TITLE OF THE INVENTION: METHOD FOR NON-REPUDIATTVE COMMERCIAL TRANSFER OF ELECTRONIC CONTENT FILES
FIELD OF THE INVENTION
The present invention relates to electronic commerce methods. More particularly, the invention relates to a method enabling a client to securely purchase one or more electronic file(s) from a distributor, by receiving the file in encrypted form from the distributor simultaneously with a corresponding decryption key, before having transferred any money to the distributor, thereby preventing repudiation by the client.
BACKGROUND OF THE INVENTION E-commerce (electronic commerce) has become a very popular way for companies and individuals to acquire electronic content files, such as music files, software, text or movies, over an electric medium such as a WAN (Wide Area Network), e.g. the Internet. On one hand, e-commerce provides clients with the possibility to purchase electronic files from their home or office, with minimal effort, and to download them directly onto their computer. On the other hand, e-commerce enables distributors to effortlessly advertise and sell their products, and to deliver the purchased merchandise simply by selectively uploading the requested file(s) to the buyer. The e-commerce can often be cheaper and more practical than the retail solution. Indeed, when selling products in the traditional manner, i.e. through a retailer, a battery of supplementary pre- marketing steps have to be accomplished: production of individual packages, transportation of the merchandise, buying shelf-space to put the products on display at a retail shop, etc. However, as useful as e-commerce may be, it brings about considerable security issues. Indeed, security breaches in the WAN-based transaction system can allow computer hackers to intercept sensitive financial data of the user. Encryption techniques such as 128-bits SSL (Secure Socket Layer) encryption have proven to be efficient, if implemented correctly, in securing sensitive data exchanges between a first computer system and a second computer system in communication with each other over a WAN.
However, other than mere transmission security breaches, others forms of weaknesses exist in WAN-based transaction systems. For instance, transfer problems can occur during the file upload from the file distributor to the buyer's computer, after the latter has paid the amount due for the files, without the distributor being aware of it. Therefore, a client can, righteously or not, claim that he has never properly received the purchased files and ask the distributor for a reimbursement therefor, the latter being often unable to show beyond doubt that the client's claims are unreasonable. Moreover, nothing ensures an honest buyer that he will indeed receive the purchased electronic files after having paid for it. An inexperienced buyer can try to buy files from a bogus web site run by a charlatan, which purports to sell electronic files in exchange for money. Through fill-in forms on his site, the charlatan can collect the buyer's financial information (e.g. his credit card number), and use this information to swindle money away from him without uploading anything back to the buyer in exchange for the debited amount of money. SUMMARY OF THE INVENTION
The present invention relates to a method in a computer system comprising input/output (I/O) means and connected to a communication network, said method enabling a user of said computer system to purchase at least one electronic content file over said communication network, said method comprising the sequential steps of: a) receiving an encrypted data file and a decryption key through said communication network, said encrypted data file embodying an encrypted version of said electronic content file, and said decryption key being operatively associated with said encrypted data file; b) displaying a purchase confirmation prompt through said I/O means; and c) upon the user inputting a positive reply in response to the purchase confirmation prompt of step b), initiating a file delivery process comprising at least the following sub-steps: - initiating a fund transmittal from the user over said communication network; and
- executing a decryption program to compute, using at least said encrypted data and said decryption key as inputs, an output file corresponding to a decrypted, usable version of said electronic content file, thereby delivering said electronic content file to said user. In one embodiment, the method further comprises the following step before step a): i) sending a purchase request over said communication network. In one embodiment, the user's financial data is acquired at any moment before the sub-step consisting in the fund transmittal from said user accomplished. In one embodiment, said user financial data is forwarded to a financial institution to accomplish the fund transmittal from the user of step c). In one embodiment, said I/O means comprise a keyboard, and wherein said financial data is acquired upon said user manually inputting said financial data in said computer system through said keyboard. In one embodiment, said computer system comprises a base unit and an interface device, said base unit comprising a memory unit and data processing unit, said interface device and said base unit being operatively interconnected, and wherein said user financial data is stored in a personal transaction device (PTD) operatively compatible with said interface device, and wherein said financial data is acquired from said PTD through said interface device. In one embodiment, said PTD is a smart card comprising a memory unit and a data processing unit thereon. In one embodiment, in step a), said encrypted data file is stored in said memory unit of said base unit, and said decryption key is stored in said PTD memory unit. In one embodiment, in the decryption program execution sub-step of step c), said decryption program is executed on said PTD data processing unit, and wherein said decryption key is not transmitted to said base unit throughout said method. In one embodiment, in the decryption program execution sub-step of step c), said decryption program is executed on said data processing unit of said base unit. In one embodiment, said PTD is a magnetic card.
