Advertisement

On cryptographic techniques for on-line bankcard payment transactions using open networks

  • Wenbo Mao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1189)

Abstract

Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are well-understood to be inadequate in open networks, and otherwise specify systems similar to today's private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two specifications are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, non-repudiation, integrity, and timeliness. We identify problems and devise solutions while trying to keep the current successful working style of financial institutions being respected.

Keywords

Open Network Security Service Communication Failure Payment Instrument Payment Transaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The CyberCash(tm) System — How it Works. http://www.cybercash.com/cybercash/cyber2.html.Google Scholar
  2. 2.
    Secure Electronic Payment Protocol, Draft Version 1.2. November 3, 1995. http://www.mastercard.com/Sepp/sepptoc.htm.Google Scholar
  3. 3.
    Secure Transaction Technology Specifications, version 1.0. September 26 1995. http://www.visa.com/visa-stt/index.html.Google Scholar
  4. 4.
    Totally Secure On-line Checking. http://www1.primenet.com/∼rhm/index.html.Google Scholar
  5. 5.
    D. Gifford, L. Stewart, A. Payme, and G. Treese. Payment Switches for Open Networks. http://www.openmarket.com/about/technical/compcon95.psGoogle Scholar
  6. 6.
    M. Linehan and G. Tsudik. Internet Keyed Payments Protocol (iKP). June 30 1995. http://www.zurich.ibm.com/Technology/Security/extern/ecommerce/spec.Google Scholar
  7. 7.
    M.S. Manasse. The millicent protocols for electronic commerce. http://www.research.digitalcom/SRC/people/Mark_Manasse/bio.html.Google Scholar
  8. 8.
    B.C. Neuman and G. Medvinsky. Requirements for Network Payment: The NetCheque(TM) Perspective. Proceedings of IEEE Compcon'95, San Francisco, March 1995.Google Scholar
  9. 9.
    R.L. Rivest and A. Shamir. Payword and micromint: two simple micropayment schemes. http: //theory. lcs.mit.edu/∼rivest/publications.htmlGoogle Scholar
  10. 10.
    M. Sirbu and J.D. Tygar. NetBill: An Internet Commerce System. http://www.ini.cmu.edu/netbill/CompCon.html.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Wenbo Mao
    • 1
  1. 1.Hewlett-Packard LaboratoriesStoke GiffordUK

Personalised recommendations