Method and a device for making a computer application secure

US 9,530,014 B2
Filed: 12/18/2012
Issued: 12/27/2016
Est. Priority Date: 12/20/2011
Status: Active Grant

First Claim

Patent Images

1. A security method for making a computer application being executed on a terminal secure, the method being implemented by the terminal on which said computer application is being executed and comprising:

obtaining information indicating that said application being made secure is about to invite a user of the terminal on which said application is being executed to input data;

obtaining a secret image known to the user of the terminal by accessing a binary file representative of the secret image, the binary file being stored in a secure element of the terminal on which said application being made secure is being executed;

constituting a complex image in said secure element of the terminal on which said application being made secure is being executed, the complex image being constituted from said secret image obtained by accessing said binary file stored in the secure element of the terminal on which said application being made secure is being executed and from dynamic data that is inaccessible to said terminal on which said application being made secure is being executed; and

displaying said complex image on a screen of the terminal on which said application being made secure is being executed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a security method for making secure a computer application being executed on a terminal is disclosed. In one embodiment the security method comprises obtaining information to the effect that the application is about to invite a user of the terminal to input data, accessing a binary file representative of a secret image known to the user of the terminal, the binary file being stored in a secure element of the terminal, constituting a complex image in the secure element, the complex image being obtained from the secret image and from dynamic data that is inaccessible to said terminal, and displaying the complex image on a screen of the terminal.

Citations

15 Claims

1. A security method for making a computer application being executed on a terminal secure, the method being implemented by the terminal on which said computer application is being executed and comprising:
- obtaining information indicating that said application being made secure is about to invite a user of the terminal on which said application is being executed to input data;
  
  obtaining a secret image known to the user of the terminal by accessing a binary file representative of the secret image, the binary file being stored in a secure element of the terminal on which said application being made secure is being executed;
  
  constituting a complex image in said secure element of the terminal on which said application being made secure is being executed, the complex image being constituted from said secret image obtained by accessing said binary file stored in the secure element of the terminal on which said application being made secure is being executed and from dynamic data that is inaccessible to said terminal on which said application being made secure is being executed; and
  
  displaying said complex image on a screen of the terminal on which said application being made secure is being executed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A security method according to claim 1, wherein said display is carried out before said input is confirmed.
  - 3. A security method according to claim 1, wherein said invitation comprises displaying an application screen display including a zone for inputting said data, and wherein said display process comprises displaying an image obtained by combining, within said secure element, said application screen display with said complex image.
  - 4. A security method according to claim 1, further including a process of prompting the user to change said secret image.
  - 5. A security method according to claim 1, wherein said application is executed at least in part in said secure element.
  - 6. A security method according to claim 1, wherein said dynamic data is a parameter of said application.
  - 7. A security method according to claim 6, wherein said application is a contactless payment application and said dynamic data is the amount of a transaction.
  - 8. A non-transitory computer readable medium having stored thereon a first computer program including instructions for executing the security method according to claim 1, when said program is executed by a processor.
  - 9. A non-transitory computer readable medium according to claim 8, wherein said first computer program further includes instructions for executing at least a portion of said computer application when said program is executed by said processor.
  - 10. A non-transitory computer readable medium according to claim 9 further comprising a second program, independent of said first program, the second program including instructions for executing at least a portion of said computer application when said program is executed by a processor.

11. A security device for making a computer application being executed on a terminal secure, the security device being adapted for inclusion in the terminal and comprising:
- a component configured to obtain information indicating that said application being made secure is about to invite a user of the terminal on which said application is being executed to input data;
  
  a component configured to obtain a secret image known to the user of the terminal by accessing a binary file representative of the secret image, the binary file being stored in a secure element of the terminal on which the application being made secure is being executed;
  
  a component configured to constitute a complex image in said secure element of the terminal on which said application being made secure is being executed, the complex image being constituted from said secret image obtained by accessing said binary file stored in the secure element of the terminal on which said application being made secure is being executed and from dynamic data that is inaccessible to said terminal on which said application being made secure is being executed; and
  
  a component configured to display said complex image on a screen of the terminal on which said application being made secure is being executed.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A security element including a device according to claim 11.
  - 13. A security element according to claim 12, further including a secure domain specific to said computer application, said binary file being stored in the secure domain.
  - 14. A terminal including a device according to claim 11.
  - 15. A terminal according to claim 14, further including a component configured to prevent copying of the screen display of said terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Assadi, Houssem, Habermacher, Loc, Louet, Erwan
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US14/367,196
Publication Number

US 20150007339A1
Time in Patent Office

1,470 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/604   Tools and structures for ma...

G06F 2221/031   Protect user input by softw...

Method and a device for making a computer application secure

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and a device for making a computer application secure

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links