In one embodiment, said PTD is an electronic wallet capable of storing electronic money thereon. In one embodiment, said file delivery process further comprises the step of sending a decryption status message over said communication network after step c). The present invention also relates to a computer data signal embodied in a transmission medium, said computer signal serving at least the purpose of assisting an electronic file distributor (EFD) in selling at least one electronic content file to a client over said transmission medium, the client being provided with a workstation comprising I/O means to purchase said electronic file from said EFD, said computer data signal comprising:
- a code segment comprising instructions for receiving an encrypted data file embodying an encrypted version of said electronic content file;
- a code segment including instructions for receiving a decryption key operatively associated with said encrypted data file; - a code segment including instructions for displaying a purchase confirmation prompt on said I/O means of the workstation of the client; wherein said computer data signal further comprises:
- a code segment including instructions for initiating a fund transmittal from the user to the EFD if and after the user inputs a positive reply in said computer system through said I/O means in response to said purchase confirmation prompt; and
- a code segment including instructions for executing a decryption program on said workstation, if and after the user inputs a positive reply in said computer system through said I/O means in response to said purchase confirmation prompt, in order to compute, using at least said encrypted data file and said decryption key as inputs, an output file corresponding to a decrypted, usable version of said electronic content file, thereby delivering said electronic content file to said client. The present invention also relates to a method for enabling a user of a computer system to purchase at least one electronic content file from an electronic file distributor (EFD), said computer system comprising input/output (I/O) means and being connected to a communication network, said method comprising the following steps: a) sending a purchase request from said computer system for said electronic content file to said EFD over said communication network;
b) receiving on said computer system an encrypted data file and a decryption key from said EFD through said communication network, said encrypted data file embodying an encrypted version of said electronic content file, and said decryption key being operatively associated with said encrypted data file; c) displaying a purchase confirmation prompt on said computer system; and d) upon inputting a positive reply on said computer system in response to the purchase confirmation prompt of step c), initiating a file delivery process comprising at least the following sub-steps: - initiating a fund transmittal from the user to said EFD; - executing a decryption program to compute, using at least said encrypted data file and said decryption key as inputs, an output file corresponding to a decrypted, usable version of said electronic content file, thereby delivering said electronic content file to said user. The present invention also relates to a method in a computer system connected to a communication network and owned by an electronic file distributor
(EFD) having a financial account at a financial institution, said method being for the sale of at least one electronic content file over said communication network and comprising the steps of: a) receiving a purchase request for said electronic content file; b) sending an encrypted data file and a decryption key through said communication network, said encrypted data file embodying an encrypted version of said electronic content file, and said decryption key being operatively associated with said encrypted data file; and c) receiving funds in said EFD financial account. In one embodiment, said method further comprises the following step before step (b): providing a decryption program comprising a selectively activatable trigger, said decryption program capable of computing, upon activation of said trigger and using at least said encrypted data file and said decryption key as inputs, an output file corresponding to a decrypted, usable version of said electronic content file.
DESCRIPTION OF THE DRAWINGS
In the annexed drawings : Figure 1 shows a schematic representation of the different entities intervening during the secure purchase of electronic content files according to an embodiment of the method of the present invention; and Figure 2 is a chart comprising the steps for the secure purchase of one or more electronic content file(s) according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE EMBODIMENTS
As used herein: - A "communication network" is any sort of public or private electronic network, such as a LAN (Local Area Network), a WAN (Wide Area Network), or the Internet, enabling computers and other electronic devices connected thereto to communicate with each other.
- An "electronic content file" is any sort of electronic file embodying electronic merchandise, including without limitation: audio files, video files, software, e-Books (electronic books), etc., which can be stored on an electronic memory unit such as a hard drive, a Recordable Compact Disc (CD-R), a Flash® card, etc., and which can be made publicly available over a communication network.
