HK1209934B

HK1209934B - Method and system using a cyber id to provide secure transactions

Info

Publication number: HK1209934B
Application number: HK15110650.3A
Authority: HK
Inventors: Benjamin YANG LIT FANG; Ryan Nacion TRINIDAD
Original assignee: Medium Access Systems Private Ltd
Priority date: 2012-04-09
Filing date: 2013-04-08
Publication date: 2018-08-24

Description

Method for providing security service using cyberrid

Technical Field

The invention discloses a new process for protecting user identity and confidential information in the process of online business. This new process creates and utilizes a third party intermediary between the user and the service provider, thus preventing hackers from gaining access to the user's information by not only authorizing each particular transaction, but also verifying the user's identity and the service provider's trustworthiness.

Background

Online security is critical to the provider providing services to any subscriber. As a common security function, subscriber login authentication is often required to enable the subscriber to access these services. Typically, providers require the subscriber to provide a user name and login password in order to authenticate the user in future services (transactions), and the subscriber must enter this information in order to gain access to the requested service.

A common security problem is found during login or entry of user credentials (e.g., their username and password). In order to enable a subscriber to log in to any service, a user name and a login password are requested by a process, usually entered one after the other. If the security that protects this login process is breached, the hacker may gain access to the user account, providing an opportunity to access both the username and login password at the same time because they are entered at the same time. In addition to hackers accessing user accounts by "stealing" usernames and passwords, security holes may also be used to access user accounts, and hackers may impersonate service providers or steal credential information directly from service providers. When this occurs, the provider's services may be duplicated by the fake web site. Once the subscriber's username and password are entered into the fake website, a hacker can steal the subscriber credentials by means of phishing, and then access any information associated with the username. When a subscriber uses the "auto-login function," hackers can also compromise web services by accessing information stored in the subscriber unit (hereinafter referred to as the "SU"). All of these cases present problems requiring the provision of a secure user login method for preventing the theft of authentication information from the subscriber or service provider.

The invention discloses a new method for protecting confidential information in the online business process, which aims to solve all the problems. This process utilizes an intermediary, called a Credential information manager ("CIM"), which sends confidential information between the subscriber and the internet service provider. The CIM provides the service provider with the cyberkid (network ID) authorizing the service. It uses both the service ID provided by the service provider, which represents a single service, and the confidential security information provided by the subscriber, which is used to verify its identity. This process occurs automatically when the subscriber attempts to enter into service with the service provider based on a pre-established agreement between the service provider and the CIM. The present invention provides two functions: it authenticates the validity of both parties to the transaction to ensure that neither the subscriber nor the service provider is fraudulent, and it provides an additional layer of security to prevent hackers from gaining access to the user login information and its account. The present invention creates an extra step to increase the access difficulty for hackers, because the transmission of information is sent in a triangular fashion, rather than just back and forth between two entities.

Disclosure of Invention

A method and system for securing user traffic includes a subscriber unit ("SU") (having a processor, a memory, and a display and configured to accept user input), a credential information manager ("CIM") (having a processor and a memory), and a traffic service provider ("TSP") (having a processor and a memory). Network identifiers ("CyberIDs"), subscriber identifiers ("SubscriberIDs"), and subscriber information associated with users, respectively, are stored within the CIM memory. A traffic request is sent from the SU to the TSP, the TSP creates a traffic identifier ("TID"), stores the TID in the TSP memory, and sends the TID to the SU. The SU sends an authentication request to the CIM along with the TID and the substribertid. The CIM verifies the received SubscriberID from the SubscriberID in its memory and then sends the verification result to the TSP along with the TID received from the SU. The TID verifies the received TID against the TID in its memory and then reports the verification to the CIM. The CIM sends the cyberkid and subscriber information to the TSP and then sends a service authorization to the SU.

Drawings

Fig. 1 shows a conventional subscriber setup for authentication login.

Fig. 2 illustrates the present invention, a method for protecting confidential information in online traffic using a credential information manager.

Fig. 3 shows a step-by-step method using cyberrid.

Fig. 4 shows a sequence diagram of the stepwise procedure shown in fig. 3, wherein the procedure starts from a service provider.

Fig. 5 shows an alternative version of fig. 4, where the process starts with the subscriber.

Figure 6 illustrates the present invention with a subscriber unit made up of multiple devices.

FIG. 7 illustrates the present invention with a CIM made up of multiple tissues.

Fig. 8 shows an example of the invention using a notebook as the subscriber unit and a USB ID as the subscriber ID.

Fig. 9 shows an example of the invention using a smart phone as a subscriber unit and a SIM card as a subscriber ID.

Fig. 10 shows an example of the invention using a point of sale terminal as a subscriber unit and an electronic card as a subscriber ID.

Fig. 11 shows an example of the invention using a mobile phone as subscriber unit and a SIM card as subscriber ID, while also using a point of sale terminal with or without a card reader.

Fig. 12 shows an example of the present invention using a mobile phone as a subscriber unit and a SIM card as a subscriber ID, while also using a tablet computer.

Detailed Description

The present invention will now be described with reference to fig. 1-12. It is to be understood that these drawings are illustrative in nature and not restrictive of the scope of the invention, which is defined by the appended claims, and which is the scope of the claims as interpreted by courts.

The invention discloses a new method for protecting confidential information in the online business process, which aims to solve all the problems. This process utilizes an intermediary, known as a credential information manager ("CIM"), that sends confidential information between the subscriber and the internet service provider. The CIM provides the service provider with the cyberkid authorizing the service. It uses both the service ID provided by the service provider, which represents a single service, and the confidential security information provided by the subscriber, which is used to verify its identity. This process occurs automatically when the subscriber attempts to enter into service with the service provider based on a pre-established agreement between the service provider and the CIM. The present invention provides two functions: it authenticates the validity of both parties to the transaction to ensure that neither the subscriber nor the service provider is fraudulent, and it provides an additional layer of security to prevent hackers from gaining access to the user login information and its account. The present invention creates an extra step to increase the access difficulty for hackers, because the transmission of information is sent in a triangular fashion, rather than just back and forth between two entities.

