Detecting man-in-the-middle attacks in electronic transactions using prompts
First Claim
1. A method of authenticating an electronic banking transaction, the method comprising:
- receiving an electronic banking transaction request from a user, the electronic transaction request originating at a client system;
determining an Internet Protocol (IP) address associated with the client system from which the received electronic banking transaction request originates;
providing the user with a one time password associated with the electronic banking transaction request;
providing the user with a third party verification number associated with the electronic banking transaction request;
receiving a telephonic communication to the third party verification number from a telephonic device associated with the user;
prompting the user, via a voice response unit, to input the password using the telephonic device, the telephonic device having a user number;
authenticating the user based on a comparison of the inputted password and the provided one time password and the user number where the authenticating is performed by a third-party service provider, wherein the third-party provider is not a participant in the electronic banking transaction;
determining a probable location of the user based on the determined IP address of the client system;
communicating to the user, via the voice response unit, the probable location of the user based on the determined IP address associated with the client system; and
prompting the user to confirm the probable location of the user based on the IP address associated with the client system.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the invention provide a solution for detecting man-in-the-middle attacks in electronic transactions using prompts. One embodiment includes a method for authenticating an electronic transaction. The method includes: receiving an electronic transaction request from a user, determining an IP address associated with a client system from which the electronic transaction request originates, providing the user with a password associated with the electronic transaction request, receiving a telephonic communication from a telephonic device associated with the user, prompting the user, via a voice response unit, to input the password using the telephonic device, authenticating the user by comparing the inputted password and the provided password, determining a probable location of the user based on the determined IP address of the client system, communicating to the user the probable location of the user based on the determined IP address, and prompting the user to confirm the probable location of the user.
-
Citations
21 Claims
-
1. A method of authenticating an electronic banking transaction, the method comprising:
-
receiving an electronic banking transaction request from a user, the electronic transaction request originating at a client system; determining an Internet Protocol (IP) address associated with the client system from which the received electronic banking transaction request originates; providing the user with a one time password associated with the electronic banking transaction request; providing the user with a third party verification number associated with the electronic banking transaction request; receiving a telephonic communication to the third party verification number from a telephonic device associated with the user; prompting the user, via a voice response unit, to input the password using the telephonic device, the telephonic device having a user number; authenticating the user based on a comparison of the inputted password and the provided one time password and the user number where the authenticating is performed by a third-party service provider, wherein the third-party provider is not a participant in the electronic banking transaction; determining a probable location of the user based on the determined IP address of the client system; communicating to the user, via the voice response unit, the probable location of the user based on the determined IP address associated with the client system; and prompting the user to confirm the probable location of the user based on the IP address associated with the client system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
at least one computing device configured to authenticate an electronic banking transaction by performing actions including; receiving an electronic banking transaction request from a user, the electronic banking transaction request originating at a client system; determining an Internet Protocol (IP) address associated with the client system from which the received electronic banking transaction request originates; providing the user with a one time password associated with the electronic banking transaction request; providing the user with a third party verification number associated with the electronic banking transaction request; receiving a telephonic communication to the third party verification number from a telephonic device associated with the user; prompting the user, via a voice response unit, to input the password using the telephonic device, the telephonic device having a user number; authenticating the user based on a comparison of the inputted password and the provided password and the user number where the authenticating is performed by a third-party service provider, wherein the third-party provider is not a participant in the electronic banking transaction; determining a probable location of the user based on the determined IP address of the client system; communicating to the user, via the voice response unit, the probable location of the user based on the determined IP address associated with the client system; and prompting the user to confirm the probable location of the user based on the IP address associated with the client system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A computer program product for authenticating an electronic banking transaction, the computer program product comprising a non-transitory computer readable medium having program code embodied therewith, the program code executable by at least one computer system to perform a method comprising:
-
receiving an electronic banking transaction request from a user, the electronic transaction request originating at a client system; determining an Internet Protocol (IP) address associated with the client system from which the received electronic banking transaction request originates; providing the user with a one time password associated with the electronic banking transaction request; providing the user with a third party verification number associated with the electronic banking transaction request; receiving a telephonic communication to the third party verification number from a telephonic device associated with the user; prompting the user, via a voice response unit, to input the password using the telephonic device, the telephonic device having a user number; authenticating the user based on a comparison of the inputted password and the provided password and the user number where the authenticating is performed by a third-party service provider, wherein the third-party provider is not a participant in the electronic banking transaction; determining a probable location of the user based on the determined IP address of the client system; communicating to the user, via the voice response unit, the probable location of the user based on the determined IP address associated with the client system; and prompting the user to confirm the probable location of the user based on the IP address associated with the client system. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification