1. Field of the Invention
The invention relates generally to a secure operating mode of a computer device and, more particularly, to a secure operating mode of a computing device for executing security-critical Internet applications and preventing interception of user-provided information.
2. Description of Related Art
Many categories of Internet based services require a high degree of security. Examples include Internet banking, electronic interaction with government services, and documents or files that are provided with a legally binding digital signature. Typical computing environments may not be secure enough to prevent a user from being exposed to different types of attacks that seek to capture user-provided information and to use the captured information to process fraudulent transactions.
Unscrupulous third parties may capture user-provided information in different ways. In one example, a keylogger program may be installed on the user's computer to capture information entered using a keyboard. The keylogger program may be installed by exploiting operating system vulnerabilities or by deceiving the user to execute malicious software. In another example, the user may be transported to a website where user-provided information may be captured. In a further example, a computer display may be manipulated to deceive the user into signing a fraudulent transaction using a legally-binding digital signature.
Existing operating systems are unable to prevent the capture of confidential information by these types of attacks. Many browsers and Internet security programs warn against visiting websites with invalid security certificates or following phishing links; such warnings, however, are commonly ignored. In addition, existing operating systems may be patched at any level (e.g., bootloader, kernel, drivers, etc.). Accordingly, such warnings may be disabled by malicious software.
It may be difficult to avoid malicious software which could act as a keylogger or modify a user's display. Malicious software is under continuous development, and may be tailored to target a limited set of users in which case the malicious software may not be identified even by up-to-date anti-virus and internet security software. In some cases, a computing system may be infected without the user installing any software, as in the case of browser vulnerabilities which allow remote code execution.
Some existing solutions for preventing third party capture of user-provided information rely on external hardware to achieve a sufficient level of security. In one example, an external smart card reader is connected to the computer to download transaction details. The user may view the transaction details on the reader's display, insert a smart card that contains a private key into the reader, and enter a personal identification number (PIN) in order to sign the transaction. The smart card reader may prevent capture of the PIN and the reader's firmware may not be manipulated by the computer since the reader only downloads transaction data from the computer. In other words, executable instructions are not downloaded to the reader. However, the requirement of an additional smart card reader increases costs and the use of smart cards is inconvenient.
It is important to prevent interception of user-provided information while executing security-critical Internet-related applications on a computing device.