The invention discloses a new method for protecting confidential information in the process of online business. Fig. 1 illustrates a conventional business method between a subscriber 10 and a service provider 17. In this method, the subscriber logs into the service provider's site using his subscriber unit 15 (i.e., computer or smartphone) to complete the service. No other party or entity is involved in the service and there is no additional layer of security between the two for the transfer of information. In fig. 1, the login credentials associated with subscriber 10 (i.e., his username and password) are shown as 10 a. Application server 17a is the location where service provider 17 hosts authentication software application 17b, which verifies the user's login credentials 10 a.

FIG. 2 shows the basic model of the invention, denoted "CyberID technology". The present invention assigns a unique ID to a subscriber 20 on a network, such as the internet or a point-of-sale network, to distinguish the subscriber and the particular service involved. This allows the subscriber to access the requested service while incorporating secure traffic between the information manager and a traffic service provider (hereinafter "TSP") to share or exchange the subscriber's credential information. In this case, the credential information is subscriber identity information.

The present invention proposes the use of a credential information manager 23 (hereinafter "CIM") which acts as an intermediate proxy between the service subscriber and the service provider. The role of CIM is to provide verification of both parties to a transaction, verify their authenticity, and also provide an additional layer of security to protect confidential information from attack and theft. The CIM will verify to the subscriber that the online account it is attempting to access (or log in) actually belongs to the service provider (without fraud). At the same time, the CIM also confirms to the TSP that the individual attempting to login using the subscriber credentials is indeed the subscriber. This prevents the subscriber from providing personal information and login identity information to a fake website, while also preventing the service provider from possibly granting access rights to the user's account to hackers.

Fig. 3 shows a step-by-step approach to CyberID technology, where a new component CIM is introduced, which acts as a proxy for the subscriber. When the subscriber attempts to log on to the service provider's online website, the subscriber will be instructed to enter the site via transmission 1 or prompted to click on a link via transmission 2, which prompts the service provider that the subscriber is requesting access to the service. The TSP returns a TID indicating the specific traffic to the CIM. The subscriber unit sends the TID and subscriber ID (equivalent to the user name) to the CIM for authentication via transmission 3. Once the identity of the subscriber and the TSP is verified, the CIM sends the subscriber information and the cyberkid to the TSP via transmission 4.

This process provides an additional layer of security for personal information that cannot be found in normal web login services, but is achieved due to various factors. First, the CIM may ensure the trustworthiness of the service provider by negotiating an agreement with the TSP about all future traffic, thereby creating a link for transmitting the traffic ID and subscriber confidential information. Second, the information sent to the service provider may be located on a special link between the CIM and the TSP, such as VPN, internet, intranet, PSTN, SMS, voice call, or even encrypted data. Third, even if the TSP loses the username and password information, a hacker still needs to cross the security barriers set by the CIM to steal any confidential information.

In the traditional ID/password approach, the subscriber types in the web page of the TSP, the password is typically the only secure element, while the ID is not. This poses a problem: that is, a hacker obtaining access rights to the TSP can also access any account associated with the TSP. In the present invention, the password is no longer the only security factor. The cyberkid sent from the CIM to the TSP via transmission 4 to activate the service is another protection element that never traverses the subscriber's path. Thus, a hacker attempting to access a subscriber account will never see the cyberkid, or even be aware of its presence

In the present invention, authentication between the subscriber and the CIM (referred to as service ID) is one of the key elements. The traffic ID ("TID") is different from the password that the user typically uses in traffic, because the TID represents only a single traffic and is unique for each traffic. Another important factor is cyberkeri, which may indicate the user name and any confidential information that the subscriber provides in order to verify their identity. When the CIM sends the cyberkid to the TSP, the TSP knows not only the subscribers involved, but also the specific services that the subscriber desires to complete.

In the case where there are multiple CIMs, as described below, one method of providing additional security would include delaying the CyberID transmission of the CIM until the TID transmitted by the SU is verified as a matching TID.

The CIM sends the confidential information to the TSP via transmission 4, which is then informed of the identity of the subscriber. When confidential information is exchanged between the information manager and the service provider, the provider will automatically sign the subscriber into its own online service using the authenticated information provided by the subscriber to the TSP. In some cases, the TSP may require the subscriber to type in a subscriber unit a password known only to the TSP (e.g., if the TSP is a bank). This use of passwords is the same as in a typical ID/password system, and the authentication steps performed by the CIM above are one aspect of the present invention that distinguishes it from previous methods and systems. This additional step creates a secure transaction between the subscriber and the TSP, thereby preserving the subscriber's login credentials and protecting them from attack. This process is different from the procedures typically performed by subscribers who enter their credentials for authentication and use web services. In such a commonly executed program, a hacker who can determine a user's password can input the password and freely access the user's account. In the present invention, a hacker may be able to discover the username and even the password, but he cannot overcome the security program settings, such as the information required to authenticate to the CIM, or the cyberkerid itself. In fig. 3, the login credentials associated with subscriber 20 (i.e., his username and password) are shown as 20 a. CIM application server 23a hosts a subscriber authentication software application shown as 23 e. The CIM database server 23b handles the subscriber cyberrid, shown as 23d, which the CIM database 23c stores. And figure 3 shows a TSP application server 27a hosting a cyberkid verification software application 27 c. TSP application server 27b hosts the service to be provided to the subscriber.

The method introduced in this disclosure overcomes the security issues common in online business using a trigonometric relationship between subscribers, business service providers, and credential information managers. The communication technology between the CIM and SU is a secure and authenticated communication channel including, but not limited to, VPN, audio or video signaling, secure tunnel, or any encrypted communication infrastructure or technology, such as a SIM card. A communication link 81 between the SU and the CIM is used for secure data transmission, where the CIM acts as a broker for the subscriber and sends the subscriber's confidential credential information to the TSP. Examples of subscriber units include a computer 25a (e.g., a notebook computer or tablet computer), a PDA, a smart phone 25b, and/or a POS terminal 25 d. These different examples can be seen in fig. 8-12, each of which shows the same triangle traffic but with different subscriber units.

In the preferred embodiment, to trigger this process, the subscriber is a member of the network 29, managing the traffic between the TSP and CIM. Such traffic management is performed according to a pre-arranged protocol between the TSPs and CIMs, which send the TIDs to the correct TSPs for verification. When the pre-arranged agreement between the CIM and the TSP is in place, the subscriber can enter into service with the TSP.

