Method and apparatus for secure online transactions
US8352738B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 3, 2007 |
| Grant date | Jan 8, 2013 |
| Priority date | — |
| Expiry date | Apr 2, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/166
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Phishing attacks succeed by exploiting a user's inability to distinguish legitimate websites from spoofed websites. Most prior work focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process enhances security and eliminates many forms of fraud. We disclose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.