1. Technical Field
The present invention relates in general to a system and method for providing device-based access to an account. More particularly, the present invention relates to a system and method for providing access to online financial transactions based upon the protocol supported by the user's device.
2. Description of the Related Art
Modern computing devices range from large super computers to small handheld devices, such as personal digital assistants (PDAs) and mobile telephones. Users are increasingly using a variety of computing devices to request and retrieve information from servers by using computer networks, such as the Internet.
Devices support different protocols based upon the devices capabilities. A protocol is an agreed-upon format for transmitting data between two devices. The protocol determines the type of error checking that is used, the type of data compression (if any) that is used, how the sending device indicates that it is finished sending a message, and how the receiving device acknowledges receipt of a message. Each protocol has particular advantages and disadvantages. For example, some are easier to use than others, some are more secure than others, some are faster than others, and some are more reliable than others.
One computing device may support a particular protocol and not support another protocol. Users connecting to a website of a financial institution may wish to connect using a variety of devices that support a variety of protocols. One of these protocols is the Wireless Access Protocol (WAP), which is a secure specification that allows users to access information using wireless, usually handheld devices such as mobile phones, pagers, two-way radios, smartphones, communicators, and PDAs. Another protocol is the HyperText Transfer Protocol (HTTP) which is an underlying protocol used by the World Wide Web (WWW). HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should perform in response to various commands. An extension of the HTTP protocol, called “S-HTTP” uses encryption to provide secure messages between a computing devices, such as a client and a server. A challenge, however, is that not all browsers and computing devices support the secure version of HTTP. Another technology used for securely transmitting messages is Secure Socket Layer (SSL) which establishes a secure connection using encryption between two computers. While both use encryption to secure messages, SSL and S-HTTP have different designs and goals. By convention, the address or “Uniform Resource Locator” (URL) of a Web page that require an SSL connection start with “https” rather than “http.”
A challenge of providing financial information is that much of the information is confidential, or sensitive, so secure connections (i.e., SSL) are often required in order for a user to view his or her account stored on the financial institution's server. This requirement, however, conflicts with the desire of many users to view financial information using portable devices, such as PDAs and mobile phones, that have browsers that do not support the type of secure connections provided using SSL. In addition, financial information has degrees of sensitivity depending on what the user wants to do with the information. For example, simply checking an account overview (i.e., account balances), may not be seen by the user as being as sensitive as transferring money to other accounts or using online bill paying services where an account balance is actually changed.
What is needed, therefore, is a system and method for allowing the user to access his or her financial information from a variety of devices. What is further needed is a system and method that permits access to financial functions based on the sensitivity of the functions. Finally, what is needed is a system and method that allows a user to choose which functions can be performed when the user is connected to the financial institution's servers using a variety of protocols corresponding to a variety of communication devices and the additional ability of optionally “registering” network addresses of the user's devices.