The transactions involving the sale and transfer of electronic content to various user devices is becoming a more significant problem because this medium of exchange is gaining popularity and acceptance. Because these transactions are conducted at arms length, overcoming the issue of trust between the parties is important. Additionally, the problem of establishing a secure communication channel between the parties is important.
One existing scheme involves the download of electronic content through the Internet, and payment and receipt of a decryption key made over a second channel such as a telephone or fax. However, in this scheme, the user has to personally identify himself and receive the decryption key. Neither the payment information nor the decryption key could be transmitted through the first channel because the first channel of communication is assumed not to be secure.
In other schemes of the sort, a single communication channel is used between the content server and the client. However, in these systems, the problem of trust remains a primary concern. A user (client) is reluctant to pay for content it has not yet received, and the seller is reluctant to authorize the transfer or download of the electronic content without having received payment.
Since in a typical transaction, credit card details necessary for the payment may be transmitted over the same channel as the electronic content transfer, a secure means for the transmission of both payment information as well as the digital content is a must. In one prior art scheme, based on a secured sockets layer (SSL) protocol, transfer of credit card requires the payment processing server to have a certificate that a client could verify.
Some of the existing schemes for transacting over the Internet are based on the use of secret key cryptography. However, secret key cryptography requires that the parties involved in the transaction know each other prior and/or somehow communicate the secret decryption key or keys to one another, in order to complete the transaction. Alternative approaches use a public/private key cryptography. However, these processes require as a first step, the verification of the identity of both parties. This requires certificates and hence a certificate authority. However, under some scenarios of content transfer based on a serendipitous purchases, the requirement of obtaining a certification may be onerous and/or impractical. Additionally, one party has to obtain the public key through some intermediary channel.