Fig. 4 and 3 disclose two different flow charts showing the steps performed by the present invention. Fig. 4 discloses the first step in the process starting from the TSP, and fig. 5 discloses the first step in the process starting from the user. As shown in fig. 4, the TSP provides the session to the SU via transmission 1. When the SU triggers an event (e.g., when the subscriber clicks "pay", "join", "start", "membership sign-in", or other online service on the SU's browser, application, or other running service via transmission 2), the TSP responds by sending the TID to the SU. The subscriber requests authentication from the CIM via its SU. Authentication may be accomplished through ID challenge, password, or voice call, among other methods.

Authentication is performed by the CIM, which receives the TID and subscriber ID via transmission 3 sent over a trusted (or secure) channel 81 between the SU and CIM. In a preferred embodiment, the subscriber needs to know that there is a CIM connected to his network (e.g., connected to the network via an application on a smart phone or a website link on a computer) in order for the process to start. In case a trusted channel is established separately for a subscriber, the subscriber ID does not have to be sent to the CIM. There are a number of ways to establish the trusted channel 81, such as by a computer application that establishes a VPN, a TID that is sent to the CIM encrypted with data, or a secure telephone line, and secure links 82 (between TSPs and SUs) and 83 (between TSPs and CIM) can be constructed in a similar manner. The CIM will verify the TID to the TSP and after verifying that the TID (and the TSP) is valid, the CIM sends to the TSP a cyberkid that represents the subscriber and certain subscriber information (e.g., name, gender, date of birth, address, and other information that the subscriber can use for authentication). Upon receiving this information, the TSP updates the subscriber information on the SU via transmission 5 in a manner similar to updating any internet web page. The cyberkerid may or may not be displayed at SU. The subscriber then completes the service with the TSP.

After confirming the authenticity of both parties, the CIM sends the subscriber information to the TSP along with the cyberkid. The information provided by the CIM to the TSP includes certain information that the subscriber can use to verify identity. This information, along with the cyberkid, represents the subscriber. Cyberkerid is similar in use to a username, but is provided by CIM rather than by the user, thereby eliminating the opportunity for information to be attacked and stolen. If the subscriber is a member of the CIM network, all traffic will go through the CIM to ensure security and protect information. All participants (subscriber, CIM and TSP) benefit from the cybertid system, where the ID and password systems are no longer required.

After the TSP obtains the subscriber information, the information is displayed on the subscriber unit when the subscriber attempts to use the online service. The subscriber can verify his own information using the information previously provided to the CIM and then verify the service. Once the traffic is verified, the TSP provides the CIM with updated traffic details.

A subscriber unit may be a single device on which multiple software applications run, two devices, or a combination of two or more hardware devices. In the case where the subscriber unit includes two instances of devices, as shown in fig. 6 and 12, device a (which may be a mobile phone 25B) interfaces with the CIM 23 and device B interfaces with the TSP 27. In this case, an example of device "B" is a point of sale ("POS") terminal 25c (e.g., a user operated cash register or ATM). The POS may be part of a business network, but is not necessarily connected to the internet. The TID may be sent automatically between devices a and B via link 110 (via communication techniques such as Wi-Fi, Bluetooth, and other communication protocols), or manually, where the subscriber sends information directly from device B to device a via link 111. As shown in fig. 8-12, devices a and B may be any suitable communication device, including a telephone (smart phone or regular phone), PDA, notebook, PC, tablet, modem, fax, display/input terminal, and POS/ATM.

Like subscriber units, CIM may have a single identity or be composed of multiple identities, as shown in fig. 7. Organization X (certified CIM ("CCIM")) interfaces with the TSP and organizations Y and Z, which are referred to as authenticated/secure link service providers ("ASLSPs"). These ASLSPs have subscribers (i.e., subscribers 70a and SU 73a associated with organization Z, and subscribers 70b and SU 73b associated with organization Y), respectively, and may authenticate their respective subscribers. In operation, the ASLSP sends the subscriber ID and TID to the CCIM interfacing with the TSP. The CCIM is a CIM that does not perform a subscriber authentication function, but is connected to the TSP and performs a docking function with the TSP. The communication channel 71a from organization X to organization Z and the communication channel 71b from organization Y to organization Z are considered secure channels. Once the subscriber is authenticated by the organization Y or Z, the subscriber ID and TID are sent to the CCIM, and the remaining steps are performed as described above.

In the exemplary embodiment of this case, AT & T is an ASLSP with the functionality of organization Y and Verizon is an ASLSP with the functionality of organization Z, each having a pool of subscribers (e.g., mobile phone users). The functionality of CCIM (organization X) may be performed by another company, or may be one or more of organizations Y or Z.

Organization x (ccim) is connected to TSP. X, Y and Z, which perform the function of CIM. Multiple companies performing the functions of Y and Z may be connected to X. One company Y or Z may be connected to multiple xs.

Examples of embodiments of the invention

As an implementation example of the preferred embodiment, the subscriber enters the amazon website using a PC. When logging into the website, the subscriber decides to select a book and add it to the shopping cart. After completing the selection, the subscriber clicks "continue to settle". At this time, the present invention is different from the conventional network service in that it includes a CIM, and the conventional method allows only direct transmission of information between SU and TSP. In this example, amazon is TSP and AT & T is CIM.

After the subscriber clicks "continue to settle," amazon returns a traffic id (tid) to the subscriber, and the amazon web page will include the following messages, for example: "AT & T Member clicks here". AT this point amazon does not know who the subscriber is, but only knows that the subscriber is an AT & T member (assuming the subscriber has clicked on this link to activate CIM).

After the subscriber clicks the "AT & T Member clicks here" button, other techniques may be applied. The method of sending the TID to the CIM may be performed automatically or manually. In the case of a service being completed using a smartphone fitted with a SIM card 95 associated with the CIM (AT & T in this example), the software may run in the background, select the TID and then immediately send it directly to the CIM. The example shown in fig. 9 is an automatic method. Alternatively, as shown in figure 8, there may be a token carrying the subscriber ID, this token being connected to a USB port on the computer, which automatically runs in the background, and then sends the TID to the CIM. In the manual method, the subscriber sends a verification to the CIM once the TID is displayed on the display.

In this example, the subscriber unit storing the subscriber identity information will initiate authentication communication with the CIM. After authentication, the subscriber unit sends the TID to the CIM. In this example, the CIM now knows the identity of the subscriber, knowing amazon as TSP.

