DE102005053848A1 - Method for image-based authentication of on-line transactions, involves using digital image, such as personal digital photo of user, as information carrier - Google Patents

Abstract

A method for secure switching of transactions data, especially via internet, in which a digital image is used as the information carrier during the registration process, the user send the transaction data he wants to a central service, the image is modified and returned to the user, who then checks the data contained in the image, and sends a TAN (transaction number) to the central service via a verification.

Description

The The invention relates to a method for the secure transmission of transaction data between a user and a central service over an open one Network, especially about the Internet.

one strong, ie secure authentication of online transactions in the Internet, for example in the field of "Electronic Banking", are essentially two aspects: on the one hand, it can not be assumed that the IT security environment is trusted on the user side, on the other hand, existing IT security measures become imprudent User behavior often invalidated.

A reinforcement the IT security environment on the user side - eg. by the application of hardware-based digital signatures and / or encoding (see HBCI) - is usually associated with a substantial cost. Next Hardware and software costs the user at installation and Application of this additional Components are usually supported considerably. Apart from this Ultimately, such measures are also a trusted IT security environment on the user side to anticipate attacks with a high To withstand attack potential.

Around To meet the above aspects, are common in today Method for authenticating users and online transactions Knowledge data used only the user and the central Service with which the user communicates may be known. Usual knowledge data are the user ID, an associated one User password and one-time passwords to secure individual Online transactions (TAN procedure). This knowledge will be the user by the central service usually on a trusted accepted Transmitted way, e.g. by mail or by SMS.

Usual attacks aim to steal the aforementioned knowledge data to herewith to get to further private data of the user, or in his Name - but against his will - online transactions perform. Attacks of this kind often set on the naivety the user. In this case, the user is, for example, by e-mail prompted on a fake reason with a fake reason Web page to enter its knowledge data ("phishing") More complex attacks aim a manipulation of the user's IT environment on it, the call redirect the website of the central service to a fake website ("Pharming") Users here also the actual Website of the service presented be (proxy), whereby the attacker the between the user and knowledge data exchanged with the central service "overhears" and, if changed in his mind. Such a "Man in the Middle "attack is possible, too, when the IT security environment of the user is directly manipulated becomes ("Trojan", etc.).

On "phishing" attacks have various Banks with the introduction the so-called "iTAN" procedure. For indexed TANs (iTANs), the bank asks instead of any TAN on the user's TAN list for a particular TAN. For the user or an attacker is unpredictable, which queried iTAN becomes. In addition, an iTAN is always tied to a specific transaction, so that a "intercepted" iTAN is not for any other than the original ones Transaction can be used.

Unfortunately also offers the "iTAN" method "at" Pharming "or" Man in the Middle "attacks no adequate protection. An attacker can use the transaction data intercept a user's and instead of this his own transaction data send to the bank. The subsequent call of the bank to enter a specific iTAN is sent by the attacker to the User passed. This enters the corresponding iTAN, where he believes to confirm his own transaction data. Actually However, the transactional data of the aggressor successfully confirmed.

An overview the usual today Method for authenticating online transactions - in particular in the field of "Electronic Banking "was in given the introduction.

The Agreement of a user-individual image between central Service and user is known in the art. Method of this Art, however, serve the central service opposite the Authenticate users by displaying the user-specific image, which counteracts simple "phishing" attacks can be. In contrast to the procedure presented here neither "Man in the Middle "attacks repulsed, nor does the agreed image serve to transmit the actual Transaction data. Likewise, the original image must be transmitted be while the Original image data in the procedure presented here outside never be fully transmitted during the registration process.

The incorporation of additional visible or invisible information in image data is well known in the field of watermarking technologies (steganography). There are numerous procedures here which serve either to convey a secret message or to authenticate images. Methods for introducing watermarks into images or image data are used in particular in connection with copyright protection ("digital rights management") .The introduction of visible watermarks is generally used to prevent non-licensed reuse of image data Usually, images containing a clearly visible watermark from the image database operator are displayed, and the corresponding images without watermarks must be purchased.

image-based Authentication of online transactions

The The object of the present invention is a method to create that the attacks described above to trigger fake Makes online transactions difficult or impossible.

