| 发明名称 | Detecting man-in-the-middle attacks in electronic transactions using prompts | ||
| 摘要 | Aspects of the invention provide a solution for detecting man-in-the-middle attacks in electronic transactions using prompts. One embodiment includes a method for authenticating an electronic transaction. The method includes: receiving an electronic transaction request from a user, determining an IP address associated with a client system from which the electronic transaction request originates, providing the user with a password associated with the electronic transaction request, receiving a telephonic communication from a telephonic device associated with the user, prompting the user, via a voice response unit, to input the password using the telephonic device, authenticating the user by comparing the inputted password and the provided password, determining a probable location of the user based on the determined IP address of the client system, communicating to the user the probable location of the user based on the determined IP address, and prompting the user to confirm the probable location of the user. | ||
| 申请公布号 | US8917826(B2) | 申请公布日期 | 2014.12.23 |
| 申请号 | US201213562491 | 申请日期 | 2012.07.31 |
| 申请人 | International Business Machines Corporation | 发明人 | Bravo Jose F.;Crume Jeffery L. |
| 分类号 | H04M1/64;G06Q20/00 | 主分类号 | H04M1/64 |
| 代理机构 | Hoffman Warnick LLC | 代理人 | Lashmit Douglas A.;Hoffman Warnick LLC |
| 主权项 | 1. A method of authenticating an electronic banking transaction, the method comprising: receiving an electronic banking transaction request from a user, the electronic transaction request originating at a client system; determining an Internet Protocol (IP) address associated with the client system from which the received electronic banking transaction request originates; providing the user with a one time password associated with the electronic banking transaction request; providing the user with a third party verification number associated with the electronic banking transaction request; receiving a telephonic communication to the third party verification number from a telephonic device associated with the user; prompting the user, via a voice response unit, to input the password using the telephonic device, the telephonic device having a user number; authenticating the user based on a comparison of the inputted password and the provided one time password and the user number where the authenticating is performed by a third-party service provider, wherein the third-party provider is not a participant in the electronic banking transaction; determining a probable location of the user based on the determined IP address of the client system; communicating to the user, via the voice response unit, the probable location of the user based on the determined IP address associated with the client system; and prompting the user to confirm the probable location of the user based on the IP address associated with the client system. | ||
| 地址 | Armonk NY US | ||