Electronic commerce is hampered by privacy and security concerns, as there is no reliable way to ensure that the sender of an electronic transmission is in fact who they purport to be. Due to the non-physical nature of the medium, traditional methods of is physically marking the media with a seal or signature, for various business and legal purposes, are not practical. Rather, some mark must be coded into the information itself in order to identify the source and authenticate the contents.
In business, whether online or face-to-face, the client and the merchant must provide identification, authentication and authorization. Identification is the process that enables recognition of a user described to an automated data processing system and authentication is the act of verifying the claimed identity of an individual, station or originator, and finally authorization is the granting of the right of access to a user, program, or process.
A solution to the problems of identification, authentication, confidentiality, authentication, integrity and non-repudiation in information systems lies in the field of cryptography. For confidentiality, encryption is used to scramble information sent between users so that eavesdroppers cannot understand the data's content. Authentication usually employs digital signatures to identify the author of a message such that the recipient of the message can verify the identity of the person who signed the message. Digital signatures can be used in conjunction with passwords or as an alternative to them.
Message integrity is determined by methods that verify that a message has not been modified, such methods typically employ message digest codes. Non-repudiation describes the creation of cryptographic receipts so that an author of a message cannot falsely deny sending a message. Thus the Internet reveals the full complexity of trust relationships among people, computers, and organizations.
As mentioned above, one method of authentication involves digital signatures. Digital signatures use public-key cryptographic techniques employing two related keys, a public key and a private key. In public-key cryptography, the public key is made available to anyone who wants to correspond with the owner of the corresponding private key. The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key. The secrecy of messages encrypted this way, and the authenticity of the messages signed this way relies on the security of the private key. Thus, the private key is kept secret by the owner in order to protect the key against unauthorized use.
Traditionally smart cards have been used as signing tokens for authenticating a user, smartcards are an alternative name for a microprocessor card, in that it refers to a chip card that is “smart”. The expression “smart Card” is used to refer to all types of chip cards, however SMARTCARD® is a registered trademark of Groupmark. Smart cards place digital certificates, cryptographic keys and other information on a PIN-protected token carried by the end-user, which is more secure than storing it on a computer device which may be vulnerable to unauthorized access. All the cryptographic algorithms involving the private key such as digital signatures and key exchanges are performed on the card. By signing transactions in such an environment, users are assured a modicum of integrity and privacy of the data exchanged between each other. The private key need not be revealed outside of the token.
One of the disadvantages of smartcards is that the owner is not protected from abuse of the smart card. For example, because of the lack of a user interface, such as a display screen, the owner may not be sure about the contents of the actual message being signed with the smartcard. Another drawback of smartcards is that any entity or person in possession of the smartcard and the PIN, who may not be the rightful owner or which may be a malicious application, in effect has knowledge of the private key.
Another solution is the implementation of a personalized device, such as a wireless application protocol (WAP) capable mobile phone or wireless personal digital assistant (PDA), as a signing token. Such a personalized device can store private key and sign transactions on behalf of its owner. In such a situation, the holder of the personalized device is assumed to be its rightful owner or authorized representative as determined by an appropriate access-control mechanism. The data message may be generated on an external device, such as an external computer, and then presented to the personalized device for signing. Alternatively, the data message can be generated completely on the personalized device. However, there exists substantial risk for fraud in both of these situations.
With reference to the first situation in which a data message is prepared on a personal computer, or similar, and then conveyed to the personalized device for signing and transmission, integrity of the message may be comprised. In this example, the owner of the personalized device may wish to employ the larger viewing area or the computing power available on a personal computer to browse and assemble the transaction. Once the data message has been assembled on the personal computer, the data is transmitted to the personalized device for signing. The personalized device calculates a signature, and the signed data message is transmitted via the personalized device. The personalized device thus acts both as a signing token and as a transmitting device.
In this situation, it is assumed that the external computer can be trusted and that this computer does not contain malicious software or has been programmed by unscrupulous individuals to alter the content of the message. Should the data presented for signing be different from that displayed, then the owner of the private key would then sign fraudulent or financially harmful transactions.
With reference to the second situation, an example of potential fraud will now be described. Suppose that the personalized device operating system becomes corrupted through any number of ways, such as, by unintentionally installed software containing malicious code, script embedded in messages, or by compromise of the personalized device operating system via security holes. This malicious code could then alter the contents of transactions, as described above.
Indeed, there is greater potential for fraud as transactions could be created, signed, and transmitted without the knowledge of the owner. The non-repudiation of such fraudulently obtained signed transactions would be difficult to contest as prima facie the personalized device's owner appears to have sanctioned the data message by appending a valid signature.
Accordingly, it is an object of the present invention to mitigate at least one of the above disadvantages.