- A "smart card", as known in the art, is a credit card-sized, tamper-resistant security device that offers functions for secure information storage and information processing. A smart card contains a secure memory unit and data processing chip (also called "data processing unit" herein) embedded therein. The chip can compute functions, like actively detecting invalid access attempts to prevent "password guessing" attacks on the card, for example. A smart card can be safely used by multiple, independent applications. To use a smart card, the cardholder must generally have suitably authenticated himself beforehand. Optionally, input/output means, such as a LCD screen, a touch-pad, a biometrics reader, can be embedded on a smart card, to allow its cardholder to interact therewith.
- An "electronic file distributor" (EFD) means any sort of organisation whose business is to dispense, in exchange for money or other transaction units such as Air Miles™
or the like transaction units, electronic content files to computer users over a communication network. The present invention relates to a method allowing for a user of a computer system to purchase an electronic content file over a communication network from an EFD. Figure 1 shows the different entities which can intervene during the purchase/sale of an electronic content file according to the present method. The present method coordinates the activities of a user computer system or workstation 10, a server 40, and a financial institution 50, which are all, directly or indirectly, connected to a common transmission medium, such as communication network 32, which can be the Internet for example. Workstation 10 comprises a base unit 12 to which are connected peripheral input/output (I/O) means such as a monitor 14, a keyboard 16, and a pointing device (not shown). Base unit 12 comprises a casing 13, in which are installed standard computer parts (not shown in the drawings), such as a motherboard provided with USB (Universal Serial Bus) ports, data processing means such as a CPU (Central Processing Unit), a memory unit comprising dynamic memory means such as sticks of RAM (Random Access Memory) and non-volatile memory means such as a magnetic hard drive, removable media readers such as a floppy disk reader and a compact disc reader, a network adapter, etc. The network adapter located in base unit 12 will allow for workstation 10 to be operatively connected to communication network 32. Workstation 10 further comprises a peripheral interface device 18, provided with an insertion slot 20 on its front panel, and connected to base unit 12 through a USB port thereof for example. Interface device 18 can acquire data from and write data on a compatible personal transaction device (PTD) 22, which is operatively compatible with interface device 18 and owned by a user of workstation 10. PTD 22 provides its holder with a portable financial identity in that it carries, under electronic form, financial data related to the user. This financial data correspond to a bank account number, a credit card number, or other sort of coded information identifying a pecuniary account of the user at a financial institution such as financial institution 50. With his PTD 22, the user can perform payment transactions, deposits, withdrawals, account status inquiries, and any other permitted pecuniary operations. PTD 22 can be a debit or credit magnetic card, a debit or credit smart card, or any alternate portable transaction
device known in the art. PTD 22 can be used in cooperation with any compatible PTD interaction devices, such as interface device 18, an ATM (Automatic Teller Machine), a store-owned PTD interface device, etc... Before being able to use PTD 22, the user preferably authenticates himself to prove that he is its rightful owner, and to help prevent a counterfeiter from fraudulently using PTD 22. In the case where PTD 22 is used in conjunction with workstation 10, such an authentication process can consist in inputting authentication data in workstation 10, such as a Personal Identification Number (PIN), or a biometric parameter e.g. a fingerprint scan. This authentication data can be acquired through any I/O means provided on or in communication with workstation 10. For example, a PIN can be input on keyboard 16, or on a touch-pad located on interface device 18 or on PTD 22 itself. A fingerprint scan is acquired using a suitable fingerprint scanner. To complete the authentication process, the acquired authentication data must be compared with pre- stored reference authentication data, which is pre-acquired from the rightful owner and user of PTD 22 after it is issued but before it is put in operation. In the case where PTD 22 is a smart card (and therefore possesses a data processing unit and a secure memory unit), the reference authentication data is pre-stored in the memory unit of PTD 22, and the authentication data comparison is performed locally, e.g. is executed on the data processing unit of the smart card or the CPU of workstation 10. In the case where PTD 22 is a magnetic card (and has therefore very limited storage space), then the reference authentication data is pre-stored on a remote database managed by the institution which issued PTD 22. In this case, the acquired authentication data is forwarded from workstation 10 to the remote system supporting this database, through communication network 32, and the comparison is performed remotely on this system. A positive or negative confirmation message, corresponding to the result of the comparison, is then transmitted to workstation 10. If the acquired authentication data matches the reference authentication data, then the authentication succeeds, if not it fails. Authentication techniques not being the object of the present invention, they will not be further described. As used hereinafter, the "authentication process" refers to any of the above described techniques used to authenticate a user of PTD 22, or any alternate authentication technique which may occur to an ordinary person skilled in the art.
