1. Field of the Invention
The present invention relates to methods and systems for enabling communication for online transaction and more specifically using real-time graphical communication instead of static screen keyboard input for enabling communication related to online transaction.
2. Description of the Related Art
With a rising trend in online shopping by users over the Internet, online merchants are looking into ways to provide a secure platform for enabling users to enter identity information during an online transaction. As a result, merchants have implemented some form of security mechanism to ensure secure communication related to an online transaction. Most security mechanisms engage some form of user authentication tool to try and differentiate a user from a computer or hacker. These conventional security mechanisms focus around two factor authentication to secure the identity of the user, and heuristics, such as Complete Automated Public Turing test to tell Computers and Humans Apart (Captchas). The Captchas engage a type of challenge-response test to differentiate a human from a computer. These basic mechanisms are inherently flawed and exploited daily.
The challenges of these mechanisms are several fold. For instance, a computer may be fully compromised by a hacker using programming tools, such as “keyloggers”, etc. In such a fully compromised machine, the computer or hacker has complete control. As a result, the hacker, through the compromised computer, can fool a user into providing all the relevant user identity data that is good for a small computing window (e.g., 30 seconds) so that the hacker/computer can log into a desired institution and execute any transaction they wish on demand using the identity data grabbed from the user. The entry barrier provided by the Captchas hardly deters hackers. This is due to the fact that the entry box for Captchas is formulaically placed at a specific location on a screen. As a result, a hacker is easily able to identify the heuristics area where the entry box is located and either brute force attack the entry box or capture the small region covering the heuristics area and simply send it off for analysis and response by offshore labor. As the common type of Captchas are text based and require a user to enter letters or digits from a distorted image in the entry box, the offshore labor will be able to view the textual content presented in the entry box and provide the appropriate response enabling the hacker to gain access to the computer. The challenges are further exacerbated by the fact that these security mechanisms, such as Captchas, are not time-dependent.
The communication speed for procuring user identity information and accomplishing either consumer hacking or corporate hacking is generally sufficient to encourage hackers. For instance, in the case of consumer hacking, the small upload communication bandwidth that is available in most residential services is sufficient for the hackers to upload, in real-time, as the amount of information required to upload is substantially small. In case of hacking into a corporation, the upload bandwidth is generally small also and can be easily hidden within the noise of network uploads across the corporation.
Other disadvantages of these conventional security mechanisms include reliance on keyboard entry, which has been shown to be easily accessed through software, such as keyloggers, and availability of relevant contextual information in the data entry box, that can be easily accessed, as shown above, through brute force attack or screen capture.
There is, therefore, a need for a security tool that does not rely on known-knowledge keyboard entry so as to avoid issues with keylogging functions; does not encourage execution of identity criterion on an edge computer; and does not rely on formulaic execution of an application that places an entry box at a predictable location on the edge computer. There is also a need for a security tool that provides a good and reliable replacement for Captcha-like heuristics for conducting a reverse-Turing test (wherein the test is administered by a computer and targeted at a human), which is time-sensitive and sturdy enough to withstand any brute force attack or offshore monitoring within an allotted time. The security tool should be complicated enough so that cracking the algorithm would require intensive network and CPU (central processing unit) resources that would generally not be available, thereby discouraging a hacker.
It is in this context, embodiments of the invention arise.