TITLE OF THE INVENTION
Method of and System for E-Commerce Security
RELATED UNITED STATES APPLICATIONS/CLAIM OF PRIORITY Not Applicable
FIELD OF THE INVENTION
This invention relates to a method of and system for e-commerce security. The invention is a strategic and enabling e-commerce tool to increase the level of trust among web consumers and to protect brand owners, individuals and others against loss of privacy. The invention is based upon a unique verification system. More specifically, the invention provides protection for entities or individuals that participate in e-commerce from web sites misrepresenting themselves as genuine merchant web sites or as authorized product dealers for the products offered for sale.
BACKGROUND OF THE INVENTION
This invention relates to a method and system for providing protection to the entities, services and individuals that operate in e-commerce. More specifically, this invention allows a user to verify the identity of a
contacted web site to ensure that the web site is not an imposter posing as a genuine merchant web site or web merchant. In addition it can also verify that the web merchant is an authorized dealer or that the web service provided is an authorized source of information. Thus, the invention enables users to protect themselves from rogue web sites and unofficial dealers and enables web merchants, idividuals and services to protect their reputations, product image and, most importantly, their corporate (brand) equity.
With the rapid growth of e-commerce as a sales tool, global consumers are using the World Wide Web and Internet as a virtual shopping mall where they purchase the goods and services that they desire or need. As a result of this, millions of users and consumers are daily faced with providing sensitive, personal and financial information to web merchants. This information, if provided to a less- than-ethical web merchant could be used by the web merchant or imposter for improper gain without the knowledge or authorization from the user. Such events could lead to individual identity theft and financial damage in terms of credit history, credit worthiness an financial loss. Thus web users and consumers who shop or obtain services via the Internet and World Wide Web have a real interest in
protecting themselves against fraud and misrepresentation by fraudulent and unethical web merchants. Equally, entities (including sports teams), services and individuals
(including celebrities) are able to protect and enable their brands and services at the same time.
Presently, there are a limited number of "verification" systems in use on the World Wide Web and the Internet. Examples of the systems currently deployed include Verisign's "Click To Verify" System, WebTrust's system, and a proposed system by TradeSafely.com. However, as explained in greater detail below, these systems, although proclaiming to provide security to e-commerce participants, may provide little to no real protection from imposter web sites or unethical web merchants. Verisign has a method in place whereby it issues an icon for display on merchant's web pages upon which a user can click to "activate" it. The icon has certain behind- the-scenes "instructions" associated with it. Once activated, a new web page is displayed with general information about the genuine web site to which the icon was issued, such as web site location, city or • town, and state. This information is apparently retrieved from the Verisign registration database. The instructions within this new window direct the user to check the displayed web
site location against the web site location visited by the user.
However, no detailed security steps are taken and the method is at risk of attack by rogue web sites and unethical web merchants. For example, the icon can easily be copied and placed on a different site, along with modified behind-the-scenes "instructions" thereby allowing an imposter to create a parallel architecture that mimics the look and feel of Verisign's method, but provides misleading information to the user. Moreover, since the user is not directed to the real web site (in the case of a an imposter web site simply copying the icon) , the user could still be misled by the similarity between the textual web site path of the imposter web site and the true web site (e.g. www.whitehouse.gov versus www.whitehouse.com). Finally, hecause the server certificate for the merchant web site is never, in fact, verified or authenticated during this procedure, an imposter web site could easily breach of the Verisign method. Another example of a present attempt to provide e- commerce security is called WebTrust. This method also involves an icon on the merchant's web page, activated by the user causing a new web page to be displayed with instructions to the user as to how to proceed through a
series of maneuvers in order to "verify" the merchant web site. Again, however, the method is subject to breach by imposter web sites.
