Secure transaction and access using insecure device
First Claim
1. A system for secure transaction and access, comprising:
- a. Relying-Party-Service-Provider for transaction and access of a user;
b. an insecure endpoint device, for communication of the user with the Relying-Party-Service-Provider, and compromised by unknown malware;
c. such malware capable of modifying transaction context or altering access request;
d. a mobile phone of the user;
e. Remote Identity-Management-as-a-Service for identity verification of the user using said mobile phone and serving remotely said Relying-Party-Service-Provider;
f. whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;
g. whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user;
h. whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention enables secure transactions or access using insecure endpoint devices, such as computers, tablets and smart-phones. These insecure devices are potentially compromised with malicious software that may attack the user in every possible way. The present invention does not pretend to prevent malware. Instead, malware attacks against secure transactions and access are made obsolete. The present invention includes data, directly connected to transaction or access request to Relying-Party-Service-Provider, into authentication process of Identity-as-a-Service Provider. The present invention includes user authentication using mobile phone vs. Identity-Management-as-a-Service provider. The present invention also includes entering request for secure transaction or access to Relying-Party-Service-Provider, using insecure device. The present invention also includes two-way communication between Relying-Party-Service-Provider and Identity-Management-as-a-Service. The advantages of the present invention include, without limitation, that it is resilient to malware attack.
15 Citations
20 Claims
-
1. A system for secure transaction and access, comprising:
-
a. Relying-Party-Service-Provider for transaction and access of a user; b. an insecure endpoint device, for communication of the user with the Relying-Party-Service-Provider, and compromised by unknown malware; c. such malware capable of modifying transaction context or altering access request; d. a mobile phone of the user; e. Remote Identity-Management-as-a-Service for identity verification of the user using said mobile phone and serving remotely said Relying-Party-Service-Provider; f. whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user; g. whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user; h. whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for secure transaction and access, comprising an interaction between a user;
- a mobile phone of the user;
an insecure endpoint device, performing communication of the user with Relying-Party-Service-Provider and compromised by unknown malware, such malware capable of modifying transaction context or altering access request;
Remote Identity-Management-as-a-Service, performing identity verification of the user and serving remotely said Relying-Party-Service-Provider; and
Relying-Party-Service-Provider, performing transaction and access of the user;
whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;
whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user; and
whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- a mobile phone of the user;
Specification