The present method will allow a user of workstation 10 to purchase and acquire an electronic content file from an electronic merchant such as an EFD 40. EFD 40 generally comprises at least a server 42 managed by a server administrator; server 42 is connected to communication network 32 through the instrumentality of a network adapter (not shown) installed thereon. To have visibility among computer users, EFD 40 can use an on-line advertising medium, such as a web site hosted on server 42 and maintained by the server administrator, by means of which the electronic content files on sale by EFD 40 are advertised to Internet users. Server 42 also has the appropriate software/hardware infrastructure to allow for the following method to be suitably carried out. Moreover, EFD 40 has the necessary access privileges to query the database of financial institution 50 in order to have access to some financial information of a buyer, on the occasion of the sale of an electronic content file that occurs according to the present method. The method, according to one embodiment the present invention, consists in eight steps, as illustrated in figure 2. For the sake of conciseness, the Internet will represent communication network 32 in the following description of the present method: Step 101. The client browses the on-line web site of EFD 40 with his web browser With his web browser, such as Netscape® of Microsoft Internet Explorer®, installed on user workstation 10, the client visits and browses the web site of EFD 40 to glance through the electronic products the latter has for sale. Step 102. The client selects the file(s) he wishes to acquire If the client is interested by one or more electronic content file(s) advertised on the web site of EFD 40, he selects the file(s). Popular means used by electronic merchants to provide potential clients "with the possibility to select items they want to buy from their web site is the "shopping cart" interface teclmology. This "shopping cart" technology allows for a web user browsing the website of EFD 40 to select the files he wishes to buy, by clicking on a button marked "Add to shopping cart", generally juxtaposed to a description of a corresponding electronic content file. This allows a user to easily select several files simultaneously, in view of their eventual purchase, by adding them to a virtual shopping cart. It is understood that any alternate suitable product selection technology could be employed instead of this so-called "shopping cart" technology to carry out the present item selection step.
Step 103. The user sends a purchase request to EFD 40 After the client has selected the file(s) he wishes to acquire, he sends a purchase request to EFD 40. This can be achieved by clicking on a button marked with "Continue" or "Proceed with order" for example, located on a page of the web site of EFD 40.
Step 104. The requested electronic content files are sent to the client in unreadable format When the purchase request is received by EFD 40, the requested electronic content files are sent, in unreadable form, from EFD server 42 to the client workstation 10. Two distinct data files are sent to the client workstation 10 for each requested electronic content file:
- an encrypted data file embodying an encrypted version of the electronic content file. This encrypted file, after it is received by the" client, is stored on the hard drive of base unit 12. - a second data file embodying a decryption key operatively associated with the encrypted data file. This decryption key, after it is received by the client, can be stored on the hard drive of base unit 12. Alternately, in the case where PTD 22 is a smart card (and therefore has secure and suitably large storage space), this decryption key can be forwarded to interface device 18 and stored onto the secure memory unit of PTD 22, after having been received by workstation 10.
Step 105. The client's financial data is acquired and transmitted to a given recipient EFD 40 then sends a message to the client to inquire about his financial data. When user workstation 10 receives this message, a message prompt is displayed on monitor 14 of workstation 10 asking the client to insert his PTD 22 in the front slot 20 of interface device 18. Once PTD 22 is inserted in front slot 20 of interface 18, the user's financial data can be retrieved from PTD 22 and the authentication process can be performed to verify that the current user is the rightful owner of PTD 22. If the authentication succeeds, the financial data of the client, stored on PTD 22, is forwarded to a given recipient. This recipient can be EFD 40 itself, financial institution 50, or an intermediary organisation in charge of handling payment transactions between the client and EFD 40.
