Skip to main content
SpringerLink
Log in

Merx: Secure and Privacy Preserving Delegated Payments

  • Conference paper
Trusted Computing (Trust 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5471))

Included in the following conference series:

Abstract

In this paper we present Merx, a secure payment system that enables a user to delegate a transaction to a third party while protecting the user’s privacy from a variety of threats. We assume that the user does not trust the delegated person nor the merchant and wishes to minimize the information transmitted to the user’s bank. Our system protects the user from fraud perpetrated by the delegated party or by the merchant. The scheme has a number of other applications such as delegating the withdrawal of cash from Automated Teller Machines ATM and allowing companies to restrict an employee’s expenses during business trips. Merx is designed to be used with mobile phones and mobile computing devices, especially in situations where end-users do not have access to the Internet. We evaluate the performance of the proposed mechanism and show that it requires negligible overhead and can be gradually deployed as it is able to piggyback on existing payment-network infrastructures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Near Field Communication (NFC) Forum (2007), http://www.nfc-forum.org

  2. Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., Furlong, M.: Password sharing: implications for security design based on social practice. In: CHI 2007: Proceedings of the SIGCHI conference on Human factors in computing systems (2007)

    Google Scholar 

  3. Peirce, M.: Payment mechanisms designed for the Internet (2001), http://ntrg.cs.tcd.ie/mepeirce/Project/oninternet.html

  4. Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steine, M., Tsudik, G., Waidner, M.: iKP – A family of secure electronic payment protocols. In: First USENIX Workshop on Electronic Commerce (1995)

    Google Scholar 

  5. Anderson, R.J., Manifavas, C., Sutherland, C.: Netcard - a practical electronic-cash system. In: Proceedings of the International Workshop on Security Protocols (1997)

    Google Scholar 

  6. Gabber, E., Silberschatz, A.: Agora: a minimal distributed protocol for electronic commerce. In: WOEC 1996: Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce (1996)

    Google Scholar 

  7. Sirbu, M., Tygar, J.D.: Netbill: An internet commerce system optimized for network delivered services. In: COMPCON 1995: Proceedings of the 40th IEEE Computer Society International Conference (1995)

    Google Scholar 

  8. Rivest, R.L., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: Security Protocols Workshop (1996)

    Google Scholar 

  9. Glassman, S., Manasse, M., Abadi, M., Gauthier, P., Sobalvarro, P.: The millicent protocol for inexpensive electronic commerce. In: Proc. of the Fourth Internation World Wide Web Conference (WWW) (1995)

    Google Scholar 

  10. Herzberg, A., Yochai, H.: Mini-Pay: Charging per Click on the Web. In: Proc. of the Sixth World Wide Web Conference (WWW) (1997)

    Google Scholar 

  11. Paulson, L.C.: Verifying the SET Protocol: Overview. In: FASec. (2002)

    Google Scholar 

  12. Patil, V., Shyamasundar, R.K.: e-coupons: An efficient, secure and delegable micro-payment system. Information Systems Frontiers Journal (2005)

    Google Scholar 

  13. Patil, V., Shyamasundar, R.: An efficient, secure and delegable micro-payment system. In: Proc. of IEEE International Conference on e-Technoloty, e-Commerce and e-Service (EEE) (2004)

    Google Scholar 

  14. Patil, V., Shyamasundar, R.: Towards a flexible access control mechanism for e-transactions. In: International Workshop on Electronic Government, and Commerce: Design, Modeling, Analysis and Security (EGCDMAS) (2004)

    Google Scholar 

  15. Patil, V., Shyamasundar, R.: ROADS: Role-based Authorization and Delegation System - Authentication, Authorization and Applications. In: Proc. of Int. Conf. on Computational & Experimental Engineering and Sciences (2003)

    Google Scholar 

  16. Ivatury, G., Pickens, M.: Mobile phone banking and low-income customers evidence from south africa. In: Consultative Group to Assist the Poor/The World Bank and United Nations Foundation (2006)

    Google Scholar 

  17. Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  18. Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)

    MATH  Google Scholar 

  19. Blaze, M., Ioannidis, J., Keromytis, A.D.: Offline micropayments without trusted hardware. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 21. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  20. Jablon, D.P.: Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26(5) (1996)

    Google Scholar 

  21. Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: SP 1992: Proceedings of the 1992 IEEE Symposium on Security and Privacy (1992)

    Google Scholar 

  22. Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology (2007)

    Google Scholar 

  23. Anderson, R.J.: Liability and computer security: Nine principles. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875. Springer, Heidelberg (1994)

    Google Scholar 

  24. International Organization for Standardization: ISO 8583: Financial transaction card originated messages – Interchange message specifications (2003)

    Google Scholar 

  25. http://www.nttdocomo.co.jp/english/service/osaifu/index.html

  26. Noldus Information Technology: LineControl reduces waiting time in supermarkets: Labor analysts use The Observer to get a grip on work processes (2004), http://www.noldus.com/site/doc200401100

  27. Sullivan, B.: Study: ID theft usually an inside job. MSNBC (2004), http://www.msnbc.msn.com/id/5015565

Download references

Author information

Authors and Affiliations

  1. Berkman Center for Internet and Society, Harvard University, USA

    Christopher Soghoian

  2. DOCOMO Euro-Labs, Germany

    Imad Aad

Authors
  1. Christopher Soghoian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Imad Aad
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Filton Road, BS34 8QZ, Bristol, Stoke Gifford, UK

    Liqun Chen

  2. Information Security Group, Royal Holloway, University of London, TW20 0EX, Surrey, Egham, UK

    Chris J. Mitchell

  3. Oxford University Computing Laboratory, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK

    Andrew Martin

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Soghoian, C., Aad, I. (2009). Merx: Secure and Privacy Preserving Delegated Payments. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00587-9_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00586-2

  • Online ISBN: 978-3-642-00587-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation