The secure transmission of data is very important in connection with networked data processing devices. Particularly when confidential data are transmitted from one data processing device to another data processing device over a world wide network like the Internet, there is an especially high risk of third parties attempting to gain knowledge of security-relevant or confidential data or attempting to exploit the transmission of these data for their own purposes. For the protection of sensitive data or online commercial transactions with an e-commerce provider on the Internet, often a plain username and personal password input is used. After the user has authenticated himself by entering these data, for example, the online commercial transaction with the e-commerce provider is processed. This process has the disadvantage that third parties can conduct online commercial transactions on behalf of the legitimate user if they have gained access to the user's username and personal password.
The following methods are known by which unauthorized third parties can illegitimately obtain confidential data from users:
A user is directed via a link to a fake website where he enters his username and password (so-called “phishing”). Furthermore, it is known to direct a user, e.g. by manipulating a DNS-(Domain Name System)-server, to a fake website that leads to a fake server even when the correct website address (URL) is manually entered (so-called “Pharming”). Furthermore, it is known to either intercept the data sent from the user to a server and forward them instead of the original data in a modified context or to copy these data and resend them to the server at a later point in time in a modified context (so-called “replay attack”).
Furthermore, there are programs that record keyboard strokes and transmit them to unauthorized third parties over the Internet. It is also known to additionally record and unauthorizedly transmit to third parties the actions of screen selection devices like e.g. an electronic mouse or a touchpad in combination with the corresponding screen contents. These methods are known as “keylogging”.
Finally it is known to unnoticeably redirect the data traffic between the two data processing devices that exchange the security relevant data via a computer of an unauthorized third party in a way that the data traffic passes through this computer which enables the tapping or manipulation of the data traffic. Here, the intermediary computer can impersonate the server towards the user's data processing device and impersonate the user towards the server and forward either one's data to the other while tapping and/or modifying information. This method is known as “man-in-the-middle-attack”.
The above-mentioned methods for unauthorizedly obtaining security relevant or confidential data are often used in combination. In order to better protect the data transmission, there are more secure transmission methods, especially in the field of online banking or corporate network login, that combine the knowledge of a specific personal password with the possession of a specific authentication medium. These methods are known as “Two-Factor-Authentication”.
In the simplest case, the user has a list with transaction numbers (TAN). The transaction numbers can be indexed if necessary. Furthermore, there are devices that generate a one-time password which is then entered for the transaction. This method is essentially equivalent to the method in which indexed transaction numbers are used. For each online banking transaction, in addition to his password, the user enters a transaction number that is valid only once. A transaction in which a simple transaction number is used is primarily susceptible to the above-mentioned “phishing” and “pharming-” methods. If an indexed transaction number or a one-time password is used, the method is still susceptible to the “man-in-the-middle attack”.
Furthermore, there are methods known in which a passive storage medium, e.g. a CD-ROM, or an active processor medium like a chip card or a USB stick with integrated smart card are used for authentication. The processor medium is coupled with the user's computer, whereupon it communicates with the bank server e.g. by a “challenge/response” method. Though these methods are secure against the above-mentioned methods for the unauthorized obtaining of security relevant data or the unauthorized conducting of or tampering with transactions, the implementation and operation of such systems involve high hardware costs. Even when low-cost storage or processor media are used, and readers or interfaces that are already provided for other purposes in the user's computer, there is the problem that the usability is mostly not guaranteed at arbitrary computers at arbitrary places. Moreover, additional software and hardware, if applicable, must be laboriously installed before these methods can be used.
US 2001/0026248 A1 describes a method by which the screen display of a computer is modified in a way that the screen content can only be read when the screen is viewed through a special optical filter. Thus, the screen content, in particular, cannot be read by a third person who does not possess this special optical filter. The method described in this publication is intended to prevent unauthorized third parties from reading the information displayed on the computer screen. However, it does not disclose a method for securely transmitting data from a first data processing device to a second data processing device. While input into a computer cannot be read by unauthorized third parties, a potential transmission of these data to another data processing device would be unsecured.