In this example, the AT & T checks and confirms to amazon the presence of the TID. The AT & T then sends "cyberID" and some subscriber information, which may include the subscriber's name and some numeric characters, such as "Benjamin Fang 2001". Amazon knows who the subscriber is by identifying the cyberkid connected to the subscriber unit at this point in the example. Next amazon will display "Benjamin Fang 2001" after the subscriber clicks "AT & T member clicks here". The authentication process between SU and CIM takes place instantaneously so that both the cyberkid and TID are verified before the subscriber connects to the link. The subscriber can see the cyberkid on a screen (where the subscriber typically needs to enter a username), or other information that the subscriber can use to confirm that the account is correct ("Benjamin Fang 2001" in this example), and can then verify that his own identity information is correct.

To secure the subscriber identity information, the account identity information (e.g., "Benjamin Fang 2001") will be designed to let the subscriber decide what to use, and may change after a period of time. The CIM sends a unique cyberkerid, representing the subscriber of the CIM, to the TSP. In some cases, the cyberkid sent to a particular TSP may always be fixed for the subscriber of the CIM. For example, when cyberkerid is used as subscriber account identity information at the TSP, the cyberkerid will remain the same for the subscriber of the CIM. However, even though the cybernids are fixed for a particular TSP, other TSPs may acquire different cybernids for the same subscriber of the CIM. The cybertid technology provides advantages for CIM subscribers to remain anonymous to TSPs, but subscriber identity information can still be tracked via CIM as implementation requires.

As an example of online banking on a smartphone, using the above-described case where AT & T is CIM, a subscriber (having a bank account) wishes to perform online banking functions using the smartphone. The user uses a browser (or application) running on the smartphone and browses the banking site or downloaded application. Silver behaves as TSP. After the subscriber clicks on the "AT & T member clicks on this" link (the same as in the example above), the bank will provide the TID to the user's smartphone. Another application on the phone (an application that is prompted to download when the subscriber first uses the web service on his smartphone) will initiate an authentication process to the CIM using the SIM card 95 on the smartphone. The SIM card is unique to the subscriber. After successful authentication, the application establishes a secure channel from the smartphone to the CIM, which allows the TID to be securely sent from the smartphone to the CIM.

After the CIM successfully verifies the TID with the bank via the same pre-arranged protocol described above, the CIM sends the CyberID and the subscriber's credential information to the bank. The bank now knows the identity information of the subscriber receiving the TID. When this happens, the bank will update its web page on the subscriber's smartphone and display the subscriber's name on the page. The bank then requests a password only from the subscriber. This method of causing the TSP to display the subscriber account is also applicable when the TSP is an organization (e.g., a business, school, association, or any other organization that has a subscriber as a member).

As shown in fig. 10, as an alternative example of an application using a point-of-sale terminal 25c, a subscriber comes to a point-of-sale terminal, such as a cash register or a vending machine of a shopping building, and decides to perform a transaction using the CyberID method. The subscriber notifies the counter that it is an AT & T member. The point of sale terminal will generate a TID. If the point-of-sale counter has an ID reader, the subscriber is allowed to authenticate to the CIM. The subscriber loads or inserts an electronic subscriber ID card 105 (provided by the CIM, in this case AT & T) into the ID reader and verifies the identity to the CIM. Alternatively, the subscriber may send a text message using their AT & T mobile phone, or send the TID to the CIM using an application on the mobile phone. Authentication is done using a SIM card on the mobile phone.

After the CIM successfully verifies the subscriber identity and obtains the TID, the CIM will verify the TID to the TSP. After verification, the CIM sends the cyberkid and subscriber credential information (e.g., credit card information) to the TSP. The TSP then updates the POD terminal with subscriber credential information (credit card information in this case) and the subscriber can then complete the transaction.

Such a triangulation process need not be performed sequentially as shown in fig. 3-5. Indeed, the authentication between the subscriber and the CIM may be performed in different order in different situations. For example, if the SU is a mobile phone, authentication is always performed when the mobile phone is connected to the network. However, when executed in order, the subscriber clicks on the TSP web page, and the TSP then sends the TID to the subscriber unit.

While the method and system of the present invention has been described with reference to several implementations, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope and spirit of the disclosed invention. In addition, many modifications may be made to adapt a particular situation or structure to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiments disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims

1. A method for protecting user traffic, comprising:

providing a subscriber unit having a processor, a memory and a display,

wherein the subscriber unit is configured to accept user input,

a credential information manager is provided having a processor and a memory,

storing a network identifier associated with the user within the credential information manager memory, wherein the network identifier comprises a username and subscriber information;

storing a subscriber identifier associated with the user within the credential information manager memory;

storing the subscriber information associated with the user within the credential information manager memory;

a business service provider having a processor and a memory is provided,

sending a service request from the subscriber unit to the service provider;

sending a service identifier created by the service provider based on the service request from the service provider to the subscriber unit;

storing the business identifier in the business service provider memory;

sending an authentication request from the subscriber unit to the credential information manager;

transmitting the transaction identifier from the subscriber unit to the credential information manager;

transmitting the subscriber identifier from the subscriber unit to the credential information manager;

the credential information manager verifying the subscriber identifier that the credential information manager received from the subscriber unit, wherein the subscriber identifier is stored within the credential information manager memory;

sending a verification request from the credential information manager to the business service provider;

sending the transaction identifier received from the subscriber unit from the credential information manager to the transaction service provider;

the transaction service provider verifying the transaction identifier that the transaction service provider received from the credential information manager, wherein the transaction identifier is stored in the transaction service provider memory;

sending a verification request result message from the business service provider to the credential information manager;

transmitting the network identifier stored within the credential information manager memory from the credential information manager to the transaction service provider;

sending the subscriber information stored within the credential information manager memory from the credential information manager to the business service provider;

sending a transaction authorization from the credential information manager to the transaction service provider; and

communicating a password from the subscriber unit to the business service provider;

wherein the password is never sent to the credential information manager, and wherein the network identifier is never sent to the subscriber unit; and is

Wherein the subscriber information is never sent by the subscriber unit to the business service provider.

2. The method of claim 1, wherein the verifying further comprises: the credential information manager processor compares the subscriber identifier received by the credential information manager from the subscriber unit with the subscriber identifier stored within the credential information manager memory.

