SECURING A TRANSACTION PERFORMED FROM A NON-SECURE TERMINAL
In a general aspect, a method for authenticating a user including: receiving, from a secure processor, a software component configured to generate an image frame including encrypted information; executing the software component, the execution of the software component generating the image frame; displaying the image frame; superimposing on the image frame a semi-transparent image including transparent and opaque pixels configured to make the encrypted information intelligible to the user; acquiring from the user a response depending on the information; and transmitting the acquired response to the secure processor, the user being authenticated by the secure processor as a function of the acquired response.
This application is a continuation of PCT Application No. PCT/EP2017/077896, filed Oct. 31, 2017, which claims the benefit of European Application No. 16196945.6, filed Nov. 2, 2016, European Application No, 16196947.2, filed Nov. 2, 2016, European Application No. 16196950.6, filed Nov. 2, 2016 European Application No. 16196957.1, filed Nov. 2, 2016, European Application No. 17172856.1 filed May 24, 2017 and European Application No. 17195479.5 filed Oct. 9, 2017, the disclosures of which are all incorporated by reference herein in their entireties.
TECHNICAL FIELDThe disclosure relates to methods and devices for securely authenticating a user from a non-secure terminal, such as in view of executing a secure transaction involving a non-secure terminal and a remote server, based on such a user authentication.
BACKGROUNDIt would be desirable to execute transactions, for instance e-commerce transactions or fund transfer, initiated from mobile terminals such as smartphones, personal computers, digital tablets, or the like, or any other connected device including devices belonging to the Internet of Things (IoT). However, this raises security problems, notably because “malicious software” or “malware” may be executed by a processor (CPU) of the terminal. The malware may be able to access to all or a part of the memories accessible by the processor, and thus may be maliciously configured to spy on any transactions executed by the terminal and to recover any secret data manipulated during these transactions for transmission over the network.
To ensure the security of such transactions, it has already been proposed to entrust cryptographic computations to a dedicated secure element, such as the processor of a UICC (“Universal Integrated Circuit Card”) card, e.g. a SIM (subscriber identification module) card with which cell phones are generally equipped. In order to be able to execute one or more payment applications, the secure processor must be able to store as many secret cryptographic keys as there are payment applications. However, loading an application into the memory of a secure processor is a complex operation that needs to be highly secure. Specifically, it involves external parties such as Trusted Service Managers. Since SIM cards are issued by cell phone operators, the latter may refuse to have such applications installed in the card. Furthermore, in the event of theft, or during maintenance of the telephone, the processor of the SIM card may be hacked by a hacker seeking to discover the secret keys stored in its memory.
In addition, accessing the secure functions installed in the processor of a SIM card generally entails inputting a secret code (PIN code) by means of a keypad or a touch-sensitive surface connected to the processor of the terminal. In a classical configuration, the secret code input by the user necessarily passes through the processor of the terminal. Malware executed by the processor of the terminal can therefore access this secret code.
The patent application WO2012/107698 filed by the Applicant discloses a method using a graphic processor of the terminal as a secure element to perform transaction. This method comprises steps of establishing a secure communication link between the graphic processor of the terminal and an authentication server, and displaying a virtual keypad with keys arranged in a random order. The image of the keypad is displayed using visual cryptography, by successively displaying complementary frames in which the labels of the keys are not intelligible, the complementary frames being combined into an intelligible image by the visual system of the user thanks to the retinal remanence thereof. In this way, even if a malicious program running on the processor of the terminal is able to access the positions of the keys touched by the user during input of a secret code, it cannot, by taking a succession of screenshots, determine which labels correspond to the touched keys.
However, this method requires important calculation resources that are not available in all portable devices such as all of the existing smartphones on the market.
To secure transactions performed using a terminal connected to a web site, it has been proposed to use a single-use secret code which is transmitted to the user each time a transaction needs to be validated. According to a first solution the single-use secret code is transmitted to the user via a distinct communication channel, e.g. via a phone link or SMS (Short Message Service), the user being required to input the received secret code on the terminal to validate the transaction. Another known solution provides an additional hardware device to each of the users, this device generating the single-use secret code after an authentication of the user by means of credentials such as a password or biometric data. These solutions are burdensome for the users who do not always have nearby a phone or mobile or wireless network coverage, or this hardware device, when they are required to validate a transaction. The solution requiring an additional hardware device is costly for the banking organizations. In addition, the solution using a secret code transmitted by SMS does not provide sufficient high security level since it has already been subjected to successful attacks.
Therefore, it may be desirable to propose a method for securing a sensitive operation performed using a non-secure terminal, such as a transaction, e.g. a payment transaction, or a user authentication, or more generally an operation requiring a protection against tampering. It may also be desirable to protect secret data input by users and transaction data transiting through such a non-secure terminal. Further, it may be desirable to make the proposed method compatible with all existing terminals, even with terminals of low computation power.
SUMMARYA method is disclosed for authenticating a user, the method comprising: receiving a software component configured to generate an image frame including encrypted information; executing the software component, the execution of the software component generating the image frame; displaying the image frame; superimposing on the image frame a semi-transparent image comprising transparent and opaque pixels configured to make the encrypted information intelligible to the user; acquiring from the user a response depending on the information; and transmitting the acquired response to a secure processor, the user being authenticated or not by the secure processor as a function of the acquired response.
According to an embodiment, the user is authenticated when the acquired response corresponds to the information and to a secret information shared by the user and the secure processor.
According to an embodiment, the software component is executed once to generate the image frame which is displayed for authenticating the user, and set to invalid.
According to an embodiment, the semi-transparent image is printed on a transparent tag, or displayed on a transparent display.
According to an embodiment, the information: comprises a series of labels of a keypad having a key layout specific to the software component, the response from the user comprising key positions of keys of the keypad selected by the user, or comprises a series of labels of a keypad and a validation code, the series of labels and the validation code being specific to the software component, the response from the user comprising key positions of keys of the keypad selected by the user, or specifies a biometric challenge, the response from the user comprising biometric data inputted by the user using a biometric sensor.
According to an embodiment, the method further comprises: generating the software component by the secure processor, setting the software component to valid, by the secure processor, when transmitting the software component to the user terminal, and setting the software component to invalid, by the secure processor, after a first period has elapsed or subsequent to receiving, by the secure processor, an execution report of the software component from the user terminal, an execution report related to a software component set to invalid being rejected by the secure processor.
