| 摘要 |
The invention refers to systems, methods and protocols for the handling and carrying out of internet transactions which are realized between the participating entities which may be the Final User (FU) who desires to carry out the transaction, the Provider of Transactions (PT) who provides the transaction and the Controller of Validity of Transaction (CVT) who ensures the validity of the transactions and the proper functioning of the system as a whole. The carrying out of transactions through systems, methods and protocols consistent with the invention ensures that in the communication between the information systems of FU (ISoFU) and of CVT (ISoCVT) the confidentiality and integrity of the exchanged data are retained, the identity of the two parties is certified (mutual authentication) and the attribute of non repudiation of the acceptance of the transaction by the FU exists. These features along with the protection against the well known types of internet attacks and with the security in general which is provided, are provided transparently with the minimum participation of the FU and without any specialized knowledge of any level being required from him. For this to be achieved, a Secure Processing Unit (SPU) with capabilities for secure storage and processing of sensitive data is used. For the carrying out of some transaction by some FU the production of specific unique data (Confirmation Data) is required. These data have such form that only the SPU is in a position to create them and the ISoCVT through their processing to check the validity and the right to carryout of the specific transaction. The authorization to the SPU for their production is provided through the introduction by the FU into his system of specific data (Authorizing Data) which are in its exclusive jurisdiction. As regards the certification of the identity of the valid entities, this is done solely algorithmically and no participation at all and no control by munication between the ISoFUand ISoCVT is carried out through a two-way internet communication channel which is kept open by the ISoFU. Also a method is proposed where the adoption of the characteristics as they are described above is achieved through the secure sharing of common secrets between the ISoCVT and each one of the SPU of the FUs in conjunction with the use of the attributes of boththe symmetrical cryptography and the reverse hash chains. In the specific method with the exemption of the realization of one digital signature (use of the costly public key infrastructure) in the first transaction with the use of each SPU, the very efficient hash functions and symmetrical encrypting algorithms are solely used, contributing to clearly reduced needs for processing power on the part of the ISoCVT. In the carrying out of the transactions there is a minimum number of communication steps with a minimum volume of communication data. |
