WO2009095900A1 - Data security in client/server systems - Google Patents

Data security in client/server systems Download PDF

Info

Publication number
WO2009095900A1
WO2009095900A1 PCT/IE2009/000001 IE2009000001W WO2009095900A1 WO 2009095900 A1 WO2009095900 A1 WO 2009095900A1 IE 2009000001 W IE2009000001 W IE 2009000001W WO 2009095900 A1 WO2009095900 A1 WO 2009095900A1
Authority
WO
WIPO (PCT)
Prior art keywords
client computer
data
transaction
code
server
Prior art date
Application number
PCT/IE2009/000001
Other languages
French (fr)
Inventor
David Tucker
Samuel Robert Kidd
John O'brien
Eoghan O'leary
Peter Coppinger
Daniel Mackey
Original Assignee
Zingtech Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zingtech Limited filed Critical Zingtech Limited
Publication of WO2009095900A1 publication Critical patent/WO2009095900A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the invention relates to data security for transaction processing.
  • a problem which exists at present is that when a user has authorised himself with a website, such as online banking, a "Trojan” (or “malware”) hidden program on his computer can change, without the user knowing, values which are submitted such as account number and amounts.
  • the values may be changed by changing form values as they are sent from a client computer to a server.
  • the hidden program using the user's cookies to authenticate itself as the authorised user, performs an unauthorised act such as making a money transfer from the user's account to an unauthorised account.
  • EP 1980983 (Siemens) describes use of a photo-detector and cryptographic controller to ensure that data inputted on a client computer is correctly uploaded to a server.
  • US2006/0230455 describes a system to prevent problems arising from malware.
  • a write filter provides information to a storage device depending on whether malware is detected.
  • a temporary storage device may be used also. While this arrangement appears to be effective for some situations, it does not deal with situations where the malware is operating in client system memory in real time as interfacing is taking place with a server for a transaction.
  • US2006/0200861 describes an approach in which a computer's registry is modified so that it may be more easily cleansed of malware. Meta data associated with Web-installed software is stored in a partitioned part of the registry. This appears to allow more streamlined identification of malware which is received via the Internet, however there is a need for a robust mechanism to prevent fraudulent activity taking place due to malware which is not detected on time.
  • a data security method performed by a client computer and a server to implement a transaction with data security, the method comprising the steps of:
  • the server independently generating a code from the received transaction data, comparing the server-generated code with the client computer-generated code, and completing the transaction only if the codes correspond.
  • a security program executing on the client computer in parallel with transaction-processing software performs at least steps (ii), (iii), and (v).
  • the security program is associated with a user control, such as an ActiveX control.
  • step (iv) includes reading security information from a physical key inserted into the client computer by the user, said information being previously stored in the server.
  • the client computer for transaction authorization, checks user-inputted security information against security information read from the physical key.
  • the client computer generates the code from a user identifier in addition to the transaction data.
  • the client computer generates the code from a current timestamp in addition to transaction data. In one embodiment, the client computer generates the code from a serial number of the physical key in addition to the transaction data.
  • the code is generated dynamically as the transaction data is inputted.
  • the code is a hash code.
  • the invention provides a transaction processing system comprising a client computer and a server adapted to perform any method defined above.
  • the invention provides a computer program product comprising software for performing client computer operations for any method defined above when executing on digital processors.
  • Fig. 1 is a flow diagram illustrating a data security method of the invention.
  • the invention provides client computer and server security programs and method of operation which ensure that even if malware is operating in the client computer fraudulent or unauthorized transactions do not take place. Thus even if malware has penetrated through a firewall and is free to execute on the client computer, an attempt at a fraudulent transaction is thwarted by operation of the security program.
  • the security program on the client computer can operate alongside conventional anti-virus software. In many cases such anti-virus software will detect the malware before it has a chance to operate, but the invention provides for transaction security even if the malware goes un-detected.
  • a user inputs transaction data in form input fields in a conventional manner, as viewed from the user's perspective. The user clicks a "submit" button on the form. Once clicked, the form is sent to the server with an additional hidden secure field. Data security ensures that the form data could not have been modified by unauthorized hidden programs such as Trojan software and that the user is the real account owner.
  • step 1 a USB device physical key 10 is inserted in the user's computer 11.
  • This is in one embodiment a physical security (USB) key as described in our PCT published specification no. WO2004-109610
  • an activeX control security program 12 is embedded in the client computer 11 Web page used for performing transactions such as logging in or transferring money.
  • a server 13 also runs corresponding security software, as described below.
  • the activeX control 12 generates a display control which looks like a regular button and so its use is transparent to the user.
  • the button may have text such as "Transfer Money” or "Submit”.
  • the activeX control 12 takes focus of each of a number of HTML form input fields 14 to intercept the user data inputs to the form fields 14.
  • a user clicks a form field the activeX control 12 takes over the keyboard inputs.
  • the activeX control 12 logs the character to a memory space 15 and updates the relevant HTML form field 14 as the user types. Therefore, the method implemented by the security program is transparent to the user as he or she simply views the correct date in the relevant form field 14. In this way, the activeX control effectively intercepts the data inputted by the user, and stores the data in memory.
  • the activeX control 12 dynamically builds a SHA512 hash code from the inputted values and retains it in the memory 15.
  • the hash code is dynamically generated as the user inputs the data.
  • the hash code may alternatively be generated in one pass when all data has been inputted.
  • step 3 when the user clicks the "submit" button, the activeX control 12 generates a display asking the user to insert their PIN number to authorise the transaction.
  • the activeX control 12 rolls together the PIN with the USB key serial number and the current time stamp and the user identifier to generate the hash code.
  • the activeX control 12 completes the SHA512 hash code based on this data and saves it to the memory 15 for transmission in a hidden field. It also writes a user identifier, a current timestamp, BLOB (binary large object) data, serial number, and PIN number to a text file for submission to the server 13.
  • BLOB binary large object
  • the activeX control 12 then in step 4 instructs the form to submit to the server 13.
  • the submission includes the hash code and the above-mentioned plain text inputted data.
  • step 5 the server 13 receives the form data in clear text as well as the client-generated hashcode.
  • the server 13 then performs validation of this transaction by generating its own version of the hashcode based on the information it knows (user identifier, current timestamp, BLOB data, serial number and PIN) and the new information it has received (form data). It then compares the submitted hash code against its own. If the hash codes match then the user is authenticated and thus proves that the form data has not been modified by malware (refer step 6). Because the server has previously stored the USB key serial number along with the other data there is excellent security. It would be extremely difficult for a malware to obtain the full set of data used to generate the hash code, even if it did obtain the necessary algorithm.
  • malware operates on the client computer to the extent of transmitting form field data including some user-inputted data (for example, user account details for originating a money transfer) and unauthorised data (for example an unauthorized account for destination of the money transfer)
  • the server 13 would not process it as there would not be a hash accompanying the data.
  • the malware were sophisticated enough to generate a hash code from the data, it would not be synchronized with the server 13 in terms of the hashing algorithm.
  • the data fed into its hashing algorithm of the malware would be incorrect.
  • the invention achieves effective prevention of security breaches in performing transactions. It is very simple, as a single security program both captures the inputs and generates the hash, and also interfaces with the user to receive the authorization.
  • the invention is not limited to the embodiments described but may be varied in construction and detail.
  • a physical key - other user authentication techniques such as a biometric technique or conventional username/password mechanism being used.

