Ensuring that a sent email message or other electronic message has been sent by a sender that can be trusted, also referred to as being authentic, helps ensure against theft of important information by unscrupulous parties and can help limit spam and phishing. Phishing is a form of Internet scam that usually involves the mass sending of emails which appear to be from a legitimate organization such as a bank or other financial institution or other organization. These emails often direct the recipient to a fraudulent website or form where he or she is tricked into divulging personal or financial information. An alternative phishing scam may not ask for such information but, upon entering the URL, execute a download of a keystroke-logging program that lets the phisher harvest information from the recipient's machine. The information can then be used for identity theft and fraud.
Phishing attacks can be costly and can drain a company's resources since, for example a large number of attacks can be run against target companies in large volumes and billions of phishing messages pass through filtering systems that can slow down email delivery, use up valuable processing times of servers and can ultimately result in the loss of important financial data to unscrupulous parties.
Several solutions are known that attempt to address this problem. Because phishing attacks often begin with large volumes of email sent from a forged sending address, efforts to reduce spam email may be somewhat effective in reducing the number of phishing attacks. For example, one method referred to as Sender Policy Framework, an originator of a message or originator domain publishes in a directory or other suitable form legitimate sending computer addresses which are verified by receiving message transfer agents. The message transfer agent may verify a received message via a DNS server (domain name server). However, this technique can require widespread adoption of SPF-enabled message transfer agents which can potentially be costly to implement and deploy.
Another technique referred to as Coordinated Spam Reduction Initiative again requires originators in an originator domain to publish legitimate sending computer addresses which are verified by receiving message transfer agents in a relatively similar manner as described above.
Another technique requires domains to digitally sign email which is verified by the receiving message transfer agent via DNS servers. Again, this can require the widespread adoption of modified versions of message transfer agents.
Another technique uses the S/MIME protocol wherein sending individuals or domains digitally sign emails that are verified by receiving incoming message transfer agents or user email clients. This can require special email client features or recipient message transfer agents that are not currently supported in web based email clients.
Another technique employs a secret images that are shared between a sender and a recipient. As understood, a personalized image is sent by a user to an authentication server. The server stores the recipient sent image. The authentication server may then send the personalized image to the recipient with an email and the user seeing the image recognizes that it is the one he sent. Also, during logon to a site, the server may include the image in the logon page so that a user trusts the login page when the user sees their personalized image (see e.g., www.passmarksecurity.com). Among other drawbacks, this system appears to use the same image for multiple logins until the shared image is changed and may require the recipient to choose and send the image to a sending server.
In addition, other systems are known which attempt to provide, instead of sender authentication, recipient authentication. For example, U.S. Pat. No. 5,712,627 discloses, among other things, an issued identification card that has indicum at one of the addressable positions on an assigned card. The card may have rows and columns with different numbers, characters or symbols that are addressable by the rows and columns. To determine whether a person seeking access to data is authorized to obtain requested access, the identification card is distributed to authorized users. A requesting person seeking access provides the indicia at one or more addressable positions on the card as specified by a security system. To notify the person which indicum to enter and send back, the system selects coordinate indicia known to be present on a particular card. The recipient must then send back the indicia located at the address sent by the security system. If the indicia matches that assigned to the person seeking access then access is granted. However, such systems do not resolve the problem with respect to phishing since the system provides authentication of a receiver and not a sender and requests that a person seeking access identify themselves to the system and the system requires entry and sending by the user of information located on the security card.
Other authentication systems are also known that have been employed, for example, in the military, numeral cipher/authentication systems have been used that employ cards that are held by a sender and recipient. A transmission is made secure for example by using a challenge and reply authentication scheme. A sender of an electronic transmission for example may use the card and randomly select a letter from a row and column grid and transmit the letter. For a reply, the first letter of the challenge in the column is found and the second letter in the line indicated by the first letter is then communicated back. As such, the sender can then get confirmation. However, this also requires a reply by the receiver.
