Nøkkelinformasjon info chevron_right

Viktig informasjon i saken hentes i sanntid direkte fra EPO sitt register (European Patent Register), slik at du enkelt og raskt får oversikt i saken.
Beskrivelse Verdi
Saken / databasen er sist oppdatert info  
Tittel Secure data for display
Status
Hovedstatus
Detaljstatus 		I kraft info Meddelt Patent meddelt (B1) (sjekk også detaljer i saken)
Patentnummer 339312
Søknadsnummer 20150255
Levert
Prioritet Ingen
Sakstype Nasjonal
Løpedag
Utløpsdato
Allment tilgjengelig
Meddelt
Søker PROTECTORIA AS (NO)
Innehaver Okay AS (NO)
Oppfinner Trond Lemberg (NO)
Fullmektig AWA NORWAY AS (NO)
Patentfamilie Se i Espacenet

Sammendrag og figur info chevron_right


A method for analyzing if data generated by an application has been trampered with, comprising an application and a device with a screen and a channel of communication, wherein said application generates data to be displayed on the screen of a device, pixels is insered into the data that is going to be displayed, said application generates randomzied addresses for positioning pixels on the screenof the device in question, the display operations are excuted and data presented to the end user, ascrren shot of that is displayed is tåken, and said screen short is analyzed, and the number and position of the pixels compares with the pixels that the application generated and processed for display to the end user.

Se forsidefigur og sammendrag i Espacenet


Beskrivelse og krav info chevron_right

B1

Beskrivelse

Technical field

The present invention regards a method for analyzing if data generated by an application has been tampered with before it is displayed to the user by securing that a dataset produced by an application and sent to the screen of an end users device actually is displayed and presented on screen.

Background of the invention

Tampering is the deliberate altering or adulteration of information, and today there is no single solution that can be considered as tamper proof.

Often several levels of security are needed to be addressed to reduce the risk of tampering. Usually the following considerations are tåken in order to prevent tampering: • Identify who a potential tampering attacker might be and what level of knowledge they might they have. • Identify all feasible methods of unauthorized access into a system. In addition to the primary means of entry, also consider back door methods.

Control or limit access to systems of interest.

Improve the tamper resistance by making tampering more difficult, time-consuming, etc.

Add tamper-evident features to help indicate the existence of tampering. Educate people to watch for evidence of tampering.

A problem regarding tampering with displayed data is that it is usually hard to detect and check if data has been tampered with or not.

From Alzomai, M. et al: "Display security for online transactions: SMS-based authentication scheme", 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 20101108 IEEE, Piscataway, NJ, USA there is known a method for secure online transactions. Among other, the method includes to verify and authenticate transactions by comparing image information, the images being captured from a display screen.

US 2014/201527 describes a system and method for secure delivery of information between a sender and receiver via a network. The method includes entering additional information preventing displayed information from being retransmitted or copied.

GB 2512140 describes a system and method for handling the display of messages. The system includes an image memory for storing images and metadata associated with the images, the metadata including a time stamp showing when the image was captured, and a device taking a screen shot of an image displayed on a screen, wherein the screen shot and the time stamp is stored in the image memory, and a device for comparing image data tåken from the screen shot.

Summary of the invention

It is therefore an object of the invention, as it is stated in the set of claims, to solve the problems stated above. This is done by the application by adding randomly positioning pixels into the screen of the device in question, the application executes display operations and presents the display data to the end user, the application takes screen shots of what actually is displayed and compares the number and position of the pixels with that generated by the application.

If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.

Detailed descriptionThe application generates the data to be display on the screen of a device.

The application generates randomized addresses for positioning pixels on the screen of the device in question.

The application analyses the addressing and inserts the pixels in the blue channel (RGB) into the data that is going to be displayed in order to make the pixels as invisible for humans as possible.

The application executes display operations and presents the data to the end user.

The application takes screen shot of what actually is displayed to the end user The application analyses the screen shot in order to detect the inserted pixels and compares the number and position of the pixels with the pixels that the application generated and processed for display to the end user.

If the comparison results in matched pixels in number, color and position the application has verified that data processes for display actually was displayed to the end user without any changes. But, if the comparison results in non-matching the application can, depending on the unmatched number and /or color that the display operation has been tampered with.

An example of a scenario is a hacker interfering with a bank transaction between a user and a bank. When a user tries to pay a bill using net banking, the hacker intercepts the transaction and changes the amount to be paid and the account number it is to be paid to. The bank sees the information the hacker has entered and thinks it is from the user. The user only sees the information originally entered and approves the falsified transaction of the money.

