GB2510156A - A method for operating a remote financial transaction system - Google Patents

A method for operating a remote financial transaction system Download PDF

Info

Publication number
GB2510156A
GB2510156A GB1301383.4A GB201301383A GB2510156A GB 2510156 A GB2510156 A GB 2510156A GB 201301383 A GB201301383 A GB 201301383A GB 2510156 A GB2510156 A GB 2510156A
Authority
GB
United Kingdom
Prior art keywords
transaction information
image file
computing device
user
client computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1301383.4A
Other versions
GB2510156B (en
GB201301383D0 (en
Inventor
Patrick Carroll
Jonathan Mark Alford
John Petersen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Validsoft UK Ltd
Original Assignee
Validsoft UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Validsoft UK Ltd filed Critical Validsoft UK Ltd
Priority to GB1301383.4A priority Critical patent/GB2510156B/en
Publication of GB201301383D0 publication Critical patent/GB201301383D0/en
Priority to PCT/GB2014/050204 priority patent/WO2014114952A1/en
Publication of GB2510156A publication Critical patent/GB2510156A/en
Application granted granted Critical
Publication of GB2510156B publication Critical patent/GB2510156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/306Payment architectures, schemes or protocols characterised by the use of specific devices or networks using TV related infrastructures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method for operating a remote financial transaction system comprises a client computing device having a screen to display a user interface for receiving transaction information from a user and being configured via a network for communication with a remote server, the client device outputting the received transaction information to the remote in order to effect the financial transaction and the client computing device additionally generating an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some transaction information then processing the image file to extract the transaction information contained therein. The method may also comprise comparing the transaction information from the image file to the transaction information output by the user interface and, on the basis of the comparison, providing an indication of potentially fraudulent activity.