3. The method of claim 2 wherein said verification request is sent as a result of said comparison indicating that said subscriber identifier received by said credential information manager from said subscriber unit matches said subscriber identifier stored in said credential information manager memory.

4. The method of claim 2, further comprising: sending a validation failure message from the credential information manager to the subscriber unit, wherein the validation failure message is sent as a result of the comparison indicating that the subscriber identifier received by the credential information manager from the subscriber unit does not match the subscriber identifier stored within the credential information manager memory.

5. The method of claim 4, further comprising: displaying a visible authentication failure message on the subscriber unit display based on the authentication failure message sent from the credential information manager to the subscriber unit.

6. The method of claim 1, wherein said verifying further comprises: the transaction service provider processor compares the transaction identifier received by the transaction service provider from the credential information manager with the transaction identifier stored in the transaction service provider memory, wherein the verification result request message includes a result of the comparison.

7. The method of claim 6, wherein said sending of said network identifier is sent as a result of said verification result request message indicating that said service identifier received by said service provider from said credential information manager matches said service identifier stored in said service provider memory.

8. The method of claim 6, further comprising: sending a verification failure message from the credential information manager to the subscriber unit, wherein the verification failure message is sent as a result of the verification result request message indicating that the traffic identifier received by the traffic service provider from the credential information manager does not match the traffic identifier stored in the traffic service provider memory.

9. The method of claim 8, further comprising: displaying a visual verification failure message on the subscriber unit display based on the verification failure result sent from the credential information manager to the subscriber unit.

10. The method of claim 1, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

11. The method of claim 10 wherein said subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

12. The method of claim 1, wherein one or more of the sending is accomplished via a secure telecommunications link.

13. The method of claim 1, wherein one or more of the sending is accomplished via a wireless telecommunications link.

14. The method of claim 1, wherein one or more of the sending is accomplished via the internet.

15. The method of claim 12, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

16. The method of claim 1 wherein said subscriber identifier is received as an input to said subscriber unit and stored in said subscriber unit memory before said subscriber identifier is transmitted from said subscriber unit to said credential information manager.

17. The method of claim 1 wherein said subscriber unit memory comprises removable memory and said subscriber identifier is stored within said subscriber unit memory before said subscriber identifier is sent from said subscriber unit to said credential information manager.

18. The method of claim 17, wherein the removable memory comprises a SIM card.

19. The method of claim 17, wherein the removable memory comprises an electronic card.

20. The method of claim 1, further comprising: storing the subscriber information sent from the credential information manager to the business service provider in the business service provider memory.

21. The method of claim 1, further comprising: sending the subscriber information sent from the credential information manager to the traffic service provider from the traffic service provider to the subscriber unit.

22. The method of claim 21, further comprising: displaying visible subscriber information on the subscriber unit display based on the subscriber information sent from the business service provider to the subscriber unit.

23. The method of claim 1, further comprising: verifying, by the business service provider, the password sent from the subscriber unit.

24. A system for protecting user traffic, comprising:

a subscriber unit having a processor, memory and a display,

wherein the subscriber unit is configured to accept user input,

a credential information manager having a processor and a memory,

a network identifier associated with the user is stored within the credential information manager memory, wherein the network identifier comprises a username and subscriber information;

a subscriber identifier associated with the user is stored within the credential information manager memory;

the subscriber information associated with the user is stored within the credential information manager memory;

a business service provider having a processor and a memory,

a service request is configured to be sent from the subscriber unit to the service provider over a communication path;

a computer program stored in the memory of the business service provider for creating a business identifier based on the business request;

the traffic identifier is configured to be transmitted from the traffic service provider to the subscriber unit over a communication path;

the business identifier is stored in the business service provider memory;

an authentication request is configured to be sent from the subscriber unit to the credential information manager over a communication path;

the transaction identifier is configured to be transmitted from the subscriber unit to the credential information manager over a communication path;

a subscriber identifier configured to be transmitted from the subscriber unit to the credential information manager over a communication path;

a computer program stored in a memory of the credential information manager for verifying the subscriber identifier received by the credential information manager from the subscriber unit by the credential information manager, wherein the subscriber identifier is stored within the credential information manager memory;

a validation request is configured to be sent from the credential information manager to the transaction service provider over a communication path;

the transaction identifier received from the subscriber unit is configured to be transmitted from the credential information manager to the transaction service provider over a communication path;

a computer program stored in a memory of the business service provider for verifying, by the business service provider, the business identifier that the business service provider received from the credential information manager, wherein the business identifier is stored within the business service provider memory;

a verification request result message is configured to be sent from the business service provider to the credential information manager over a communication path;

the network identifier stored within the credential information manager memory is configured to be transmitted from the credential information manager to the transaction service provider over a communication path;

the subscriber information stored within the credential information manager memory is configured to be transmitted from the credential information manager to the business service provider over a communication path;

a transaction authorization is configured to be sent from the credential information manager to the transaction service provider over a communication path; and

a password is configured to be communicated from the subscriber unit to the business service provider over a communication path;

25. The system of claim 24, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

26. The system of claim 25 wherein said subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

27. The system of claim 24, wherein one or more of the communication paths comprise a secure telecommunications link.

28. The system of claim 24, wherein one or more of the communication paths comprise a wireless telecommunications link.

29. The system of claim 24, wherein one or more of the communication paths comprises the internet.

30. The system of claim 27, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

31. The system of claim 24 wherein said subscriber unit memory comprises removable memory and said subscriber identifier is stored in said subscriber unit memory before said subscriber identifier is transmitted from said subscriber unit to said credential information manager.

32. The system of claim 31, wherein the removable memory comprises a SIM card.

33. The system of claim 31, wherein the removable memory comprises an electronic card.

34. The system of claim 24, wherein said credential information manager further comprises:

an authenticated credential information manager having a processor and a memory;

an authentication/secure link service provider having a processor and a memory;

the validation request, received by the credential information manager, configured to be sent from the authenticated credential information manager to the validation/secure link service provider over a communication path;

the subscriber identifier, received by the credential information manager, configured to be sent from the authenticated credential information manager to the verification/secure link service provider over a communication path;

wherein the authentication computer program is stored in the authentication/secure link service provider memory and

wherein the subscriber identifier stored within the credential information manager memory is stored within the authentication/secure link service provider memory.

