Skip to main content

A Flexible Payment Scheme and Its User-Role Assignment

  • Chapter
Cooperative Internet Computing

Abstract

A flexible payment scheme and its user-role assignments are proposed in this paper. The scheme uses electronic cash for payment transactions. In this new protocol from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. A new role called anonymity provider agent (AP) provides a high anonymous certificate. The role AP certifies re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer con get a required anonymity level, depending on the available time, computation mid cost.

There are two types of problems that may arise in user-role assignments. One is related to authorization granting process. Mutually exclusive roles may be granted to a user and the user may have or derive a high level of authority. Another is related to authorization revocation. When a role is revoked from a user, the user may still have the role from other roles. To solve these problems, we first analyze the duty separation constraints of the roles and role hierarchies in the scheme, then discuss granting a role to a user, weak revocation and strong revocation for the scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Peirce M. and O'Mahony. D., Scaleable, Secure Cash Payment for WWW Resources with the Pay Me Protocol Set. The Fourth International World Wide Web Conference; December 1995; Boston, Massachusetts, USA. http://ww.w3.org/Conferences/www4/papers/228/

  2. Barkley J. F., Beznosov K. and Uppal J., Supporting Relationships in Access Control Using Role Based Access Control. The Fourth ACM Workshop on Role-Based Access Control; October, 1999: 55–65.

    Google Scholar 

  3. Bellare M., Goldreich O., and Krawczyk H., Stateless evaluation of pseudorandom functions; Security beyond the birthday barrier. Advances in Cryptology — Crypto 99; 1999, Springer-Verlag No. 1666.

    Google Scholar 

  4. Canetti R., Goldreich O., and Halevi S., The random oracle methodology. Proceedings of the 30th ACM STOC '98; 1998: 209–218.

    Google Scholar 

  5. Chan A., Frankel Y., and Tsiounis Y., An efficient off-line electronic cash, scheme as secure as RSA. Research report NU-CCS-96-03; Northeastern University, Boston. Massachussets; 1995.

    Google Scholar 

  6. Chaum D., Blind signature for untraceable payments. Advances in Cryptology — Crypto 82; Plenum Press N.Y. 1983: 199–203.

    Google Scholar 

  7. Chaum D., An introduction to e—cash. 1995. http://www.digicash.com.

  8. Chaum D., and Van Antwerpen H., Undeniable signatures. Advances in Cryptology—Cryptology—Crypto89; Springer-Verlag; No. 435, 1990: 212–216.

    Google Scholar 

  9. Chaum D., Fiat A., and Naor M., Untraceable electronic cash, Advances in Cryptology — Crypto88: Springer-Verlag, No. 403; 1990: 319–327.

    Google Scholar 

  10. Cox B., Tygar J.D., Sirbu M., Net Bill Security and Transaction Protocol. The First USENIX Workshop on Electronic Commerce; New York, 1995.

    Google Scholar 

  11. EIGamal T., A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on information Theory; Vol. IT-31, No.4; 1985: 469–472.

    Article  Google Scholar 

  12. Feinstein H. L., Final report: NIST small business innovative research (SBIR) grant: role based access control: phase 1. Technical report; SETA Corp., Jan. 1995.

    Google Scholar 

  13. Ferraiolo D. F. and Kuhn D. R., Role based access control. 15th National Computer Security Coeference; 1992:554–563. http://www.citeseer.nj.nec.com/ferraiolo92rolebased.html.

  14. Ferraiolo D. F., Barkley J. F. and Kuhn D. R., Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. TISSEC; 1999: 34–64.

    Google Scholar 

  15. Franklin M., Yung M., Secure and efficient off-line digital money. Proceedings of the Twentieth International Colloquium on Automata, Languages and Programming; Vol.700. Springer-Verlag: 1993; 265–276.

    Google Scholar 

  16. Goldschlag D., Reed M., and Syverson P., Onion routing for anonymous and private Internet connections. Communications of the ACM; Vol.24, No.2; 1999:39–41.

    Article  Google Scholar 

  17. Mastercard Visa. SET 1.0 - Secure electronic transaction specification. 1997; http://www.mastercard.com/set.html

  18. Okamoto T., An efficient divisible electronic cash scheme. Advances in Cryptology—Crypto'95; Springer-Verlag; Vol. 963; 1995: 438–451.

    Google Scholar 

  19. Pointcheval D., Self-Scrambling Anonymizers. Proceedings of Financial Cryptography; 2000, Anguilla, British West Indies.

    Google Scholar 

  20. Rivest R. L., Shamir A., and Adleman L. M., A method for obtaining digital signatures and public-Key cryptosystems. Communications of the ACM; Vol. 21, No 2 1978: 120–126.

    Article  MathSciNet  MATH  Google Scholar 

  21. Rivest R. T., The MD5 message digest algorithm. Internet RFC 1321; April, 1992.

    Google Scholar 

  22. Sandhu R., Future Directions in Role-Based Access Control Models. MMS, 2001; http://www.list.gmu.edu/confrmc/misconf/pdf\_ver/mms01-rbac-future.pdf.

  23. Sandhu R., Role activation hierarchies. Third ACM Workshop on Role-Based Access Control; October, 1998.

    Google Scholar 

  24. Sandhu R. and Bhamidipati V., The URA97 model for role-based administration of user-role assignment. T. Y. Lin and Xiao Qian, editors, Database Security XI: Status and Prospects; North-Holland, 1997.

    Google Scholar 

  25. Schnorr C. P., Efficient signature generation by smart cards. Journal of cryptology; Vol. 4 No.3; 1991:161-174.

    Article  MathSciNet  MATH  Google Scholar 

  26. Wang H. and Zhang Y., Untraceable off-line electronic cash flow in e-commerce. Proceedings of the 24th Australian Computer Science Conference ACSC2001; IEEE computer society; Gold Coast, Australia; 191–198.

    Google Scholar 

  27. Yiannis T., Fair off-line cash made easy. Advances in Cryptology—Asiacrypt'98; Springer-Verlag: Vol. 1346. 1998: 240–252.

    Google Scholar 

  28. Yiannis T., Yung M., On the security of ElGamal-based encryption. International Workshop on Practice and Theory in Public Key Cryptography (PKC '98); Springer-Verlag, Vol. 1346; Yokohama, Japan.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer Science+Business Media New York

About this chapter

Cite this chapter

Wang, H., Zhang, Y., Cao, J. (2003). A Flexible Payment Scheme and Its User-Role Assignment. In: Chan, A.T.S., Chan, S.C.F., Leong, H.V., Ng, V.T.Y. (eds) Cooperative Internet Computing. The Springer International Series in Engineering and Computer Science, vol 729. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-0435-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4615-0435-1_7

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4613-5075-0

  • Online ISBN: 978-1-4615-0435-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics