The advent of secure storage and processing devices such as smart-cards, coupled with the increasing use of practicable electronic commerce technology, has highlighted shortcomings in secure message transfer technology. This relates in particular to the robustness and auditability of secure messages when transmitted over different types of “best effort” networks.
Fundamental requirements for electronic commerce include the ability to transmit and receive messages with an acceptable level of confidentiality and integrity, where this level depends on the particular commercial application. In addition, reliable authentication of these messages, namely identification and verification of the source of a received message is also needed to ensure that fraudulent transactions are not being initiated.
Emerging best effort networks such as wireless and the Internet, place additional demands on messaging technology, since message delay, loss and occasionally duplication does occur.
Proposed standards for cryptographic and authentication functions often exact a commercially prohibitive penalty on secure messaging, because of their requirement for significant overhead data and associated complex equipment to provide the cryptographic and/or authentication functions. Available techniques have also not been proven to be reliable or efficient in the context of the aforementioned best effort networks.
It is an object of the present invention to ameliorate one or more disadvantages of the prior art.