35. The system of claim 24, wherein the business service provider is configured to verify a password sent from the subscriber unit.

36. A method for securing traffic between a user, a traffic service provider having a processor and a memory, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store and authenticate a subscriber identifier associated with the user, store subscriber information associated with the user, send a verification request to a traffic service provider, send a traffic identifier to a traffic service provider for verification, receive a verification request result message from a traffic service provider, and send the network identifier, the subscriber information, and the traffic verification to the traffic service provider, the method comprising:

providing a subscriber unit having a processor, a memory, and a display;

wherein the subscriber unit is configured to accept user input;

sending a service request from the subscriber unit to the service provider;

the subscriber unit receiving a service identifier transmitted from the service provider;

transmitting a subscriber identifier and a network identifier associated with the user from the subscriber unit to the credential information manager, wherein the network identifier comprises a username and subscriber information; and

sending a password from the subscriber unit to the business service provider;

37. The method of claim 36, further comprising: the subscriber unit receives a validation failure message from the credential information manager to the subscriber unit, wherein the validation failure message indicates that the subscriber identifier sent by the subscriber unit to the credential information manager does not match a subscriber identifier stored within a memory of the credential information manager.

38. The method of claim 37, further comprising: displaying a visible authentication failure message on a display of the subscriber unit based on the authentication failure message received by the subscriber unit from the credential information manager.

39. The method of claim 36, further comprising: the subscriber unit receives a verification failure message from the credential information manager, wherein the verification failure message indicates that the transaction identifier received by the transaction service provider from the credential information manager does not match a transaction identifier stored in the transaction service provider memory.

40. The method of claim 39, further comprising: displaying a visual verification failure message on the subscriber unit display based on the verification failure message sent from the credential information manager to the subscriber unit.

41. The method of claim 36 wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines or display/input terminals.

42. The method of claim 41 wherein said subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

43. The method of claim 36, wherein one or more of the sending or receiving of the subscriber unit is accomplished via a secure telecommunications link.

44. The method of claim 36, wherein one or more of the sending or receiving of the subscriber unit is accomplished via a wireless telecommunications link.

45. The method of claim 36, wherein one or more of the sending or receiving of the subscriber unit is accomplished via the internet.

46. The method of claim 43, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

47. The method of claim 36 wherein said subscriber identifier is received as an input to said subscriber unit and stored in said subscriber unit memory before said subscriber identifier is transmitted from said subscriber unit to said credential information manager.

48. The method of claim 36 wherein said subscriber unit memory comprises removable memory and said subscriber identifier is stored within said subscriber unit memory before said subscriber identifier is sent from said subscriber unit to said credential information manager.

49. The method of claim 48, wherein the removable memory comprises a SIM card.

50. The method of claim 48, wherein said removable memory comprises an electronic card.

51. The method of claim 36, further comprising the subscriber unit receiving subscriber information from the service provider.

52. The method of claim 51, further comprising: displaying visible subscriber information on the subscriber unit display based on the subscriber information sent from the business service provider to the subscriber unit.

53. A method for protecting traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a traffic service provider having a memory and a processor, the traffic service provider configured to receive a traffic request from the subscriber unit, send a traffic identifier created based on the traffic request to the subscriber unit, store the traffic identifier, verify the traffic identifier, and receive a password sent from the subscriber unit, the method comprising:

a credential information manager is provided having a processor and a memory,

the credential information manager receiving an authentication request from the subscriber unit;

the credential information manager receiving the transaction identifier from the subscriber unit;

the credential information manager receiving a subscriber identifier from the subscriber unit;

the credential information manager receiving a verification request result message from the business service provider;

sending a transaction authorization from the credential information manager to the transaction service provider;

54. The method of claim 53, wherein said verifying further comprises: the credential information manager processor compares the subscriber identifier received by the credential information manager from the subscriber unit with the subscriber identifier stored within the credential information manager memory.

55. The method of claim 54, wherein said verification request is sent as a result of said comparison indicating that said subscriber identifier received by said credential information manager from said subscriber unit matches said subscriber identifier stored in said credential information manager memory.

56. The method of claim 55, further comprising: sending a validation failure message from the credential information manager to the subscriber unit, wherein the validation failure message is sent as a result of the comparison indicating that the subscriber identifier received by the credential information manager from the subscriber unit does not match the subscriber identifier stored within the credential information manager memory.

57. The method of claim 53, wherein said sending of said network identifier is sent as a result of said verification result request message indicating that said service identifier sent by said credential information manager to said service provider matches said service identifier stored in said service provider memory.

58. The method of claim 53, further comprising: sending a verification failure message from the credential information manager to the subscriber unit, wherein the verification failure message is sent as a result of the verification result request message indicating that the transaction identifier sent by the credential information manager to the transaction service provider matches the transaction identifier stored in the transaction service provider memory.

59. The method of claim 53, wherein one or more of said transmitting or receiving by said credential information manager is effected via a secure telecommunications link.

60. The method of claim 53, wherein one or more of said transmitting or receiving by said credential information manager is effected via a wireless telecommunications link.

61. The method of claim 53 wherein one or more of said sending or receiving by said credential information manager is effected via the Internet.

62. The method of claim 59, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

63. A method for securing traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store and verify a subscriber identifier associated with the user, store subscriber information associated with the user, receive a verification request from the subscriber unit, a traffic identifier, and a subscriber identifier, and verify the subscriber identifier, the method comprising:

a business service provider having a processor and a memory is provided,

receiving, by the service provider, a service request from the subscriber unit;

storing the business identifier in the business service provider memory;

the transaction service provider receiving a verification request from the credential information manager;

the transaction service provider receiving a transaction identifier from the credential information manager;

the transaction service provider receiving a network identifier from the credential information manager, wherein the network identifier comprises a username and subscriber information;

the business service provider receiving the subscriber information associated with the user from the credential information manager; and

the transaction service provider receiving a transaction authorization from the credential information manager;

receiving, by the business service provider, a password from the subscriber unit;

64. The method of claim 63, wherein said verifying further comprises: the transaction service provider processor compares the transaction identifier received by the transaction service provider from the credential information manager with the transaction identifier stored in the transaction service provider memory, wherein the verification result request message includes a result of the comparison.

65. The method of claim 63, wherein one or more of the sending or receiving by the business service provider is accomplished via a secure telecommunications link.

