The verification of an industrial payment protocol: the SET purchase phase
Proceedings of the 9th ACM conference on Computer and communications security
Availability of protocol goals
Proceedings of the 2003 ACM symposium on Applied computing
Soft constraint programming to analysing security protocols
Theory and Practice of Logic Programming
Stepwise development of security protocols: a speech act-oriented approach
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Using static analysis to validate the SAML single sign-on protocol
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Analysis of the SET e-commerce protocol using a true concurrency process algebra
Proceedings of the 2006 ACM symposium on Applied computing
On the relationships between models in protocol verification
Information and Computation
Privacy-preserving e-payments using one-time payment details
Computer Standards & Interfaces
Formal Modelling of PKI Based Authentication
Electronic Notes in Theoretical Computer Science (ENTCS)
Finite-state verification of the ebXML protocol
Electronic Commerce Research and Applications
Enabling privacy-preserving e-payment processing
DASFAA'08 Proceedings of the 13th international conference on Database systems for advanced applications
Analysis of the periodical payment framework using restricted proxy certificates
ACSC '10 Proceedings of the Thirty-Third Australasian Conferenc on Computer Science - Volume 102
| Hi-index | 0.07 |
Secure electronic transaction (SET) is an immense e-commerce protocol designed to improve the security of credit card purchases. In this paper, we focus on the initial bootstrapping phases of SET, whose objective is the registration of cardholders and merchants with a SET certificate authority. The aim of registration is twofold: getting the approval of the cardholder's or merchant's bank and replacing traditional credit card numbers with electronic credentials that cardholders can present to the merchant so that their privacy is protected. These registration subprotocols present a number of challenges to current formal verification methods. First, they do not assume that each agent knows the public keys of the other agents. Key distribution is one of the protocols' tasks. Second, SET uses complex encryption primitives (digital envelopes) which introduce dependency chains: the loss of one secret key can lead to potentially unlimited losses. Building upon our previous work, we have been able to model and formally verify SETs registration with the inductive method in Isabelle/HOL (T. Nipkow et al., 2002). We have solved its challenges with very general techniques.