Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
MiniPay: charging per click on the Web
Selected papers from the sixth international conference on World Wide Web
Liability and Computer Security: Nine Principles
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
NetCard - A Practical Electronic-Cash System
Proceedings of the International Workshop on Security Protocols
Offline Micropayments without Trusted Hardware
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
NetBill: An Internet commerce system optimized for network delivered services
COMPCON '95 Proceedings of the 40th IEEE Computer Society International Conference
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
An Efficient, Secure and Delegable Micro-Payment System
EEE '04 Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'04)
e-coupons: An Efficient, Secure and Delegable Micro-Payment System
Information Systems Frontiers
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Agora: a minimal distributed protocol for electronic commerce
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
iKP: a family of secure electronic payment protocols
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
| Hi-index | 0.01 |
In this paper we present Merx, a secure payment system that enables a user to delegate a transaction to a third party while protecting the user's privacy from a variety of threats. We assume that the user does not trust the delegated person nor the merchant and wishes to minimize the information transmitted to the user's bank. Our system protects the user from fraud perpetrated by the delegated party or by the merchant. The scheme has a number of other applications such as delegating the withdrawal of cash from Automated Teller Machines ATM and allowing companies to restrict an employee's expenses during business trips. Merx is designed to be used with mobile phones and mobile computing devices, especially in situations where end-users do not have access to the Internet. We evaluate the performance of the proposed mechanism and show that it requires negligible overhead and can be gradually deployed as it is able to piggyback on existing payment-network infrastructures.