66. The method of claim 63, wherein one or more of the sending or receiving by the business service provider is accomplished via a wireless telecommunications link.

67. The method of claim 63, wherein one or more of the sending or receiving by the business service provider is accomplished via the Internet.

68. The method of claim 65, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

69. The method of claim 63, further comprising: storing the subscriber information received by the business service provider from the credential information manager in the business service provider memory.

70. The method of claim 63, further comprising: sending the subscriber information received by the business service provider from the credential information manager from the business service provider to the subscriber unit.

71. A system for securing traffic between a user, a traffic service provider having a processor and a memory, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store and authenticate a subscriber identifier associated with the user, store subscriber information associated with the user, send a verification request to a traffic service provider, send a traffic identifier to a traffic service provider for verification, receive a verification request result message from a traffic service provider, and send the network identifier, the subscriber information, and the traffic verification to the traffic service provider, the system comprising:

a subscriber unit having a processor, memory and a display,

wherein the subscriber unit is configured to accept user input,

the business identifier is stored in the business service provider memory;

72. The system of claim 71 wherein said subscriber unit memory comprises removable memory and said subscriber identifier is stored in said subscriber unit memory before said subscriber identifier is transmitted from said subscriber unit to said credential information manager.

73. The system of claim 72, wherein the removable memory comprises a SIM card.

74. The method of claim 72, wherein the removable memory includes an electronic card.

75. The system of claim 71, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

76. The system of claim 75 wherein said subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

77. The system of claim 71, wherein one or more of the communication paths comprise a secure telecommunications link.

78. The system of claim 71, wherein one or more of the communication paths comprise a wireless telecommunications link.

79. The system of claim 71, wherein one or more of the communication paths comprises the Internet.

80. The system of claim 77, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

81. A system for protecting traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a traffic service provider having a memory and a processor, the traffic service provider configured to receive a traffic request from the subscriber unit, transmit a traffic identifier created based on the traffic request to the subscriber unit, store the traffic identifier, verify the traffic identifier, and receive a password transmitted from the subscriber unit, the system comprising:

a credential information manager having a processor and a memory,

82. The system of claim 81, wherein said credential information manager further comprises:

an authentication/secure link service provider having a processor and a memory;

83. The system of claim 81, wherein one or more of the communication paths comprise a secure telecommunications link.

84. The system of claim 81, wherein one or more of the communication paths comprise a wireless telecommunications link.

85. The system of claim 81, wherein one or more of the communication paths includes the Internet.

86. The system of claim 83, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

87. A system for securing traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store and verify a subscriber identifier associated with the user, store subscriber information associated with the user, receive a verification request from the subscriber unit, a traffic identifier, and a subscriber identifier, and verify the subscriber identifier, the system comprising:

a business service provider having a processor and a memory,

the business identifier is stored in the business service provider memory;

88. The system of claim 87, wherein the business service provider is configured to verify the password sent from the subscriber unit.

89. The system of claim 87, wherein one or more of the communication paths comprise a secure telecommunications link.

90. The system of claim 87, wherein one or more of the communication paths comprise a wireless telecommunications link.

91. The system of claim 87, wherein one or more of the communication paths comprise the internet.

92. The system of claim 89, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

93. A method for protecting user traffic, comprising:

providing a subscriber unit having a processor, a memory and a display,

wherein the subscriber unit is configured to accept user input,

a credential information manager is provided having a processor and a memory,

storing subscriber information associated with the user within the credential information manager memory;

providing a service provider having a processor and a memory, sending a service request from said subscriber unit to said service provider;

94. The method of claim 93, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

95. The method of claim 94 wherein said subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

96. The method of claim 93, wherein one or more of the sending is accomplished via a secure telecommunications link.

97. The method of claim 93, wherein one or more of the sending is accomplished via a wireless telecommunications link.

98. The method of claim 93, wherein one or more of said sending is accomplished via the internet.

99. The method of claim 96, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

100. The method of claim 93 wherein said subscriber unit memory comprises removable memory and a subscriber identifier is stored by said removable memory before said subscriber identifier is sent from said subscriber unit to said credential information manager.

101. The method of claim 100, wherein the removable memory comprises a SIM card.

102. The method of claim 100, wherein the removable memory comprises an electronic card.

103. The method of claim 93, further comprising: storing the subscriber information sent from the credential information manager to the business service provider in the business service provider memory.

104. The method of claim 93, further comprising: sending the subscriber information sent from the credential information manager to the traffic service provider from the traffic service provider to the subscriber unit.

105. The method of claim 104, further comprising: displaying visible subscriber information on the subscriber unit display based on the subscriber information sent from the business service provider to the subscriber unit.

106. The method of claim 93, further comprising: verifying, by the business service provider, the password sent from the subscriber unit.

107. A system for protecting user traffic, comprising:

a subscriber unit having a processor, memory and a display,

wherein the subscriber unit is configured to accept user input,

a credential information manager having a processor and a memory,

a business service provider having a processor and a memory,

108. The system of claim 107, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computers or POS terminals, modems, fax machines, or display/input terminals.

109. The system of claim 108 wherein the subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

110. The system of claim 107, wherein one or more of the communication paths comprise a secure telecommunications link.

111. The system of claim 107, wherein one or more of the communication paths comprise a wireless telecommunications link.

112. The system of claim 107, wherein one or more of the communication paths includes the internet.

113. The system of claim 110, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

114. The system of claim 107 wherein said subscriber unit memory includes removable memory and said subscriber identifier is stored by said subscriber unit memory before said subscriber identifier is transmitted from said subscriber unit to said credential information manager.

115. The system of claim 114, wherein the removable memory comprises a SIM card.

116. The system of claim 114, wherein the removable memory includes an electronic card.

117. The system of claim 107, wherein said credential information manager further comprises:

an authentication/secure link service provider having a processor and a memory;

a validation request, received by said credential information manager, configured to be sent from said authenticated credential information manager to said validation/secure link service provider over a communication path;

a communication path for transmitting a subscriber identifier, said subscriber identifier received by said credential information manager and transmitted from said authenticated credential information manager to said verification/secure link service provider;

wherein an authentication computer program is stored in said authentication/secure link service provider memory, and

118. The system of claim 107, wherein the business service provider is configured to verify a password sent from the subscriber unit.

