On cryptographic techniques for on-line bankcard payment transactions using open networks

  • Wenbo Mao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1189)


Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are well-understood to be inadequate in open networks, and otherwise specify systems similar to today's private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two specifications are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, non-repudiation, integrity, and timeliness. We identify problems and devise solutions while trying to keep the current successful working style of financial institutions being respected.


Open Network Security Service Communication Failure Payment Instrument Payment Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The CyberCash(tm) System — How it Works. Scholar
  2. 2.
    Secure Electronic Payment Protocol, Draft Version 1.2. November 3, 1995. Scholar
  3. 3.
    Secure Transaction Technology Specifications, version 1.0. September 26 1995. Scholar
  4. 4.
    Totally Secure On-line Checking.∼rhm/index.html.Google Scholar
  5. 5.
    D. Gifford, L. Stewart, A. Payme, and G. Treese. Payment Switches for Open Networks. Scholar
  6. 6.
    M. Linehan and G. Tsudik. Internet Keyed Payments Protocol (iKP). June 30 1995. Scholar
  7. 7.
    M.S. Manasse. The millicent protocols for electronic commerce. http://www.research.digitalcom/SRC/people/Mark_Manasse/bio.html.Google Scholar
  8. 8.
    B.C. Neuman and G. Medvinsky. Requirements for Network Payment: The NetCheque(TM) Perspective. Proceedings of IEEE Compcon'95, San Francisco, March 1995.Google Scholar
  9. 9.
    R.L. Rivest and A. Shamir. Payword and micromint: two simple micropayment schemes. http: //theory.∼rivest/publications.htmlGoogle Scholar
  10. 10.
    M. Sirbu and J.D. Tygar. NetBill: An Internet Commerce System. Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Wenbo Mao
    • 1
  1. 1.Hewlett-Packard LaboratoriesStoke GiffordUK

Personalised recommendations