Guarantee of the transaction where the customer machine which was invaded illegitimately is relied on

摘要

A trusted transaction architecture that provides security from a client side input device to a merchant server by installing a secure custom browser process on the client side computer via an ActiveX control or the equivalent. This Secure Browser Process (SBP) may then be inspected to ensure that no external codes exist in its application space, that no subsequently loaded Dynamic Link Library (DLL), or equivalent, has been tampered with or modified, that no Application Programming Interface (API) has been overwritten or redirected, and that no input device driver has been hooked by a digital signature. The SBP then creates a secure channel to the input device(s) that are used to enter data into the browser application, and creates a secure channel to the merchant's destination server to ensure that data cannot be intercepted, even on the client side computer.