Description

METHOD FOR OPERATING A REMOTE FINANCIAL TRANSACTION SYSTEM
[0001] This invention relates to a method for operating a remote financial transaction system, in particular for preventing Man-in-the-Middle and Man-in-the-Browser attacks in an Internet banking system.
BACKGROUND
[0002] Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks comprise a number of techniques, one ot which is altering the actual content of the transaction prior to it being received by the remote side. This occurs, depending on the type of attack, at some point between the browser User Interface (UI) and the web server application. Techniques and methods used to identify or prevent such attacks include: * Browser lockdown software; * Hardware signing tokens; * Out-of-Band transaction verification.
[0003] These three techniques all have various advantages and disadvantages. The first has usability and portability issues, is resource intensive and typically provides no form of user authentication. The second requires physical, expensive devices, is prone to error and user dissatisfaction and is limited in the number and types of transactions that can be protected. The third, whilst being the most flexible in terms of being able to protect any number, length and type of transaction, requires a phone call or SMS which incurs an incremental cost.
[0004] Whether using preventive or detective techniques, any solution should be able to either: * Detect the presence of an attack Trojan (preventive); and/or * Detect that relevant transaction content as submitted to the client has been altered in some way between client and server (detective).
[0005] In both cases the solution should be able to prevent the attack being effective, i.e. prevent the transaction successfully completing with the resultant loss of funds.
[0006] The present invention, at least in its preferred embodiments, is concerned with the latter, i.e. a detective technique.
BRIEF SUMMARY OF THE DISCLOSURE
[0007] In accordance with the present invention there is provided a method for operating a remote financial transaction system. The system comprises a client computing device having a screen and being configured for data communication with a remote server via a data communications network. The client computing device is further configured to display on the screen a user interface for receiving transaction information from a user and to output the received transaction information for communication to the remote server via the data communications network in order to effect the financial transaction. The method comprises the client computing device generating an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some transaction information. The method further comprises processing the image file to extract the transaction information contained therein.
[0008] Thus, in accordance with the present invention, transaction information is obtained directly from the image file which represents what the user sees. In this way, the extracted transaction information is guaranteed to correspond to the transaction information that the user has seen and approved.
[0009] The processing of the image file to extract the transaction information contained therein may be carried out by the client computing device. For example, the extraction of the transaction information from the image file may be used as the primary (or only) method of outputting the transaction information from the user interface. Alternatively, the extraction of the transaction information from the image file may be used as an additional method of extracting the transaction information, in addition to the output from the user interface.
[0010] The transaction information extracted from the image file may be used only locally by the client computing device. However, in a desirable embodiment, the transaction information extracted from the image file may be communicated to the remote server. The transaction information extracted from the image file may be communicated to the remote server and the transaction intormation output by the user interface may also be communicated to the remote server. In this way, the remote server receives two sets of transaction information that can be compared to verify that the transaction data has not been fraudulently manipulated.
[0011] The transaction information extracted from the image file may be communicated to the remote server via a different communications channel to the transaction information output by the user interface. Different communications channels provide an additional level of communication security. For example, the different communications channels may be different communications protocols over the same data communication network. The different communications channels may be physically different communications networks, optionally using different protocols. The communications networks may be wired or wireless.
[0012] Alternatively or in addition to communicating the extracted transaction information, the image file may be communicated to the remote server by the client computing device.
In this case, the processing of the image file to extract the transaction information contained therein may be carried out by the remote server. The transaction information output by the user interface may also be communicated to the remote server by the client computing device. The image file may be communicated to the remote server via a different communications channel to the transaction information output by the user interface.
[0013] The image file, the transaction information and/or the extracted transaction information may be encrypted prior to communication to the remote server.
[0014] The method of the invention may comprise comparing the transaction information extracted from the image file to the transaction information output by the user interface.
The method may further comprise, on the basis of the comparison, providing on indication of potentially fraudulent activity. In this way, manipulation of the output transaction is information relative to the transaction information seen by the user may be detected. In this way, the remote server can determine whether or not to process the transaction. The indication may be simply a value indicative of the likelihood of fraudulent activity. The remote server may use additional information to determine whether or not to process the transaction.
[0015] The comparison may be carried out by the client computing device. Alternatively or in addition, the comparison may be carried out by the remote server.
[0016] The user interface may be an application (or app) running on the client computing device. Typically, however, the user interface is a web page. The client computing device may run a web browser to display the web page.
[0017] Typically, the data communications network is the Internet. However, it is also possible to for the client computing device to communicate with the remote server via a private data communications network.
[0018] The remote server may be a financial services sewer, such as an Internet banking server. The remote server may comprise a plurality of servers that may be physically separate servers, which may be mutually remote. The servers may be in data communication with the remote server via the data communication network. The remote server may be in data communication with a financial services server.