According to an embodiment, the software component is configured to generate encrypted parts of the encrypted image frame, the method further comprising: receiving a decryption mask from the secure processor; applying a partial decryption operation to each generated encrypted image frame parts using a decrypting mask to obtain partially decrypted image frame parts; and inserting each partially decrypted image frame parts in an image frame background to generate the image frame.
According to an embodiment, the partial decryption operation combines each pixel value provided by the software component with a corresponding pixel value of the decryption mask by an Exclusive OR operation.
According to an embodiment, the software component is encoded as a garbled circuit comprising circuit inputs, circuit outputs, logic gates and wires, each logic gate having two inputs and one output, each wire having a first end connected to one of the circuit inputs or to one of the logic gate outputs and a second end connected to one of the logic gate inputs or to one of the circuit outputs, the garbled circuit being generated by selecting a valid data for each binary state of each of the wires, and by computing for one logic gate of the garbled circuit, truth table values as a function of each valid data of each input of the logic gate, each valid data of the output of the logic gate and a logic operation performed by the logic gate.
Embodiments may also relate to a user terminal configured to: receive a software component configured to generate an image frame including encrypted information; execute the software component, the execution of the software component generating the encrypted image frame; display the encrypted image frame, the encrypted information being decrypted by superimposing on the image frame a semi-transparent image comprising transparent and opaque pixels configured to make the encrypted information intelligible to the user; acquire from the user a response depending on the information in the displayed image frame; and transmit the acquired response to a secure processor, the user being authenticated or not by the secure processor as a function of the acquired response.
According to an embodiment, the terminal is further configured to execute the operations performed by a terminal in the method as previously disclosed.
According to an embodiment, the secure processor is a secure element connected to a main processor of the terminal.
According to an embodiment, the secure processor belongs to a remote server linked to the terminal through a data transmission network.
Embodiments may also relate to a secure element configured to execute the operations performed by a secure processor in the method as previously disclosed, wherein the secure element is connected to a main processor of a terminal.
Embodiments may also relate to a server configured to execute the operations performed by a secure processor in the method as previously disclosed, the server being linked to the terminal through a data transmission network.
Embodiments may also relate to a computer program product loadable into a computer memory and comprising code portions which, when carried out by a computer, configure the computer to carry out the method as previously disclosed.
Examples of the method and/or device may be better understood with reference to the following drawings and description. Non-limiting and non-exhaustive descriptions are described with the following drawings.
In the figures, like reference signs may refer to like parts throughout the different figures unless otherwise specified.
In the following, the term “secure” is employed according to its plain meaning to those of ordinary skill in the art and encompasses, in different embodiments, security arising from techniques such as encryption, or other types of software or hardware control used to isolate information from the public or to protect it against unauthorized access or operation. The expressions “secure communication” and “secure communication link” refer to communications that are encrypted using public/private key pairs, or symmetrical key encryption with keys shared between communicating points. “Secured communications” can also involve virtual private networks, and other methods and techniques used to establish authenticated and encrypted communications between the communicating points.
According to an embodiment, an authentication server ASRV is configured to implement a method for authenticating a user during transactions involving an application or service provider server SSRV and a user terminal UT, based on a two-factor authentication scheme.
The terminal UT can further comprise a secure element SE, such as a secure processor that can be standalone or embedded into a smartcard UICC. The secure processor SE can be for example a SIM (“Subscriber Identity Module”) card, or a USIM (“Universal Subscriber Identity Module”), providing an access to a cellular network. The secure processor SE can include an NFC (“Near Field Communication”) circuit to communicate with a contactless reader. The NFC circuit can be embedded into a SIM card (SIM-NFC) or a UICC card, or into a SoC (“System on Chip”) circuit, or in an external memory card, for example an “SD card”. The circuits NIT can include a mobile telecommunication circuit giving access to a mobile cellular network and/or to the Internet network, through the cellular network, and/or a wireless communication circuit (Wi-Fi, Bluetooth™, or any other radio frequency or wireless communication methodology), and/or any other wired or wireless connection circuit that can be linked to a data transmission network such as Internet.
In steps S4 and S5, the authentication server ASRV generates a single-use link token LTK (dedicated to registration of the user identified in step S2) and transmits it to the server SSRV in response to the registration request RGRQ. The link token LTK establishes a link between the received user identifier UID and the service identifier SID. The link token LTK has a time-limited validity that may be fixed to a value between several minutes out several hours. Instep S6, the server SSRV receives the link token LTK and transmits it to the terminal OT. In step S7, the terminal OT displays the link token LTK.
In step S8, the user downloads and/or installs an application APP dedicated to user authentication in a user terminal UT to be used for authentication and involving the authentication server ASRV. The terminal UT may be the terminal OT or another terminal (a mobile phone, a smartphone, a smartwatch, a personal computer, a payment terminal and a digital tablet, or any equipment having communication and man-machine interface capabilities). Steps S9 to S13 are performed at a first execution of the application APP. In step S9, the application APP generates a unique device identifier DID of the terminal UT. Then, the user is invited to choose a password PC and to input the link token LTK received and displayed in steps S6, S7. In steps S10 and S11, the user inputs a password PC and the link token LTK. The link token LTK may be displayed in the form of an optical code, such as a QR code, and captured on the display screen of the terminal OT by the application APP using the camera of the terminal UT. In step S12, the application APP transmits a registration message ERP to the authentication server ASRV, this message containing the device identifier DID, the password PC and the link token LTK. In step S13, the server ASRV checks the validity of the received link token LTK. A link token may be considered invalid, when its validity period has elapsed, or when it has been already used once or a predefined number of times to identify a device. If the link token is valid, the server ASRV stores the device identifier DID and the password PC in a user database UDB in step S14. In step S15, the server ASRV transmits a message RP in response to the request RGRQ to the service provider server SSRV. The message RP contains the user identifier UID and a status of the registration depending on the validity check of the link token performed in step S13.
If the check performed in step S13 succeeds, the user terminal UT is regularly registered by the server ASRV and thus it can be used as a second authentication factor associated with the user, the authentication of the user by the service provider server SSRV being considered as a first authentication of the user.
