FIELD OF THE INVENTION

The invention relates to a mobile transaction data verification device, a data verification system, a method of verifying transaction data, a tangible medium with a computer program for executing the method.

BACKGROUND

Image-based transactions at terminals, such as ATMs or PCs used for home banking, display information that a user must be able to rely on. The transaction may require a user to enter data that needs to be kept confidential in response to the displayed

information. There is a need to protect the reliability of the displayed information against attacks. For example, confidentiality may be compromised by a "man-in-the-middle attack" wherein the user is enticed to accept or decline displayed image content that simulates image content from a lawful counterparty, or to enter confidential data intended for the lawful counterparty in response to the display.

Authentication techniques have been designed to enable detection of such attacks. Image-data authentication provides for proof of the identity of the party that generated an image. US 2012138679 discloses a method of generating an image with a QR code comprising data entangled with biometric data that has been captured from a user. This makes it possible to verify involvement of this user with the creation of the image.

More generally, a basic authentication technique requires the entitled counterparty to provide authentication information with or in a message, using authentication information that is the result of a one way computation from message data and secret information that is available only to the entitled counterparty. The secret information can be biometric data, but more generally it can be any data. A private encryption key is another example. Furthermore, basic authentication technique requires a receiver to compute an authentication result from the message and the authentication information. Known authentication techniques make it possible to do this in a way that ensures that a positive authentication result is only possible if the correct secret information has been used. In practice, computation of the authentication result is usually performed by the terminal (receiver) that has to display the message, the terminal suppressing message display or adding a warning, if the authentication result is not positive. This means that user security depends on protection against tampering with the terminal that displays the message to the user.

SUMMARY

Among others, it is an object to provide for increased security for user transactions at a transaction terminal with an image display for displaying information such as text.

A mobile transaction-data verification device according to claim 1 is provided. The mobile transaction-data verification device may be a mobile telephone provided with a camera and a computer program to process images from the camera for example. The device provides its user with a verification result signal obtained on the basis of one or more images of the transaction terminal. In support of the device, a transaction generation system makes the transaction terminal transmit a code value for use to authenticate image information such as text displayed on the display of the transaction terminal.

The mobile transaction data verification device uses one or more captured images and the code value to verify that the code corresponds to the object or objects displayed on the display of the transaction terminal.

The mobile transaction data verification device comprises a camera for obtaining a captured image during a transaction and a visual object recognition module coupled to the camera for obtaining a recognition result from the captured image, and optionally further images captured during the transaction, for example by means of optical character recognition. Furthermore the mobile transaction data verification device comprises a code reader module for obtaining the code value and an authentication module configured to compute authentication data from the recognition result and the code value. The authentication data serve to ensure that data such as stated amount of money is correct (data authentication) and/or that the data is from the source that it pretends to be from (data origin authentication, also known as entity authentication). The mobile transaction data verification device uses a sound, video, vibration, a transmitted message or other output to signal an authentication result to the user based on the authentication data. In this way the mobile transaction data verification device supports a form of authentication beyond the reach of those who might have tampered with the transaction terminal or a part of the transaction generation system behind the transaction terminal.

In an embodiment the code reader module is a visual code reader module coupled to the camera. In this embodiment the code value may be decoded by the visual code reader module being configured to decode from said captured image or a further image captured during the transaction. Thus, no additional input is necessary and the possibility of tampering with a separate code value channel is avoided. In other embodiments, the code value may be transmitted from the transaction terminal as a separate signal, for example in a Bluetooth message.

In an embodiment the object recognition and the code value are determined from the same image. This requires a minimum of image data. In another embodiment the recognition result is determined from a plurality of successively captured images in a time interval, such as video data, and the code value may be determined dependent on an image captured during the time interval. In this way time dependent output at the transaction terminal may be verified.

In an embodiment, to prevent replay attacks the code value may depend on session identifying data. The session identifying data may be transaction time distinguishing data such as a clock time value during the transaction or audio, video, movement and/or force signals produced by the user during the transaction. In an embodiment, the authentication module is configured to obtain the transaction time distinguishing data on the basis of a clock time during the transaction. In this way a simple time stamp can be obtained. In a further embodiment the device may comprise a clock circuit to provide the time. In another embodiment the mobile transaction data verification device may comprise an audio, video, movement and/or force input for obtaining the transaction time distinguishing data. Thus, the user may provide the transaction time distinguishing data by making a sound during the transaction, directing the camera at an object, such as the user's person, moving the device in an arbitrary manner or exerting an arbitrary time-dependent force on the device. Data based on observation of such input may be used in the transaction generation system, i.e. the source system that generates the code value, for generation of the code value in the mobile transaction data verification device to authenticate the displayed information. A separate input device may be used to obtain such data, but preferably the mobile transaction data verification device inputs the data and transmits it to the transaction generation system for generation of the code value. In an embodiment a mobile transaction data verification device according to any of the claims is provided with a control circuit configured to cause data representing the captured image to be kept stored after the transaction. This may be done at least partly in response to the result of authentication for example. Thus authenticated data is kept for later retrieval, for example to serve as evidence that the user had a right to rely on the displayed information. Preferably, the mobile transaction data verification device is configured to generate further authentication data, tied to the captured image and the time of the transaction. In this way, the stored information is made more robust as evidence that the user had a right to rely on the displayed information.

