1. Field of the Invention
The present invention generally relates to security systems for use with computer networks. More particularly, the present invention relates to a secure transaction system that is particularly adapted for use with untrusted networks, such as the Internet.
2. Description of the Prior Art
There are many businesses that are connected to the Internet or some other untrusted network. Such businesses may provide transaction services without charge for certain transactions that can be accessed by any account holder having access to the network. However, the same business may want to generate revenue from other transaction services and also to protect its business assets. In order to generate revenue, there must be control over account holder access, transaction tracking, account data, and billing. For a business to offer transaction services on an untrusted network, such as the web, it must have access to a web server that connects to the Internet. Any account holder with a web browser can then access the web site.
To implement a secure transaction system for use over the web, businesses need to implement authentication, authorization and transaction tracking. Authentication involves providing restricted access to transaction services that are made available, and this is typically implemented through traditional account holder name-password schemes. Such schemes are vulnerable to password fraud because account holders can share their usernames and password by word of mouth or through Internet news groups, which obviously is conducive to fraudulent access and loss of revenue. Authorization, on the other hand, enables authenticated account holders to access transaction services based on the permission level they are granted. Transaction tracking involves collecting information on how account holders are using a particular web site, which traditionally involved the data mining of web server logs. This information is often inadequate to link web site transaction and a particular account holder who used the web site. There is also no generic transaction model that defines a web transaction, which contributes to the difficulty in implementing an account holder model based upon transactions. Thus, there is a need for an improved secure transaction system and method for securing and tracking usage by a client computer.