Method and system for transmitting data from a first data processing device to a second data processing device

Abstract

A method and a system for transmitting data from a first data processing device to a second data processing device, wherein the first data processing device has a display device. The second data processing device generates an encrypted input mask and transmits it to the first data processing device which displays it. The encrypted input mask is decrypted by being viewed through an optical filter having a decryption pattern, and the data to be transmitted are input to the first data processing device using the input mask that has been decrypted by the optical filter and are transmitted to the second data processing device.

Description

RELATED APPLICATIONS[0001]The present application is a continuation of U.S. application Ser. No. 12 / 084,516, filed May 2, 2008, which is a U.S. National Stage Application of International Application No. PCT / EP2006 / 068081, filed Nov. 3, 2006, which claims priority from European Patent Application No. 05024082.9, filed Nov. 4, 2005 and German Patent Application No. 10 2005 061999.1, filed Dec. 23, 2005, said patent applications hereby fully incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to a method and system for transmitting data from a first data processing device to a second data processing device, where the first data processing device particularly comprises a display device. Furthermore, the invention relates to an online banking method and a method for authenticating a user to a third party, in particular an e-commerce provider.BACKGROUND OF THE INVENTION[0003]The secure transmission of data is very important in connection with networ...

AI Technical Summary

Benefits of technology

[0015]Using the optical filter with the decryption pattern, in the possession of a user, provides a method by which data can be transmitted very securely. Essentially, the same security standards are achieved that are provided by methods using active processor media, e.g. a chip card. The method is thus secure against the above-mentioned “phishing” and “pharming” methods. Moreover, the method provides protection against the above-mentioned “replay attacks” or “keylogging” methods, as the data input makes only sense to a third party if the third party knows the decryption pattern. Finally, the method can be implemented and operated in a very cost-saving manner. An optical filter with a decryption pattern can be manufactured very inexpensively. Moreover, no special readers, as is the case with e.g. chip cards, are required, because the display device of the first data processing device is used as a “reader”.

[0067]A particular advantage of the method, data processing device and data processing system according to the invention is that the implementation can be effected in a very simple and cost-saving manner and that, at the same time, a manipulation of the transmitted data can be detected in a simple, but secure manner.

Problems solved by technology

Particularly when confidential data are transmitted from one data processing device to another data processing device over a world wide network like the Internet, there is an especially high risk of third parties attempting to gain knowledge of security-relevant or confidential data or attempting to exploit the transmission of these data for their own purposes.

This process has the disadvantage that third parties can conduct online commercial transactions on behalf of the legitimate user if they have gained access to the user's username and personal password.

Furthermore, there are programs that record keyboard strokes and transmit them to unauthorized third parties over the Internet.

It is also known to additionally record and unauthorizedly transmit to third parties the actions of screen selection devices like e.g. an electronic mouse or a touchpad in combination with the corresponding screen contents.

Finally it is known to unnoticeably redirect the data traffic between the two data processing devices that exchange the security relevant data via a computer of an unauthorized third party in a way that the data traffic passes through this computer which enables the tapping or manipulation of the data traffic.

A transaction in which a simple transaction number is used is primarily susceptible to the above-mentioned “phishing” and “pharming-”methods.

If an indexed transaction number or a one-time password is used, the method is still susceptible to the “man-in-the-middle attack”.

Though these methods are secure against the above-mentioned methods for the unauthorized obtaining of security relevant data or the unauthorized conducting of or tampering with transactions, the implementation and operation of such systems involve high hardware costs.

Even when low-cost storage or processor media are used, and readers or interfaces that are already provided for other purposes in the user's computer, there is the problem that the usability is mostly not guaranteed at arbitrary computers at arbitrary places.

Moreover, additional software and hardware, if applicable, must be laboriously installed before these methods can be used.

Thus, the screen content, in particular, cannot be read by a third person who does not possess this special optical filter.

However, it does not disclose a method for securely transmitting data from a first data processing device to a second data processing device.

While input into a computer cannot be read by unauthorized third parties, a potential transmission of these data to another data processing device would be unsecured.

Images