System and method of performing electronic transactions
Abstract
A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.
Claims
exact text as granted — not AI-modified1 . A method of controlling electronic transactions between a server computer and a client computer, the method comprising the steps of:
running a first communication protocol with encrypted data transmission and mutual authentication with the server computer, performing a decryption of encrypted server responses received from the server computer, forwarding the decrypted server responses to the client computer, receiving client requests to be sent to the server computer from the client computer, parsing the client requests for predefined transaction information, encrypting and forwarding client requests that do not contain any predefined transaction information to the server computer, displaying the predefined transaction information upon detection in a client request on a hardware device display of a hardware device, forwarding and encrypting the client request containing the predefined transaction information to the server computer if a user confirmation is received, canceling the electronic transaction if no user confirmation is received.
2 . A method according to claim 1 , further comprising the steps of:
displaying the decrypted server responses on a client computer display of the client computer.
3 . A method according to claim 1 , further comprising the steps of:
running in a normal mode of operation a second communication protocol between a browser application of the client computer and the server computer via a proxy application of the client computer, running in a secure mode of operation the first communication protocol between the server computer and the hardware device, routing in the secure mode of operation client requests from the browser application via the proxy application to the hardware device and from the hardware device via the proxy application to the server computer, routing in the secure mode of operation server responses from the server computer via the proxy application to the hardware device and from the hardware device via the proxy application to the browser application.
4 . A method according to claim 3 , further comprising the steps of:
parsing client requests for a predefined set of client requests by the proxy application, initiating the secure mode of operation by the proxy application upon detection of a predefined client request.
5 . A method according to claim 1 , further comprising, before forwarding the decrypted server responses from the hardware device to the client computer, the steps of:
parsing the server responses for predefined transaction information by the hardware device, forwarding server responses that do not contain any predefined transaction information to the client computer by the hardware device, displaying the predefined transaction information upon detection in a server response on the hardware device display of the hardware device, forwarding the server response containing the predefined transaction information to the client computer if a user confirmation is received, canceling the predefined transaction if no user confirmation is received.
6 . A method according to claim 1 , wherein the first communication protocol comprises:
a network layer comprising a protocol according to the Secure Sockets Layer (SSL)-standard or according to the Transport Layer Security (TLS)-standard and a protocol according to the Transmission Control Protocol/Internet Protocol (TCP/IP)-standard.
7 . A method according to claim 1 , wherein the first communication protocol comprises:
an application layer comprising the Hyper Text Transfer Protocol (HTTP).
8 . A method according to claim 3 , wherein the second communication protocol comprises:
a network layer comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) and an application layer comprising the Hyper Text Transfer Protocol (HTTP).
9 . A method according to claim 1 , further comprising the step of:
performing a user authentication by the server computer.
10 . A method according to claim 1 , further comprising the step of:
performing a user authentication by the hardware device.
11 . A hardware device for controlling electronic transactions, the hardware device comprising a hardware device display and a hardware device interface unit, wherein the hardware device interface unit is provided for coupling the hardware device to a client computer wherein the hardware device is configured to:
run a first communication protocol with encrypted data transmission and mutual authentication with a server computer, perform a decryption of encrypted server responses received from the server computer, forward the decrypted server responses to the client computer, receive client requests to be sent from the client computer to the server computer, parse the client requests for predefined transaction information, encrypt and forward client requests that do not contain any predefined transaction information to the server computer, display the predefined transaction information upon detection in a client request on the hardware device display, forward and encrypt client requests containing the predefined transaction information to the server computer if a user confirmation is received, cancel the predefined transaction if no user confirmation is received.
12 . The hardware device according to claim 11 , wherein the hardware device comprises:
a security token for storing security sensitive data.
13 . The hardware device according to claim 11 , wherein the hardware device comprises:
a smart card reader for reading security sensitive data from a smart card.
14 . The hardware device according to claim 11 , wherein the hardware device has a predefined level of tamper-resistance.
15 . The hardware device according to claim 14 , wherein the predefined level of tamper-resistance of the hardware device is higher than the level of tamper-resistance of the client computer.
16 . The hardware device according to claim 11 , wherein the hardware device is designed in such a way that no software applications can be loaded onto the hardware device.
17 . The hardware device according to claim 12 , wherein the security sensitive data comprises a private key and trust root information.
18 . The hardware device according to claim 13 , wherein the security sensitive data comprises a private key and trust root information.
19 . The hardware device according to claim 11 , wherein the hardware device comprises:
a hardware device input unit for confirming and/or canceling a transaction.
20 . A computer readable article of manufacture tangibly embodying computer readable instructions to carry out a method comprising the steps of:
forwarding in a normal mode of operation client requests received from a browser application of the client computer to a server computer of a communication network, forwarding in the normal mode of operation server responses received from the server computer to the browser application of the client computer, forwarding in a secure mode of operation client requests from the browser application to a hardware device and from the hardware device to the server computer, forwarding in the secure mode of operation server responses received from the server computer to the hardware device and from the hardware device to the browser application.
21 . A computer readable article of manufacture according to claim 20 , wherein the method further comprises the steps of:
parsing client requests for a predefined set of client requests, initiating the secure mode upon detection of a predefined client request.
22 . A method of controlling electronic transactions between a server computer and a client computer, the method comprising the steps of:
running a first communication protocol with encrypted data transmission and mutual authentication with the server computer, performing a decryption of encrypted server responses received from the server computer, parsing the server responses for predefined transaction information, forwarding server responses that do not contain any predefined transaction information to the client computer, displaying the predefined transaction information upon detection in a server response on a hardware device display of a hardware device, forwarding the server response containing the predefined transaction information to the client computer if a user confirmation is received, canceling the predefined transaction if no user confirmation is received.
23 . A hardware device for controlling electronic transactions, comprising a hardware device display and a hardware device interface unit, wherein the hardware device interface unit is provided for coupling the hardware device to a client computer wherein the hardware device is configured to:
run a first communication protocol with encrypted data transmission and mutual authentication with a server computer, perform a decryption of encrypted server responses received from the server computer, parse the server responses for predefined transaction information, forward server responses that do not contain any predefined transaction information to the client computer, display the predefined transaction information upon detection in a server response on the hardware device display, forward server responses containing the predefined transaction information to the client computer if a user confirmation is received, cancel the predefined transaction if no user confirmation is received.
24 . A client computer being connectable via a first interface to a communication network and via a second interface to a hardware device, the client computer comprising:
a browser application for browsing the communication network and a proxy application: the proxy application being adapted to:
forward in a normal mode of operation client requests received from the browser application of the client computer to a server computer of the communication network,
forward in the normal mode of operation server responses received from the server computer to the browser application of the client computer,
forward in a secure mode of operation client requests from the browser application to the hardware device and from the hardware device to the server computer,
forward in the secure mode of operation server responses received from the server computer to the hardware device and from the hardware device to the browser application, wherein the client computer is adapted to perform in the secure mode of operation electronic transactions with the server computer via the hardware device and via the communication network.
25 . The client computer according to claim 24 , wherein the proxy application is adapted to
parse client requests for a predefined set of client requests, initiate the secure mode of operation upon detection of a predefined client request.
26 . The client computer according to claim 24 , wherein the secure mode is initiated by sending a secure mode enable-signal from the proxy application to the hardware device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.