First, the user is required to make comparisons of textual web site paths visually as part of the verification process. As discussed above, imposter web sites can likely trick the user by creating believable similarities between the text. Second, in the case of an imposter web site inappropriately displaying the icon, the user is never taken to the web page of the genuine merchant web site on which the icon should appear. Thus the user could be fooled unless he or she carefully compares the two text web site paths. Third, since the merchant's server certificate corresponding to the page on which the icon appears may never, in fact, be verified or authenticated, an imposter web site may be able to copy the WebTrust icon and create an alternate, similar infrastructure that mimics the process of the WebTrust method but, in fact, misleads the user. Finally, there is a third method being advertised, yet seemingly not available yet, called TradeSafely. Although this method purports to utilize a triangulation scheme having some general similarities with the third embodiment of the present invention, from the high level descriptions
of the method, there appears to be two critical distinctions between them. First, the TradeSafely method implies a sustained, trusted connection between the merchant server and the TradeSafely system, whereas the first two preferred embodiments of the present invention do not require such extensive communication. Second, the TradeSafely method implies that a secure user authentication step is not performed, thereby creating an opening for attack by imposter web sites via the well known "man in the middle" technique.
Therefore, a need exists for a method and system that provides protection to e-commerce by providing real security to users and web sites and by eliminating the possibility of attack and interception by imposter web sites.
SUMMARY OF THE INVENTION
In accordance with one aspect of the present invention there is provided a method and system for e-commerce protection. First, the invention provides users with the ability to verify information about web merchants such as the identity of a merchant web site, and the authority of that web merchant to sell its advertised products. Second, the invention provides merchants protection against damage
to their good will and product reputation from imitation web sites improperly portraying themselves as a merchant web site.
These and other aspects, features and advantages of the present invention will become better understood with regard to the following description, accompanying drawings and appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
Exemplary embodiments of the present invention are now briefly described with reference to the following drawings:
Figure 1 is a diagrammatic view of a system for web merchant identification and verification in accordance with the present invention.
Figures 2 through 4, inclusive, are process flow diagrams for systems for e-commerce protection involving web merchant information verification in accordance with three preferred embodiments of the present invention. Figures. 5a, 5b and 5c are three alternative process flow diagrams for registration module for a merchant server. More specifically, Figure 5a is the preferred embodiment of the merchant registration process for the first of the three preferred embodiments of the present
invention. Figure 5b is the preferred embodiment of the merchant registration process for the second of the three preferred embodiments for the present invention. Figure 5c is the preferred embodiment of the merchant registration process for the third of the three preferred embodiments for the present invention. For technological reasons, the specific sequence of steps within Figures 5a, 5b, and 5c may occur, at various points in time and in a different sequence than depicted. The important aspect of these drawings are the steps that are accomplished, not necessarily the order or timing of the various steps.
Figures 6a, 6b and 6c are three alternative process flow diagrams for registration module for a user device. More specifically, Figure 6a is an alternative embodiment of the user registration process for the first of the three preferred embodiments of the present invention. Figure 6b is an alternative embodiment of the user registration process for the second of the three preferred embodiments for the present invention. Figure 6c is an alternative embodiment of the user registration process for the third of the three preferred embodiments for the present invention. Again, similar to the merchant registration process, for technological reasons, the specific sequence of steps within Figures 6a, 6b, and 6c may occur at various
points in time and in a different sequence than depicted. The important aspect of these drawings are the steps that are accomplished, not necessarily the order or timing of the various steps. Figure 7 is a data flow diagram of the preferred embodiment depicted in Figure 2.
Figure 8 is a data flow diagram of the preferred embodiment depicted in Figure 3.
Figure 9 is a data flow diagram of the preferred embodiment depicted in Figure _ .
DETAILED DESCRIPTION OF THE INVENTION
In the following detailed description of the embodiments, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that structural, logical and electrical changes may be made without departing from the spirit and scope of the present inventions. The following detailed description is, therefore, not to be taken in a limiting sense, and the
scope of the present inventions is defined only by the appended claims. The leading digit (s) of the reference numbers in the Figures usually correspond to the figure number, with the exception that identical components which appear in multiple figures are identified by the same reference numbers.
The present invention is directed to a method of and a system for e-commerce security. In today's high-tech environment, e-commerce is considered as much more than mere sales conducted via computer network connections such as the Internet and the World Wide Web. Although sales are definitely a part of e-cornmerce, the term has come to include the distribution and dissemination of information and data, whether sales related or not, to the global general public.
