Transactions such as electronic funds transfer, online banking, e-procurement of goods and services and transactions providing access to sensitive data through privileged accounts are considered to be sensitive in nature. Such transactions are considered sensitive because they constitute utilization of sensitive data such as the account number, personal identification number (PIN) in case of electronic funds transfer and username and confidential password in case of electronic data access. Similarly, service providers who provide the implementation of afore mentioned transaction and manage the transaction via at least their application servers are referred to as providers of sensitive services.
Banking and financial institutions (BFIs) are one of the examples of providers of sensitive services. BFIs provide users with several financial services including money transfer, online banking, e-commerce and the like. Typically, the transactions performed by the users with the applications servers associated with the BFIs involve exchange of sensitive user related information including but not restricted to user's bank account number, password and personal identification number. In today's scenario, it is quite common that a particular user has multiple online banking accounts and in order to facilitate easy recollection, users tend to associate all their online banking accounts with a single combination of authentication credentials which typically involve a username and a password. However, it is to be understood that authentication credentials can be associated with various other user accounts such as system administrator accounts, database management accounts and the like.
Since a single set of credentials are associated with multiple online accounts, there is a possibility that the credentials are utilized many number of times for obtaining services from multiple providers of sensitive services. Moreover, in today's scenario, users tend to make use of multiple communication gadgets such as mobile phones, application specific hard wares, laptop computers and desktop computers to access application servers associated with providers of sensitive services. In such cases, due to the multiplicity associated with the credentials and due to the fact that the credentials have been utilized across multiple gadgets, there is a possibility that the secrecy associated with the credentials might be compromised and further, the credentials might get subjected to hacker/phishing/spoofing and DNS/browser poisoning attacks.
Until now BFIs have been using several methods to completely secure their private back end networks. Private back end networks which are used for interbank, intrabank, POS transactions and swipe based transactions have been operated on specific hardware and software which offer considerable security to the aforementioned transactions. However, there exists no such private, secured front end network for BFI clients (users) who typically use public wireline/wireless networks to log on to the BFI servers. Despite the best efforts BFI unions find it difficult to enforce tight and right security measures for the clients logging onto BFI servers. Since clients make use of multiple devices to log onto the BFI servers, it is difficult to offer clients with secured private connectivity.
Therefore, there is felt a need for a system that provides a secure private front end network for BFI clients (users). The system should coexist with the internet but should only provide private access to those clients who need to log on to BFI servers. The system should aggregate such users right at the network switch point and provide them with secured private bandwidth to access to the requested BFI server, albeit post personal identification. The private front end network should also be able to offer resistance to phishing, DNS poisoning, middle man attacks, browser poisoning and the like which affect the existing BFI network to a greater extent. Some of the prior art systems that offer unique log in and unique personal identity include ‘Open Identity Exchange’ which concentrates on socializing the users' identities, Eco solutions hosted by RSA/Symantec for their enterprise partners on SSL platforms, and certain other programs like global ID card and ADHAR (Indian Government Initiative) biometric identification scheme. However none of these systems provide a private secured communication link to users on the internet for accessing BFI servers.
Some of the types of spoof attacks/hacker attacks are explained below:                Man-in-the-middle attack: Man-in-the middle attack is a form of eavesdropping. Here the attacker makes the victims (two parties involved in the communication) believe that they are talking directly to each other over a private connection, whereas the entire conversation would have been eaves dropped upon by the attacker.        Man-in-the-Browser attack: Man in the browser attack involves creating a Trojan that infects a Web browser. In a manner invisible to both the user and host application, this malware modifies the web pages, transaction contents and/or inserts additional transaction contents. This kind of an attack can succeed irrespective of whether security mechanisms such as PKI (Public Key Infrastructure) and/or two- or three-factor authentication solutions are in place.        Phishing Attacks: Phishing emails often include a link to a website that asks for personal or financial information with the intent of stealing personal/financial information such as banking passwords, credit cards PINs, and the like.        Pharming attack: Pharming attack is accomplished by changing some of the web address related information that ISP's store to increase the speed of web browsing. A virus alters the behavior of internet browsers by redirecting the user to a fictitious site when they attempt to log on to websites.        Trojan Horse attacks: Trojan Horse attacks infect a computer through websites or via emails. Trojan is a program that can record keystrokes and send information back to its home base.        Domain Name System (DNS) high-jacking: DNS high jacking is performed by exploiting the DNS server software or by changing the host file resident on a particular computer. The hacker redirects the data traffic meant for that particular computer, to another bogus website.        Denial-of-Service (DoS) attacks make the websites unavailable either temporarily or indefinitely thereby resulting in non-availability of the corresponding web sites.        
In a conventional land line communication environment, users (referred to as ‘users’ hereafter) use their communication gadgets to access the application servers associated with providers of sensitive services. The bandwidth required by users to access application servers is provided by a traditional ADSL (Asymmetric Digital Subscriber Line) communication line which is simultaneously utilized by multiple internet service providers to provide internet connectivity to their respective users. The security available to such shared ADSL lines is restricted to standard cryptographic applications. Given the widespread use of shared ADSL lines, it is possible that even unethical users and hackers are conversant with the encryption standards used across the shared communication lines. Since users make use of shared ADSL lines which are commonly used by multitude of users to access the internet, there is a possibility that the transactions performed by users over the shared ADSL lines may be hacked onto. Moreover, since even application servers are made accessible through the shared ADSL line, there is a possibility that any financial transaction initiated by the user, and approved, managed by the corresponding application server might be hacked onto. Moreover, since shared communication lines do not offer the facility of tracing the users, it is next to impossible to ascertain the origin of the user requesting an access to application servers. Further, there is no clear possibility at the service providers firewall for any user to exit based on the site they want visit Or BFI to restrict the user coming from an unrecognized firewall.
A similar situation exists for all the data connections offered on the wireless network. Here, though users use their mobile devices to make on data call or log in, such calls are rerouted at the wireless message switch center and exists to external WWW domain through operator's firewall and hence dilutes the rest of the security that current mobile infrastructure enjoys. It means, in both communication links there is no privacy offered based on the business needs. Even though, there exists an independent cryptographic process to circumvent, which is proved inadequate and hence there is huge amount of cash drain and business credibility.
Systems facilitating enterprise log-ins, escrow management logins, cloud management and the like also face issues similar to that of BFIs and there is a requirement for a solution that can be effectively extended to all the aforementioned systems. Moreover, there is felt a need for a system which:                provides users with safe and hacker resistant private communication channel bandwidth for communication with application servers associated with providers of sensitive services;        provides a single, private window solution for communication between all the available providers of sensitive services and their respective users;        ensures that the level of security made available to all providers of sensitive services and their respective users is uniform in nature, yet dynamic in terms of security;        ensures that at least the user is authenticated before the commencement of a transaction;        ensures that users as well as application servers associated with providers of sensitive services are authenticated before the commencement of transactions;        ensures that every frame involved in a user transaction is secured and the server involved in the user transaction is authenticated every time a transaction is initiated;        makes use of hybrid communication techniques to ensure that transactions performed through the system are on a private communication channel and hence hacker resistant; and        offers ‘out of band’ and private mode of communication between application servers associated with providers of sensitive services and their respective users.        