PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
Requirements for network payment: the NetCheque perspective
COMPCON '95 Proceedings of the 40th IEEE Computer Society International Conference
Hi-index | 0.00 |
Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are wellunderstood to be inadequate in open networks, and otherwise specify systems similar to today's private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two specifications are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, nonrepudiation, integrity, and timeliness. We identify problems and devise solutions while trying to keep the current successful working style of finanscial institutions being respected.