Typically, a user, when traversing along the Internet, will navigate to a web site purporting to have the capability to conduct and accept e-commerce sales. The web site will have included on one of its web pages a trigger element. The trigger element may be, but is not limited to such things as an icon, a computer script, HTML comment, an active text, binary, or digitally' signed string, a Universal Remote Location (URL) field or protocol. Upon activation of the trigger element, the user will be
provided information about the web merchant so that the user can make determinations about the web merchant such as whether the web merchant is who it purports to be and whether the web merchant is an authorized dealer of the products offered for sale on its web site.
Figure 1 shows a diagram of a system 100 for the provision of e-commerce security in accordance with the preferred embodiments of the present invention. The system 100 includes an authenticator server, including a computer processor and associated memory 110, a user device, including a computer processor and associated memory 120, and at least one merchant server, including a computer processor and associated memory 130, all connected to a common computer network 140. Preferably, the authenticator server 110, user device 120 and a merchant server 130 can be a personal computer system such as an IBM PC or IBM PC compatible system or an APPLE Macintosh system or a more advanced computer system, although mainframe computer systems or any other internet- accessing device can also be used.
Preferably, the computer network 140 is a global TCP/IP based network such as the Internet or an intranet, although almost any well known LAN, MAN, WAN, or VPN technology can be used.
The authenticator server 110 is adapted to transfer and receive information over the computer network 140. The authenticator server 110 is adapted also to store information in, and retrieve information from its associated memory. The authenticator server 110 is adapted further to perform comparisons of information utilizing information received from a user device 120, information received from a merchant server 130, or information retrieved from its associated memory. The authenticator server 110 may be further adapted to modify information associated with, and located on, a merchant server 130. The authenticator server 110 may be further adapted to sign identification information provided by a user device 120 or a merchant server 130. The user device 120 is adapted to transfer and receive information across the computer network 140. The user device 120 is adapted further to implement computer instruction provided by either the authenticator server 110 or a merchant server 130. The merchant server 130 is adapted to transfer and receive information over the computer network 140. The merchant server 130 is adapted also to store information in, and retrieve information from its associated memory. The merchant server 130 is adapted further to implement
computer instruction provided by the authenticator server 110.
Additionally, although authenticator server 110, user device 120 and merchant server 130 are described in the context of a single web server, one of ordinary skill in the art will appreciate that the described functionality may be implemented across multiple servers.
Figure 2 shows a process flow for the first of the three preferred embodiments of the present invention. In the first step 210, the user device 120 navigates to a merchant server 130 where the merchant server 130 displays a web page of its web site. In the second step, 220, a trigger element previously provided to the merchant server 130 by the authenticator server 110 during the merchant registration process as displayed in Figure 5a, and displayed on the web page of the merchant server's 130 web site, is activated. In the third step 230, the activated trigger element causes the user device 120 to activate a computer program on the user device 120 that directs the user device 120 to obtain identity information from the merchant server 130. Typically, the computer program would be provided by the authenticator server 110 to the user device 120 during the user registration process as displayed in Figure 6a. However, the user registration
process as depicted in Figure 6a is merely the preferred embodiment of the process and may, in fact, occur at any point before or during the first three steps of Figure 2 and in a variety of distribution techniques, including, for example, CD-ROM distribution or incorporation into, and subsequent distribution of, a web browser program. In the fourth step 240, the integrity and ownership of the identity information from the merchant server 130 is verified. To accomplish this fourth step, the computer program on the user device 120 may, for example, establish a secure connection with the merchant server 130 via the well-known Secure Socket Layer (SSL) connectivity process. Another example of a manner by which the fourth step may be accomplished is through the computer program on the user device 120 causing the genuine web page associated with the identity information to be redisplayed, thereby displaying the web page of the real merchant server registered with the Authenticator server 110 to the user device 120. This step, in the case were the trigger element was copied onto an imposter web site, puts the user device 120 on notice that the first web page was that of an imposter. Then, in the fifth step 250, the user device 120 sends the identity information received from the merchant server 130 to the authenticator server 110. In the sixth step 260, the
authenticator server 110 receives the identity information sent by the user device 120 and retrieves the identity information, along with the various other available pieces of information for the merchant server 120 from the associated memory of the authenticator server 110. The information maintained by the authenticator server 110 may include, but is not limited to, such items as the name, address, and telephone number of the underlying entity, product listings, as well as various other information. Again, typically, the identity information as well as the other pieces of information for the merchant server 120 would be obtained during the merchant registration process as displayed in Figure 5a. However, the merchant registration process as depicted in Figure 5a is merely the preferred embodiment of the process and may, in fact, occur at any point before or during the first three steps of Figure .2. Next, in the seventh step 270, the authenticator server 110 compares the identity information received from the user device 120 to the identity information retrieved from its associated memory. In the eighth step 280, the result of that comparison, possibly along with other pertinent information such as personalized information selected or determined by the user device 120 during the user registration process, is sent to the user device 120-
Finally, in the ninth step 290, the user device 120 displays the information.