In step S22, the authentication server ASRV receives the request ARQ, and generates a unique transaction identifier TID. The authentication server ASRV further searches the database UDB for device identifiers DID corresponding to the user identifier UID, and generates a transaction validation code CC, preferably of single-use, and a distinct dedicated software component GC for each of the user terminals UT corresponding to the devices identifiers DID found in the database UDB. Since the software component GC is designed to display the validation code CC, it is specific to this code. In step S23, the server ASRV sends to the terminal UT structure and content data GCD defining the software component GC and including input data of the software component in an encrypted form, a final mask IMSK to be applied to image frame parts generated by the software component circuit, and a cryptographic data GCK to be used to execute the software component. In step S24, the server ASRV sends an acknowledge message ACK to the server SSRV, this message containing the user identifier UID and the transaction identifier TID. In step S25, the application APP executed by the terminal UT receives the data GCD, IMSK, GCK related to the software component GC and transmitted in step S23, and sends an acknowledge message AKM to the server ASRV. If the application APP is not currently running on the terminal UT, the reception of the data related to the software component may trigger the execution of the application APP. In step S26, the server ASRV sends to the terminal UT a request RGC to execute the software component GC. In step S27, the reception of the notification RGC triggers the execution by the application APP of the software component GC which generates an image frame showing, for example, a keypad having keys, the message MSG and one or more digits of the single-use transaction validation code CC having, for example two or more digits.
According to an embodiment, the keys of the keypad are arranged in a randomly selected layout in the displayed image frame, and the image parts where the labels of the keys and the digits of the validation code are displayed, are generated in an encrypted form, such that the displayed key labels and the validation code are not intelligible to a human (the respective functions performed by the keys of the keypad cannot be determined by the user from the displayed encrypted key labels), but become intelligible by positioning a semi-transparent device on the displayed image frame, so as to superimpose complementary pixel patterns respectively in the displayed image frame and in an image displayed by the semi-transparent device, the image displayed by the semi-transparent device comprising opaque and transparent pixels. The image part where the message MSG is displayed may be also generated in an encrypted form.
In step S28, the user of the terminal UT inputs the password PC and the displayed validation code CC. In the example of a smartphone, the user uses the displayed keypad, and touches corresponding positions POSi of the keys of the displayed keypad. In step S29, the application APP transmits the sequence of positions POSi selected by the user with the device identifier DID to the server ASRV. In step S30, the server ASRV determines the password PC1 and the code CC1 corresponding to the positions POSi typed by the user. Since the keypad used to input the positions POSi was displayed by the software component GC which was generated by the server ASRV, the server ASRV knows the displayed keypad layout and thus can determine the keys labels corresponding to the positions POSi, and consequently the values of the password and validation code typed by the user. In step S31, the server ASRV checks the compliance of the entered password PC1 and validation code CC1 with the ones (PC, CC) stored in the database UDB in association with the device identifier DID. For security reasons, the database UDB may only store a hash value HPC instead of a clear value of the password PC entered in step S10, the verification operation of the password PC being performed by applying a hash function to the typed password PC1 and by comparing the result of the hash function with the hash value HPC of the password PC stored in the database UDB. In step S32, the server ASRV transmits to the service provider server SSRV using the address SURL, an authentication response containing the user identifier UID and the result of the verifications performed in step S31. In this way, the user corresponding to the identifier UID is authenticated and the transaction TID may be validated only when the typed password PC1 and validation code CC1 match the password PC stored in the database UDB and the validation code CC corresponding to the software component GC sent by the server ASRV to the user terminal UT in step S23.
In one embodiment, the input of the password PC in step S10 is performed by executing twice the steps S27 to S30 using two different software components to get two passwords from the user. After each execution of steps S27 to S30, the validation code CC1 is checked and the password PC1 entered by the user is validated by the server ASRV only if the validation code CC1 entered by the user is the same as the validation code CC displayed by the user terminal UT executing one software component GC. After two successful executions of steps S27 to S30, each providing a validated password PC1, the validated passwords PC1 entered during the first and second execution of the steps S27 to S30 are compared, and if they are identical, the password PC1 is stored in the database UDB to assign it to the user terminal UT. In addition, steps S11 to S15 are executed only once the password PC1 entered by the user is stored in the database UDB. In this way, only the positions POSi typed by the user are transmitted from the user terminal UT to the server ASRV. Therefore, a malware installed in the terminal UT or a man-in-the-middle attack between the server ASRV and the user terminal UT cannot discover the typed codes PC and CC without executing the software component. If this happens, the hacker performing the attack sends a message ARP to the server ASRV (as in step S29). Thus the server ASRV can receive two messages ARP for a same transaction or from the same user terminal UT, one from the authenticated user and one from the hacker, and can device to invalidate the transaction or raise a flag or perform any other specific action related to this event.
According to an embodiment, the message ARP is transmitted by the user to the server ASRV (step S29) by another transmission channel.
The operation of checking the received link token in step S13 can be performed by comparing the received link token LTK with the token stored in step S4 in the table LNK. The received link token is retrieved in a record of the table LNK in relation with a user identifier UID having a device corresponding to the device identifier DID received by the server ASRV in step S12, and according to the table DEV. If not the case, the received link token is considered as invalid and the user terminal UT is not registered in the table DEV.
Instead of being performed by the application APP, the steps S22, S25, S27 and S29 may be performed within or by a web browser installed in the terminal UT, the steps S25, S27 and S29 being performed by a script executed by the web browser, such as a script written in “JavaScript”, and transmitted for instance in a web page by the server ASRV. In an embodiment, those transmissions may be encrypted, to enhance security level.
According to an embodiment, the key labels KYL and the digits of the validation code CC are displayed in encrypted parts of the image frame FRM, which can be decrypted using a corresponding semi-transparent display device TDD (
In the example of
In the example of
The displayed keypad KYPF may not need to have a validation key “V”, the validation of the typed codes being performed when the user inputs the last digit of the password PC and validation code CC to be typed. For example, if the password PC comprises four digits and the validation code CC two digits, the execution of the software component GC can be ended when the user inputs six digits. The cancel key “C” can be managed either to delete the last typed digit or all the previously typed digits. The effects of the cancel key “C” may be shown to the user by erasing one or all dots in the display zone FBD.
In this way, only a user in possession of the semi-transparent device TDD corresponding with the software component used to display the image frame FRM, can have access to the displayed encrypted information which becomes intelligible when the semi-transparent device TDD is correctly superimposed on the displayed image frame FRM. Therefore it is not possible for a malware installed on the user terminal to get the displayed encrypted information simply by performing a screenshot of the display screen. It may be observed that each pixel pattern of the image OMSK can be used to display indifferently a black or grey resulting pixel pattern. Therefore, a same image on the semi-transparent device OMSK may be used with different image frames FRM to display different images IMG.
The image OMSK on the semi-transparent device TDD may be used only once with one software component, or a predefined maximum number of times with several software components.
The software component GC is arranged in layers of parallel logical gates that can be processed at the same time, so that the software component can be executed by parallel processing.