[0019] The transaction information may comprise at least authentication information for the user. The transaction information may comprise only authentication information for the user. In this case, the method will identify a potential fraudster attempting to obtain the user's authentication information. The authentication information may comprise a username, password, personal identification number (PIN) or the like. In addition or alternatively, the transaction information may include financial information such as a payee account number and a transaction value.
[0020] The image file may be any suitable image file. For example, the image file may be a bitmap, a Joint Photographic Experts Group (JPEG) file, a Graphics Interchange Format (GI F) file or the like. The image file may represent the entire screen ot the client computing device, only that portion of the screen occupied by the user interface or only a portion of the user interface, for example the portion containing the transaction information.
[0021] The invention extends to a client computing device configured to operate in accordance with the method of the invention. The client computing device may be a personal computer, a laptop computer, a tablet computer, a smartphone, a smart television or any other computing device capable of providing the necessary user interface.
[0022] The invention also extends to computer software, in particular a browser plug-in, which configures a general-purpose computing device to operate as the client computing device.
[0023] The invention further extends to a remote server configured to operate in accordance with the method of the invention. The invention also extends to computer software which configures a general-purpose computing device to operate as the remote server.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] Embodiments of the invention are further described hereinafter with reference to the accompanying drawings, in which: Figure 1 is a schematic representation of a financial transaction system for carrying out the method of the invention.
DETAILED DESCRIPTION
[0025] In broad terms, embodiments of this invention relate to a method of detecting the fraudulent alteration of transactional content by comparing data elements as displayed on a web browser with those same data elements as received by a web-server based application such as an Internet banking application. In accordance with the invention, a client device creates, encrypts and transmits an image file, such as a bitmap, based on the captured browser content, in addition to the existing transaction content transmitted over hypertext transport protocol (HTTP) or HTTP Secure (HTTPS). By then decrypting the image and comparing the transactional value(s) captured in the image against the transactional value(s) submitted over HTTP, the web server can determine whether transaction corruption has occurred at any point in the HTTP transmission, whether in the actual browser itself, in the client device or via any proxy server en-route. The system may optionally use third-party generated One Time Passcodes (OTPs) as encryption seeds to increase the overall strength of the solution.
[0026] Figure 1 shows the major components of the solution for detecting a corrupted transaction. The system comprises both client and server software components for in-band MitBfMitM detection [0027] The client application, resident on a PC or smart-phone, for example, captures the screen image of predefined browser pages where sensitive details, such as account numbers or address details, are displayed as confirmation to the user. Because the captured screen image is the screen as seen by the user, if an MitM or MitB attack is underway any corruption of data that may have already taken place will be replaced with the correct data temporarily on the confirmation screen so as not to alert the user to the corruption.
[0028] The screen image can be parsed to extract the required sensitive information, such as the account number in the case of a funds transfer. This data can then be encrypted by the client application using any standard encryption algorithm based on a seed. The seed may either be one provided at the point where the client application was installed or it may be dynamically entered by the user in the case where a one-time-password (OTP) token is used. Alternatively, the entire screen can be encrypted and the subsequent decryption and parsing can be performed by the server application.
[0029] The encrypted image, regardless of whether full screen or selected field(s) is then transmitted to a server application via a separate protocol than that used to transmit the actual transaction data to the server based Internet or Mobile banking application. Figure 1 shows the actual transaction data being transmitted over HTTP or HTTPS whilst the encrypted image, in this example a bitmap, is transmitted using user datagram protocol (UDP) or transmission control protocol (TCP).
[0030] The server decrypts the image or decrypts and parses the image, dependent on the content of the image, which may be full screen or field(s) of the screen, using the appropriate seed contained in a store of seeds for every client application downloaded.
Where a dynamic seed, obtained from an OTP generating token was used, the server component will interface with the appropriate OTP server software to verify the seed as genuine and then use it to perform the decryption.
[0031] Once decrypted, the server component obtains the appropriate field(s) from the transaction and compares the value(s) with the decrypted field(s) from the image. Where the values differ it can be concluded that the transaction has been corrupted by a MitM or MitB attack.
[0032] In summary, there is disclosed a method for operating a remote financial transaction system. The system comprises a client computing device having a screen and being configured for data communication with a remote server via a data communications network. The client computing device is further configured to display on the screen a user interface for receiving transaction information from a user and to output the received transaction information for communication to the remote server via the data communications network in order to effect the financial transaction. The method comprises the client computing device generating an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some transaction information. The method further comprises processing the image file to extract the transaction information contained therein. The method may additional comprise comparing the transaction information from the image file to the transaction information output by the user interface and, on the basis of the comparison, providing an indication of potentially fraudulent activity.
[0033] Embodiments of the invention provide a solution that compares the information entered through a browser with the information received by the web server-based application after submission of the request to prevent Man-in-the-Middle and Man-in-the-Browser attacks.
[0034] Throughout the description and claims of this specification, the words "comprise" and "contain" and variations of them mean "including but not limited to", and they are not intended to (and do not) exclude other components, integers or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.
[0035] Features, integers, characteristics or groups described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive. The invention is not restricted to the details of any foregoing embodiments. The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.

