1. Field of the Art
The disclosure relates to the field of electronic communications, and more particularly to the field of authenticating a source of electronic communications.
2. Discussion of the State of the Art
Although Email, text messaging and other forms of communication are incredibly useful, they are also susceptible to a form of fraud known as “phishing”. This entails sending messages that appear to be sent by a trusted source (such as one's bank) but are actually sent by criminals and which typically instruct the recipient to divulge their security credentials thereby gaining access to their account. The problem is so widespread that it makes E-mail, in particular, almost unusable by genuine businesses—which are then forced to communicate with their customers through other, more cumbersome channels—such as when the customer logs in to their online account.
Historically, a high proportion of phishing emails have been easy to identify because of poor grammar or spelling—as they are often written by those for whom the language of the email is not their mother tongue. However, phishers are aware of this and the level of sophistication, including the standard of grammar used and the accuracy with which they mimic genuine emails, is increasing.
Existing techniques used to distinguish between genuine communications and phishing attacks include: checking that the source of the email is an authorized sender for the visible address from which it purports to originate; including customer specific information that would not be available to a phisher, such as the customer's full name or some digits from the customer's account number; including a phrase or picture known only to the customer and the (legitimate) sender. The latter approach relies on the recipient noticing that the phrase or picture is wrong or missing. This approach and the preceding one (customer specific information) are easily overcome should the phisher be able to access a legitimate message even once. Whether this is done by intercepting the message (as occurs in a “man in the middle” attack) or simply seeing the message displayed over the recipient's shoulder, it is then straightforward to incorporate the information gleaned into a subsequent message. Once this message or image is included, the presence of such apparently genuine cues can blind the recipient to the other clues—such as poor grammar—that it is fraudulent.
It would therefore be beneficial if methods existed whereby interaction between parties could be more reliably identified as genuine versus fake, ideally by the recipient simply looking at what has been received and being able to see at once the difference between a genuine message and a forgery. A similar problem has been addressed for thousands of years—in the production of coins and, later, banknotes.
Humans are quite good at identifying fake currency. Repeated exposure to the same, consistent features makes us very aware of all but the highest quality forgeries—without even having to think about some of the features. We not only look at a banknote, we also feel it. We examine the quality, thickness and cut of the paper; the precision and alignment of the printing and cutting; the fine detail within the imagery; the watermarks; the embedded foil or plastic elements. Other features typically become visible with the aid of tools such as an ultra-violet lamp or by checking serial numbers. While some of the features are harder to forge than others, the sheer number of factors, all of which must rendered to a challenging “hygiene” level is enough to deter all but the most sophisticated of forgers. In many cases, we have not been explicitly “taught” what to look for, rather we have become accustomed to the genuine article and automatically baulk at a forgery—even if we cannot put our finger on exactly what is wrong with it.
Similarly, works of art are analysed in great detail to determine—albeit not always correctly—whether or not they were produced by a particular artist. The subject matter, the technique, the brush-strokes, the color palette, the materials used, the frame and the signature are all taken into account in separating a masterpiece from a forgery.
More recently, computer protocols have been developed to ensure that communications between computers are reliable, tamper-proof and secure. Simple protocols such as TCP/IP include sequence numbers and acknowledgment mechanisms to ensure that every character is transmitted reliably, once and once only, in sequence from one end of the channel to the other. Encryption protocols are typically layered on top of this to secure the interaction. These typically rely on a “shared secret” that is known only to the authorized participants in the communication. While such techniques are easy for a computer to apply, they are very difficult for a human to use—and, to the general public, are a mystery. The average user of a website has no idea just how difficult it would be to fool his computer into showing the green bar used in many browsers to indicate a valid security certificate for an HTTPS site.
A separate but related problem with similar challenges is how to distinguish humans from computers—for example, in detecting and blocking automated attacks on websites. A common approach here is the use of CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) images. These contain text that is (just about) readable by a human but made deliberately difficult for a computer to interpret—by using differing fonts, colors, distortion, rotation, positioning, background imagery and so forth.
There is therefore a requirement to let a human spot a fake message as intuitively and reliably as spotting a fake banknote whilst at the same time making it as difficult as possible for either a human or a computer to create a credible forgery—even if they have gained access to one or more previously sent, genuine messages.
A secondary challenge is making it easy to realise that a message has been missed from, inserted into or duplicated within a sequence. This can happen because of an unreliable transmission channel, deliberate blocking or accidental deletion or mis-categorisation (typically as the odd message fails a “spam” check and is diverted to the wrong folder).
Unlike standard encryption and digital signature schemes, this invention allows the human recipient readily to identify fraudulent messages by recognizing whether or not the digital token associated with the message complies with one or more pre-determined rules