In an embodiment a method of providing data verification during a user transaction at a user terminal is provided, using a mobile transaction data verification device, the method comprising the following steps executed by the mobile transaction data verification device:

- capturing an image of at least part of a display screen of the user terminal with a camera of the mobile transaction data verification device;

- applying a visual object recognition operation such as optical character recognition to the captured image;

- obtaining a code value, for example from the captured image;

- computing authentication data from a recognition result obtained from the visual object recognition operation, transaction time distinguishing data such as clock time information, and the code value;

- rendering a signal to the user dependent on an authentication result derived from the authentication data. In an embodiment a representation of the captured image and/or the authentication data are stored dependent on the authentication result. This information thereby made available as evidence of the transaction with valid authentication.

The image for applying the visual object recognition operation may be captured for example in response to a user command to perform the verification, or the user may shoot the image before entering the user command. The user may direct the camera to the transaction terminal before entering this command, e.g. by pressing a snapshot button. In another embodiment, the method comprises capturing data representing successive images; testing whether the successive images show indicia that indicate that at least one of the successive images shows at least part of a display screen; and if so using the at least one of the successive images as the captured image in said step of applying the visual object recognition operation. Thus user control of direction of the mobile device is less critical. In another aspect, a transaction generation system is provided, comprising a message data generator system, and a transmitter for transmitting transaction data based on message data from the message data generator system to a transaction terminal, the transaction generation system comprising

- an authentication data generator configured to generate a code value from message data for transmission of the code value to a mobile transaction data verification device,

- an image data generator (106) configured to generate image data representing an image comprising visual objects, such as text characters, representing the message data, the transmitter (108) being configured to include the image data in the transmitted transaction data.

For example, the authentication data generator is configured to generate the code value from message data in dependence on session identifying data. BRIEF DESCRIPTION OF THE DRAWING

These and other objects and advantageous effects will become apparent from a description of exemplary embodiments with reference to the following figures.

Figure 1 shows a transaction processing system

Figure 2 shows a flow chart of a message generation process

Figure 3 shows a mobile transaction data verification device

Figure 4 shows a flow-chart of transaction data verification

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Figure 1 shows a transaction processing system comprising a source system 10, a network 12, a user transaction terminal 14 and a mobile data verification device 16.

Source system 10 is coupled to user transaction terminal 14 via network 12.

Source system 10 comprises a message data generator system 100, a clock circuit 102, an authentication data generator 104, an optional image data generator 106 and a transmitter 108. Authentication data generator 104 has inputs coupled to outputs of message data generator system 100 and clock circuit 102. Image data generator 106 has inputs coupled to the output of message data generator system 100 and an output of authentication data generator 104. Image data generator 106 has an output coupled to network 12 via transmitter

108. User terminal 14 comprises a transceiver 140, an image controller 142, a display screen 144, a user entry keypad 148 and a processor 146. Image controller 142 has an input coupled to transceiver 140 and an output coupled to display screen 144. Processor 146 has an input/output interface coupled to transceiver 140 and an input coupled to user entry keypad 148.

In operation, the transaction processing system processes an image based transaction wherein image data from source system 10 is used at user terminal 14. In an image based transaction, a human user needs to be able to rely on the authenticity of displayed image information, because the user may need to commit him or herself relying on that information.

As used herein, an image based transaction is a process wherein information is supplied to a human user by means of display of image information. Examples of image based transactions are a cash withdrawal transaction, a transaction for ordering goods or services in return for payment, but also unilateral transactions that give a user a right to rely on the displayed information such as display of a credit amount, or approval to undertake a user action.