Claims (17)

  1. CLAIMS1. A method for operating a remote financial transaction system, the system comprising a client computing device having a screen and being configured for data communication with a remote server via a data communications network, the client computing device being further configured to display on the screen a user interface for receiving transaction information from a user and to output the received transaction information for communication to the remote server via the data communications network in order to effect the financial transaction, the method comprising: the client computing device generating an image tile representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some transaction information; and processing the image file to extract the transaction information contained therein.
  2. 2. A method as claimed in claim 1, wherein the processing of the image file to extract the transaction information contained therein is carried out by the client computing device.
  3. 3. A method as claimed in claim 2, wherein the transaction information extracted from the image file is communicated to the remote server.
  4. 4. A method as claimed in claim 3, wherein the transaction information extracted from the image file is communicated to the remote server and the transaction information output by the user interface is communicated to the remote server.
  5. 5. A method as claimed in claim 4, wherein the transaction information extracted from the image file is communicated to the remote server via a different communications channel to the transaction information output by the user interface.
  6. 6. A method as claimed in any preceding claim, wherein the image file is communicated to the remote server by the client computing device.
  7. 7. A method as claimed in claim 6, wherein the processing of the image file to extract the transaction information contained therein is carried out by the remote server.
  8. 8. A method as claimed in claim 6 or 7, wherein the transaction information output by the user interface is also communicated to the remote server by the client computing device.
  9. 9. A method as claimed in claim 8, wherein the image file is communicated to the remote server via a different communications channel to the transaction information output by the user interface.
  10. 10. A method as claimed in any preceding claim further comprising comparing the transaction information extracted from the image file to the transaction information output by the user interface; and on the basis of the comparison providing an indication of potentially fraudulent S activity.
  11. 11. A method as claimed in claim 10, wherein the comparison is carried out by the client computing device.
  12. 12. A method as claimed in claim 10, wherein the comparison is carried out by the remote server.
  13. 13. A method as claimed in any preceding claim, wherein the transaction information comprises at least authentication information for the user.
  14. 14. A client computing device configured to operate in accordance with the method of any preceding claim.
  15. 15. Computer software which configures a general-purpose computing device to operate as a client computing device as claimed in claim 14.
  16. 16. A remote server configured to operate in accordance with the method of any of claims ito 13.
  17. 17. Computer software which configures a general-purpose computing device to operate as a remote server as claimed in claim 16.amendments to the claims have been filed as follows 1. A method for detecting alteration of transaction information, the method comprising: displaying, on a screen of a client computing device, a user interface for receiving input transaction information from a user; receiving input transaction information from a user; transmitting, by the client computing device, transaction information to a server via a data communications network; receiving, by the server, purported transaction information; generating, by the client computing device, an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some of the input transaction information; and processing, by the client computing device, the image file to extract at least some of the input transaction information contained therein, and communicating the extracted transaction information to the server, or communicating the image file to the server and If) processing, by the server, the image file to extract at least some of the input transaction 0 information contained therein; and comparing, by the server, the purported transaction information to the extracted transaction information.2. A method as claimed in claim 1, wherein the extracted transaction information or the image file is communicated to the server via a different communications channel to the transaction information received from the user.3. A method as claimed in any preceding claim further comprising providing an indication of potentially altered transaction information based on the comparison of the purported transaction information and the extracted transaction information.4. A method as claimed in any preceding claim, wherein the transaction information comprises at least authentication information for the user.5. A system for detecting alteration of transaction information, the system comprising: a client computing device comprising a screen and arranged to: display, on the screen, a user interface for receiving input transaction information from a user; receive input transaction information from a user; transmit transaction information to a server via a data communication network; generate an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some of the input transaction infoimation; and process the image file to extract at least some of the input transaction information contained therein and communicate the extracted transaction information to the server, or communicate the image file to the server; and a server arranged to: receive purported transaction information from the client computing device; receive the extracted transaction information from the client computing If) device, or receive the image file from the client computing device and process the 0 image file to extract at least some of the input transaction information contained therein; and compare the purported transaction information to the extracted transaction information.6. The system of claim 5, wherein the extracted transaction information or the image file is communicated to the server via a different communications channel to the transaction information received from the user.7. The system of claim 5 or 6 wherein the server is further arranged to provide an indication of potentially altered transaction information based on the comparison of the purported transaction data and the extracted transaction information transaction.8. The system of any of claims 5 to 7, wherein the transaction information comprises authentication information for the user.9. A client computing device comprising a screen, the client computing device being arranged to: display, on the screen, a user interface for receiving input transaction information from a user; receive input transaction information from a user; transmit transaction information to a server via a data communication network; generate an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some of the input transaction information; and process the image file to extract at least some of the input transaction information contained therein and communicate the extracted transaction information to the server for comparison to the purported transaction information, or communicate the image file to the server for transaction information to be extracted and compared to the purported transaction information.LID 10. A server for detecting alteration of transaction information, wherein the server is o arranged to: receive purported transaction information from a client computing device where a user has input transaction information via a user interface; receive an image file from the client computing device and process the image file to extract transaction information, or receive extracted transaction information from the client computing device; and compare the purported transaction information to the extracted transaction information; wherein the image file is representative of at least part of the user interface as seen on a screen by the user and includes a visual representation of at least some of the input transaction information.11. A method for using a client computing device, the method comprising: displaying, on a screen of the client computing device, a user interface for receiving input transaction information from a user; receiving input transaction information from a user; transmitting transaction information to a server via a data communication network; generating an image file representative of at least part of the user interface as seen on the screen by the user and including a visual representation of at least some of the input transaction information; and processing the image file to extract at least some of the input transaction information contained therein and communicating the extracted transaction information to the server for comparison to the purported transaction information, or communicating the image file to the server for transaction information to be extracted and compared to the purported transaction information.12. A method for detecting alteration of transaction information using a server, the method comprising: receiving purpoited transaction information for a client computing device where a user has input transaction information via a user interface; receiving an image file from the client computing device and process the image file to extract transaction information, or receive extracted transaction information from the LI) client computing device; and compare the purported transaction information to the extracted transaction information; r wherein the image file is representative of at least part of the user interface as seen on a screen by the user and includes a visual representation of at least some of the input transaction information.13. A computer-readable storage medium storing computer program code configured when executed by a processor to implement the method of any one of claims 1 to 4, 11 or 12.
GB1301383.4A 2013-01-25 2013-01-25 Method for operating a remote financial tranaction system Active GB2510156B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1301383.4A GB2510156B (en) 2013-01-25 2013-01-25 Method for operating a remote financial tranaction system
PCT/GB2014/050204 WO2014114952A1 (en) 2013-01-25 2014-01-27 Method for detecting alteration of transaction information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1301383.4A GB2510156B (en) 2013-01-25 2013-01-25 Method for operating a remote financial tranaction system