With the present invention, a screenshot is tåken of what is actually displayed at the other side. By checking if a set of marker pixels inserted into the picture at the user side corresponds with a set of marker pixels in the screen shot of what is displayed at the banking side it is possible to detect if the information in the picture has been tampered with, and hence stop the transaction.

Krav

1. A method for analyzing if display data generated by an application has been tampered with, comprising an application and a device with a screen and a channel of communication, characterized in that:• said application generates data to be displayed on the screen of a device,• said application generates randomized addresses for positioning pixels on the screen of the device in question,• pixels is according to the pixel addressing information inserted into the data that is going to be displayed,• the display operations are executed and the data presented to the end user,• a screen shot of what is displayed is tåken, and• said screen shot is analyzed by the application, and the number and position of the pixels are co m pa red with the pixels that the application generated and processed for display to the end user.2. A method according to claim 1, wherein the inserted pixels is in the blue channel in the RGB color model.1. Fremgangsmåte for å analysere om fremvisningsdata generert av en applikasjon har blitt tuklet med, omfattende en applikasjon og en innretning med en skjerm og en kommunikasjonskanal,karakterisert ved at:• nevnte applikasjon genererer data for fremvisning på skjermen til en innretning,• nevnte applikasjon genererer tilfeldige adresser for posisjonering av piksler på skjermen til den aktuelle innretningen,• piksler settes inn i dataene som skal fremvises ifølge pikseladresseinformasjonen,• fremvisningsoperasjonene utføres og dataene presenteres for sluttbrukeren,• det tas en skjermdump av det som fremvises, og• nevnte skjermdump analyseres av applikasjonen, og antallet og posisjonen av pikslene sammenlignes med piksler generert av applikasjonen for fremvisning for sluttbrukeren.2. Fremgangsmåte ifølge krav 1, hvor de innsatte piksler er i den blå kanalen i RGB fargemodellen.
Hva betyr A1, B, B1, C osv? info

Klasser info chevron_right

Søker(e) info chevron_right

PROTECTORIA AS
Klingenberggata 7 B 0161 OSLO NO ( OSLO kommune, OSLO fylke )

Org.nummer: 988415944
  • Foretaksnavn:
  • Foretaksform:
  • Næring:
  • Forretningsadresse:
     

Kilde: Brønnøysundregistrene

Innehaver(e) info chevron_right

Okay AS
Klingenberggata 7B 0161 OSLO NO ( OSLO kommune, OSLO fylke )
Patentstyrets saksnr. 2020/11566
Din referanse: 174020 m.fl.   Levert  
Gjeldende status Avgjort

Avsender

OSLO PATENTKONTOR AS
c/o AWA Norway AS Postboks 1052 Hoff 0218 OSLO NO ( OSLO kommune, OSLO fylke )

Org.nummer: 910476068

Statushistorie for 2020/11566

Liste over statusendringer i sakshistorikk
Hovedstatus Beslutningsdato, detaljstatus
Avgjort Forespørsel tatt til følge
Under behandling Mottatt

Korrespondanse for 2020/11566

expand_more
Liste over sakshistorikk og korrespondanse
Dato Type korrespondanse Journal beskrivelse
Utgående GH Forespørsel
02-01 Via Altinn-sending GH Forespørsel
Innkommende, AR389553562 Generell henvendelse
01-01 Generell henvendelse Generell henvendelse
Informasjon om ikke tilgjengelige dokumenter

Oppfinner(e) info chevron_right

Trond Lemberg
Skotbuveien 81 1409 SKOTBU NO ( SKI kommune, AKERSHUS fylke )

Fullmektig info chevron_right

Fullmektig i Norge:
AWA NORWAY AS
Postboks 1052 Hoff 0218 OSLO NO ( OSLO kommune, OSLO fylke )

Org.nummer: 925400262
Din referanse: 172565-SS/HV
  • Foretaksnavn:
  • Foretaksform:
  • Næring:
  • Forretningsadresse:
     

Kilde: Brønnøysundregistrene

Anførte dokumenter info chevron_right

Display security for online transactions: SMS-based authentication scheme. Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, 20101108 IEEE, Piscataway, NJ, USA ()

US 2014201527 A1 (A1)

GB 2512140 ()

Sakshistorikk info chevron_right

Statushistorie

Liste over statusendringer i sakshistorikk
Hovedstatus Beslutningsdato, detaljstatus
Meddelt Patent meddelt (B1)
Under behandling Godkjent til meddelelse
Under behandling Første realitetsuttalelse foreligger
Under behandling Formaliakontroll utført
Under behandling Mottatt

