A Trusted Authorization Scheme for E-Commerce Systems

The trusted authorization scheme is core content of e-commerce. Authorization refers to a kind of mechanism that specific authenticated users can access secure resources. Authorization system relies on the authentication system to confirm the identity of legitimate users and prevent unauthorized users. In order to solve the trusted problem of authorization, TPM1.2 specification published by TCG organization contains a series of protocols to resist all forms of attack. However, there are some security flaws in these protocols. A new trusted authorization protocol securer than OIAP protocol is proposed in the paper. The scheme ensures that only if the returned message is received and identified by the application the authorized access can be executed. This make the subject is credible when accessing key data in the trusted terminal and this can ensure the credibility of the e-commerce transactions. The security of the scheme is analyzed using formal logic method.