According to an embodiment, to generate image frames FRM as shown in
Each of the gates XGj performs a logical XOR operation with an input INi of the software component. Each of the inputs SGj is connected to an input of all gates XGj of the circuit SGCj. Each gate XGj also receives one of the input values INc1-INcp and provides one pixel value PXj1-PXjp to the output of the circuit GC.
Each of the circuits FPCb comprises one logic gate XGb performing a logical XOR operation per pixel PXb controlled by the software component GC and distinct from a segment pixel in the image frames FRM. Each of the gates XGb in the gate layer L1 receives two input values INb1, INb2 of the software component GC and provides one pixel value PXb. The logic gates XGj are located in gate layer L1. The number of input values INb, INc can be limited to a value around the square root of the number of pixels PXb, PXj controlled by the software component GC. Of course, the digits can also be controlled and/or arranged (e.g. with more segments) to display other signs than numbers such as alphabetic characters or more generally symbols including ASCII characters.
In the example of the software component GC of
According to one embodiment, the position, the orientation and shape of each segment SG are varied by one or several pixels, depending on the display resolution of the user terminal, from one software component to another. This provision makes it more difficult to determine the image OMSK displayed by the semi-transparent display device TDD from several image frames FRM used with this image.
It may be observed that the term “segment” as used herein designates a set of pixels that are controlled by a same one of the segment values SGj. The set of pixels forming a segment is not necessarily formed of adjacent pixels, but can comprise groups of adjacent pixels as the segments forming a key label KYL.
a unique software component identifier GCID,
a number set DIM comprising a number d of input values INb, INc, a number n of input values SGj, a number z of output values PXi, PXj of the circuit GC, a number g of gates XGb, XGj in the circuit, a number w of wires in the circuit, and a number y of gate layers L1 of parallel logic gates in the circuit GC,
an input data table INLB comprising all values of the inputs INb, INc of the circuit GC, for example numbered from 1 to d, as specified for the execution of the software component,
an input data table SGLB comprising all values of the input data SGj of the software component GC, numbered from 1 to n, for the execution of the software component,
a gate wire table GTW defining two input wires numbers IN1, IN2, an output wire number ON and a type identifier GTYP of each logic gate of the software component GC, the gates of the circuit being numbered from 1 to g, and
a gate truth table GTT comprising four values OV00, OV01, OV10, OV11 for each of the logic gates of the software component GC.
In the example of
According to an embodiment, the input values INb, SGj, INc and the output values PXb, PXj of the garbled circuit GC, and of the logic gates XGb, XGc, each representing a binary logical state 0 or 1, are defined by numbers of several bits, for example 64 or 128 bits. In this way, each input and output within the garbled circuit GC has only two valid values, and all the other possible values, when considering the size in bits of these values, are invalid. When the software component GC is generated, the two valid values of each input SGj, INb, INc of the software component are randomly chosen, provided that the least significant bit of the two valid values are different, these least significant bits being used to select one value in the truth table of the logic gate when computing the output values of the logic gates, and to determine the logical states of the outputs of the circuit GC.
The truth table GTT[i] of each of the logic gates comprises four values OV00, OV01, OV10, OV11, each corresponding to a combination (0, 0), (0, 1), (1, 0), (1, 1) of binary input values corresponding to the input values of the logic gate. The topology of the software component GC may be defined in the table GTW, by numbering each wire of the software component, i.e. each input wire of the software component from 1 to INN(=d+n) and each output of the logic gates from (INN+1) to (INN+g), and by associating to each logic gate of the software component GC one record of the table GTW comprising two wire numbers IN1, IN2 to the two inputs of the gate and one wire number ON to the output of the gate. The wire numbers of the outputs of the software component GC are numbered from (INN+g−z+1) to (INN+g).
The XOR gates XGb, XGc can be executed either by using a truth table which is encoded in the table GTT, or by applying XOR operations to each pairs of bits of same rank in the input values of the gate. In the latter case, the field GTYP of the table GTW defines whether the gate is a XOR gate or another gate, and the table GTT comprises one record for each gate distinct from an XOR gate.
According to an embodiment, each value in the tables INLB, SGLB, GTT is encoded by a 128-bit word, and each record of the table GTW is encoded on a 64-bit word, the wire numbers IN1, IN2, ON being encoded on 21-bit words. The table GTW can be transmitted from the server ASRV to the terminal UT in a compressed form, for example using the gzip compression scheme.
According to an embodiment, the order of the logic gates in the gate tables GTW, and GTT can be defined randomly, provided that the table records GTW[i] and GTT[i] at the index i refer to the same gate.
The module GCI is a dedicated interpreting module configured to successively execute each of the logic gates of each gate layer, as defined by the data in the input data structure GCD, starting with the first gate layer. To this purpose, the interpreting module GCI can use a wire table receiving the value of each wire of the software component GC, written in the table at an index corresponding to the wire number of the wire value. The wire table is first loaded with the input values INb, INc, RDkVq1, AD1Vq2 of the software component, written in the table at indexes (between 1 and INN=d+n) corresponding to wire numbers assigned to the input values. Then the computed output value of each executed logic gate is written in the wire table at an index corresponding to the wire number of the output of the executed logic gate. At the end of the software component execution, the wire table comprises the values of the outputs of the software component GC at indexes from (INN+g−z+1) to (INN+g).
The output value of each logic gate can be computed by applying a non-reversible function applied to both input values of the gate and to one value selected in the truth table of the gate, as a function of the least significant bit of each of the two input values:
OV=PF1(IN1,IN2,GG) (1)
where IN1 and IN2 represent the input values of the gate, GG=GTT[IN1{0}//IN2{0}], IN1{0} and IN2{0} represent the least significant bit of the input values IN1, IN2, “II” represents the bit concatenation operator, GTT represents the four-element truth table of the gate, and PF1 represents the non-reversible function.
According to an embodiment, the function PF1 can use an encryption function such as AES (Advanced Encryption Standard) using an encryption key assigned to the software component. In this case, the encryption key GCK can be stored in the structure and content data GCD of the software component GC. For example, the output value OV of a logic gate can be computed as follows:
OV=AES(GCK,K)⊕K⊕GG (2)
with K=CF(IN1,IN2)⊕T, “⊕” represents the Exclusive OR (XOR) operator, T represents a number assigned to logic gate, for example the number of the logic gate, and can also depend on the values of the inputs IN1, IN2, CF represents a combination function, and AES(GCK, K) represents an encrypted value of K by the AES encryption algorithm using the encryption key GCK. The combination function can be an XOR operation or an operation in the form:
CF(IN1,IN2)=SH(IN1,a)⊕SH(IN2,b), (3)
SH(X,a) representing a left shift operation of X by a number a of bits.
