1. Field of the Invention
The present invention relates to verification on internet in general. More specifically, the present invention relates to a method and system for verification of human presence at a communication device.
2. Description of the Prior Art
Computer systems are capable of mimicking human interactions with other computers. One computer can be programmed to fill in forms, submit those forms, and generally behave in an automated way to accomplish certain tasks, especially in on-line forums like bulletin boards, blogs, online polls, commerce sites, and so forth. While many such automation tasks are benign and even helpful, the same technology can be used to automate fraud and/or attacks. In response to increasing automated attacks, the concept of verification by sending a random PIN to a mobile device was conceived. For example, to verify that a transaction on a website is being made by authorized user, the user is sent a randomly generated PIN to his registered mobile device. The user is then required to enter the PIN on the website to complete the transaction. For example, for verifying that humans are present at the opt-in for mobile phone transactions, such as mobile payments, purchases by mobile phone, prepaid card top-ups, premium mobile content subscription opt-ins, standard-rated mobile messaging campaign opt-ins and the like.
Sending a PIN to a mobile device, and requiring the user to enter the PIN into the website, is thought to be a superior level of authentication than sending a PIN to an email address, since this PIN-to-mobile technique verifies that the human user also is in possession of his mobile phone, elevating the phone itself to the role of physical token security factor. Normally, PINs are sent via test message to mobile devices, and the presumption is that human user reads the PIN number and then copies it into the website.
But with the advent of smart phones designed on open platforms such as Android, mobile phones themselves have the capability of copying PIN numbers from text messages and entering those PIN numbers onto websites, unbeknownst to any user. The mobile devices are also capable of being affected by virus and malware. Therefore there lies a risk of text messages being monitored and used to make unauthorized transactions.
In the light of the foregoing discussion, there is a need for a method and system for increasing the security to ensure human authentication of mobile transactions. Thus, there is a need for a method and system that can verify human presence at a mobile device.