A method of verifying the intended recipient of any communication for improved security
Publication Date: 2018-Jan-12
The IP.com Prior Art Database
Title : A method of verifying the intended recipient of any communication for improved security An email account created by a user is unique to the person and no two persons can have the same Email ID. A user when registering at a bank, credit card company or the place he/she works would invariably use his/her Email account which are mandatory these days for the bank/credit card organization to share account statement/credit card statement. However, it is observed that from time to time, unintentionally email ends up in the inbox of unintended recipient due to a spelling mistake or may be because the sender tries guessing the email ID. Even though the sender of the email may have some security systems in place for eg, some of these documents may be protected by a password, hackers can easily hack into these documents using any of the existing password hacking mechanisms. This is a big security loophole in itself. The problem with the present system is that is does not have a method to verify if the email goes to the intended recipient. There are existing schemes to verify the authenticity of the receiver's email address. However, there is no mechanism which verifies that the receiver is indeed the intended recipient of the email i.e. there is no method to verify the user/recipient.
A user will register his/her IoT devices with the banking site through a computer or a phone which is able to connect to the devices. These devices will thus be associated with the user. These IoT devices in turn will serve as an identification of the user. Refer the flow chart below about how the registration of IoT devices is done:
Initially, all the IoT devices will be registered by the user through a computer or a phone which is able to connect to all the devices. The user can specify a minimum limit on the number of devices to use for the certificate generation which will be used to authorize the transaction. An "agent" of sorts running in the smartphone or computer will perform the initial connection with the devices, collect their unique identity information and aggregate them into a "certificate" which is then registered with the bank for the user. This certificate is a dynamic certificate which will be generated depending on the zone presently detected by the user. As and when the user moves into new locations, for example, his car, his office set the user can register new IoT devices via the same mechanism. Accordingly, by using any existing location tracking mechanism, eg: by tracking the GPS coordinates of the devices, the devices can be distributed into zones by the softwar...