1. Field of the Invention
This invention relates generally to providing security for electronic commerce, and more particularly to a method for minimizing the potential for unauthorized use of digital information, particularly software programs, digital content and other computer information. This invention can also be used in other processes, which require authentication of users.
2. Description of Background Art
Electronic commerce, or e-commerce as it is commonly called, includes the transfer of orders or other sales communications, credit information, electronic “funds”, and digital products. Electronic commerce has been recognized as offering the promise of providing speed and convenience to many types of commercial activities. Interest in electronic commerce has heightened with the advent of widely accessible communication systems such as the Internet. Other means for providing electronic commerce include direct telephone line connections, interactive cable or television services, telefacsimile services, local and wide area network communications and the like. Electronic data communications technologies, particularly the Internet, have greatly enhanced marketing and retail opportunities and activities. To a large extent, the promise of electronic commerce has not been fully realized, partially because of concerns with security such as the potential for unauthorized manipulation of information. Such unauthorized manipulation of information includes diverting electronic fund transfers and delivery of unauthorized software (also referred to as “bootleg” or “pirated” software) to unauthorized destinations.
The electronic commerce operations especially electronic commerce transactions require security, since it is based over an open network. The present security solutions include encryption, that is normally undertaken to ensure privacy so that no person(s) other than the intended recipient can decrypt the information. However, it does not guarantee the authenticity of the person who initiates the transaction.
“Internet Banking” is a technology advancement that provides a convenient way of banking at home or from any other place by using a computer. As can be understood from the word “Internet”, Internet Banking is over an open network and security for authentication must be in place to secure the transactions. Since all of the security solutions have been put in place, what could possibly be wrong with the current system of security in Internet Banking?
For example, credit card transactions over the Internet are a way of online payment and are a part of Internet Banking. Credit cards were used on the Internet, mainly for buying products and services online and for other authentication purposes. The current way of using a credit card is, providing the credit card number, expiration date or Postal Code and other information required for credit card payments. All of this information is used to verify the validity of the card and the available balance. However, there is no system to check the person using the credit card in online transactions.
The identity of the person initiating the credit card transaction is required, since a credit card can be used by providing the credit card number and the expiration date or any other information required. Even a child can buy products or services online using a credit card by entering the credit card number and other required information without the knowledge of the card holder, if this information is known.
This can be with or without an intention, but the security lapse can be exploited. Due to this, the wrong person may be charged for the transaction and may also result in financial losses. These losses that occur due to failure in authentication, can be suppressed if the invented security solution is implemented.
The security solution can also be implemented in Automated Teller Machines where the security lapse in authentication, is evident. As per the recent market study, it is observed that a considerable sum of money per day per ATM is lost through these fraudulent transactions. The reason being the insufficient security features to authenticate the customer in the ATM, that is, the person starts with the transactions when he or she inserts the card and the PIN. Even an onlooker can transact with the information.
The security solution can also be used to authenticate the persons refilling the cash in the ATM.
A person issuing a check must authenticate the check when the check is presented for clearance depending upon the permissible limit and the value of the check. At present, the universal method for this authentication is to confirm from the check issuer by telephone. Accordingly, the authentication of the person confirming is not guaranteed.
Patient history is an essential requirement to treat patients during emergencies like critical illness and accidents. With the advent of technology, patient history can be stored online using the Internet, so that the patient or the doctor has easy access to the information. In this case, the security (authentication) should be adequate to ensure that the information does not go into the wrong hands.
The invention can also be used to screen blood donors for critical illness and other blood transmitted diseases.
The security solution can be extended to provide security at Automated Teller Machines, Access Control systems, Online Banking, Banking Services, Medical portals, e-business, networking, inter-networking, cellular phones, data ports, printers, fax machines, notebook computers, palm top computers, palm pilots, microfiche devices, scanners, cameras, modems, communication access, personal data systems, pagers, vending machines, PC terminals, information kiosks, point of sales (POS), sharing valuable information with authorized users, wireless transmissions, telecommunications, telephony, SmartCard access controls, remote access networks, debit cards, credit cards, prepaid cards, magnetic cards, phone cards, identifying devices, hotel room key cards, net PC, phone having access to the Internet, data security, bank locker systems, interbank transactions.
The security solution can be used to replace passwords, which are hard to remember. This will prevent unauthorized persons from gaining access to resources if they come to know about the password. Accordingly, the security solution ensures that only authorized persons are given access to secured resources.