Publications (3)

Publication Number Publication Date
GB201301383D0 GB201301383D0 (en) 2013-03-13
GB2510156A true GB2510156A (en) 2014-07-30
GB2510156B GB2510156B (en) 2016-09-21

Family

ID=47890808

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1301383.4A Active GB2510156B (en) 2013-01-25 2013-01-25 Method for operating a remote financial tranaction system

Country Status (2)

Country Link
GB (1) GB2510156B (en)
WO (1) WO2014114952A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032768B (en) * 2021-03-31 2021-11-16 广州锦行网络科技有限公司 Authentication method, device, equipment and computer readable medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040044596A1 (en) * 2002-08-30 2004-03-04 Franks Theresa S. Identification tag for fine art registry system
WO2008092263A1 (en) * 2007-01-31 2008-08-07 Binary Monkeys, Inc. Method and apparatus for network authentication of human interaction and user identity
JP2010079877A (en) * 2008-08-25 2010-04-08 Great Information Kk Age verification system
JP2010278925A (en) * 2009-05-29 2010-12-09 Secom Co Ltd Electronic signature system
US20110184982A1 (en) * 2010-01-25 2011-07-28 Glenn Adamousky System and method for capturing and reporting online sessions
US8199965B1 (en) * 2007-08-17 2012-06-12 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US20120240224A1 (en) * 2010-09-14 2012-09-20 Georgia Tech Research Corporation Security systems and methods for distinguishing user-intended traffic from malicious traffic