It is understood that suitable software, whether it be a web browser plug- in or a standalone software component, is installed and suitably configured on workstation 10, in order for interface device 18 to respond to financial data inquiries sent from an external party such as EFD 40, and in order to cooperate with user workstation 10 to acquire such financial data from the client. Step 106. A fund sufficiency check is made Before going further with the transaction, EFD 40 must know if the client has enough money in the account associated with the financial data of the client. To do so, in the case where the financial data of the client has been sent directly to EFD 40, EFD 40 can query financial institution 50, using the client's financial data, to verify if the latter has enough money in his account to pay for the electronic content files he requested. If the financial data of the client has been sent to financial institution 50, financial institution 50 can send a message to EFD 40 to inform him whether or not his client has sufficient funds in his account to purchase the selected files. If the financial data has been sent to an intermediary organisation in charge of handling payment transactions between the client and EFD 40, this intermediary organisation will query the database of financial institution 50, check if enough funds are available in the client's account, and forward the result of this so-called fund availability check to EFD 40. If sufficient funds are indeed available in the client's account, then the financial institution 50 sends a positive reply to EFD 40; if not, a negative reply is sent to EFD 40. In the case where a positive reply has been received by EFD 40 from financial institution 50, then the transaction can be carried on to the next step 107. If a negative reply is received by EFD 40, the purchase transaction is terminated and a termination message is duly sent to the client workstation 10, to notify him that the purchase transaction has been cancelled on the grounds of insufficient available funds in his account. It is understood that even though financial institution 50 intervenes in the present step, the payment transaction between the client and EFD 40 is not yet accomplished. Step 107. EFD 40 asks for a purchase confirmation from the client EFD 40 then prompts the client for a purchase confirmation, through a confirmation page of his web site for example, to confirm that he consents to the purchase of the requested file(s), the client can for example click on a button marked
"Confirm purchase" present on this confirmation web page. Before consenting to the purchase, the client can verify himself that both the encrypted data file and the decryption key have been integrally and correctly received and stored on workstation 10. The client can achieve such a file integrity check by comparing the file size (in bytes) of both files with their respective actual file size, which can be revealed on the confirmation page of the web site of EFD 40 for example. In the case where the decryption key is forwarded to PTD 22, a LED (light-emitting diode) located on interface device 18 can light up to notify the client that the decryption key has been integrally received onto PTD 22. Alternatively, an automated file integrity check can be made by a program locally executed on workstation 10. If the client consents to the purchase of the file(s), a positive purchase confirmation message is sent to EFD 40, and the transaction can be carried on the next step 108; if not, the purchase transaction is terminated.
Step 108. The file delivery process and the payment transaction are performed At this point in the method, the client has both the decryption key and the encrypted data file stored locally on user workstation 10, the client's financial data has been revealed to EFD 40, financial institution 50 or the entity responsible for handling the payment transaction, and the client has consented to the purchase. The process of delivering the purchased files to the client is thus initiated, and consists in the following sub-steps, which can be performed sequentially or concomitantly:
- A fund transmittal from the client's account to the account of EFD 40 is performed. If the client's financial data has been sent directly to EFD 40 during step 105, this fund transmittal can be accomplished upon EFD 40 sending a fund transfer request to financial institution 50, providing financial institution 50 for that matter with the amount due for the requested file(s), the user's financial data, and its own financial data. Or, if the client's financial data has been sent to financial institution 50, the fund transmittal can be done directly upon EFD 40 sending a fund transmittal request to financial institution 50, upon receipt of which the fund transmittal from the client's account to the account of EFD 40 will be performed. Else, if the client's financial data has been sent to an intermediary organisation handling payment transactions between EFD 40 and its clients, the fund transmittal is done after this organisation
sends a corresponding fund transfer request to financial institution 50. The fund transmittal may relate to money or any other suitable transaction unit.