The least significant bit of each output data PXv (PXb, PXj1-PXjp) of the software component GC provided by the module GCI is considered as a pixel value PXv. The module XRG combines the least significant bit of each output value PXv provided by the software component GC with a respective mask bit value MKv belonging to an image mask IMSK provided in the structure and content data GCD. The combination operation used can be an XOR operation XRv which provides a pixel value PX′v for each output data PXv. The respective least significant bits of the output values PXv of the software component GV may represent white noise since the output values of the software component including the least significant bit thereof are randomly chosen. Thus the image parts generated by the software component are in an encrypted form, and are decrypted using the image mask IMSK.
The image mask IMSK comprises the message MSG, such that when combined with the pixels PXv provided by the software component GC, the message MSG becomes intelligible when combined with the semi-transparent image OMSK. The image mask IMSK is configured to make the pixels PXv of a digit segment SG or of the message MSG visible or invisible in the observable image IMG as a function of the value of the corresponding pixel PXv and the corresponding pixel in the image OMSK displayed by the semi-transparent display device TDD.
Segments SG or pixels PXv are invisible or visible in one of the observable image IMG when they are displayed respectively with a background color of the image IMG, or with a color different from the background color. The background color is defined by the color of the pixels around the considered segment SG, and may vary as a function of the position of the segment within the image frame FRM. In another embodiment, the segments are displayed on a background image. Each pixel of an invisible segment is displayed with the color of the corresponding pixel in the background image which is located below the segment pixel.
According to one embodiment, the final mask IMSK is transmitted to the terminal UT in step S23 using another communication channel, for higher security.
The interconnection matrix XM1 defines where the pixels PX′v corresponding to the input values of the software component GC are inserted into the generated image frames FRM. The input values INb, INc of the software component GC define in relation with the image mask IMSK if the corresponding pixel PX′v in output of the software component GC is visible or invisible through the semi-transparent image OMSK. The respective binary states of the input values INb, INc of the software component GC can be randomly selected at the time the software component is generated, the image mask IMSK being then generated as a function of the interconnection matrix XML the structure of the gates in the layer L1 and the image IMG to be observed through the semi-transparent image OMSK.
The mapping module MPF inserts groups of pixels values PX′v provided by the module XRG, at suitable positions into a background image frame BCKF to generate one of the image frames FRM to be displayed. In particular, the module XRG provides a group of pixels PX′v which forms the banner frame BNF as shown in
According to another embodiment, the unmasking operation performed by the module XRG could be combined with the generated image frames FRM, i.e. after the image mapping operation performed by the mapping module MPF. Therefore the mask IMSK may have the size of the background image frame BCKF or the image frames FRM.
According to an embodiment, the input of a password may be not requested to authenticate the user, only the displayed validation code CC being requested to the user.
According to one embodiment, each time the terminal UT has to perform a new authentication, a new software component GC displaying a keypad KYP with different key layouts and displaying a different validation code CC is executed in step S27.
According to an embodiment, in order to avoid the transmission of one software component GC (in step S23), each time the user terminal is required to perform a new authentication, several alternative software components (defined by the structure and content data GCD) can be downloaded in the terminal UT in one time, and the terminal UT selects a non-already executed software component each time it has to perform a new authentication. As an example, several software components are downloaded with the application APP when the latter is downloaded and installed in a user terminal UT. Then, when one or several software components are used, a new set of software components can be downloaded from the server ASRV to the terminal UT, for example when the terminal has an efficient network connection.
According to an embodiment, several alternative software components are stored in the terminal UT in an encrypted form, and each time the terminal UT executes a new software component, the server ASRV sends a corresponding decryption key to the user terminal.
According to an embodiment, only a part of each of the software components is downloaded into the terminal UT. The downloaded part of each software component can include the data GCID, DIM, NBGL, GTW. Each time the terminal UT has to perform a new authentication, the server ASRV only transmits to the terminal the data INLB, SGLB, GCK and IMSK, in step S23. Then, the terminal UT transmits the identifier GCID of the software component used for authentication to the server ASRV, for example in step S25 or S29. When the server ASRV receives a software component identifier GCID from a user terminal UT, it checks in the database UDB that the received identifier GCID corresponds with a next unexecuted or valid software component previously transmitted to the terminal UT. If the received identifier does not correspond with a next unexecuted or valid software component previously transmitted to the terminal UT, the server ASRV invalidates the user authentication and the corresponding transaction. The server ASRV may also invalidate a previous transaction performed with the same software component (corresponding to the same identifier GCID).
According to an embodiment, the server ASRV can assign a validity indicator (for example in the table GCP of
In the embodiments using garbled circuits, the generation of a software component, performed by the server ASRV in step S22, comprises generating random values representing the binary states 0 and 1 of the input bits and of the output bits of the logic gates of the software component, some of the logic gate outputs corresponding to outputs of the garbled circuit. The generation of a software component further comprises randomly selecting the interconnection matrix XM1, i.e. randomly selecting the links between the inputs of the software component and the inputs of the logic gates of the software component, and between the outputs of some logic gates and the inputs of other logic gates (definition of the table GTW). The generation of a software component further comprises defining the truth tables GTT of the logic gates of the software component, and encrypting each value of these truth tables using an encryption key. The generation of a software component further comprises the generation of the decryption mask IMSK as a function of the selected valid output values of the garbled circuit, and the image OMSK displayed by the semi-transparent display device TDD. Even when the image OMSK is fixed, the generation of the garbled circuit and the mask IMSK provides a sufficient number of degrees of freedom to enable the generation of a huge number of different garbled circuits and mask IMSK that may be used only once to perform a single user authentication.
According to an example, each four values G (=GTT[IN1{0}//IN2{0}]) of the truth table of a logic gate of the software component GC can be computed as follows:
G=PF2(IN1,IN2,OV) (4)
for each possible combination of the valid values of the inputs IN1, IN2 and the output OV, when considering the binary states corresponding to the valid values of IN1, IN2 and OV, and the logic operation performed by the logic gate, PF2 representing a non-reversible function. According to the example defined by equation (2), each four values G of the truth table of a logic gate can be computed as follows:
G=AES(GCK,K)⊕K⊕OV (5)
with K=CF(IN1,IN2)⊕T.