Figure 3 shows a process flow for the second of the three preferred embodiments of the present invention. In the first step 310, the user device 120 navigates to a merchant server 130 where the merchant server 130 displays a web page of its web site. In the second step, 320, a trigger element associated with the authenticator server 110, and displayed on the web page of the merchant server's 130 web site, is activated. The trigger element was previously provided to the merchant server 130 by the authenticator server 110 during the merchant registration process as displayed in Figure 5b. In the third step 330, the activated trigger element activates a computer program on the user device 120 that directs the user device 120 to obtain identity information from the merchant server 130. Typically, the computer program would be provided by the authenticator server 110 to the user device 120 during the user registration process as displayed in Figure 6b. However, the user registration process as depicted in Figure 6b is merely the preferred embodiment of the process and may, in fact, occur at any point before or during the first three steps of Figure 3 and in a variety of distribution techniques, including, for example, CD-ROM
distribution or incorporation into, and subsequent distribution of, a web browser program. In the fourth step 340, the integrity and ownership of the identity information from the merchant server 130 is verified. To accomplish this fourth step, the computer program on the user device 120 may, for example, establish a secure connection with the merchant server 130 via the well-known SSL connectivity process. Another example of a manner by which the fourth step may be accomplished is through the computer program on the user device 120 causing the web page associated with the identity information to be redisplayed, thereby displaying the web page of the real merchant server registered with the Authenticator server 110 to the user device 120 and, in effect, putting the user device 120 on notice that the first web page was that of an imposter) . In the fifth step 350, - the user device 120 extracts verifiable extension information from the received identity information, being previously imbedded within the merchant server's 130 identity information by the authenticator server 110 during the merchant registration process as depicted in Figure 5b, the preferred embodiment of the merchant registration process for Figure 3. The verifiable extension information should be information whereby tampering of the information could be detected.
Then, in the sixth step 360, the user device 120 displays the extracted information. The user device 120 may also display various other information such as personalized information selected or determined by the user device 120 during the user registration process, intended to provide the user device 120 a high degree of comfort for conducting business with the merchant server 130.
Figure 4 shows a process flow for the third of the three preferred embodiments of the present invention. In the first step 410, the user device 120 navigates to a merchant server 130 where the merchant server 130 displays a web page of its web site. In the second step, 420, a trigger element associated with the authenticator server 110, and displayed on the web page of the merchant server's 130 web site, is activated. The trigger element was previously provided to the merchant server 130 by the authenticator server 110 during the merchant registration process as displayed in Figure 5c. In the third step 430, the activated trigger element activates a computer- program on the merchant server 130 that directs the user device 120 to establish a connection with the authenticator server 110, and send information about the connection between the user device 120 and the merchant server 130 to the authenticator server 110. The computer program was
previously provided by the authenticator server 110 to the merchant server 120 during the merchant registration process as displayed in Figure 5c. In the fourth step 440, the user device 120, again directed by the computer program on the merchant server 120, sends its signed identity information to the authenticator server 110. The signed identity information was provided by the authenticator server 110 to the user device 120 during the user registration process as displayed in Figure 6c. Next, in the fifth step 450, the merchant server 130, through the computer program, establishes a connection with the authenticator server 110 and sends information about the connection between the merchant server 130 and the user device 120 to the authenticator server 110. Then, in the sixth step 460, the authenticator server 110 compares the connection information received from the user device 120 to the connection information received from the merchant server 130. In the seventh step, the authenticator server 110, using the signed identity information, verifies the identity of the user device 120, and may retrieve from its associated memory other personalized information selected or determined by the user device 120 during the user registration process. Next, in the eighth step 480, the authenticator server 110 sends the information, possibly
including the retrieved personalized information, to the user device 120. Finally, in the ninth step 490, the user device displays the information.