Abstract

A data security method is performed by a client computer (11) and a server (13) to implement a transaction with data security. The client computer (11) receives transaction data from a user and writes it to form fields (14). However, the data is intercepted by a security program (12) and in addition to being written to the form fields (14) it is written locally to a memory (15). The security program (12) generates a hash code derived from the transaction data. The client computer (11) receives from a user a transaction authorisation, and there is verification by comparison of user-inputted PIN with one read from a physical security key (10). The client computer (11) transmits the code and the transaction data to the server (13). The server (13) independently generates a code from the received transaction data, compares the server- generated code with the client computer-generated code, and completing the transaction only if the codes match.

Description

"Data Security in client/server systems"
INTRODUCTION
Field of the Invention
The invention relates to data security for transaction processing.
Prior Art Discussion
A problem which exists at present is that when a user has authorised himself with a website, such as online banking, a "Trojan" (or "malware") hidden program on his computer can change, without the user knowing, values which are submitted such as account number and amounts. The values may be changed by changing form values as they are sent from a client computer to a server. Then, the hidden program, using the user's cookies to authenticate itself as the authorised user, performs an unauthorised act such as making a money transfer from the user's account to an unauthorised account.
EP 1980983 (Siemens) describes use of a photo-detector and cryptographic controller to ensure that data inputted on a client computer is correctly uploaded to a server.
US2006/0230455 describes a system to prevent problems arising from malware. A write filter provides information to a storage device depending on whether malware is detected. A temporary storage device may be used also. While this arrangement appears to be effective for some situations, it does not deal with situations where the malware is operating in client system memory in real time as interfacing is taking place with a server for a transaction.
US2006/0200861 describes an approach in which a computer's registry is modified so that it may be more easily cleansed of malware. Meta data associated with Web-installed software is stored in a partitioned part of the registry. This appears to allow more streamlined identification of malware which is received via the Internet, however there is a need for a robust mechanism to prevent fraudulent activity taking place due to malware which is not detected on time.
The invention addresses this problem. SUMMARY OF THE INVENTION
According to the invention, there is provided a data security method performed by a client computer and a server to implement a transaction with data security, the method comprising the steps of:
(i) the client computer receiving transaction data;
(ii) the client computer writing the transaction data locally to a memory; (iii) the client computer generating a code derived from the transaction data;
(iv) the client computer receiving from a user a transaction authorisation;
(v) the client computer transmitting the code and the transaction data to the server;
(vi) the server independently generating a code from the received transaction data, comparing the server-generated code with the client computer-generated code, and completing the transaction only if the codes correspond.
In one embodiment, a security program executing on the client computer in parallel with transaction-processing software performs at least steps (ii), (iii), and (v).
In one embodiment, the security program is associated with a user control, such as an ActiveX control.
In one embodiment, step (iv) includes reading security information from a physical key inserted into the client computer by the user, said information being previously stored in the server.
In one embodiment, the client computer, for transaction authorization, checks user-inputted security information against security information read from the physical key.
In one embodiment, the client computer generates the code from a user identifier in addition to the transaction data.
In one embodiment, the client computer generates the code from a current timestamp in addition to transaction data. In one embodiment, the client computer generates the code from a serial number of the physical key in addition to the transaction data.
In one embodiment, the code is generated dynamically as the transaction data is inputted.
In one embodiment, the code is a hash code.
In another aspect, the invention provides a transaction processing system comprising a client computer and a server adapted to perform any method defined above.
In a further aspect, the invention provides a computer program product comprising software for performing client computer operations for any method defined above when executing on digital processors.
DETAILED DESCRIPTION OF THE INVENTION
Brief Description of the Drawings
The invention will be more clearly understood from the following description of some embodiments thereof, given by way of example only with reference to the accompanying drawings in which:-
Fig. 1 is a flow diagram illustrating a data security method of the invention.
Description of the Embodiments
