Abstract
Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are well-understood to be inadequate in open networks, and otherwise specify systems similar to today's private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two specifications are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, non-repudiation, integrity, and timeliness. We identify problems and devise solutions while trying to keep the current successful working style of financial institutions being respected.
Preview
Unable to display preview. Download preview PDF.
References
The CyberCash(tm) System — How it Works. http://www.cybercash.com/cybercash/cyber2.html.
Secure Electronic Payment Protocol, Draft Version 1.2. November 3, 1995. http://www.mastercard.com/Sepp/sepptoc.htm.
Secure Transaction Technology Specifications, version 1.0. September 26 1995. http://www.visa.com/visa-stt/index.html.
Totally Secure On-line Checking. http://www1.primenet.com/∼rhm/index.html.
D. Gifford, L. Stewart, A. Payme, and G. Treese. Payment Switches for Open Networks. http://www.openmarket.com/about/technical/compcon95.ps
M. Linehan and G. Tsudik. Internet Keyed Payments Protocol (iKP). June 30 1995. http://www.zurich.ibm.com/Technology/Security/extern/ecommerce/spec.
M.S. Manasse. The millicent protocols for electronic commerce. http://www.research.digitalcom/SRC/people/Mark_Manasse/bio.html.
B.C. Neuman and G. Medvinsky. Requirements for Network Payment: The NetCheque(TM) Perspective. Proceedings of IEEE Compcon'95, San Francisco, March 1995.
R.L. Rivest and A. Shamir. Payword and micromint: two simple micropayment schemes. http: //theory. lcs.mit.edu/∼rivest/publications.html
M. Sirbu and J.D. Tygar. NetBill: An Internet Commerce System. http://www.ini.cmu.edu/netbill/CompCon.html.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mao, W. (1997). On cryptographic techniques for on-line bankcard payment transactions using open networks. In: Lomas, M. (eds) Security Protocols. Security Protocols 1996. Lecture Notes in Computer Science, vol 1189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-62494-5_1
Download citation
DOI: https://doi.org/10.1007/3-540-62494-5_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62494-3
Online ISBN: 978-3-540-68047-5
eBook Packages: Springer Book Archive