Electronic signatures are used whenever it is necessary to identify with certainty the creator or sender of an electronic document or record and to guarantee the integrity of the signed electronic information. An example of a security-critical field which is becoming increasingly important in daily life are banking applications such as home banking or mobile banking. It is immediately apparent what might happen if a malicious third party were able to masquerade as the holder of a bank account that does not belong to him.
With the adoption of mobile systems for personal and business use, as well as by health services and public authorities, the risks that arise if the integrity of the transmitted information cannot be guaranteed, or if the identity of its creator cannot be established beyond doubt, are multiplied.
Besides cost, an important criterion for the selection of an electronic security method is user-friendliness. While a security method may be secure, if it is complex it will very likely not be accepted by users, particularly private users, owing to lack of technical knowledge or because the method is awkward to use. In the case of mobile devices, it is certain that acceptance will also depend on whether additional equipment is required (e.g. card readers/chip-card reading units), with or without cables. Hence, existing solutions currently on the market, as listed and described in the “Prior Art” section below, cannot only be judged in terms of their security, but also need to be assessed in terms of their user-friendliness.
Security solutions have so far not been able to adapt adequately to the rapid developments in the field of mobile devices (smartphones, tablets etc.) In practice, some of the methods that can be used in combination with mobile devices have rather significant disadvantages for the user in terms of practicality or usability, making them unsuitable for wide-spread adoption. Conversely, the solution of the present invention meets the highest security requirements, yet it can be used with mobile devices in an optimal and user-friendly manner.
The prior art described below refers to methods from the fields of secure payments, online banking security and chip technology. The sheer number of security methods on the internet that have been developed in the last ten years is a testament to the importance of security and reliability for communication on the internet. Methods reliant on the use of TAN lists to secure a transaction are now no longer considered secure and have been superseded by other methods.
All serious security methods are now focussing on the chip card. The chip card is considered a secure carrier of key information, it is always in the customer's possession (part of their property), and has become for the user a valuable and secure medium that is to be closely looked after. Any loss is reported immediately to the issuer (e.g. the user's bank). A financial institution can therefore be confident that the chip card is in the customer's possession and the customer is the person actually executing the transactions, as a loss of the chip card would be immediately reported. The term smart card is also used as a synonym for chip card. We shall also refer to smart cards in this document, particularly in the context of chip card cryptographic microcontrollers, which are the actual modules that perform cryptographic operations.
In order to use a TAN (transaction authentication number) in a transaction, a so-called TAN generator is still frequently used today. The user requires an external device, which does not need to be subject to any particular security requirements, and his personal chip card.
In the second half of the last decade, the so-called indexed TAN method (iTAN method) promised increased security. In this method, the bank customer has to select a specific TAN from a list to confirm a prompt from the financial institution. We therefore refer to this as a “two-stage method”, in which the user does not confirm the transaction itself, but confirms the prompt from the financial institution by means of an explicitly requested TAN. This method has also been found to have major weaknesses, as the user cannot identify who he is passing the data to, and the financial institution cannot identify if the data really are from their customer or are from an unknown attacker.
Developers quickly recognised the possibilities of the “two-stage method” and used it as a basis to develop further security methods that use a completely different communication channel for the “second stage”. In the enhanced two-stage method, data originating from a server external to the fixed or mobile device (e.g. PC or smartphone) used to execute the transactions, are presented to the user on the display of an external chip-card reader. The data transmission occurs at the surface of the screen of the PC or smartphone via detectors in the external chip-card reader, which detect the flickering code (in future this may also be possible acoustically). Once the user has individually confirmed a set of data (account number, amount etc.), a TAN is computed using the customer's chip card in the chip-card reader. This computation is thus also external to the PC or smartphone. The TAN generated by the reader using the user's chip card and presented on its external display must then be transferred to the (web- or client-based) banking application environment explicitly by the user. The process is known as the chipTAN method.
The disadvantages of this method include the manual transfer of the transaction authentication number (TAN) by the user, the impracticality of using an additional device, the inconvenience of use in combination with smartphones, and the reduced amount of information shown and confirmed in the case of combined bank transfers.
Along with the chipTAN method, the prior art also includes the mTAN method (also called the SMS-TAN method). This is also a two-stage method. First, the user furnishes the bank with the user's mobile phone number. During a bank transaction, the user is sent an SMS text message containing a valid TAN. The user must then transfer this TAN while in the current session with the bank. Attacks via mobile-phone Trojans demonstrate that this method is also insecure, and we can expect the proliferation of such Trojans in future.