The invention provides client computer and server security programs and method of operation which ensure that even if malware is operating in the client computer fraudulent or unauthorized transactions do not take place. Thus even if malware has penetrated through a firewall and is free to execute on the client computer, an attempt at a fraudulent transaction is thwarted by operation of the security program. Thus the security program on the client computer can operate alongside conventional anti-virus software. In many cases such anti-virus software will detect the malware before it has a chance to operate, but the invention provides for transaction security even if the malware goes un-detected. A user inputs transaction data in form input fields in a conventional manner, as viewed from the user's perspective. The user clicks a "submit" button on the form. Once clicked, the form is sent to the server with an additional hidden secure field. Data security ensures that the form data could not have been modified by unauthorized hidden programs such as Trojan software and that the user is the real account owner.
The following describes the method in more detail with reference to Fig. 1 as a series of steps 1 through 6.
In step 1 a USB device physical key 10 is inserted in the user's computer 11. This is in one embodiment a physical security (USB) key as described in our PCT published specification no. WO2004-109610
In step 2, an activeX control security program 12 is embedded in the client computer 11 Web page used for performing transactions such as logging in or transferring money. A server 13 also runs corresponding security software, as described below.
The activeX control 12 generates a display control which looks like a regular button and so its use is transparent to the user. The button may have text such as "Transfer Money" or "Submit".
The activeX control 12 takes focus of each of a number of HTML form input fields 14 to intercept the user data inputs to the form fields 14. When a user clicks a form field the activeX control 12 takes over the keyboard inputs. As each character is typed, the activeX control 12 logs the character to a memory space 15 and updates the relevant HTML form field 14 as the user types. Therefore, the method implemented by the security program is transparent to the user as he or she simply views the correct date in the relevant form field 14. In this way, the activeX control effectively intercepts the data inputted by the user, and stores the data in memory.
The activeX control 12 dynamically builds a SHA512 hash code from the inputted values and retains it in the memory 15. Thus in this embodiment the hash code is dynamically generated as the user inputs the data. Thus if a malware program attempts to interfere with operation of the activeX control 12 during its operation the hash code based on part of the user data may be used. However in another embodiment the hash code may alternatively be generated in one pass when all data has been inputted. In step 3, when the user clicks the "submit" button, the activeX control 12 generates a display asking the user to insert their PIN number to authorise the transaction. The activeX control 12 rolls together the PIN with the USB key serial number and the current time stamp and the user identifier to generate the hash code. The activeX control 12 completes the SHA512 hash code based on this data and saves it to the memory 15 for transmission in a hidden field. It also writes a user identifier, a current timestamp, BLOB (binary large object) data, serial number, and PIN number to a text file for submission to the server 13.
The activeX control 12 then in step 4 instructs the form to submit to the server 13. The submission includes the hash code and the above-mentioned plain text inputted data.
In step 5 the server 13 receives the form data in clear text as well as the client-generated hashcode. The server 13 then performs validation of this transaction by generating its own version of the hashcode based on the information it knows (user identifier, current timestamp, BLOB data, serial number and PIN) and the new information it has received (form data). It then compares the submitted hash code against its own. If the hash codes match then the user is authenticated and thus proves that the form data has not been modified by malware (refer step 6). Because the server has previously stored the USB key serial number along with the other data there is excellent security. It would be extremely difficult for a malware to obtain the full set of data used to generate the hash code, even if it did obtain the necessary algorithm.
Thus, even if malware operates on the client computer to the extent of transmitting form field data including some user-inputted data (for example, user account details for originating a money transfer) and unauthorised data (for example an unauthorized account for destination of the money transfer) the server 13 would not process it as there would not be a hash accompanying the data. Also, even if the malware were sophisticated enough to generate a hash code from the data, it would not be synchronized with the server 13 in terms of the hashing algorithm. Also the data fed into its hashing algorithm of the malware would be incorrect. There is therefore a very significant level of security in the main steps of the process, even without the use of PIN verification using the USB physical key 10. It will be appreciated that the invention achieves effective prevention of security breaches in performing transactions. It is very simple, as a single security program both captures the inputs and generates the hash, and also interfaces with the user to receive the authorization.
The invention is not limited to the embodiments described but may be varied in construction and detail. For example, in another embodiment there is no need for use of a physical key - other user authentication techniques such as a biometric technique or conventional username/password mechanism being used.

