1. Field
The present invention relates to the field of cryptography. More particularly, the present invention relates to a platform and method for protecting the integrity of data associated with an electronic transaction.
2. General Background
Over the past few years, more businesses and individuals are performing electronic transactions over a network such as a wide area network (e.g., Internet) or a local area network (e.g., Intranet). One type of electronic transaction involves the transfer of confidential information such as financial data including a credit card account number, a bank account routing number, monetary amounts and the like. Before transmission, the financial data is often entered via the keyboard or another input device. Likewise, such data is typically displayed on a monitor screen. This enables the sender to carefully review the financial data for accuracy before transmission.
It is well known that a personal computer accepts data and displays data under the control of software. Before completing an electronic transaction, software running on a personal computer (PC) causes certain data associated with the transaction to be displayed. However, if the software becomes corrupted (e.g., the functionality of the software is illicitly modified), each party to an electronic transaction may be susceptible to fraud.
It is recognized that a software virus may be devised to corrupt an application that controls the display of data. For example, a software virus may be configured to alter (i) keystrokes prior to their reception by an application executed by the host processor, and/or (ii) data provided by the host processor prior to display on a monitor. Thus, even though the keystrokes input by the user have been altered, it is difficult to detect any alteration.
In a hypothetical PC banking application, the user inputs a particular monetary amount to be transferred, an account number targeted as the destination of the monetary transfer, and an account number acting as the source for the monetary transfer. A software virus may be configured to intercept and modify the user input, thereby directing the transfer to an alternative account. Simultaneously, the virus may modify the data actually displayed by the banking application to reflect the account number specified by the user. Thus, the account number targeted to receive the monetary transfer may differ from the actual account number provided to the banking application, and yet the user has no indication of such tampering.
Therefore, it would be desirable to implement an electronic system and method for ensuring that data associated with the electronic transaction is protected from the moment of being input and is accurately displayed prior to transmission over a communication link.
In one embodiment, the invention is a method. A virtual secure path is established between a device controller of a user input device and a secure processing unit. Sensitive information is input via the user input device. The device controller of the user input device is placed into a first mode of operation to securely transfer the sensitive information from the user input device to the secure processing unit via the virtual secure path.