Another technique also uses a card that includes rows and columns of information on both the sender and receiver side, however, this transmission authentication scheme is used to authenticate transmissions. For example during transmission authentication, columns of transmission authentication diagraphs are located on the back of a cipher table and used to authenticate a sender. Column assignments are made by a designated representative such as a commander of a unit. The column assignments are known to both the sender and receiver apriori. Transmission authentication diagraphs are used only once. The first unused authenticator in the assigned column is used and a line is drawn through that authenticator to preclude its reuse. Such schemes do not utilize a random selection of information on the card and do not utilize the sending of coordinate information since the column information is known apriori. As such, only the authentication information is apparently communicated. If the sender sends authentication information and it is valid as determined by the recipient, the recipient crosses the authentication information off the card. The next time authentication is required, the next authentication information in the same column is then used. As such, a sequential and non-random approach is used. However, if the authentication card of a recipient is lost or obtained by an unscrupulous party, they would know how to act as a sender since they know which authentication information is next in the column since no random selection is utilized and since the card has markings thereon. In this system no coordinate information is sent since the column of information used to authenticate a sender is made known apriori to the sender and receiver. In addition, if the receiver does not receive the sender's transmission, the synchronization between the sender and receiver would be lost which may cause subsequent authentication attempts to fail.
Also, information security and user identification security are becoming increasingly important as technology becomes more sophisticated. For example, multi-factor authentication schemes are used in an attempt to thwart hackers or to thwart other inappropriate uses of information and user identities. For example, a two factor authentication scheme may use information known to a recipient or user such as a password or personal identification number (PIN) as well as some type of physical token such as a banking card, credit card, password token or other physical token which a user must be in physical possession of in order to initiate and complete an on-line transaction. Another level of authentication may include biometric authentication that may include the scanning of a fingerprint, eye or other biometric to again verify that the user attempting to gain access to a process, device, application or other right is in fact the appropriate user.
Transaction cards are known that may include for example smart cards, magnetic strip-based cards, and other transaction cards that facilitate banking transactions, credit card transactions, or any other suitable transactions. As known in the art, a user personal identification number (PIN) is usually required in addition to the possession of a banking card to obtain cash from a cash-dispensing machine or to otherwise carry out an online transaction. One known multi-factor authentication technique employs the use of a hardware token such as a battery operated smart card that displays a periodically changing and seemingly random number on a portion of the smart card. When a user wishes to execute a transaction with the smart card, for example, the user enters the seemingly random number that changes often. The receiving transaction server compares the received code entered by the user as displayed on the smart card with a corresponding number generated by a code source generator. If the code entered by the user matches the number generated by the code source generator, the transaction is approved and the user is granted a particular right such as accessing a bank account, purchasing goods, obtaining information, gaining access to a website or other software application, or any other suitable right as desired. However, such hardware tokens can be quite expensive and are battery powered thereby requiring changing of the battery and the potential of an electronic malfunction due to moisture problems or any other problems related to electronic circuitry.
Other smart cards that do not employ such screens typically require a card reader that reads, for example, a magnetic strip. This can be a restriction where a user wishes to perform an online transaction but is not sitting at a terminal that contains or has access to a magnetic strip reader.
In an apparently unrelated field, translucent cards are known such as plastic cards that contain a semi-transparent picture or pattern that when visually evaluated does not appear to connote any particular information. However, when the translucent card is held over a display with a corresponding background filter pattern, the combination of the pattern on the card with the background pattern on the display screen combine to present a visually recognizable message or word such as the word “sorry” or “you're a winner”. These are static messages which are not unique to any user and typically include only a single message. Such plastic cards may be used for example to see if a holder has won a prize. The card for example may be mailed in the mail to members of a population. Those recipients then go to a web page identified on the translucent card or otherwise indicated in the mailing information to see if they have won a prize. However, such plastic cards do not provide multi-factor authentication, are not user specific, do not include multiple messages and typically include static messages.
Accordingly, a need exists for a method and apparatus that overcomes one or more of the above problems.