These Task is solved with a method having the features of claim 1. Particular embodiments The invention results from the features of the subclaims.

By the use of an image over which full Original data only the user and the central service will have a trustworthy one information carrier created. The image to be used will be during the registration process established. here we can suitable images are offered for selection by the central service. Alternatively transmitted the user's own digital image, its suitability in relation to sufficient size and variance The image data can be automatically checked by the central service. Likewise, pre-processing may take place in order to process-related for example, to use uniform image sizes.

The Principle of the procedure is based on the circumstance that a digital Picture additional Information superimposed visibly can be without the possibility the recognition of the original image by a human Restrict viewers. However, the resulting image is relative to the original image so much alienated that a similar one Picture with other additional Information without the ownership of the original image data not generated can be. A change the additional Information by an aggressor - in particular in the sense of described above "Man in the Middle "attack is not possible. This is especially true when the pictorial representations the (according to 3., s.o.) added Overlap information. As additional For example, information can be the reference to a particular one TAN (iTAN) or - like shown below - the TAN serve yourself.

Unauthorized changes the resulting image would be instantly recognizable by the user. Likewise, the user also recognizes that modified by the central service based on the original image data Image immediately as correct, i. as authentic.

Has the user the transaction data transmitted by the central service recognized as authentic and sends his TAN to the central service, can the central service after checking the TAN, if he has recognized this as correct, the transaction / Execute an order.

In a preferred embodiment can several pictures agreed between user and central service become. In this case, the central service can take a picture from a Lot of pictures for the sending choose from transaction data, where he orders a sequence in successive transactions images, if necessary, agreed in advance with the user was, can, or for every transaction happens a picture to submit the transaction data to the user selects.

Of Further, it may be beneficial if the transaction data is in Letters are inserted into the image, which are used for an optical character recognition program difficult or impossible to decipher.

In another special form of the Procedure, the transaction-related TAN can directly and immediately readable together with the associated Transaction data is transmitted as part of the image. A separate, previous transmission from TAN lists to the user by mail or SMS would thereby omitted. This is eliminated also the administrative effort to manage TANs. One Abuse of the transmitted TAN is made considerably more difficult, because they focus exclusively on the TAN who communicated with her Transaction data, and an automated extraction the TAN due to today's character recognition process due to the complexity of the Frames of the method presented here used image processing operations not possible is. This is especially true if previously a strong user authentication is done, and the time to complete a transaction after delivery the image is limited to the user.

As a means for strong user authentication For example, an SSL client certificate or a method could be used in which the user additionally sends further knowledge data, for example via SMS, to the service for the time-limited activation of access to the central service or for the final release of all orders placed in order.

Farther are also authenticity and integrity the contents of the transmitted Data protected, what is usual today Method only by the use of digital signatures, i. special Hardware and software (HBCI) can be achieved.

The following 1 (Transaction image) exemplifies the modification of an original image as an information carrier to be used. To perform a "man in the middle" attack, an attacker would - as shown above - intercept the user's transactional data and instead intercept their own transactional data to the central service The central service would then return an image with the attacker's transactional data, the user would only see his own transactional data as correct, so the attacker would have to modify the image submitted by the bank with his own data to use transaction data instead of his data To do this, the attacker would first have to remove his transaction data from the image to then insert the user's transaction data, since the representations of the respective transaction data would be different regions of the original image cover, parts of the original image would have to be restored. Apart from the considerable expense associated with this non-automatable process, such image manipulations would be immediately apparent to the user.

