With microcomputers becoming a ubiquitous part of communications, information storage, analysis and entertainment, the use of portable storage media is increasingly common. One application of portable storage media is computer security.
In using portable storage media such as smart cards, USB memory devices, key fobs, and portable hard drives for computer security, what is often done is that security processes are executed within the portable device for securing some aspect of computer functionality. A very common example is the “dongle.” A dongle is a device that couples to a computer port for enabling execution of a software application. Many expensive software applications require a dongle in order to prevent piracy thereof.
Another example is a secure storage medium. Here, data access is restricted by the portable device until some user authentication is performed. This authentication is typically managed by the device itself. As such, security for these portable devices, when self managed, is assured across platforms and systems.
Today, many systems are networked to each other via a public network such as the Internet. With access to the Internet, comes access to a plethora of goods and services from banking to entertainment to shopping. Unfortunately, where there are financial transactions, there is also an opportunity for fraud.
There are two fundamental methods for defrauding consumers using the Internet. In the first, social engineering is employed to dupe an individual out of their hard earned money. For example, a non-existent product is sold and never shipped even though payment is received. Another form of socially engineered fraud involves asking a user for their password information in a fashion to encourage them to enter same. For example, a duplicate web site to that of a bank is presented with a login page. Once the user provides their information, the fraud is perpetrated by properly logging into the banking system. Since the proper credentials are provided—user name and password—it is impossible for the bank to prevent the fraud from occurring. In a second type of fraud, adware software is employed to retrieve from computer systems data for use in perpetrating the fraud. Here passwords and user names are retrieved, for example, using a key capture Trojan that logs each keystroke and sends the log file to the perpetrator. In order to avoid this second type of fraud, two common methods are employed. In the first, a security process is executed for maintaining a system free of ad ware and viruses. In a second method, one-time passwords (OTPs) are employed such that even with key logging, no useful information is captured.
It would be advantageous to provide a method for at least in part avoiding fraud of the above-mentioned types.