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071283A1 (en) * 2000-05-25 2005-03-31 Randle William M. Quality assured secure and coordinated transmission of separate image and data records representing a transaction
US20090018860A1 (en) * 2007-01-08 2009-01-15 Joel Edward Sikes Method and computer program for back office check conversion
CA2741472A1 (en) * 2008-10-21 2010-04-29 Mario W. Cardullo System and method for credit card user identification verification
US9324085B2 (en) * 2009-09-15 2016-04-26 International Business Machines Corporation Method and system of generating digital content on a user interface
KR101404989B1 (en) * 2012-06-29 2014-06-10 고려대학교 산학협력단 Financial transaction information certification Method for responding MITB attack by Two-Channel authentication, and Financial server thereof
US20150039403A1 (en) * 2013-08-02 2015-02-05 Everyone Counts, Inc. Preventing man-in-the-middle attacks in electronic voting

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040044596A1 (en) * 2002-08-30 2004-03-04 Franks Theresa S. Identification tag for fine art registry system
WO2008092263A1 (en) * 2007-01-31 2008-08-07 Binary Monkeys, Inc. Method and apparatus for network authentication of human interaction and user identity
US8199965B1 (en) * 2007-08-17 2012-06-12 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
JP2010079877A (en) * 2008-08-25 2010-04-08 Great Information Kk Age verification system
JP2010278925A (en) * 2009-05-29 2010-12-09 Secom Co Ltd Electronic signature system
US20110184982A1 (en) * 2010-01-25 2011-07-28 Glenn Adamousky System and method for capturing and reporting online sessions
US20120240224A1 (en) * 2010-09-14 2012-09-20 Georgia Tech Research Corporation Security systems and methods for distinguishing user-intended traffic from malicious traffic

Also Published As

Publication number Publication date
GB2510156B (en) 2016-09-21
WO2014114952A1 (en) 2014-07-31
GB201301383D0 (en) 2013-03-13

Similar Documents

Publication Publication Date Title
US10389531B2 (en) Authentication system and authentication method
USRE46158E1 (en) Methods and systems to detect attacks on internet transactions
EP3175380B1 (en) System and method for implementing a one-time-password using asymmetric cryptography
RU158940U1 (en) STRICT AUTHENTICATION TOKEN WITH VISUAL OUTPUT OF OPEN KEY INFRASTRUCTURE SIGNATURES (PKI)
EP3291504A2 (en) Authentication and secure transmission of data between signature devices and host computers using transport layer security
EP2348442A1 (en) Trusted graphics rendering for safer browsing on mobile devices
CN107786331B (en) Data processing method, device, system and computer readable storage medium
AU2022100184A4 (en) System for and method of authenticating a component of an electronic device
US10412069B2 (en) Packet transmitting apparatus, packet receiving apparatus, and computer readable medium
EP3130126B1 (en) Security protocol monitoring
EP2899663A1 (en) Authentication server, authentication system, authentication method, and program
CN108306970A (en) A kind of download of firmware safety and calibration equipment and method based on safety chip
CN107548542B (en) User authentication method with enhanced integrity and security
JP6488613B2 (en) Trading system and program
GB2510156A (en) A method for operating a remote financial transaction system
JP2019009728A (en) Secure element, computer program, device, server, and secure element authentication method
CN105323287B (en) Third-party application program login method and system
WO2011060738A1 (en) Method for confirming data in cpu card
US11936671B1 (en) Zero trust architecture with browser-supported security posture data collection
US20150213450A1 (en) Method for detecting potentially fraudulent activity in a remote financial transaction system
KR20140047058A (en) Digital certificate system for cloud-computing environment and providing method thereof
KR20190020542A (en) Generating digital signature messages using a script engine in a device and an external mobile terminal
KR20170123222A (en) User authentication method for integrity and security enhancement

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20180222 AND 20180228