ABSTRACT: Identity theft and credit card fraudulence are among the major security problems for online shopping and other transactions. Current industry standard of multi-point personal information storage does not protect user's identity effectively. Many online merchant servers use password authentication method, whose security flaws have been well-documented. Although there are many challenges in achieving secure online transaction, we propose a system that can greatly reduce the risk of identity theft over the Internet by enabling users to hide their identities from the online merchants and, to some extend, the Internet. Our system architecture reduces the above multi-point information storage system to a single-point offline solution. That is, user's personal information will be stored on a secure offline database and a dedicated USB device. Such information will not be sent to the merchants to complete the online transactions. The SecureGo device can be connected to any host computer for online transactions, but decryption and encryption will be performed locally on the SecureGo USB device to prevent attacks such as the malicious host. This is a true hardware-software co-protection approach to ensure secure online transactions and user's privacy. The dedicated hardware, the USB device, implements the secure (software) operations and has a unique ID to mask the user's identity.
Bio-inspired, Learning, and Intelligent Systems for Security, 2007. BLISS 2007. ECSIS Symposium on; 09/2007