In open network systems (such as the Internet), communication paths may be exposed to various attacks by malicious entities. Such attacks may include eavesdropping, spoofing, impersonation, etc. Communications by computing devices using these networks are therefore, also subject to these types of attacks.
Computing devices (both wired and wireless) are being used to perform different types of electronic commerce transactions over such networks. For example, mobile computing devices, such as cellular telephones, personal digital assistants (PDAs), etc., are used to purchase and/or update the purchase of an electronic (e)-Ticket (for a music concert, an airline ticket, etc.). There are a number of challenging security requirements for such devices when supporting mobile eCommerce. One such requirement is authentication of the computing device and the operator/service provider. In particular, without physical access to the equipment of the operator/service provider, users of the mobile computing devices need to ensure that connection is being made to legitimate access points on the wireless network. In other words, the users of the mobile computing devices need to avoid connection to a “rogue” access point or mobile device that is set up as part of a man-in-the-middle attack.