• 1. Zunächst werden zwischen dem zentralen Dienst und dem Benutzer die originären Bilddaten bzw. Bilder vereinbart, die als Informationsträger vom zentralen Dienst für die Bestätigung der Transaktionsdaten verwendet werden. Dies kann einmalig geschehen, beispielsweise zu einem Zeitpunkt, zu dem zwischen einem Kontoinhaber und einer Bank vereinbart wird, dass zu einem Konto online über das Internet Trans aktionen beauftragt werden können. Es kann ein Bild, es können aber auch mehrere Bilder als Informationsträger vereinbart werden. Auch ist es möglich zu vereinbaren, dass das als Informationsträger zu verwendende Bild aus mehreren, beispielsweise vier Einzelbildern aus der Menge der vereinbarten Bilder zufällig zusammengesetzt ist.

In 2 the process flow is shown in a possible embodiment of the method according to the invention. The process contains the following steps.

• 1. First, the original image data or images are used between the central service and the user, which are used as information carriers by the central service for confirming the transaction data. This can be done once, for example, at a time when it is agreed between an account holder and a bank that an account can be charged online with an account via the internet. It can be a picture, but also several pictures can be arranged as information carrier. It is also possible to agree that the image to be used as an information carrier is made up randomly from a plurality of, for example, four individual images from the set of agreed images.

• 2. Der zentrale Dienst sendet zwecks Benutzer-Authentifizierung ein Login- Formular.
• 3. Der Benutzer sendet seine Authentifizierungsdaten an den zentralen Dienst.
• 4. Der zentrale Dienst sendet ein Formular zur Eingabe der Transaktionsdaten.
• 5. Der Benutzer sendet die gewünschten Transaktionsdaten an den Dienst.
• 6. Der zentrale Dienst fügt gemäß dem hier beschriebenen Verfahren die Trans aktionsdaten in das unter 1. vereinbarte Bild ein und sendet dieses an den Benutzer.
• 7. Der Benutzer sendet zur Bestätigung eine Transaktionsnummer an den zent ralen Dienst.
• 8. Der zentrale Dienst prüft die TAN, führt die Transaktion aus und sendet eine Bestätigung an den Benutzer.

After that, transaction data is authenticated using the following steps:

• 2. The central service sends a login form for user authentication.
• 3. The user sends his authentication data to the central service.
• 4. The central service sends a form for entering the transaction data.
• 5. The user sends the desired transaction data to the service.
• 6. The central service inserts according to the method described here, the transaction data in the under 1. agreed image and sends it to the user.
• 7. The user sends a transaction number to the central service for confirmation.
• 8. The central service checks the TAN, executes the transaction and sends a confirmation to the user.

Claims (6)

Method for the secure transmission of transaction data between a user and a central service over open network, especially over the internet where a) during a registration process between the user and the central Service a digital image, e.g. a personal digital photo of the User as the information carrier to be used, b) the user after successful user authentication against the central service those desired by him Sends transaction data to the central service, c) the picture is modified by the transaction data and other information for the Users are visibly inserted into the image, with the recognition of the original agreed image remains possible by the user, however, the original data of the image is changed sufficiently d) the modified image is sent back to the user, e) the User after exam The transaction data contained in the image is a TAN to the central Service sends, and f) the central service checks the TAN sent by the user. The method of claim 1, wherein further digital Pictures are to be agreed as to be used information carrier, wherein for every Transaction each used at least one of the digital images and modified. The method of claim 2, wherein the or for a transaction used pictures) at random the amount of agreed images is selected. Method according to one of claims 1 to 3, wherein the transaction data be inserted into the image to be modified in letters, the for programs difficult or impossible to decipher for optical character recognition are. Method according to one of claims 1 to 3, wherein the by the user to be used TAN is also shown in the picture. Method according to one of claims 1 to 4, wherein a strong User Authentication is done by the user for temporary activation access to the central service or the final release of all In addition, further knowledge data is provided in the context of commissioned transactions e.g. sends an SMS to the service.