The present invention relates generally to methods and systems for performing secure electronic transactions, and more particularly to a method and system for performing secure electronic transaction for positively securing electronic monetary transactions between two public entities for any n digit electronic "money"; e.g., bank account numbers, credit card numbers, fund amounts, etc.
Existing secure transaction systems include private and public key encryption systems. These types of systems rely on creating sufficiently large codewords such that the time required to break the code by simply trying all possibilities is extremely large.
Securing an information transfer between two public entities can be done in a variety of ways. But no matter what manner is chosen, the goal is to positively transfer the information through the public sector without the information being discovered and used by anyone other than the intended recipient. This need for a positive and secure transfer increases significantly along with the value of the information being passed. Various systems have been developed through the years to perform these transfers and the public record is well documented with both success and failures. The major component of almost every system developed is an encryption key that is used to translate information from source text to cipher text and back to source text.
An information transfer key is just like a physical one. It is used to unlock, in this case secure data. All modern secure systems use keys of one type or another. The only difference between a transaction key and a physical one is that besides losing it or having it stolen, it can also be derived ("broken") or discovered. The major weakness with public transfer of information is key discovery--not the physical issues with loss or theft, which are faults that cannot be removed from any key-based system, but deriving and using a key without authorization.
The current electronic age has ushered in a dramatic increase in the need for secure monetary transactions, and new methodologies have been developed in an attempt to meet the demand. The main new weapons that have been unveiled are systems based on a concept called Public Key Encryption (PKE). These systems were developed to solve the supposed faults of the private key methods used in the past. A private key system is one in which only those who intend to share information all posses the same key. The private key systems supposedly have a major fault: the secure distribution of the private key to the intended recipients and only to those recipients.
PKE introduced a concept in which there are dual keys--one public and one private. The public key is freely distributed to anyone who wishes to transfer information to the entity holding the single private key. This dual key approach therefore solves the fault by not having to distribute a private key. The entire basis for PKE methods is the mathematically large disparity between decrypting the cipher text created with the public key using the PKE private key, which is very rapid and simple to do (polynomial time computation), and working through the possibilities without the key, which theoretically takes a very long time (factoring, requiring exponential time computation). These systems are theoretically secure because the combination of the public key and the source information generate this theoretically long time to factor the possibilities without the PKE private key. The reason this is theoretical is that it is possible to develop a unique set of mathematical equations or even a single algorithm for either mimicking or rapidly factoring an integer in polynomial time, although no solution has been published to date. Alternatively, faster computers are always shortening the problem. Proposals have even been made to develop "quantum computers" that would perform these computations in a fraction of the expected time. Consequently, the controversial issue with these methods is that if the math were to be developed, or the shortcut found, then the security of these PKE systems completely and instantly evaporates.
The fundamental problem with these PKE systems is that they have been introduced as saviors of the faults of a private key system. While supposedly solving this problem, they have introduced uncertainty into the core issue with all encryption systems: unauthorized discovery of the key--now matter how sophisticated the mathematics. So what really has been accomplished? The answer, for the domain of electronic monetary transactions, is nothing of consequence.
The present invention is therefore directed to the problem of developing a system for performing secure electronic transactions that reduce code breaking to merely guessing the code used or the message sent, but which cannot be solved mathematically and that uses an architecture that is completely open.