UEPS — A second generation electronic wallet

  • Ross J. Anderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 648)


UEPS, the Universal Electronic Payment System, is an electronic funds transfer product which is well suited to developing country environments, where poor telecommunications make offline operation necessary. It is designed around smartcard based electronic wallet and chequebook functions: money is loaded from the bank, via bank cards, to customer cards, to merchant cards, and finally back to the bank through a clearing system. This architecture is uniquely demanding from the point of view of security.

As far as we are aware, UEPS is the first live financial system whose authentication protocol was designed and verified using formal analysis techniques. This was achieved using an extension of the Burrows-Abadi-Needham [BAN] logic, and raises some interesting questions: firstly, such formal logics had been thought limited in scope to verifying mutual authentication or key sharing [GKSG]; secondly, our work has found hidden assumptions in BAN, and a problem with the postulates of the Gong-Needham-Yahalom logic [GNY], both concerning freshness; thirdly, we highlight the need for a formalism to deal with cryptographic chaining; and fourthly, this type of formal analysis turns out to be so useful that we believe it should be routine for financial and security critical systems.


Smart Card Mutual Authentication Bank Card Electronic Fund Transfer Transaction Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BAN]
    M. Burrows, M. Abadi and R. Needham, “A logic of Authentication”, Report 39, Digital Systems Research Center, Palo Alto, Ca.Google Scholar
  2. [C]
    D. Chaum, “Achieving Electronic Privacy”, in Scientific American, 267 no 2, August 1992, pp 76–81CrossRefGoogle Scholar
  3. [DQ]
    Y. Desmedt and J.-J. Quisquater, "Public-key Systems Based on the Difficulty of Tampering', in Advances in Cryptology — CRYPTO 86, Springer Lecture Notes in Computer Science 263 pp 111–117Google Scholar
  4. [G]
    L. Gong, Cryptographic Protocols for Distributed Systems (PhD Thesis), University of Cambridge 1990.Google Scholar
  5. [GKSG]
    V. D. Gligor, R. Kailar, S. Stubblebine and L. Gong, “Logics for Cryptographic Protocols — Virtues and Limitations”, in Proceedings, Computer Security Foundations Workshop IV, IEEE 1991, pp 219–226CrossRefGoogle Scholar
  6. [GNY]
    L. Gong, R. M. Needham and R. Yahalom, “Reasoning about Belief in Cryptographic Protocols”, in Proceedings of the 1990 IEEE Computer Security Symposium on Research in Security and Privacy, pp 234–248Google Scholar
  7. [GO]
    G. Garon and R. Outerbridge, “DES Watch: An Examination of the Sufficiency of the Data Encryption Standard for Financial Institution Information Security in the 1990's, in Cryptologia XV no 3, July 1991, pp 177–193CrossRefGoogle Scholar
  8. [H]
    M. Hesse, Structure of Scientific Inference, Macmillan 1974, pp 142–146Google Scholar
  9. [kg]
    R. Kailar and V. D. Gligor, “On Belief Evolution in Authentication Protocols”, in Proceedings, Computer Security Foundations Workshop IV, IEEE 1991, pp 103–116CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 1992

Authors and Affiliations

  • Ross J. Anderson
    • 1
  1. 1.University of Cambridge Computer LaboratoryCambridgeUK

Personalised recommendations