Designing a generic payment service
IBM Systems Journal
A Sound Logic for Analysing Electronic Commerce Protocols
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Towards the Formal Verification of Electronic Commerce Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Reasoning about accountability in protocols for electronic commerce
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Towards a framework for handling disputes in payment systems
WOEC'98 Proceedings of the 3rd conference on USENIX Workshop on Electronic Commerce - Volume 3
iKP: a family of secure electronic payment protocols
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Design, implementation, and deployment of the iKP secure electronic payment system
IEEE Journal on Selected Areas in Communications
Verification of Payment Protocols via MultiAgent Model Checking
CAiSE '02 Proceedings of the 14th International Conference on Advanced Information Systems Engineering
Practical Reasoning about Accountability in Electronic Commerce Protocols
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Automatic verification of security in payment protocols for electronic commerce
Enterprise information systems IV
A flaw in the electronic commerce protocol SET
Information Processing Letters
A flaw in the electronic commerce protocol SET
Information Processing Letters
Accountability in centralized payment environments
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
Model checking the security of multi-protocol systems
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
| Hi-index | 0.00 |
The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-repudiable, i.e., provable to a third-party verifier. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the ptlaties enough evidence to prove certain important transaction features. A comparison with the similarly-structured iKP protocol shows a number of advantages of iKP as opposed to SET with respect to the use of its signatures as evidence tokens. It is shown that non-repudiation requires more than digitally signing authorization messages. Most importantly, protocols claiming non-repudiaton should explicitly specify the rules to be used for deriving authorization statements from digitally signed messages.