- A decryption program is executed to compute, for each purchased file, using the encrypted data file and the decryption key as inputs, an output file corresponding to a decrypted, usable version of the requested electronic content file, thereby delivering the electronic content file to the user. After its generation, the readable electronic content file is stored on the hard drive of workstation base unit 12. It is mandatory that this decryption program be prevented from being manually executed to compute the purchased electronic content file, before the purchase confirmation of the previous step has been sent to EFD 40 from user workstation 10. If this decryption program could be executed freely by a user of workstation 10, a fraudulent Internet user could go through steps 101-106 to obtain the encrypted data file and the decryption key, manually execute the program to generate the electronic content file, and reject the purchase in purchase confirmation step 107, thereby obtaining an electronic content file without having paid for it, which is unacceptable. The decryption program is prevented from being manually executed to compute the purchased electronic content file by being coded in such a way to compute the purchased electronic content file if and only if the purchase of the electronic content file is confirmed by the client in step 107. Optionally, the decryption program is not initiated before the fund transmittal has been successfully completed. The decryption program performing the decryption operation can be downloaded and installed prior to or during the electronic file purchase transaction, for example from a page dedicated therefor on the web site of EFD 40. Alternately, the decryption program may be an applet, written in Java® for example, set to download automatically when the client user visits a given page of the web site of EFD 40, for example from its purchase confirmation page. In both cases, the program is executed on the CPU of workstation base unit 12. In an alternate embodiment of the invention, in the case where PTD 22 is a smart card, the decryption program is stored on the memory unit of PTD 22. This decryption program can be a featured component of PTD 22, or it can be downloaded from a web site, such as that of EFD 40, onto base unit 12, and loaded and installed onto
PTD 22 through the instrumentality of interface device 18. This decryption program is executed on the data processing unit of PTD 22. The fact of executing the decryption operation directly onto the data processing unit of PTD 22 enhances the security of the operation; indeed, the decryption key never leaves the secure memory unit of PTD 22, making it harder for a counterfeiter to gain access to the decryption key, try to decrypt the encrypted data file, and obtain the electronic content file without paying for it. Alternately, the decryption key can be temporarily stored onto PTD 22 (if it is a smart card), but when comes the times to perform the decryption operation, the decryption key is read from PTD 22 by base unit 12 and the decryption program is executed on the CPU of base unit 12. Alternately, the decryption key can well be the decryption program itself, which can only be triggered once the positive purchase confirmation message has been sent to EFD 40, and without it being necessary for an external program to intervene. Other alternatives could be envisioned in order to provide the client with the necessary tools to decrypt the encrypted data file using the decryption key. After the above-described method has been carried out and the client has obtained the electronic content file he purchased, or if the client has aborted the purchase transaction after having received the encrypted data file and the decryption key but before having obtained the requested electronic file, temporary files such as the encrypted data file, the decryption key and the decryption program can be automatically deleted from user workstation 10. If PTD 22 is a smart card and the decryption key is stored thereon, the decryption key is deleted from PTD 22 after the client has obtained the electronic content file. It is to be understood that the above described sequence of steps is indicative of the method of present invention. The invention is not limited to this exact sequence of steps. An important characteristic of the method of the present invention resides in the fact that the client confirms that he consents to pay the EFD after the client has received both the encrypted file and the decryption key on his local workstation, both necessary to generate the requested electronic content file(s). The above-described method and the hardware/software components used to carry out this method, can be freely varied without departing from the scope of the present invention, as long as the resulting method presents this characteristic.
For example, the step of acquiring of the financial data of the client (step 105), and the step where the fund sufficiency check (step 106) is made, could be performed before the encrypted data file and the decryption key are sent to the client (step 104). In an embodiment of the invention, a supplementary step 109, illustrated in dotted lines in figure 2, is accomplished during the present method: a decryption status message is automatically sent to EFD 40 from user workstation 10 once the decryption operation has been accomplished. A positive decryption status message means that the decryption has been completed successfully, and thus that the electronic content file has been correctly delivered to the client; a negative decryption status message means that the decryption operation has failed. This message gives the necessary feedback for EFD 40 to intervene accordingly if a problem has occurred during the decryption operation and thus delivery of the electronic content file. In yet another embodiment of the invention, the method of the present invention could be defined as follows: A method in a computer system comprising input/output (I/O) means and connected to a communication network, the method enabling a user of the computer system to purchase at least one electronic content file over the communication network, the method comprising the sequential steps of: a) receiving an encrypted data file and a decryption key through the communication network, the encrypted data file embodying an encrypted version of the electronic content file, and the decryption key being operatively associated with the encrypted data file; b) displaying a purchase confirmation prompt through the I/O means; and c) upon the user inputting a positive reply in response to the purchase confirmation prompt of step b), initiating a file delivery process comprising at least the following sub-steps: - initiating a fund transmittal from the user over the communication network; and - executing a decryption program to compute, using at least the encrypted data and the decryption key as inputs, an output file corresponding to a decrypted,