Claims

Claims
1. A data security method performed by a client computer and a server to implement a transaction with data security, the method comprising the steps of:
(i) the client computer receiving transaction data; (ii) the client computer writing the transaction data locally to a memory; (iii) the client computer generating a code derived from the transaction data; (iv) the client computer receiving from a user a transaction authorisation; (v) the client computer transmitting the code and the transaction data to the server;
(vi) the server independently generating a code from the received transaction data, comparing the server-generated code with the client computer-generated code, and completing the transaction only if the codes correspond.
2. A data security method as claimed in claim 1, wherein a security program executing on the client computer in parallel with transaction-processing software performs at least steps (ii), (iii), and (v).
3. A data security method as claimed in claim 2, wherein the security program is associated with a user control, such as an ActiveX control.
4. A data security method as claimed in any preceding claim, wherein step (iv) includes reading security information from a physical key inserted into the client computer by the user, said information being previously stored in the server.
5. A data security method as claimed in claim 4, wherein the client computer, for transaction authorization, checks user-inputted security information against security information read from the physical key.
6. A data security method as claimed in any preceding claim, wherein the client computer generates the code from a user identifier in addition to the transaction data.
7. A data security method as claimed in any preceding claim, wherein the client computer generates the code from a current timestamp in addition to transaction data.
8. A data security method as claimed in any of claims 4 to 7, wherein the client computer generates the code from a serial number of the physical key in addition to the transaction data.
9. A data security -method as claimed in any preceding claim, wherein the code is generated - dynamically as the transaction data is inputted.
10. A data security method as claimed in any preceding claim, wherein the code is a hash code.
11. A transaction processing system comprising a client computer and a server adapted to perform a method of any preceding claim.
12. A computer program product comprising software for performing client computer operations for a method of any of claims 1 to 10 when executing on digital processors.
PCT/IE2009/000001 2008-01-30 2009-01-30 Data security in client/server systems WO2009095900A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US676608P 2008-01-30 2008-01-30
US61/006,766 2008-01-30