119. A method for securing traffic between a user, a traffic service provider having a processor and a memory, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store subscriber information associated with the user, and transmit the network identifier, and the subscriber information to the traffic service provider, the method comprising:

providing a subscriber unit having a processor, a memory, and a display;

wherein the subscriber unit is configured to accept user input;

sending a service request from the subscriber unit to the service provider;

transmitting a network identifier associated with the user from the subscriber unit to the credential information manager, wherein the network identifier comprises a username and subscriber information; and

sending a password from the subscriber unit to the business service provider;

wherein the password is never sent to the credential information manager, and wherein the network identifier is never received by the subscriber unit; and is

120. The method of claim 119, wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

121. The method of claim 119 wherein the subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

122. The method of claim 119, wherein one or more of the sending or receiving of the subscriber unit is accomplished via a secure telecommunications link.

123. The method of claim 119, wherein one or more of the sending or receiving of the subscriber unit is accomplished via a wireless telecommunications link.

124. The method of claim 119, wherein one or more of the sending or receiving of the subscriber unit is accomplished via the internet.

125. The method of claim 122, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

126. The method of claim 119 wherein said subscriber unit memory comprises removable memory and said subscriber identifier is stored by said subscriber unit memory before said subscriber identifier is sent from said subscriber unit to said credential information manager.

127. The method of claim 126, wherein the removable memory comprises a SIM card.

128. The method of claim 126, wherein the removable memory includes an electronic card.

129. The method of claim 119, further comprising the subscriber unit receiving subscriber information from the service provider.

130. The method of claim 129, further comprising: displaying visible subscriber information on the subscriber unit display based on the subscriber information sent from the business service provider to the subscriber unit.

131. A method for protecting traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a traffic service provider having a memory and a processor, the traffic service provider configured to receive a traffic request from the subscriber unit and to receive a password transmitted from the subscriber unit, the method comprising:

a credential information manager is provided having a processor and a memory,

wherein the password is never sent by the business service provider to the credential information manager, and wherein the network identifier is never sent to the subscriber unit; and is

Wherein the subscriber information is never received by the business service provider from the subscriber unit.

132. The method of claim 131, wherein one or more of the sending or receiving of the credential information manager is effected via a secure telecommunications link.

133. The method of claim 131, wherein one or more of the sending or receiving of the credential information manager is effected via a wireless telecommunications link.

134. The method of claim 131, wherein one or more of the sending or receiving of the credential information manager is accomplished via the internet.

135. The method of claim 132, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communications infrastructure.

136. A method for securing traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user and to store subscriber information associated with the user, the method comprising:

a business service provider having a processor and a memory is provided,

receiving, by the service provider, a service request from the subscriber unit;

137. The method of claim 136, wherein one or more of the sending or receiving by the business service provider is accomplished via a secure telecommunications link.

138. The method of claim 136, wherein one or more of the sending or receiving by the business service provider is accomplished via a wireless telecommunications link.

139. The method of claim 136, wherein one or more of the sending or receiving by the business service provider is accomplished via the internet.

140. The method of claim 137, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

141. The method of claim 136, further comprising: storing the subscriber information received by the business service provider from the credential information manager in the business service provider memory.

142. The method of claim 136, further comprising: sending the subscriber information received by the business service provider from the credential information manager from the business service provider to the subscriber unit.

143. A system for securing traffic between a user, a traffic service provider having a processor and a memory, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user, store subscriber information associated with the user, and send the network identifier, the subscriber information, and the traffic verification to the traffic service provider, the system comprising:

a subscriber unit having a processor, memory and a display,

wherein the subscriber unit is configured to accept user input,

144. The system of claim 143 wherein said subscriber unit memory includes removable memory and said subscriber identifier is stored by said subscriber unit memory before being transmitted from said subscriber unit to said credential information manager.

145. The system of claim 144, wherein the removable memory comprises a SIM card.

146. The method of claim 144, wherein the removable memory includes an electronic card.

147. The system of claim 143 wherein the subscriber unit is comprised of one or more mobile phones, smart phones, PDAs, computer or POS terminals, modems, fax machines, or display/input terminals.

148. The system of claim 147 wherein the subscriber unit is comprised of a telephone in wireless communication with a POS terminal.

149. The system of claim 143, wherein one or more of the communication paths includes a secure telecommunications link.

150. The system of claim 143, wherein one or more of the communication paths comprises a wireless telecommunications link.

151. The system of claim 143, wherein one or more of the communication paths includes the internet.

152. The system of claim 149, wherein the secure telecommunications link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

153. A system for protecting traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a traffic service provider having a memory and a processor, the traffic service provider configured to receive a traffic request from the subscriber unit and to receive a password transmitted from the subscriber unit, the system comprising:

a credential information manager having a processor and a memory,

154. The system of claim 153, wherein the credential information manager further comprises:

an authentication/secure link service provider having a processor and a memory;

a subscriber identifier received by the credential information manager configured to be sent from the authenticated credential information manager to the verification/secure link service provider over a communication path;

155. The system of claim 153, wherein one or more of the communication paths comprise a secure telecommunications link.

156. The system of claim 153, wherein one or more of the communication paths comprises a wireless telecommunications link.

157. The system of claim 153, wherein one or more of the communication paths includes the internet.

158. The system of claim 155, wherein the secure telecommunication link comprises one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communication infrastructure.

159. A system for securing traffic between a user, a subscriber unit having a memory and a processor and configured to accept user input, and a credential information manager having a memory and a processor, the credential information manager configured to store a network identifier associated with the user and to store subscriber information associated with the user, the system comprising:

a business service provider having a processor and a memory,

the network identifier is stored in the credential information manager memory configured to be transmitted from the credential information manager memory to the transaction service provider over a communication path;

the subscriber information is stored in the credential information manager memory configured to be transmitted from the credential information manager to the business service provider over a communication path;

160. The system of claim 159, wherein the business service provider is configured to verify the password sent from the subscriber unit.

161. The system of claim 159, wherein one or more of the communication paths comprises a secure telecommunications link.

162. The system of claim 159, wherein one or more of the communication paths comprises a wireless telecommunications link.

163. The system of claim 159, wherein one or more of the communication paths includes the internet.

164. The system of claim 161, wherein the secure telecommunications link includes one or more of a VPN, audio or video signaling, a secure tunnel, or an encrypted communications infrastructure.