usable version of the electronic content file, thereby delivering the electronic content file to the user. In this description, which depicts the method as seen from the client's side of the purchase transaction, only three main steps remain in the method. This embodiment of the method does not include the steps consisting in the client browsing the web site of EFD 40, selecting the files he wishes to acquire, sending a purchase request to the EFD before receiving the encrypted data file and the associated decryption key, and acquiring the client's financial data and sending it over the communication network. Nevertheless, this embodiment is clearly within the scope of the present invention since the client confirms that he consents to the purchase, and thus consents to pay the EFD, after having received both the encrypted file and the decryption key on his workstation. Moreover, alternate means could be used to allow an EFD and its clients to interact. The method, as described hereinabove, uses a web site to allow EFD 40 to interact with its clients, which they browse using a standard web browser. In an alternate embodiment, instead of a web site, this method is carried out using standalone dedicated software. With this dedicated software, a client can log on to the server of a given EFD, browse its catalogue, and purchase files advertised thereon. The download of the encrypted data file and the decryption key, the generation of the electronic content file using this encrypted data file and decryption key, the acquisition of the financial data from the client and its transmission to EFD 40, are all handled by this dedicated software. Moreover, it is understood that any suitable interface means can be used for information to be suitably communicated to the client on the occasion of a purchase made using the present method. For example, the amount of money due to the EFD for one or more purchased file(s) can be displayed on monitor 14 of workstation 10, on an
LCD screen embedded on PTD 22, an LCD screen provided on interface device 18, etc. Also, in the above method, EFD 40 handles all file and money exchanges with the client. It is understood that EFD 40, in an alternate embodiment, could consist in two entities:
- the electronic file supplier, whose business is to produce or make electronic content files available to users;
- an intermediary company whose business is to help electronic file suppliers to quickly build a secure storefront to display its products, accept online orders, process payments and distribute electronic content files using the present method, including the conversion of the readable electronic content file sold by the supplier into encrypted form and the generation of a corresponding decryption key. Furthermore, payment transactions could be handled differently than as described above. For example, PTD 22 could be an electronic wallet. An electronic wallet is a portable transaction device, such as a smart card, on which money is stored under electronic form ("electronic money"). To perform a payment transaction for a certain amount of money or other transaction units using this device, this amount of money is deducted from the available amount of electronic money stored thereon. An electronic wallet can be loaded with electronic money at a bank or other financial institution, for example. In the case where PTD 22 is an electronic wallet smart card, the fund transfer is done directly from the user to the electronic store, by deducting an amount of electronic money from the memory of the user's electronic wallet, concomitantly with the crediting of the electronic store's account with the same amount of money. The fund sufficiency check (step 106) would be made differently in such a case; for example, the amount of electronic money available on the client's electronic wallet is forwarded to EFD 40 for it to check if sufficient funds are indeed available thereon, without having to query a financial institution therefor. Also, in yet another alternate embodiment, provision can be made for a workstation 10 deprived of an interface device 18. In such a scenario, instead of electronically retrieving the financial data of the user from PTD 22, the user could provide the EFD with his credit card number and expiration date, which the EFD could use to charge the client for the purchased files. This method has been, to this day, a common technique used by electronic merchants to acquire financial data from a user. It is understood that during the accomplishment of the present method, all sensitive data exchanges between the user, the EFD, and the financial institution, are suitably secured, using certificates and 128-bits SSL encryption, for example. The gist of the present method resides in the fact that the client pays the EFD after the former has received all the data files on his local workstation necessary to
produce the requested electronic content file(s). The client consents to the purchase after having had the opportunity to perform an integrity check of the downloaded files. Therefore, the client cannot assert, righteously or not, that he has paid for a file that has not been correctly delivered to him because of a faulty download. Moreover, by using this method, it becomes substantially harder for a charlatan hosting a web site disguised as that of an EFD, to pretend to sell electronic files, and to lure web users into giving them their credit card number in exchange for electronic content files, which the lured web users would end up not receiving. This method hence provides web users with more control over the transaction procedure between them and the EFD, and thus with more assurance when shopping from an electronic merchant of questionable trustworthiness.