HAIFA, Israel - Sept. 24, 2019 - SentryCom announces the grant of a US patent # 10,425,407 for Secure transaction and access using the insecure device.

The present invention does not pretend to prevent malware. Instead, malware attacks against secure transactions and access are made obsolete. The present invention includes data, directly connected to transaction or access request to Relying-Party-Service-Provider, into the authentication process of Identity-as-a-Service Provider. The present invention includes user authentication using a mobile phone vs. Identity-Management-as-a-Service provider. The present invention also includes entering a request for a secure transaction or access to Relying-Party-Service-Provider, using the insecure device. The present invention also includes two-way communication between Relying-Party-Service-Provider and Identity-Management-as-a-Service.
What is claimed is:
A system and method for secure transaction and access, comprising:
a. Relying-Party-Service-Provider for transaction and access of a user;
b. an insecure endpoint device, for communication of the user with the Relying-Party-Service-Provider, and compromised by unknown malware;
c. such malware capable of modifying transaction context or altering access request;
d. a mobile phone of the user;
e. Remote Identity-Management-as-a-Service for identity verification of the user using said mobile phone and serving remotely said Relying-Party-Service-Provider;
f. whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;
g. whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user;
h. whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware.
The resulting security features include:
1. Identity-Management-as-a-Service binds Identity, Authentication, and Authorization for Access and Transactions in one tight system.
2. Provides two-way (mutual) authentication between Relying Party Service Provider and Identity-Management-as-a-Service.
3. Resilient to Man-in-the-Middle attack on session token.
4.Resilient to Man-in-the-Endpoint attack, due to out-of-band authentication and authorization.
5. Resilient to SIM swapping.
6. It does not rely on secret seed values or private keys,
7. It does not allow social engineering attacks.
9. Prevents brute force attacks.
10. Uses 1:1 client-side, pre-registered with the Service.
For additional info visit our website
or watch our demo.

Contact
Eli Talmor