METHOD AND APPARATUS FOR ENHANCING ONLINE TRANSACTION SECURITY VIA SECONDARY CONFIRMATION
First Claim
1. A secondary confirmation system comprising of at least one secure server and first and second user level computing devices.
0 Assignments
0 Petitions
Accused Products
Abstract
The need for secure online transaction on inherently insecure platforms such as PCs and mobile devices is increasing with the widespread adoption of e-commerce and online banking. Providing enhanced security on such platforms is challenging as factors of cost and user convenience are significant barrier to adoption rates. The proposed invention does not require special hardware, operating systems or communication links installed on the client devices. Instead, it makes use of the fact that a large number of consumers already have access to multiple independently operating devices such as PCs and cellular phones. Providing secondary confirmation for secure transactions using a plurality of such devices addresses both the cost and ease-of-use factors. In particular, a secure transaction that is originated on one type of consumer device such as a PC is conducted to require a secondary transaction on a different device such as a mobile phone. This way an attacker faces the much harder problem of synchronously compromising two very different systems to gain control of a particular secure transaction.
44 Citations
9 Claims
- 1. A secondary confirmation system comprising of at least one secure server and first and second user level computing devices.
-
4. A method comprising:
-
a user initiating an online transaction to a secure server on a potentially compromised first device; and the secure server generating a secondary confirmation request on the user'"'"'s second device. - View Dependent Claims (5, 6, 7, 8, 9)
-
Specification