Apparatus and method for conducting securing financial transactions
First Claim
1. A method for effecting a secure financial transaction between a user and a merchant, comprising:
- establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device;
inputting at least one authentication parameter;
retrieving security information located on said virtual appliance module;
encrypting said security information along with said at least one authentication parameter to form an encrypted PIN block;
retrieving said transaction information located on said virtual appliance module;
submitting said encrypted PIN block and said transaction information to said secure server;
verifying said security information within the encrypted PIN block;
verifying said transaction information based on said security information; and
sending an indication of the validity of the security information to said merchant.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for conducting secure electronic transactions using dual-authentications. A secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. A user computer system having a trusted platform module is used for storing security information relating to at least one user account. Protected environments are created to facilitate secure connections based on at least the security information stored in the trusted platform module. Transactions between the user/electronic merchants and between the user/secure server are conducted within protected environments. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
-
Citations
4 Claims
-
1. A method for effecting a secure financial transaction between a user and a merchant, comprising:
-
establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device; inputting at least one authentication parameter; retrieving security information located on said virtual appliance module; encrypting said security information along with said at least one authentication parameter to form an encrypted PIN block; retrieving said transaction information located on said virtual appliance module; submitting said encrypted PIN block and said transaction information to said secure server; verifying said security information within the encrypted PIN block; verifying said transaction information based on said security information; and sending an indication of the validity of the security information to said merchant. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current Assignee4361423 Canada Incorporated
-
Original Assignee4361423 Canada Incorporated
-
InventorsMages, Kenneth G., Lo, Chi Wah, Mages, Kent H., Tang, Tai Kwan
-
Primary Examiner(s)Coppola, Jacob C.
-
Application NumberUS12/675,621Publication NumberTime in Patent Office2,475 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 21/445 by mutual authentication, e...G06Q 20/02 involving a neutral party, ...G06Q 20/12 specially adapted for elect...G06Q 20/382 insuring higher security of...G06Q 20/40 Authorisation, e.g. identif...G06Q 20/4014 Identity check for transact...G07F 7/1075 PIN is checked remotelyH04L 2463/082 applying multi-factor authe...H04L 63/08 for authentication of entit...H04L 63/102 Entity profiles
