Mobile Banking
First Claim
1. A method involving end-to-end secure communication from a wireless device to a remote computer, comprising:
- receiving data from the wireless device comprising software compliant with a wireless protocol, the data relating to a request for access to the remote computer;
identifying a value of a user agent header corresponding to the wireless device;
determining whether the data is end-to-end secure from the wireless device to the remote computer, where the data travels through a network device before arriving at the remote computer;
where the determining whether the data is end-to-end secure includes comparing the value of the user agent header to a first list of approved values to determine if an exact match exists;
when the exact match does not exist, then identifying a portion of the value of the user agent header and comparing the portion with the first list of approved values to determine if a loose match exists; and
for each determination where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for identifying circumstances where end-to-end security is not available to a mobile banking customer. The user may be alerted/warned or restricted from accessing some banking services through his/her WAP-enabled mobile device if the server (e.g., bank server) determines that end-to-end security is not available. In some instances, the bank server may access a computer data file containing a list of known end-to-end secure devices and gateways to verify the integrity of the data communication. The server may verify the integrity of the data communication using loose matching.
19 Citations
20 Claims
-
1. A method involving end-to-end secure communication from a wireless device to a remote computer, comprising:
-
receiving data from the wireless device comprising software compliant with a wireless protocol, the data relating to a request for access to the remote computer; identifying a value of a user agent header corresponding to the wireless device; determining whether the data is end-to-end secure from the wireless device to the remote computer, where the data travels through a network device before arriving at the remote computer; where the determining whether the data is end-to-end secure includes comparing the value of the user agent header to a first list of approved values to determine if an exact match exists; when the exact match does not exist, then identifying a portion of the value of the user agent header and comparing the portion with the first list of approved values to determine if a loose match exists; and for each determination where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for verifying end-to-end secure wireless data transmission from a wireless device comprising a software compliant with a wireless protocol to a server, where the data transmission travels through a gateway configured to receive the data transmission from the wireless device, the apparatus comprising:
-
a processor; and memory storing computer-readable instructions that when executed by a processor cause the apparatus to perform a method comprising; identifying a value of a first identifier, associated with the data transmission, corresponding to the wireless device; identifying a value of a second identifier, associated with the data transmission, corresponding to the gateway; and determining whether the data transmission is end-to-end secure from the wireless device to the server, including comparing the value of the first identifier to a first list of approved values, and comparing the value of the second identifier to a second list of approved values; where the comparing the value of the first identifier includes; comparing the value of the first identifier with the first list of approved values to determine that an exact match does not exist; identifying a portion of the value of the first identifier and comparing the portion with the first list of approved values to determine that a loose match does not exist; and reducing the portion in size by a predetermined amount and comparing the reduced portion of the first identifier with the first list of approved values to determine that a loose match does exist. - View Dependent Claims (13, 14, 15)
-
-
16. A method for determining whether communication from a user device to a server is end-to-end secure, comprising:
-
identifying a user device comprising a first WAP-compliant software; identifying a network device comprising a second WAP-compliant software; determining whether a data originating from the user device to the network device and then to the server is end-to-end secure; if the data is end-to-end secure, recording a value of a first identifier corresponding to the user device in a first computer file; and if the data is end-to-end secure, recording a value of a second identifier corresponding to the network device in a second computer file, - View Dependent Claims (17, 18, 19, 20)
-
Specification