The image based transaction comprises steps of reception and display of image data at a terminal. In addition to image display, the image based transaction may further comprise an action such as entry of transaction data into a database and/or delivery of a service or product (e.g. cash, beverage etc). Hence the image based transaction may comprise a subsequent step of detection of a user response at the terminal, such as entry of user data at the terminal for performing the action dependent on the entered user data. Herein at least a part of the action may be performed by the terminal (e.g. delivery of cash) and/or the terminal may transmit transaction data that causes at least part of the action to be performed elsewhere.

Figure 2 shows a flow chart of an exemplary message generation process executed by source system 10. In a first step 21, message data generator system 100 generates basic message data. This may include data for use in a financial transaction for example. In a second step 22, authentication data generator 104 samples a time stamp from clock circuit 102. In a third step 23, authentication data generator 104 generates

authentication data from the basic message data and the time stamp. The time stamp is used to make replay attacks difficult. The use of a time stamp may be omitted for example if replay attacks are not a problem. Although an example is given wherein a time stamp is used to address replay attacks, it should be appreciated that other data may be used that is tied to the time of the transaction. More generally, if replay attacks are a problem, any other type of session identifying data may be used, such as a session ID. In another embodiment source system 10 may provide for information that defines predetermined successive session IDs, and authentication data generator 104 may be configured to use a first unused session ID.

The authentication data may serve to ensure that data is correct (data authentication) and/or that the data is from the source that it pretends to be from (data origin authentication, also known as entity authentication). Any known algorithm may be used for generating authentication data. Message authentication is well known in the art and is for example discussed in Chapters 11 and 12 of "Cryptography and Network Security - Principles and Practices", 4-th edition by W. Stallings, Pearson-Prentice Hall, 2006. The methods include message authentication based on hash functions, on the DES algorithm, and on SHA-512. Authentication data generator 104 may generate a signature of the basic message data and optionally the session identifying data using a private encryption key for example. In a simple example, the concatenation of the symbols from the basic message data and a time stamp is used as a number M. In this embodiment authentication data generator 104 may generate authentication data V according to V = (a*M+ b) mod p. Herein "mod" is the modulo operation, p is a prime number, and a and b are randomly selected integer numbers with "a" and "b" unequal to zero and "a" unequal to one mod p. The larger the prime number "p", the more robust the authentication. It should be emphasized that this is only one example of generation of authentication data: many others may be used, for example algorithms using a private encryption key of source system to encrypt data computed from the symbols from the basic message data and the time stamp.

In a fourth step 24, transmitter 108 transmits the basic message data and the authentication data to user terminal 14 via network 12. In one example, the authentication data generator is configured to select authentication data such that the application of a predetermined authentication computation to the combination of the basic message data and the authentication data will yield a predetermined result.

Optionally, the basic message data and the authentication data may be transmitted as image data. In this case an optional fifth step 25 is executed before fourth step 24, wherein optional image data generator 106 generates image data based on the basic message data and the authentication data. Although an exemplary embodiment will be described in terms of an image, it should be appreciated that instead a series of images (video data) may be used. In the exemplary embodiment, the image data defines an image, for example in terms of a collection of pixel values for respective locations in the image. The pixel values may be encoded in any known way, for example as a BMP file, a GIF file, a JPEG file or part of an MPEG stream. Any other type of image representation may be used.

In an embodiment, image data generator 106 may be configured to represent text characters in the image dependent on symbols from the basic data message. Furthermore, image data generator 106 is configured to include a machine readable a code in the image, which represents the authentication data in the image. The image data generator 106 may generate a QR code image part or a bar code image part for example. The text characters and the code may be represented in mutually different image parts respectively. But in other embodiments overlapping representations may be used, or the information may be displayed on different display screens. In a sixth step 26, transmitter 108 transmits the image data from image data generator 106 to user terminal 14 via network 12.

Image controller 142 receives the basic message data and the authentication data, or the image data, via transceiver 140 and controls display screen 144 dependent on the data. When only basic message data and the authentication data are sent, image controller 142 generates the image instead of image data generator 106. Although an exemplary embodiment will be described in terms of an image, it should be appreciated that instead a series of images (video data) may be used. After a start of display of the image data processor 146 receives user input from user entry keypad 148 and uses this data to generate a response message for transmission via network 12.

In an embodiment, mobile data verification device 16 may be a mobile telephone programmed with special program code to perform data verification. The program code may be configured to make a processing system of the mobile telephone perform the functions of a control module, a visual object recognition module, a visual code reader module and an authentication module.

Figure 3 shows a functional diagram of mobile data verification device 16.

