Apparatus and method for conducting securing financial transactions
First Claim
1. A method for effecting a secure financial transaction between a user and a merchant, comprising:
- establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device;
inputting at least one authentication parameter;
retrieving security information located on said virtual appliance module;
encrypting said security information along with said at least one authentication parameter to form an encrypted PIN block;
retrieving said transaction information located on said virtual appliance module;
submitting said encrypted PIN block and said transaction information to said secure server;
verifying said security information within the encrypted PIN block;
verifying said transaction information based on said security information; and
sending an indication of the validity of the security information to said merchant.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for conducting secure electronic transactions using dual-authentications. A secure server stores security information for a plurality of users and authorizes transactions being conducted by these users. A user computer system having a trusted platform module is used for storing security information relating to at least one user account. Protected environments are created to facilitate secure connections based on at least the security information stored in the trusted platform module. Transactions between the user/electronic merchants and between the user/secure server are conducted within protected environments. When a user conducts an electronic transaction with an electronic merchant, the transaction is authenticated by the secure server before can be completed.
-
Citations
4 Claims
-
1. A method for effecting a secure financial transaction between a user and a merchant, comprising:
-
establishing a connection between a secure server and a user computer comprising a virtual appliance module that creates a secure program execution space that prevents access from any other processes running on the user computer system, said virtual appliance module containing transaction information, said connection being established without an external point of sale device; inputting at least one authentication parameter; retrieving security information located on said virtual appliance module; encrypting said security information along with said at least one authentication parameter to form an encrypted PIN block; retrieving said transaction information located on said virtual appliance module; submitting said encrypted PIN block and said transaction information to said secure server; verifying said security information within the encrypted PIN block; verifying said transaction information based on said security information; and sending an indication of the validity of the security information to said merchant. - View Dependent Claims (2, 3, 4)
-
Specification