A user employing a computing device and a network connection to interact with a networked site is subject to multiple avenues of attack by nefarious entities. For example, a user at a web site on the Internet may be exposed to such a nefarious entity attempting to gain access and take control of the computer by way of the network connection. Similarly, the user must be careful that the web site does not download objectionable code to the computer, and also must be careful that the web site is indeed the web site that the user wishes to interact with.
Particularly when the interaction is of a sensitive nature, both the user and the site should take care to ensure that a nefarious entity cannot interfere with the interaction, and cannot obtain data during the interaction that could be employed by such nefarious entity in a harmful manner. For example, in the case of a financial transaction with a site or the like of a bank or the like, the user and the bank should ensure that a nefarious entity cannot interfere with any financial transactions the user is entering into with the bank by way of the site. Most notably, perhaps, both the user and the bank should ensure that sensitive data entered by the user during the transaction and the overall interaction is not stolen by such a nefarious entity and used thereby to the detriment of the user and the bank.
Typically, the most sensitive data that the user enters during such a transaction is the data that allows the user to log in to the site. After all, once logged in, the user and any nefarious entity that has stolen such log-in data can perform transactions at the site. For example, such a nefarious entity if accessing the site of a bank by way of such log-in data of the user can perform banking transactions in the name of the user that would be extremely harmful, including emptying deposit accounts of the user, initiating loans in the name of the user, etc.
Of course, the user may also interact with another site other than a bank site or the like where the interaction is of a particularly sensitive nature. For example, the user may interact with a retail and/or services site where the user has an account, such as a department store, an auto parts store, a music store, an auction site, etc. Regardless of the nature of site, though, both the user and the operator of the site should again ensure that sensitive data entered by the user during the overall interaction at such site is not stolen by such a nefarious entity and used thereby to the detriment of the user and the operator. Here, if the nefarious entity steals the data that allows the user to log in to the site, such nefarious entity can for example perform transactions at the site to obtain goods and service in the name of the user, and can even charge such goods and services to the user if the site already maintains appropriate charging information for such user.
As may be appreciated, the aforementioned log-in data that allows a user to log in to a site typically includes data that the user and the operator of the site have previously agreed upon, and may include authentication credentials such as a user name or the like, a password or the like, and perhaps other appropriated security-related information. Typically, the users enters such log-in data at the computing device thereof and into a web page instantiated on a browser or other presentation application of such computing device. To increase security, such web page is a secure web page delivered between the site and the browser of the computing device by way of a secure connection established according to a secure protocol, such as for example an ‘HTTPS’ (Hyper-Text Transfer Protocol over Secure Socket Layer) connection and protocol.
As may be appreciated, a secure connection such as the HTTPS connection encrypts communications between the site and the browser of the computing device, and as a result interception of such communications by a nefarious entity or the like is of little use inasmuch as the nefarious entity likely cannot decrypt same without difficulty. However, even if the nefarious entity cannot intercept and decrypt such communications, such nefarious entity can still attempt to steal such log-in data by other mechanisms. For example, one popular mechanism for stealing such log-in data is to copy such log-in data as the user enters same at the computing device.
In particular, at such computing device, such a nefarious entity may copy such log-in data including authentication credentials as entered by the user at the keyboard of the computing device by way of a keystroke logger that records each keystroke entered at the keyboard, by way of a video logger that records video changes that appear on a video display of the computing device, by way of a mouse logger that records mouse movements and commands entered by the user into a mouse or other pointing device of the computing device, etc. Typically, a nefarious entity would surreptitiously cause one or more of such loggers to be downloaded as software to the computing device, perhaps when the user visits a dubious web site, and such a downloaded logger would be quietly inserted into the operating system of the computing device in any of several known manners to be resident on the computing device.
As resident on the computing device, and as is known, such a logger would then quietly record data as entered by the user into the computing device, be it keystrokes, mouse movements, mouse commands, video changes, etc., and would forward the recorded data to the nefarious entity by way of the aforementioned network connection associated with the computing device. Thus, the nefarious entity can scan the recorded data for the aforementioned log-in data and upon finding same can employ the log-in data to improperly perform transactions at a corresponding network site, again without the permission of the user and to the detriment of such user and the operator of the site.
Accordingly, a need exists for a system and method that prevents a nefarious entity from stealing sensitive data from a computing device of a user, and particularly sensitive data employed by the user to gain access to a site on a network to which the computing device is communicatively coupled. More particularly, a need exists for such a system and method whereby the operator of the site downloads software to the computing device when the user logs in to the site to prevent the nefarious entity from stealing log-in data of the user for the site.