Secure transactions over the Internet

[fzabkar]

This may sound crazy, but I have an idea which would enable secure access to the Internet via a dedicated portal and a dedicated hardware box. The SecureBox would be built around open source hardware, firmware and software. I propose that authorised organisations such as banks, insurance companies and government agencies would utilise this portal. The portal's sole function would be to verify the authenticity of particular URLs belonging to these vetted organisations. The SecureBox would submit a URL to the portal and would reject any URL that is not authorised by it. The portal would also provide firmware updates for the SecureBox.

I envisage that the SecureBox would function like a personal ATM machine. It would have no connection to the external world other than a credit card slot, an Ethernet port and Wi-Fi. No USB port, no SD card slot. Each authorised organisation would have a dedicated area of their web site with a minimalist interface akin to telephone banking over a landline. It would be no more complicated than a DOS-style BBS of 30 years ago. No Javascript, frames, popups, etc, just plain HTML. Ideally the box would execute code from flash memory. It would have a very minimal digital display and a rudimentary keyboard or touchpad. Receipts for the session could be sent to a specified email address. This address need not be stored in the box but could be stored on the web site of the bank, insurance company, etc. I envisage that credit cards, a Medicare card, driver's licence, pension card, et cetera could be used to initiate a session, although this would not be mandatory.

The idea behind this box is to protect users from themselves. That is, this box could not be penetrated by malware such as keyloggers that could steal passwords. The portal would act like a firewall to prevent users from visiting unauthorised URLs, whether intentionally or unintentionally. The portal could be maintained by a central authority such as the Signals Directorate (in Australia). All communications would be encrypted. No traffic would pass through the portal or be recorded by it other than requests to verify authorised URLs. At the end of each session the RAM is cleared and the SecureBox rebooted and reset.

If users opt for this hardware solution, banks would be more inclined to accept responsibility for losses due to fraud. At the moment the Australian government is disinclined to force the banks to accept responsibility via legislation.

[IanB]

Did you just invent the iPhone?

[fzabkar]

The only iThing I own is an iPod which I inherited from my late father, and that just sits in a drawer where all iThings belong.

[ataradov]

You can't just ignore the exiting technology while "inventing" your own. What you invented makes no sense. What is the purpose of verifying the URL?  How exactly would a URL get on that allowed list? And also, who pays for all that and what is their motivation?

And the last thing banks want is minimalist interface. Their whole existence is based on selling random services you don't need.

The only way something like this would ever work even in theory is if it is mandated by the government. The same government that refuses to just make banks assume responsibility for fraud.

[ejeffrey]

The whole point of making banks responsible for fraud is that it puts the incentive on them to build and require their customers to use a sufficiently secure system that fraud is reduced to levels where it isnt worth reducing further.  Designing a random "secure" system to entice banks to accept responsibility for fraud is both defeating the purpose and also completely absurd: banks are never going to happily accept responsibility for fraud.  Regardless of what other security or protections are in place, they are always going to want someone else to be responsible.  The only options are 1) force them whether they want it or not and 2) trade them something worth more to them.  Your proposal does neither, and in fact creates something they would hate.  If you said *we are going to force you to use this box for all your customers unless you accept responsibility for fraud" that would probably work.

[Bud]

Are you going to require the users to carry your box with them ? Mobile payments are called that for a reason.

[EPAIII]

You do not understand. The internet was not built to be secure. If it had been there would be zero problems because every communication, every transaction would already be 100% traceable.

The internet was built for people and companies to SELL THINGS. All the other uses are subservient to that. So someone can set up a web site to sell something and you can not find out anything about that person except for what he provides on that web site. It is purposely built this way and companies like Microsoft, Apple, Google, Amazon, etc. would never tolerate the type of change that would make it safe for the buyers. The technical details are not important as they will always favor the big money corporations. And even big governments, like the US, China, etc., can not really change it because it is at the very core.

This is not some kind of conspiracy theory. It is how things are. And how they will remain.

PS: What you propose does not require any box or hardware or any software on individual computers. All it requires is software on the web registration sites and the cooperation of all the network nodes, world wide. That cooperation would not be hard to obtain if you start preventing communication with any node that does not cooperate (cutting off all of the people and businesses they serve). Of course, for the reasons I stated above, this will never happen.

[2N3055]

SSL Site certificates, Secure pay, certificates in general, dedicated OTP token devices are solving all the problems you mentioned.
Except bank responsibility. Which is core of the problem.

And people. It is them that want everything on their phone. For convenience.

[JMK]

"I envisage that the SecureBox would function like a personal ATM machine."


I very much doubt that. The ATM system in Australia is NOT connected to the internet in any way; hence, not able to be hacked.

[EPAIII]

What US citizens can do to avoid getting ripped off on the internet is very simple:

1. Fund EVERY purchase with a CREDIT CARD. Never a debit card and if you use a service like PayPal, use the option of funding the transaction with a CREDIT CARD.

2. Inspect every purchase immediately on arrival. If there are any problems, notify the seller immediately.

3. If the seller does not satisfy you within a reasonable period, which is less than about two weeks, then notify the issuer of the credit card of FRAUD. Do that notification both via telephone and with a written (ink and paper) letter that you have personally signed.

4. Be sure to make the above notification at the two week mark. Then, with a follow up phone call at the three week mark, ask the issuer of the credit card if they have received the letter. If they have not, send a second, personally signed copy via overnight mail with a signed receipt requested. You want proof that they got the WRITTEN complaint within 30 days of the transaction.

5. Continue to follow up with the issuer of the credit card. They should investigate. When and if they find it was a fraudulent transaction they will issue a refund to your credit card account. Of course the seller may jump back in and make things good.

The above does work. In one instance I had monthly charges to a credit card account from an internet company that stopped providing their service and could not be contacted. I really tried. But I did complain, in writing, to the bank that issued that credit card and after almost a year of these charges I received a refund of the full amount.

I believe it is very important to use a credit card and not a debit card. They look alike, but the debit card is like writing a check: the funds are taken from your bank account immediately. And the bank is going to be very reluctant to reverse that. Credit cards work with a different set of rules.

I make ALL my internet purchases with a credit card. PERIOD!

If you are in another country, please check the regulations there before doing any of the above.

[Infraviolet]

Two obvious problems:
"maintained by a central authority"
How can one guarantee that the central authority in question is actually to be trusted? If it is corporate run, how tempted might it be to abuse its position for profit? if government run, how tempted to abuse its position in an effort to financially censor disliked people/organisations? Even if run by entirely trustworthy people who would never succumb to greed, nor violate trust to serve "national security" or "stopping misinformation" demands, such an authority would be a very juciy target which every hacker would seek to compromise.

"verify the authenticity of particular URLs"
As ataradov mentions, how does that help? Verifying a URL simply implies matching that the text is as it ought to be, this blocks the cruder phishing scams which try to substitute "rn" in place of "m" in the real address (or vice-versa) or which use a greek or cyrillic character of very similar appearance in place of a letter. Verifying the URL doesn't prove anything if the DNS or other network aspects are compromised such that a fake site can appear to be at that URL.