| 摘要 |
<p num="1"><br/><br/><br/>A technique for providing message authenticity includes accepting transaction <br/>information, <br/>accepting a first data item used for authenticating an originating user, <br/>cryptographically <br/>processing the transaction information using only a second data item, wherein <br/>the entropy of the <br/>first data item is less than the entropy of the second data item, and <br/>authenticating the originating <br/>user using the first data item. The first data item can be a sequence of <br/>digits corresponding to <br/>those displayed on an external device, such as, for example, an RSA <br/>authorization token, credit <br/>card, etc. In general, the first data item will be a short alphanumeric string <br/>and the second data <br/>item will generally be much larger, e.g., a 128 bit sequence to be used <br/>principally for data <br/>authentication. According to another aspect of the present invention, <br/>consequential evidence of <br/>the transaction may be secured to provide after-the-fact evidence of the <br/>transaction. This <br/>evidence can include a message written to a tamper-resistant log record, the <br/>message including <br/>the transaction information, the first data item, the second item, and an <br/>identifier for the <br/>originating user, as well as other information. At a subsequent point, the <br/>transaction can be <br/>shown to have been sent by the originating user and received by the intended <br/>recipient, by <br/>consulting the log record. Preferably, the validity of the transaction would <br/>be ascertained by an <br/>independent, mutually trusted third party.<br/>
|
