The implementation of various Internet applications with transaction capabilities that allow buying or selling goods and performing commercial, financial or official transactions is steadily accompanied by concerns relating to transaction vulnerabilities, crypto system weaknesses and privacy issues.
Technological developments made a variety of controls available for computer security including tokens, biometric verifiers, encryption, authentication and digital signature techniques using preferably asymmetric public-key methods (see [1], A. Menezes, P. van Oorschot, S. Vanstone, HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC-Press, Boca Raton 1997, chapter 1).
An advanced system for performing secure online transactions is disclosed in, [2], US 2007/0043681 A1. As described in [2], service providers typically invest a huge amount of money on security infrastructure and fraud countermeasures that can deter even the most accomplished fraudsters. However, customers do not always share the knowledge, the desire or the financial resources necessary to maintain such high degrees of security. Accordingly, it is not uncommon for fraudsters to concentrate on attacking the systems that customers use for interacting with service provider systems.
The core element of security services is authentication, namely the assurance of the identity of the customer to the service provider, such as a commercial, financial or official service provider, e.g. a bank.
Authentication of a customer may be performed by means of the public-key cryptosystem disclosed 1976 by Diffie and Hellman, which is based on two keys, a private-key and a public-key, owned by customers of this system. Hence, these cryptosystems are based on individuals being identified by auxiliary means, which may not be available or which may already be obsolete when needed. Further, these auxiliary means may get copied and then be misused by an attacker. Still further, the auxiliary means are issued by a third party that requires trust and may therefore not be accepted by certain parties.
Hence, although additional equipment is required, customers and service providers often prefer “Biometric identification” that uses biometric data, which can not get lost or obsolete, since it is inherently coupled to a customer. “Biometric identification” is performed by means of a unimodal or multimodal system that is capable of capturing a biometric sample from a customer; extracting biometric data from that biometric sample; comparing that specific biometric data values with that contained in one or more reference templates; deciding how well the data match; and indicating whether or not an authentication, i.e. an identification or verification of the identity of the customer has been achieved. Typically, with the verification function, a match between proffered biometric data of a customer and the “biometric template” stored for this customer during enrolment is evaluated. For identification purposes a one-to-many search is performed between proffered biometric data and a collection of “biometric templates” representing all of the subjects who have enrolled in the system.
Current Biometric Recognition techniques are described in [3], Anil K. Jain, Arun Ross and Salil Prabhakar, An Introduction to Biometric Recognition, IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004. According to [3] a number of biometric characteristics exist and are in use in various applications. Each biometric has its strengths and weaknesses, and the choice depends on the application. No single biometric is expected to effectively meet the requirements of all the applications. In order to avoid weaknesses off specific biometrics it has been proposed to use multimodal systems.
A multimodal system that comprises text-dependent voice recognition is disclosed in [4], U.S. Pat. No. 6,101,264. Instead of comparing static biometrics, which could easily get copied by an attacker, the system disclosed in [4] is based on capturing and comparing predetermined actions of a customer. As an example, it is proposed to perform typical movement actions such as performing a walk or a head movement or speaking a predetermined word or sentence for text-dependent voice recognition. The performance of predetermined actions however is based on a previously made determination which is static and does not provide a much higher reliability. An impostor may overview the authentication procedure with the predetermined movement sequence performed by the customer and subsequently try to make fraudulent use of the gained information. Hence the risk of spoof attacks resulting in a false acceptance is still not neglectable with this method.
Still further, correct authentication, based on which the service provider, e.g. a bank, is granting access to its services, does not guarantee a secure performance of the initiated transactions. As important as the authentication of the customer is the authentication of a request or order issued by the customer.
As described in [2], so-called “man in the middle” (MITM)-attacks, which may be executed by a so-called Trojan horse, strongly endanger secure execution of transactions requested by a customer. When executing this attack messages exchanged between the customer and the bank are read and modified, without either party knowing that the communications path between the contractual parties has been compromised.
Hence, messages sent by a customer are intercepted by the MITM process, possibly modified and relayed to the bank. In the same manner messages sent by the bank are intercepted by the MITM process, possibly modified and relayed to the customer.
In this way the authentication process, as well as the transaction process, are performed under the control of the malware, which can modify the transaction data to the benefit of a fraudster who has implanted the Trojan horse in the customer's computer terminal.
In order to avoid the execution of transactions that are based on manipulated transaction data, the service provider typically initiates a verification process comprising a further challenge/response sequence. The challenge comprises a transaction summary that should enable the customer to verify the transaction data provided to the banking system.
However the Trojan horse will again intercept and modify the challenge, so that the customer will not be presented the transaction data actually registered at the service provider but the customer's data that were captured by the Trojan horse.
Hence in [2], it is proposed to adapt the verification request so that it is difficult for an automated process to use or modify information therein to generate a replacement request. This definition indicates that the object pursued in [2] is to make it more difficult for a fraudster to achieve his goal. Hence, with additional efforts, detecting fraudulent measures and presenting counter-measures, the problem is not fundamentally resolved, because for each counter-measure a new fraudulent measure will be searched for.
While it will never be possible to completely avoid attacks of fraudsters it would be desirable to get a higher security while at the same shortening the chain of measures and countermeasures, thus increasing security while simultaneously reducing the overall efforts to perform a transaction.
Hence, it is an object of the invention to provide an improved method and an improved network-based system that allow on-line authentication of customers and authentication of transaction requests issued by the customer.
It would be desirable to provide an improved method and an improved network-based system that are invulnerable to “MITM” attacks that are executed for example by a Trojan horse.
It would be desirable in particular to define a method that provides higher security and that can be executed with fewer transmissions thus requiring less transmission resources.
More particularly it would be desirable to provide a method that can be executed with computer systems and peripheral devices that are typically available at a customer site, thus avoiding special equipment.