1. Field of the Invention
The present invention is related to performing secure electronic transactions. More particularly, the invention relates to a system which can include a server computer, a hardware device, a client computer and a computer program.
2. Description of Related Art
Current Internet authentication processes often utilize Public Key Infrastructure (PKI). Especially in the presence of malicious software on a Personal Computer (PC) of a user, it may be uncertain whether the user is connected to the desired server computer he wants to transact with, for example a desired banking server. One known method to prevent adversarial attacks is to ask the user to check server certificates that have been issued by a trusted entity to the server operator. Since this is cumbersome, many users refrain from performing the server certificate check. Another known approach uses PKI-technology in combination with smart cards. However, the user does not have full control over what the smart card actually does, for example what it signs or where it connects to. This is caused by the fact that Internet connections can be compromised by men-in-the-middle attacks, worms or viruses running on the PC of the user. Furthermore, keyboard logging software and display-altering software can be used to trick the user into working with a bogus website, for example to transmit some money to a bank account of an adversary.
The above describes approaches that rely at some point in the process on a step in which the server displays some confidential or secret information on the PC and/or on a step in which the user enters some confidential or secret information on the PC. This is true even for secure smart card readers featuring a display and keyboard. The information that a secure smart card reader displays is still controlled by software running on the PC.
U.S. Pat. No. 6,895,502 describes a method of securely displaying and securely confirming that a request to access a resource on a server computer was actually requested by the client user. In response to the request the server computer sends an encrypted challenge to a secure environment that allows the client user to check and confirm that he made the corresponding request.
U.S. Pat. No. 5,596,718 describes a secure user interface created by inserting a trusted path subsystem between input/output devices of a workstation and the workstation itself. The trusted path subsystem is invoked manually by a user and utilizes the display of the workstation for displaying a trusted window.