The method disclosed in patent DE 10 2008 007 367 B4 2010.09.30 also provides increased security. Based on the two-stage method, data originating from a server, independent of the PC on which the transaction is executed, are presented securely on a display and confirmed by the user. A further embodiment of this method involves generating a TAN in a secure environment using the chip card, and displaying it, and is similar to the ChipTAN or mTAN method.
In the context of applicable methods in the field of banking, the Secoder specification [1] should also be mentioned. In contrast to the previously mentioned methods, this specification also the possibility of implementation on the basis of the so-called “one-stage method”. The Secoder specification defines a multifunctional IC card reader (chip-card reader) with display and keypad. Its functionality is specified by a set of commands that are executable within the chip-card reader by its own CPU. The significant aspects of the Secoder are, firstly, the use of an input/output unit trusted by the user, which guarantees the authenticity and integrity of the data, and secondly, the use of the “one-stage method” whereby the instructions/transaction data are firstly input locally by the user into the banking client, and, before they are transmitted to the bank server in one stage, they are externally confirmed and signed on a Secoder chip-card reader.
Chip-card readers are devices which control chip cards. Not only do they read data, but they also write data, or run applications on the chip-card. They are therefore also referred to as chip-card terminals [4]. There are four security classes for chip-card readers specified by the German banking industry (DK). Security Classes 1 and 2 are not of interest for any serious degree of security. Chip-card readers of Security Class 3 have a display and a keypad, as well as additional functions that enable bank-card payments over the internet. In addition to the features of Security Class 3, chip-card readers of Security Class 4 also have their own tamper-proof identity. This is made possible by an additional chip card. If a chip-card reader is connected to a PC via a USB or serial interface, it is recognised by proprietary or standardised software interfaces and can communicate with an application. The present standard for such interfaces is PC/SC [5], and implementations are available for Windows and Linux. The Secoder specification [1] exceeds the features of Security Class 3. A chip-card reader built according to this specification includes a firewall which protects against possible tampering while the device interacts with the user via a display and keypad (e.g. for PIN input), or processes data for the signing operation using a chip card.
Solutions are also conceivable using chip-cards of specific form factors (such as micro SD with integrated chip-card) in a smartphone with a BlackBerry or Android operating system. However, this would scarcely satisfy the requirements for increased security, as there would be no independent, secure input/output facility, and so it will not be given further consideration here.
It is expected that nearly all future smartphones will be Bluetooth-[2] and NFC-enabled [3], with certain restrictions. There are devices, such as the iPhone, which do not currently have integrated NFC interfaces. In such cases, an external accessory is available for communication with a chip card via a chip-card reader, or a different communication protocol can be employed. One possible such protocol is the Bluetooth standard.
These wireless interfaces create the conditions that allow, for example, a chip-card reader to be connected to a PC or smartphone without cables. The first chip-card readers of this type are already on the market. If a chip-card reader based on the Secoder standard [1] were to be used today in combination with a mobile device, then as things stand today, additional cabling would be necessary, the smartphone may need to be reconfigured and additional software would have to be installed, if this is even feasible on a commercially-available mobile device. Alternatively, such a chip-card readers would have to be converted to wireless communication—something that is at least technically feasible today. For example, a few commercially available chip-card readers implement this function via Bluetooth.
The prior art also includes the integration of a display and a (generally) numeric keypad directly onto an ID-1-sized chip-card according to ISO 7810. Such chip-cards are only used today in “one-time password” and “challenge-response” authentication methods.
NFC Technology http://de.wikipedia.org/wiki/Near_Field_Communication
(Wikipedia): Near field communication (NFC) is an international transmission standard for contactless exchange of data over short distances of up to 4 cm. The transmission is either connectionless (using passive HF-RFID tags according to ISO 14443 or ISO 15693), or connection-bound (between two equivalent active transmitters). So far, this technology has mainly been used in micropayment solutions (cashless payments of small amounts). In Germany, for example, the technology is offered by savings banks for payments of up to 20 euros, and used by Deutsche Bahn in their Touch&Travel system. It is expected that nearly all future smartphones will be NFC-enabled.
Bluetooth (Latest Version: 4.0)
http://de.wikipedia.org/wiki/Bluetooth#Aktueller_Standard:_Bluetooth_4.0
(Wikipedia): Specification version 4.0 was adopted on 17 Dec. 2009. The standard introduced the low-energy protocol stack for the first time [1] and since then, new low-energy profiles have been continuously added. Compatible chips were available in small quantities from Q4 of 2010, with indications that mobile telephones equipped with Bluetooth 4.0 would be expected by Q1 of 2011. By June 2011, chips meeting the Bluetooth 4.0 standard were available from Atheros, CSR, Nordic Semiconductor [2], Texas Instruments and Toshiba.