The bank server generates an electronic image that displays the buttons of a number field, but without captions, and sends the image to the client, including a number, to the screen. The situation arises as in 3A , The customer X takes the slide with this number and places it on the electronic picture on the screen. The situation arises as in 3B ,

Now The client can enter his PIN by using the mouse one after the other click on the buttons on which the digits of his PIN can be recognized. The relative positions of mouse clicks in the electronic Picture on screen will be sent to the bank server.

Of the Bank server receives the positions of the mouse clicks. Because the bank server itself the original picture with the reversed digits he has created and remembered the exchange, he can from it close which digit sequence has been entered. He compares this digit string with the PIN for bank customer X (which of course is also stored). If that was the right PIN, get the bank customer X access to the account.

listening end Malware (on the computer used by bank customer X or on the Internet) has no chance to listen to the PIN: the positions of mouse clicks have no meaning unless the interchanging of digits on the number field is known. This knows only the bank server and the one who can hang up the corresponding slide on the browser.

bank customer X gets so with the knowledge of the PIN and the physical possession the slide access to his bank account. Only one of them is enough not from. The procedure thus protects the PIN twice: First, it is not audible, and if someone does other way, he needs the right one Slide: without it he does not come into the account.

As an alternative to printing the permuted number fields one at a time, many numbered permuted number fields can be printed together on paper, see 4A , if necessary also in smaller representation, in order to be able to represent many of them on a sheet. While the transparencies bundled as sticky notes require expensive special printing devices, this option is feasible with standard printers. This list of permuted number fields can also be used as an iTAN list to confirm transfers. For example, you can take the top two lines of a permuted number field as a 6-digit iTAN. The disadvantage of these permuted number fields printed on paper compared to the permuted number fields printed on transparencies is that the client has to look more closely and concentrate more, because the 1-1 assignment of the buttons on the delivered image and those on the screen is indeed visible, but not so directly.

Even easier, one can write a permutation of the 10 digits as a number sequence of length 10, see 4B , So the submitted list with the digit permutations is nothing else than the well-known iTAN list, only with 10-digit TAN's, in which each digit appears exactly once.

Other ways of delivering the image to the client are in 5 shown. In 5A the labels of the buttons of the number field are sent to the client by the server as an SMS. In 5B The labels of the buttons of the number field are represented by the display of a security token. The token is before the client through the server been delivered. The token has a clock that is synchronized with a clock at the server. It is even easier to store a lot of images on the token and the server, ie the synchronization would be omitted and the user would have to press a button to view the next image. If the token's display is translucent, the token can be placed on the screen like a slide, see 6 ,

QUOTES INCLUDE IN THE DESCRIPTION

This list The documents listed by the applicant have been automated generated and is solely for better information recorded by the reader. The list is not part of the German Patent or utility model application. The DPMA takes over no liability for any errors or omissions.

Cited patent literature

• US 2006/0098841 A1 [0006, 0027, 0027]
• US 20060020559 A1 [0007]
• - EP 1472584 B1 [0008]
• US 2005/0219149 A1 [0008]
• - DE 102007029759 [0009]
• - DE 102007018802 [0010]

Claims (27)

Method for secure transmission a string of characters from a client through a computer network to Server, characterized by the following steps: a) the Generate an image with buttons that randomly be labeled with characters, by the server, b) the service of the image generated in a) on the client, c) generating an image with buttons arranged similarly are the buttons generated in a), but without Are caption, d) displaying the image generated in c) on the client's screen, with the buttons of the image are activatable, e) entering a series of n characters by the client via n activations of unlabeled buttons on the screen by typing the message for each character of the message unlabeled button is activated by the button corresponds to that in the delivered image labeled with this sign is f) the transfer of information about it, which image positions the client activates in which order has, to the server, g) the reconstruction of the client's input String of characters through the server. Method according to claim 1, characterized in that that image with the buttons labeled with characters represents a number field, with the numbers from 0 to 9 respectively assigned to the individual buttons. Method according to one of the preceding claims, characterized in that the labels on the buttons in the picture a reference to the position of the button to be clicked include. Method according to claim 3, characterized that the number of buttons is n + m - 1, where m is the number of all available for input standing sign is. Method according to one of the preceding claims, characterized in that the character string is a password or a PIN is. Method according to one of the preceding claims, characterized in that the generated image is transparent Foil or printed on clear paper and the client is delivered. Method according to one of the preceding claims, characterized in that the generated image printed on paper and delivered to the client. Method according to one of the preceding claims, characterized in that a plurality of generated images are the same Sheet of paper or the same foil to be printed and with unique Names or numbers provided to the client. Method according to one of the preceding claims, characterized in that on the back of the film or an adhesive strip is attached to the paper. Method according to one of the preceding claims, characterized in that the generated image by SMS or other electronic data transmission to the client becomes. Method according to one of the preceding claims, characterized in that the generated image via the display of a Security Tokens is delivered to the client. The security token is considered as part of the server. Method according to one of the preceding claims, characterized in that the generated image via the display of a Security Tokens are delivered to the client who has a clock, which is synchronized with a clock at the server. The security token is considered as part of the server. Method according to one of the preceding claims, characterized in that the activation of a button on the screen by clicking the button with the Pointer symbol of a pointer device takes place. Method according to one of the preceding claims, characterized in that the pointing device is a computer mouse, a touchpad, a trackpoint, a trackball, a graphics tablet, is a joystick or a gamepad. Method according to one of the preceding claims, characterized in that the screen is touch-sensitive is and activating a button on the screen by touching the screen. Method according to one of the preceding claims, characterized in that the activation of a button by pressing a key on the keyboard, which together with other keys on the keyboard a similar one Arrangement has like the buttons shown on the screen. Method according to one of the preceding claims, characterized in that the unlabeled buttons shown on the screen have the arrangement of a number field and the activation of a button by the operation of the Key of the keypad corresponding to the position of the button on the screen. Method according to one of the preceding claims, characterized in that the unlabeled buttons the arrangement of a number field, but not on the screen are visible, and the activation of a button by the Operation of the keypad keypad key, the invisible button from their position - and thus the labeled button on the delivered Picture - corresponds. Device for displaying images, characterized in that it is electronic, the display is transparent, and pictures on the display are displayed by bright spots transparent and dark spots appear opaque. Device according to the preceding claim, characterized in that the displayed image represents an image with labeled buttons. Device according to one of the preceding claims, characterized in that the pictures with the labeled buttons stored electronically on it. Device according to one of the preceding claims, characterized in that it contains a clock, and the pictures shown with the labeled buttons be calculated by a function that depends on the time of this Hang clock. Device according to one of the preceding claims, characterized in that the images shown with the inscribed Receive buttons via SMS or other electronic data transmission become. Method according to one of the preceding claims, characterized in that the generated image via the display of a electronic device according to the claims 19 to 23 is delivered to the client. Computer program product intended for to ensure that a processor performs the method of any one of the claims 1 to 18 performs. Server for tap-proof encryption transmitting a string of characters from a client a computer network, this server comprising the following elements: a) Means for generating an image with buttons that be labeled at random with signs, b) Means for generating a second image with buttons, whose shape and relative position are similar to those in a), the but not labeled with the signs, c) means for Recording the information about which image positions the client in which order, d) Means of transmission the information about which image positions the client in which order has been activated, from the client to the server, e) Means for reconstructing the string of characters entered by the client. Use of the method, the computer program product, server, device or printed on foil or paper Image according to one of the preceding claims with online accounts.