Formal Analysis of the iKP Electronic Payment Protocols

  • Kazuhiro Ogata
  • Kokichi Futatsugi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)


iKP (i-Key-Protocol, i = 1,2,3) is a family of payment protocols and one of the ancestors of SET. We have analyzed iKP on the property that if an acquirer authorizes a payment, then both the buyer and seller concerned always agree on it. We have found that even 2KP/3KP do not possess the property and then proposed a possible modification of 2KP/3KP. We have verified that the modified 2KP/3KP possess the property. We mainly describe the verification in this paper.


Credit Card Payment System Transition Rule Good Atomicity Payment Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP-a family of secure electronic payment protocols. In: First USENIX Workshop on Electronic Commerce (1995) 89–106 (
  2. 2.
    Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Herreweghen, E.V., Waidner, M.: Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal of Selected Areas in Communications 18 (2000) 611–627CrossRefGoogle Scholar
  3. 4.
    Ogata, K., Futatsugi, K.: Flaw and modification of the iKP electronic payment protocols. Inf. Process. Lett. (to appear)Google Scholar
  4. 6.
    Diaconescu, R., Futatsugi, K.: CafeOBJ report. AMAST Series in Computing, 6. World Scientific, Singapore (1998)Google Scholar
  5. 7.
    Futatsugi, K., Ogata, K.: Rewriting can verify distributed real-time systems. In: Int’l Symposium on Rewriting, Proof, and Computation. (2001) 60–79Google Scholar
  6. 8.
    Ogata, K., Futatsugi, K.: Rewriting-based verification of authentication protocols. In: WRLA’ 02. Volume 71 of ENTCS., Elsevier Science Publishers (2002)Google Scholar
  7. 9.
    Cox, B., Tygar, J.D., Sirbu, M.: NetBill security and transaction protocol. In: First USENIX Workshop on Electronic Commerce. (1995) 77–88Google Scholar
  8. 10.
    Lynch, N.A.: Distributed algorithms. Morgan-Kaufmann (1996)Google Scholar
  9. 11.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inform. Theory IT-29 (1983) 198–208CrossRefMathSciNetGoogle Scholar
  10. 12.
    Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP-a family of secure electronic payment protocols (working draft). (1995)
  11. 13.
    Kailar, R.: Accountability in electronic commerce protocols. IEEE Trans. Softw. Eng. 22 (1996) 313–328CrossRefGoogle Scholar
  12. 14.
    Clarke, E., Jha, S., Marrero, W.: A machine checkable logic of knowledge for specifying security properties of electronic commerce protocols. In: Workshop on Formal Methods and Security Protocols. (1998)Google Scholar
  13. 15.
    Heintze, N., Tygar, J., Wing, J., Wong, H.C.: Model checking electronic commerce protocols. In: Second USENIXWorkshop on Electronic Commerce. (1996) 147–164Google Scholar
  14. 16.
    Lu, S., Smolka, S.A.: Model checking the Secure Electronic Transaction (SET) protocol. In: MASCOTS’ 99. (1999) 358–365Google Scholar
  15. 17.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Security 6 (1998) 85–128Google Scholar
  16. 18.
    Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Infom. and Sys. Sec. 2 (1999) 332–351CrossRefGoogle Scholar
  17. 19.
    Bella, G., Massacci, F., Paulson, L.C., Tramontano, P.: Formal verification of Cardholder Registration in SET. In: ESORICS 2000. LNCS 1709, Springer (1997) 159–174Google Scholar
  18. 20.
    Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET purchase protocols. (2001)
  19. 21.
    Bolignano, D.: Towards the formal verification of electronic commerce,. In: 10th IEEE CSFW. (1997) 133–146Google Scholar
  20. 22.
    Meadows, C., Syverson, P.: A formal specification of requirements for payment transactions in the SET protocol. In: FC’ 98. LNCS 1465, Springer (1998) 122–140Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Kazuhiro Ogata
    • 2
  • Kokichi Futatsugi
    • 1
  1. 1.Japan Advanced Institute of Science and Technology (JAIST)Japan
  2. 2.NEC Software Hokuriku, Ltd.Japan

Personalised recommendations