As a consequence, it is very difficult to determine the binary states of the input and output values and the function of the logic gates of the software component. Therefore, the functioning of the software component GC cannot be easily determined. In addition, the software component can process only the two valid values of each input of the circuit, among a huge number of invalid values. Therefore, it is not possible to apply any values to the inputs of the software component. For more details on garbled circuits, reference may be made to the document “Foundations of Garbled Circuits”, Mihir Bellare, Viet Tung Hoang, Phillip Rogaway, dated Oct. 1, 2012.
A hacker or a malware program executed by the terminal UT may be able to get the password PC input by the user in step S10. However, the knowledge of this password is not sufficient for the hacker to be authenticated in steps S21 to S32 since the typed positions POSi corresponds to the keypad KYP and validation code CC displayed by the execution of the software component GC transmitted to the terminal UT in step S23. The hacker or malware has a very short time to get the keypad key layout by analyzing the displayed image frames FRM or by executing or analyzing the software component.
When the server ASRV generates the software component GC, it can be decided to use another bit rank in the values of the wires of the software component for defining the corresponding binary state of these values. The bits at the selected bit rank in the input values a logic gate AGi are used to select a data in the truth table GTT of the logic gate, and the bits at the selected bit rank in the output values PXi of the software component GC are extracted and applied to the module XRG.
Instead of displaying a keypad with a variable key layout, the software component GC and corresponding mask IMSK may be configured to display a biometric challenge, requesting the user to input a response using a sensor that can be used as a biometric sensor. The sensor may be a camera, a fingerprint sensor or a microphone (or an iris sensor, a heart rate monitor, a glucose monitor, a blood pressure sensor, . . . ). In this case, the user may be invited in step S10 to introduce in the terminal UT requested biometric data using sensors of the terminal UT (or sensors securely associated with the terminal), for example according to displayed instructions. According to examples, the user can be instructed to enter fingerprints of several or all of his fingers using a fingerprint sensor, and/or to pick up pictures of his face (e.g. left, front, right pictures), using a camera (a conventional imaging camera, or any other type of camera such as thermal or infrared camera), and/or voice recordings by saying a list of words, letters, or figures displayed by the terminal UT, using a microphone. In step S12, the biometric data entered by the user are transmitted to the server ARSV and stored in the user database UDB. When the software component is executed at step S27, the user introduces the requested biometric data corresponding to the biometric challenge in the image frames displayed by the software component (step S28). In step S29, the biometric data introduced by the user are transmitted to the server ARSV. In steps S30, S31, the server ASRV compares the received biometric data with those stored in the user database UDB and corresponding to the user.
In another embodiments, the biometric challenge can be for instance “Say the words <number1>, <number2> and <number3>” or “Pronounce the letters <number1> and <number2> of the <number3> word”.
According to an embodiment, to prevent the displayed numbers ND (in
According to an embodiment, the software component GC and the mask IMSK are configured such that the pixels defining the kind of the requested answer (key selection in a keypad as in
The value PXIv of a pixel PX′v of the generated image frame FRM, and observed through the semi-transparent image OMSK can be computed as follows:
PXIv=PX′v OR OKv (6)
where OKv is a corresponding pixel of the semi-transparent image OMSK, and PX′v=PXv XOR MKv. If the pixel OKv is opaque, the pixel PXIv of the observed image IMG, IMG1-IMG3 has the color of the opaque pixel OKv, and if the pixel OKv is transparent, the pixel PXIv has the color of the pixel PX′v in the image frame FRM. The pixel OKv can be a colored transparent pixel. In this case, the color of the pixel PXIv is a combined color of the colors of the pixel OKv and the pixel PX′v.
According to an embodiment, the semi-transparent image OMSK is a transparent tag on which black pixels are printed, which may be transmitted to the user after his enrollment with the server ASRV (after step S14). It is observed that the equation (6) highlights several degrees of freedom for the definition of the mask IMSK and the software component, even if the pixels of the semi-transparent image OMSK are fixed (e.g. printed).
According to another embodiment, the semi-transparent display device TDD is controllable to display different images. To this purpose, the display device TDD may comprise connection or communication circuits to securely receive the image(s) to be displayed. An identifier of the display device TDD may be registered in the user database UDB and used by the server ASRV to ensure that a given semi-transparent image OMSK is selectively transmitted to the user device TDD as registered in the database UDB. The transmission of the image OMSK to the user device TDD may be performed using a secure communication link, for example, involving cryptography using a secret key. The display device TDD may be a passive device storing one or several hard coded image(s) to be displayed (e.g. stored in a previous initialization step and/or that can be updated or not).
For example, the display device TDD can be separated from the user terminal and integrated for example into a semi-transparent IoT device or into a flap linked to the housing of the user terminal UT. The display device TDD can be also integrated into a lens of connected eyeglasses or connected ophthalmic lenses, such that the user has to move his head to position the image OMSK displayed by the display device TDD to superimpose it to the image frame FRM displayed by the user terminal UT.
The illustrations described herein are intended to provide a general understanding of the structure of various embodiments. These illustrations are not intended to serve as a complete description of all of the elements and features of apparatus, processors and systems that utilizes the structures or methods described therein. Many other embodiments or combinations thereof may be apparent to those of ordinary skills in the art upon reviewing the disclosure by combining the disclosed embodiments. Other embodiments may be utilized and derived from the disclosure, such that structural and logical substitutions and changes may be made without departing from the scope of the disclosure.
The methods disclosed herein may be totally or partially implemented by software programs executable by the main processor HP (CPU) of the user terminal UT, and/or at least partially by the graphic processor GP of the user terminal UT.
Further, the methods disclosed herein are not limited to displaying sensitive information such as a keypad with a randomly selected layout and a validation code, or a biometric challenge. Indeed, the object of such a display is to check that the user knows a secret data shared with the server ASRV and perceives information presented by the terminal in a way perceptible only by a human. Alternative challenge-response schemes can be implemented in other embodiments. According to an embodiment, the displayed message MSG may request the user to input a combination such as the sum or the multiplication of the digits of the displayed validation code CC.
According to embodiments, the display screen DSP may be separated from the user terminal UT. For example, the display screen may be the one of a smartwatch, a smart glass or a virtual reality or an augmented reality headset, and the user terminal may be a smartphone, a tablet or a laptop/desktop computer. In some embodiments, the communication link between the display and the user terminal may be wireless. For example, the communication link may be a one or a combination of Bluetooth, Wi-Fi, or any other radio frequency or wireless communication technology.
According to some embodiments, the biometric sensor is separated from (e.g. not part of) the user terminal UT. In addition, the biometric data BIOD may be acquired using various sensors used separately or in combination. In the example of a heart-rate monitor, a smartwatch may provide the biometric sensor and the display to be used to display the biometric challenge. In another embodiment, a glucose monitor wore separately may be used. Also, in other embodiments, a heart-rate monitor may be combined with a thermal imaging camera. In some embodiments, the communication link between the biometric sensor(s) and the user terminal may be wireless. In some embodiments, some if not all communication links may use secure protocols.