The device comprises a camera 30, a control module 31, a visual object recognition module 32, a visual code reader 34 module, a clock circuit 36, an authentication module 38, and a signal output device 39. Signal output device 39 may comprise a display screen or an audio output device for example. Camera 30 may comprise a memory for storing data representing a captured image. Additionally or alternatively, control module 31 may be configured to communicate information representing the captured image to a storage system, such as a storage device at home, or in a network. Control module 31 has an input coupled to camera 30 and outputs coupled to visual object recognition module 32 and visual code reader module 34. When QR codes are used, visual code reader 34 module may be a QR code reader module for example. Control module 31, visual object recognition module 32 and visual code reader module 34 may be implemented using one or more programmable processors and program modules to make the one of more processors perform their functions, in which case the connections between the modules represent data and control exchange. Authentication module 38 has inputs coupled to visual object recognition module 32, code reader module 34 and clock circuit 36. Authentication module 38 has an output coupled to signal output device 39. QR code reading algorithms and other code reading algorithms are known per se and may involve determining the location and/or size of relatively lighter and darker areas in the image and computing or looking up a code value from these locations and or size. Similarly, visual object recognition algorithms are known per se and they may involve optical character recognition (OCR) for example. Similarly, authentication algorithms are known per se and they may involve computing a check value from data that must be authenticated and comparison of the check value with a reference value.

In operation, the user may direct camera 30 at display screen 144 of user terminal 14 in order to obtain an authentication of image data shown on that display screen 144. Based on the image, mobile data verification device 16 provides user feedback on the authenticity of the image.

Figure 4 shows a flow-chart of generation of user feedback on the authenticity of image by mobile data verification device 16. In a first step 41, control module 31 receives a command to perform authentication. In a second step 42 control module 31 captures image data from camera 30. In an embodiment, this step may be performed after waiting for a separate user command to capture the image. In this embodiment second step 42 may also be performed before first step 41. When no separate user command is used to capture the image, the image may be captured effectively in response to the user command of first step 41.

This may lead to problems if the camera is not directed at the screen at the time of the command. In an embodiment shown in figure 4, images may be captured without specific user commands to capture the images. In this embodiment control module 31 performs a third step 43, of testing whether the image represented by the data contains locations showing a display screen. In an embodiment wherein the image shown by display screen 144 contains a QR code, visual code reader is a QR code reader and control module 31 may feed the image data to this QR code reader and obtain a QR code location detection from that QR code reader to detect whether the image represented by the data contains locations showing a display screen including the QR code. Alternatively, control module 31 may use other ways to do so. For example, fiducia marks may be provided in user terminal 14 or in the displayed image and control module 31 may be configured to detect the fiducia marks. Control module 31 may repeat second and third step 42, 43 until it detects that the image represented by the data contains locations showing a display screen, optionally timing out if this does not occur within a predetermined time period.

If a user command is used to select the time of capturing the image, or if control module 31 detects that the image represented by the data contains locations showing a display screen in third step 43, control module 31 causes visual object recognition module 32 to perform a fourth step 44, wherein object recognition is applied to image data for the location of the display screen. Optical character recognition may be applied for example, which produces text data representing text, such as a sequence of text characters, numbers and/or words recognized in the image data.

Furthermore, control module 31 causes visual code reader 34 to perform a fifth step 45, wherein a code such as a QR code is read from the image data for the location of the display screen. In a sixth step 46, control module 31 causes a time stamp from clock circuit 36 to be sampled, for example in a register.

In a seventh step 47 authentication module 38 applies an authentication computation to the object recognition output from visual object recognition module 32 (e.g. one or more detected character strings), a code value read by visual code reader 34 and the time stamp. The authentication computation of seventh step 47 corresponds to algorithm that is used by authentication data generator 104. Of course, use of the time stamp may be omitted if source system 10 does not use it, or other session identifying data may be used when source system 10 uses that. When session IDs are used, mobile data verification device 16 may store information to indicate what the current session ID may be.

Message authentication verification is well known in the art and is for example discussed in Chapters 11 and 12 of "Cryptography and Network Security - Principles and Practices", 4-th edition by W. Stallings, Pearson-Prencice Hall, 2006. The methods include message authentication based on hash functions, on the DES algorithm, and on SHA-512. For example, a signature may be verified using the public key corresponding to a private key used by authentication data generator 104 to generate the signature. In one example, if the authentication data V was generated according to V = (a*M+ b) mod p, authentication module 38 may use the concatenation of the symbols obtained from the object recognition of fourth step 44, and the time stamp as a number M'. In this embodiment authentication module 38 computes (a*M'+ b) mod p using values of a, b and p that it has for the source system 10 and returns a positive authentication result only if a code value V obtained in fifth step 45 equals (a*M'+ b) mod p. If another algorithm was used to generate of authentication data, a correspondingly different computation may be used. For example, this may involve decryption using a public encryption key of source system 10 and/or computations using the symbols obtained from the object recognition of fourth step 44, and the a time stamp from the basic message data and the time stamp. Authentication may comprise applying a

predetermined authentication computation (e.g. a one-way computation) to the combination of the basic message data and the authentication data yields, and testing that this results in a predetermined value.