Publications (1)

Publication Number Publication Date
WO2009095900A1 true WO2009095900A1 (en) 2009-08-06

Family

ID=40497555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IE2009/000001 WO2009095900A1 (en) 2008-01-30 2009-01-30 Data security in client/server systems

Country Status (1)

Country Link
WO (1) WO2009095900A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014086080A (en) * 2012-10-22 2014-05-12 Trusteer Ltd Method for detecting fraudulent money transfer
US20140137190A1 (en) * 2012-11-09 2014-05-15 Rapid7, Inc. Methods and systems for passively detecting security levels in client devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002050643A1 (en) * 2000-12-19 2002-06-27 Cypak Ab Secure digital signing of data
US20020128977A1 (en) * 2000-09-12 2002-09-12 Anant Nambiar Microchip-enabled online transaction system
US20040186912A1 (en) * 2003-03-20 2004-09-23 International Business Machines Corporation Method and system for transparently supporting digital signatures associated with web transactions
WO2004109610A1 (en) * 2003-06-04 2004-12-16 Zingtech Limited Transaction processing
US6963974B1 (en) * 2000-12-28 2005-11-08 Entrust Limited Method and apparatus for providing non-repudiation of transaction information that includes mark up language data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020128977A1 (en) * 2000-09-12 2002-09-12 Anant Nambiar Microchip-enabled online transaction system
WO2002050643A1 (en) * 2000-12-19 2002-06-27 Cypak Ab Secure digital signing of data
US6963974B1 (en) * 2000-12-28 2005-11-08 Entrust Limited Method and apparatus for providing non-repudiation of transaction information that includes mark up language data
US20040186912A1 (en) * 2003-03-20 2004-09-23 International Business Machines Corporation Method and system for transparently supporting digital signatures associated with web transactions
WO2004109610A1 (en) * 2003-06-04 2004-12-16 Zingtech Limited Transaction processing

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014086080A (en) * 2012-10-22 2014-05-12 Trusteer Ltd Method for detecting fraudulent money transfer
US20140137190A1 (en) * 2012-11-09 2014-05-15 Rapid7, Inc. Methods and systems for passively detecting security levels in client devices

Similar Documents

Publication Publication Date Title
US8904495B2 (en) Secure transaction systems and methods
US8468351B2 (en) Digital data authentication
US8869255B2 (en) Method and system for abstracted and randomized one-time use passwords for transactional authentication
EP2343677A1 (en) Monitoring secure financial transactions
US20080229098A1 (en) On-line transaction authentication system and method
EP2936369A1 (en) Verification of password using a keyboard with a secure password entry mode
EP2095221A2 (en) Systems and methods for identification and authentication of a user
WO2012051590A1 (en) Systems and methods for authenticating aspects of an oline transaction using a secure peripheral device having a message display and/or user input
US20130086382A1 (en) Systems and methods for securely transferring personal identifiers
US10657234B2 (en) Method, computer program, and system to realize and guard over a secure input routine based on their behavior
KR101876672B1 (en) Digital signature method using block chain and system performing the same
CN112948771B (en) Authority verification method and device, readable storage medium and electronic equipment
WO2009095900A1 (en) Data security in client/server systems
EP4293554A1 (en) Authentication device and authentication method
EP3756120B1 (en) Authentication device
WO2017145273A1 (en) User authentication device
TWI648688B (en) Cross-validation fund transfer methods and systems
IE20090091A1 (en) Data security in client/server systems
Kurita et al. Privacy protection on transfer system of automated teller machine from brute force attack
KR101674314B1 (en) The method for authenticating one time security character using captcha
EP2880608A1 (en) Method for detecting potentially fraudulent activity in a remote financial transaction system
KR20150003022A (en) Financial transaction method and server performing the same
KR20090030069A (en) Preservation method about data in ie memory altered without leave

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09706595

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC

122 Ep: pct application non-entry in european phase

Ref document number: 09706595

Country of ref document: EP

Kind code of ref document: A1