The challenge can be transmitted to the user using other means than by displaying it on a display screen. For instance, the challenge can be transmitted to the user by audio means using an audio cryptographic algorithm such as described in “Simple Audio Cryptography”, by Yusuf Adriansyah, dated Apr. 29, 2010. According to this algorithm, an original audio sequence is decomposed into a number of source audio sequences of the same length as the original audio sequence, in a way such that the original audio sequence can be reconstructed only by simultaneously playing all the source audio sequences generated by the decomposition, and such that it is very difficult to reconstruct the original audio sequence if any one of the source audio sequence is missing. Provision may be made to play two source audio sequences simultaneously, one via the terminal UT and the other via other means such as a portable device having a memory storing a source audio sequence and a headphone playing the stored source audio sequence without a microphone of the terminal hearing it. If the user hears an intelligible audio message by playing the two source audio sequences simultaneously, it means that the source audio sequence played by the portable device complements the source audio sequence.
Further, the methods disclosed herein are not limited to authenticating a user in view of validating a transaction. The methods disclosed herein may be applied to securely transmit secret or sensible information to or from a user, or more generally to securely perform a sensitive operation in a non-secure environment.
Further, the methods disclosed herein are not limited to a method comprising displaying image frames and introduction of secret data (PC, CC) using a single user terminal. The methods disclosed herein may be applied to securely authenticate a user on another connected device, the frame images being displayed on the user terminal or on a remote display such as a smartwatch, virtual or augmented reality glasses or lenses, or projected on a surface or in the form of a 3D image, or any IoT (Internet of Things) device having a display function or the like. Similarly, the biometric data may be input in another device connected to the user terminal. Similarly, the secret data may be input in another device connected to the user terminal or using voice or gesture. Therefore, the words “user terminal” may designate a single device or a set of devices including a terminal without a display, an IoT device, a smart home terminal, and any input terminal that allows the user to enter data.
The user terminal UT may be controlled by voice or gesture. Voice command may be translated to command. Each recognized command being equivalent to one of the positions POSi. The keypad may be replaced by any other representations such as the ones requiring a gesture, following a geometric figure or tracing links between dots. Further, the input terminal may be a 3D input terminal with which the user may interact by 3D gestures in the air. Therefore the positions POSi may be 3D coordinate positions in space.
In other embodiments, the display may be any display including for example an ATM, a vending machine, a TV, a public display, a projected display, a virtual display a 3D display or a hologram. In other embodiments, the terminal may be any input equipment including for example a touch screen, a game accessory, a gesture acquisition system, a voice or sound command system.
In other embodiments, the images frames FRM are generated without applying the mask IMSK, the semi-transparent display device TDD being active and receiving at least one image to be displayed that corresponds to the generated image frame FRM.
Further, the methods disclosed herein are not limited to an implementation involving an authentication server. Other implementations can involve a secure element within the user terminal, such as the secure processor SE shown in
According to an embodiment, the secure element SE in
Further, the methods disclosed herein are not limited to garbled circuits comprising gates having only two inputs and one output. Other types of gates with three or more inputs and one or more outputs or receiving data having more than two valid states may be implemented using truth tables having more than four lines.
Further, the methods disclosed herein are not limited to an implementation of the software component by a garbled circuit. Other implementations of the software component such as including obfuscated programs can be used to hide parts of the program loaded in the main processor of the terminal UT, and/or to prevent sensitive parts of the program from being unveiled or modified by unauthorized persons. Methods of obfuscating programs are disclosed for example in the documents “Obfuscating Circuits via Composite-Order Graded Encoding” Benny Applebaumy, Zvika Brakerskiz, IACR-TCC Dec. 1, 2015, and “How to Obfuscate Programs Directly”, Joe Zimmerman, IACR, 30 Sep. 2014.
More generally, the conception of a garbled circuit can be performed by translating a program written in language such as C or C++ into a circuit design language such as VHDL or Verilog to obtain a logic or Boolean circuit comprising logic gates.
Further, the methods disclosed herein are not limited to the use of a software component protected against tampering and reverse-engineering, such as generated using obfuscation or garbled circuit methods. As an example of such an application, the methods disclosed herein may be used to perform operations that do not require high security level, such as data privacy protection, video games (e.g. management of available virtual lives) or medical eye testing.
Further, the methods disclosed herein are not limited to an implementation involving a mask such the image mask IMSK to decrypt output values of the software component. Other implementations can generate and execute a software component directly outputting the pixels values to be displayed. In addition, the message MSG can be directly provided in the output pixel values. In addition the mask can be transmitted separately from the software component or the structure and content data thereof, e.g. via different transmission means, optionally after the execution of the software component, totally or in several parts.
Further, the methods disclosed herein can be implemented with a user terminal UT that only comprises a hardware keypad, the displayed frames FRM being displayed just to assign other key labels to the physical keypad. Thus, instead to touch positions of the display screen to input the positions POSi, the user activates hardware keys of the keypad in correspondence with the assigned labels shown in the displayed frames FRM.
The term pixel, as used herein for a standard display screen, may be understood as coordinates, either 2D coordinates for a 2D display or 3D coordinates for a 3D or stereo display or for a projected display or the like.
Further, the disclosure and the illustrations are to be considered as illustrative rather than restrictive, and the appended claims are intended to cover all such modifications, enhancements and other embodiments, or combinations thereof, which fall within the true spirit and scope of the description. Therefore, the scope of the following claims is to be determined by the broadest permissible interpretation of the claims and their equivalents, and shall not be restricted or limited by the foregoing description.
Claims
1. A method for authenticating a user, the method comprising:
- receiving a software component configured to generate an image frame including encrypted information;
- executing the software component, the execution of the software component generating the image frame;
- displaying the image frame;
- superimposing, on the image frame, a semi-transparent image including transparent and opaque pixels configured to make the encrypted information intelligible to the user;
- acquiring, from the user, a response depending on the encrypted information; and
- transmitting the acquired response to a secure processor, the user being authenticated by the secure processor as a function of the acquired response.
2. The method of claim 1, wherein the user is authenticated when the acquired response corresponds to the encrypted information and to a secret information known to the user and included in the secure processor.
3. The method of claim 1, wherein the software component is executed once to generate the image frame that is displayed for authenticating the user, and then set to invalid.
