In recent years electronic commerce (e-commerce) has been the focus of significant attention as Internet-related sales grew at rates of 25 percent or more. Despite this in 2006 overall online sales within the US excluding travel purchases, represented only approximately 6 percent of US retail sales. In 2007 including travel this figure was expected to increase 18 percent to approximately US$260 billion.
Hampering e-commerce, and therefore it's growth, is the prevalent view that e-commerce has many privacy and security issues, of which a central aspect is that there is no reliable way to ensure that the sender of an electronic transmission is in fact who they purport to be. The non-physical nature of the Internet leads to distrust because the consumer does not interact with a live person, the consumer does not see actual products, and most significantly, the user provides payment information to this unseen and unknown vendor.
In face-to-face commerce, the client and the merchant provide identification, authentication and authorization. Identification is the process that enables recognition of a customer or vendor, for example a store with signage, authentication is the act of verifying the claimed identity of an individual, for example by viewing a second piece of identification, and authorization is the final step wherein a transaction is completed, for example, by providing a credit card and signing the resulting credit slip. Further, since the customer is standing in front of the vendor, it is typically straightforward to ensure privacy, prevent identity theft, etc.
Solutions for use across the Internet for providing identification, authentication, and authorization have focused heavily on the applications of cryptography. Using cryptography allows a secure connection between two endpoints to ensure that communications are not intercepted and tampered with. Other aspects of the commercial transaction have remained substantially the same—a product or service is selected, an invoice is prepared for the product or service, a payment method is provided and an authorization is received. Once completed, the transaction is sometimes confirmed through an alternative communication path, for example by email.
A more technical security attack is a “man-in-the-middle” security attack. In such an attack, a system intercepts messages from each end of a communication path, placing the system in the middle of the communication. The system sets up secure communication paths which each end of the path and has access to the communication in the middle. As such, the man-in-the-middle can eavesdrop, record, or alter the data. Most problematically, a man-in-the-middle is typically a software process and, as such, could be executing on the user's own system.
When a man-in-the-middle security attack is employed, message integrity verification is important to ensure that no tampering has occurred. Message integrity checking is typically determined using codes that digest or hash the original message data, such as message digest codes.
Non-repudiation describes the creation of cryptographic receipts so that an author of a message cannot falsely deny sending a message. Thus the Internet reveals the full complexity of trust relationships among people, computers, and organizations.
Cryptographic processes involving the private key such as digital signatures and key exchanges are known to be performed on, for example, a peripheral card. By signing transactions in such an environment, users are assured a modicum of integrity and privacy of the data exchanged between themselves and the other party in the transaction. The private key need not be revealed outside of the peripheral card. However, one of the disadvantages of peripheral cards is that the owner is not protected from abuse of the host system. For example, because of the lack of a user interface, such as a display screen, the owner may not be sure about the contents of the actual message being signed.
Another approach adopted has been to implement the solutions by means of a personalized device, such as a wireless application protocol (WAP) capable mobile phone or wireless personal digital assistant (PDA), the personalized devices then providing the signing token. Such a personalized device can store private keys and sign transactions on behalf of its owner. In such a situation, the holder of the personalized device is assumed to be its rightful owner or authorized representative as determined by an appropriate access-control mechanism, though this may not be the case. This approach is extended further by Vanstone in U.S. Pat. No. 7,216,237 entitled “System and Method for Trusted Communication” where a data message is generated on an external device, such as a personal computer (PC), and then presented to the personalized device for signing.
Vanstone teaching that the client may compare the message on the PC and personalized device prior to issuing the approval to append their electronic signature to the message and thereby complete, for example, the e-commerce transaction. Alternatively Vanstone teaches that all activities are contained within the personalized device, enabling wireless e-commerce transactions.
However, there exists substantial risk for fraud in either approach. In the first approach when the message is prepared on a PC and conveyed to the personalized device the integrity of the message is questionable and the ability to verify the message adequately is also in question. Thus, though the signed data message is transmitted via the personalized device, it is difficult to use the small viewing area and typically inconvenient user interface of the personalized device to verify the entire document.
In the second situation, wherein all activities are contained within the personalized device then one faces the inconveniences of verifying and performing transactions with the limitations of a personalized device.
It would be advantageous to provide a method and system that overcomes at least some of the above-noted limitations.