Figure 5a shows the process flow of the merchant registration process for the first of the three preferred embodiments of the present invention. In the first step 510a, the merchant server 130 navigates to the authenticator server 110. Then, in the second step 520a, the authenticator server 110 prompts the merchant server 130 for registration information that may be used later by the authenticator server 110 to verify the identity and product authorities of the merchant server 130. Once the registration information has been obtained, in the final step 530a, the authenticator server 110 downloads a trigger element to the merchant server 130 for inclusion on the web page of the web site of the merchant server 130.
Figure 5b shows the process flow of the merchant registration process for the second of the three preferred embodiments of the present invention. In the first step 510b, the merchant server 130 navigates to the authenticator server 110. Then, in the second step 520b, the authenticator server 110 prompts the merchant server 130 for registration information that may be used later by the authenticator server 110 to verify the identity and
product authorities of the merchant server 130. Once the registration information has been obtained, in the next step 530b, the authenticator server 110 downloads a trigger element to the merchant server 130 for inclusion on the web page of the web site of the merchant server 130. In addition to the trigger element, the authenticator server 110, in the final step 540b, imbeds into the identity information of the merchant server 130, a verifiable extension to be used later by a computer program placed on the user device 120 by the authenticator server 110.
Figure 5c shows the process flow of the merchant registration process for the third of the three preferred embodiments of the present invention. In the first step 510c, the merchant server 130 navigates to the authenticator server 110. Then, in the second step 520c, the authenticator server 110 prompts the merchant server 130 for registration information that may be used later by the authenticator server 110 to verify the identity and product authorities of the merchant server 130. Once the registration information has been obtained, in the next step 530c, the authenticator server 110 downloads a trigger element to the merchant server 130 for inclusion on the web page of the web site of the merchant server 130. In addition to the trigger element, the authenticator server
110, in the final step 540c, downloads a computer program to the merchant server 130.
Figure 6a shows the process flow for the user registration process for the first of the three preferred embodiments of the present invention. In the first step 610a, the user device 120 navigates to the authenticator server 110. Then, in the second step 620a, the authenticator server 110 prompts the user device 120 for registration information that may be used later by the authenticator server 110 to verify the identity of the user device 120. Once the registration information has been obtained, in the final step 630a, the authenticator server 110 downloads a computer program to the user device 120.
Figure 6b shows the process flow for the user registration process for the second of the three preferred embodiments of the present invention. In the first step 610b, the user device 120 navigates to the authenticator server 110. Then, in the second step 620b, the authenticator server 110 prompts the user device 120 for registration information that may be used later by the authenticator server 110 to verify the identity of the user device 120. Once the registration information has been obtained, in the final step 630b, the authenticator server 110 downloads a computer program to the user device 120.
Figure 6c shows the process flow for the user registration process for the third of the three preferred embodiments of the present invention. In the first step 610c, the user device 120 navigates to the authenticator server 110. Then, in the second step 620c, the authenticator server 110 prompts the user device 120 for registration information that may be used later by the authenticator server 110 to verify the identity of the user device 120. Once the registration information has been obtained, in the final step 630c, the authenticator server 110 downloads a signed user identity information to the user device 120. Finally, an additional step is considered whereby the authenticator server 110 provides to the user device 120 a computer program that enables the user device 120 to further verify the integrity and ownership of the connection between the user device 120 and the merchant server 130.
Having now described one or more preferred embodiments of the invention, it should be apparent to those skilled in the art that the foregoing is illustrative only and not limiting, having been presented by way of example only. All the features disclosed in this specification (including any accompanying claims, abstract, and drawings) may be replaced by alternative features serving the same purpose,
equivalents or similar purpose, unless expressly stated otherwise. Therefore, numerous other embodiments of the modifications thereof are contemplated as falling within the scope of the present invention as defined by the appended claims and equivalents thereto.