4. The method of claim 1, wherein the semi-transparent image is printed on a transparent tag, or displayed on a transparent display.
5. The method of claim 1, wherein the information:
- includes a plurality of labels of a keypad having a key layout specific to the software component, the response from the user including key positions of keys of the keypad selected by the user,
- includes a plurality of labels of a keypad and a validation code, the plurality of labels and the validation code being specific to the software component, the response from the user including key positions of keys of the keypad selected by the user, or
- specifies a biometric challenge, the response from the user including biometric data inputted by the user using a biometric sensor.
6. The method of claim 1, further comprising:
- generating the software component using the secure processor;
- setting the software component to valid, by the secure processor, when transmitting the software component to the user terminal; and
- setting the software component to invalid, by the secure processor, after a first period has elapsed or subsequent to receiving, by the secure processor, an execution report of the software component from the user terminal, an execution report corresponding with a software component set to invalid being rejected by the secure processor.
7. The method of claim 1, wherein the software component is configured to generate encrypted parts of the encrypted image frame, the method further comprising:
- receiving a decryption mask from the secure processor;
- applying a partial decryption operation to each generated encrypted image frame parts using a decryption mask to obtain partially decrypted image frame parts; and
- inserting each partially decrypted image frame part in an image frame background to generate the image frame.
8. The method of claim 7, wherein the partial decryption operation combines each pixel value provided by the software component with a corresponding pixel value of the decryption mask by an Exclusive OR operation.
9. The method of claim 1, wherein the software component is encoded as a garbled circuit including circuit inputs, circuit outputs, logic gates and wires, each logic gate having two inputs and one output, each wire having a first end connected to one of the circuit inputs or to one of the logic gate outputs and a second end connected to one of the logic gate inputs or to one of the circuit outputs, the garbled circuit being generated by selecting a valid data for each binary state of each of the wires, and by computing, for one logic gate of the garbled circuit, truth table values as a function of each valid data of each input of the logic gate, each valid data of the output of the logic gate and a logic operation performed by the logic gate.
10. A user terminal configured to:
- receive a software component configured to generate an image frame including encrypted information;
- execute the software component, the execution of the software component generating the encrypted image frame;
- display the encrypted image frame, the encrypted information being decrypted by superimposing, on the image frame, a semi-transparent image comprising transparent and opaque pixels configured to make the encrypted information intelligible to the user;
- acquire from the user a response depending on the encrypted information in the displayed image frame; and
- transmit the acquired response to a secure processor, the user being authenticated by the secure processor as a function of the acquired response.
11. The terminal of claim 10, wherein the user is authenticated when the acquired response corresponds to the encrypted information and to a secret information known to the user and included in the secure processor.
12. The terminal of claim 10, configured to execute the software component once to generate the image frame that is displayed for authenticating the user, and then set the software component to invalid.
13. The terminal of claim 10, wherein the semi-transparent image is printed on a transparent tag, or displayed on a transparent display.
14. The terminal of claim 10, wherein the information:
- includes a plurality of labels of a keypad having a key layout specific to the software component, the response from the user including key positions of keys of the keypad selected by the user,
- includes a plurality of labels of a keypad and a validation code, the plurality of labels and the validation code being specific to the software component, the response from the user including key positions of keys of the keypad selected by the user, or
- specifies a biometric challenge, the response from the user including biometric data inputted by the user using a biometric sensor.
15. The terminal of claim 10, wherein the software component is configured to generate encrypted parts of the encrypted image frame, the terminal being further configured to:
- receive a decryption mask from the secure processor;
- apply a partial decryption operation to each generated encrypted image frame part using the decryption mask to obtain partially decrypted image frame parts; and
- insert each partially decrypted image frame part in an image frame background to generate the image frame.
17. The terminal of claim 16, wherein the partial decryption operation combines each pixel value provided by the software component with a corresponding pixel value of the decryption mask by an Exclusive OR operation.
18. The terminal of claim 10, wherein the software component is encoded as a garbled circuit including circuit inputs, circuit outputs, logic gates and wires, each logic gate having two inputs and one output, each wire having a first end connected to one of the circuit inputs or to one of the logic gate outputs and a second end connected to one of the logic gate inputs or to one of the circuit outputs, the garbled circuit being generated by selecting a valid data for each binary state of each of the wires, and by computing, for one logic gate of the garbled circuit, truth table values as a function of each valid data of each input of the logic gate, each valid data of the output of the logic gate and a logic operation performed by the logic gate.
19. The terminal of claim 10, wherein the secure processor is a secure element connected to a main processor of the terminal.
20. The terminal of claim 10, wherein the secure processor belongs to a remote server linked to the terminal through a data transmission network.
21. A secure element connected to a processor of a terminal and configured to:
- transmit, to a user terminal, a software component configured to generate an image frame including encrypted information, the encrypted information becoming intelligible to the user when a semi-transparent image including transparent and opaque pixels is superimposed on the image frame;
- receive, from the user terminal, a response acquired from a user and depending on the encrypted information; and
- authenticate the user when the acquired response corresponds with the encrypted information.
22. A server linked to a user terminal through a data transmission network and configured to:
- transmit, to a user terminal, a software component configured to generate an image frame including encrypted information, the encrypted information becoming intelligible to the user when a semi-transparent image including transparent and opaque pixels is superimposed on the image frame;
- receive, from the user terminal, a response acquired from a user and depending on the encrypted information; and
- authenticate the user when the acquired response corresponds with the encrypted information.
23. The server of claim 22, further configured to:
- generate the software component;
- set the software component to valid, when transmitting the software component to the user terminal; and
- set the software component to invalid after a first period has elapsed or subsequent to receiving an execution report of the software component from the user terminal, an execution report corresponding with a software component set to invalid being rejected.
24. A computer program product loadable into a computer memory and comprising code portions which, when carried out by a computer, configure the computer to:
- receive a software component configured to generate an image frame including encrypted information;
- execute the software component, the execution of the software component generating the encrypted image frame;
- display the encrypted image frame, the encrypted information being decrypted by superimposing, on the image frame, a semi-transparent image comprising transparent and opaque pixels configured to make the encrypted information intelligible to the user;
- acquire, from the user, a response depending on the encrypted information in the displayed image frame; and
- transmit the acquired response to a secure processor, the user being authenticated by the secure processor as a function of the acquired response.
Type: Application
Filed: Apr 29, 2019
Publication Date: Aug 22, 2019
Inventors: Jean-Luc Leleu (Paris), Guillaume Pitel (L'Hay Les Roses)
Application Number: 16/398,071