Korrespondanse

expand_more file_download  
Liste over sakshistorikk og korrespondanse
Dato Type korrespondanse Journal beskrivelse
Utgående PT Batch Varsel om betaling av første årsavgift (3317)
12-01 Via Altinn-sending PT Batch Varsel om betaling av første årsavgift (3317)
Utgående PT Registreringsbrev Nasjonal Patent (15)
11-01 Via Altinn-sending PT Registreringsbrev Nasjonal Patent (15)
Utgående Intention to grant
10-01 Via Altinn-sending Intention to grant
Innkommende, AR133948611 Korrespondanse (Hovedbrev inn)
07-01 Korrespondanse (Hovedbrev inn) Korrespondanse (Hovedbrev inn)
07-02 Beskrivelse Beskrivelse
07-03 Hovedbrev Hovedbrev
07-04 Krav Krav
Utgående Bekreftelse på patentsøknad
06-01 Brev UT Bekreftelse på patentsøknad
Innkommende, AR133788937 Korrespondanse (Hovedbrev inn)
09-01 Korrespondanse (Hovedbrev inn) Korrespondanse (Hovedbrev inn)
09-02 Hovedbrev Hovedbrev
Innkommende Korrespondanse (Hovedbrev inn)
08-01 Korrespondanse (Hovedbrev inn) Korrespondanse (Hovedbrev inn)
Utgående Realitet patent
05-01 Via Altinn-sending Realitet patent
05-02 Vedlegg PT report 06:37:34
Innkommende, AR103620145 Korrespondanse (Hovedbrev inn)
04-01 Korrespondanse (Hovedbrev inn) Korrespondanse (Hovedbrev inn)
04-02 Fullmakt Fullmakt
04-03 Erklæring: Søkers rett til oppfinnelse Erklæring Søkers rett til oppfinnelse
Utgående Formalia 1
03-01 Via Altinn-sending Formalia 1
Utgående Infobrev til oppfinner
02-01 Brev UT Infobrev til oppfinner
Innkommende, AR91462015 Søknadsskjema Patent
01-01 Søknadsskjema Patent Søknadsskjema Patent
01-02 Beskrivelse Beskrivelse
01-03 Sammendrag Sammendrag
01-04 Krav Krav
Informasjon om ikke tilgjengelige dokumenter

Betaling info chevron_right

Til betaling:

Neste fornyelse/årsavgift:

Betalingshistorikk:

Liste av betalinger
Beskrivelse / Fakturanummer Betalingsdato Beløp Betaler Status
Årsavgift 11. avg.år. 2025.01.16 4550 AWA NORWAY AS Betalt og godkjent
Årsavgift 10. avg.år. 2024.01.29 3200 AWA NORWAY AS Betalt og godkjent
Årsavgift 9. avg.år. 2023.01.09 2850 AWA NORWAY AS Betalt og godkjent
Årsavgift 8. avg.år. 2022.01.20 2550 OSLO PATENTKONTOR AS Betalt og godkjent
Årsavgift 7. avg.år. 2020.12.29 2200 OSLO PATENTKONTOR AS Betalt og godkjent
Årsavgift 6. avg.år. 2019.10.09 2000 OSLO PATENTKONTOR AS Betalt og godkjent
Årsavgift 5. avg.år. 2018.10.11 1650 OSLO PATENTKONTOR AS Betalt og godkjent
Årsavgift 4. avg.år. 2017.11.22 1350 OSLO PATENTKONTOR AS Betalt og godkjent
Årsavgift 1. tom 3. avg.år. 2017.01.09 2100 OSLO PATENTKONTOR AS Betalt og godkjent
31615283 expand_more 2016.10.05 1200 Oslo Patentkontor AS Betalt
31503004 expand_more 2015.03.19 850 Oslo Patentkontor AS Betalt
Denne oversikten kan mangle informasjon, spesielt for eldre saker, om tilbakebetaling, internasjonale varemerker og internasjonale design.

Publikasjon(er) info chevron_right

Lenker til publikasjoner og Norsk Patenttidende (søkbare tekstdokumenter)

Siste publiserte versjon av patent
Allment tilgjengelig patentsøknad
Norsk Patenttidende - ved meddelelse
Nye digitale Norske Tidende, nyhet om tjenesten ved lansering
Om Norske Tidende
Lenker til publikasjoner (ikke søkbare tekstdokumenter)
B1
A1
Hva betyr A1, B, B1, C osv? info
Kapitler uten data er fjernet. Melding opprettet: 13.03.2025 10:33:57