In an eight step 48, control module 31 tests whether authentication module 38 has produced a positive authentication result. If so, control module 31 makes signal output device 39 output a first signal in ninth step 49. The first signal may be a predetermined audio signal for example, or a rendition of a predetermined image (e.g. an image showing a green field). If not, control module 31 makes signal output device 39 output no signal, or a second, perceptibly different signal.

Based on the output signal, the user may then decide whether to continue with the transaction, for example by entering the user input on user entry keypad 148 or not.

In a further embodiment, control module 31 causes data derived from the image data to be kept stored for retrieval after completion of the transaction, for example in a non- volatile memory (not shown) in mobile data verification device 16 or, via a

communication channel, in a remote storage device. That is, the data is not merely kept stored for use during the transaction but it is kept for an indefinite amount of time, or at least for a predetermined time period such as at least a week or at least a month. The data may be used as evidence that the user has verified the transaction when using the mobile data verification device 16.

In an embodiment control module 31 generates further authentication data from the image data and a time stamp for the time of the transaction or, instead of the time stamp, the other data that is tied to the time of the transaction, such as the data that was used for this purpose by authentication data generator 104. In an embodiment the time stamp or other data may be an authenticated part of the image. In this case no separate time information is needed.

The control module 31 may compute an electronic signature of the mobile transaction data verification device for the data derived from the image and the data that is tied to the time of the transaction for example. Alternatively control module 31 may send the image data to a trusted third party server. In this embodiment the trusted third party server may generate the further authentication data from the image data and a time stamp, or the other data that was used for this purpose by authentication data generator 104. The further authentication data may serve as evidence that the data derived from the image data has not been tampered with. Preferably, control module 31 is configured to cause the data to be kept at least partly in response to detection of a positive authentication result in eight step 48. Storing and generation of further authentication data may be part of ninth step 49.

The data derived from the image data may be the image data itself, or other data that represents the image represented by the image data or a part of it that is sufficient to perform the verification. In this embodiment the data that is kept stored may be used by the user as evidence of the transaction that was performed. The authentication information in the stored data may serve as evidence that the user has not generated or modified the data. The verification by control module 31 informs the user that this evidence is valid and in addition it may be used to select the image data that should be kept stored.

Although an example has been described wherein a time stamp is used, it should be appreciated that other data may be used that is tied to the time of the transaction. Any information may be used that is not known in advance of the transaction time. For example, mobile data verification device 16 may generate and display arbitrary data for this purpose, the user entering the displayed data into user terminal 14 at the time of the transaction for use instead of, or in addition to the time stamp. Instead the user may select the arbitrary data and enter it into the mobile data verification device 16 as well. Instead of entered data, audio, visual or tactile data captured by mobile data verification device 16 and source terminal 14 at the time of the transaction may be used. For example, detection of timing and/or signal data of a sound produced by the user may be used, or of an image supplied by the user, or of video showing gestures that the user shows both to mobile data verification device 16 and a camera (not shown) of user terminal 14, or a temporal pattern of detected touches of mobile data verification device 16 against user terminal 14.

Although an exemplary embodiment using an image has been described, it should be appreciated that instead a series of images may be used. In this case, the object recognition of fourth step 44 may be applied to the series of images, for example to recognize characters of successively different text messages that are displayed successively.

Accordingly, the characters of the text message may be used both in the source system and mobile data verification device 16 in the authorization computations.

Although an exemplary embodiment using character recognition has been described, it should be appreciated that instead or in addition other types of object recognition may be used. For example, symbols indicating properties (e.g. colors, shape elements) of a image part shown in the image may be used to compute the authorization code in source system 10, and in mobile data verification device 16, the former relying on properties used to control display of the logo and the latter using properties of a logo determined from the camera image captured by mobile data verification device 16.

In a further embodiment properties of audio data symbols indicating audio data (e.g. successive spoken words) may additionally be used to compute the authorization code in source system 10 and in mobile data verification device 16. The former may rely on the properties used to control speech output at user terminal 14 and the latter may use speech recognition results determined from audio captured by mobile data verification device 16. These may be used in addition to image properties such as displayed characters.

Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measured cannot be used to advantage. A computer program may be stored / distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.