Principles of transaction-oriented database recovery
ACM Computing Surveys (CSUR)
Highly available systems for database applications
ACM Computing Surveys (CSUR)
ACM Transactions on Computer Systems (TOCS)
Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Software security and privacy risks in mobile e-commerce
Communications of the ACM
Security & Privacy for E-Business
Security & Privacy for E-Business
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Using GSM to enhance e-commerce security
WMC '02 Proceedings of the 2nd international workshop on Mobile commerce
Transaction Processing: Concepts and Techniques
Transaction Processing: Concepts and Techniques
Security considerations for remote electronic voting
Communications of the ACM
Computer
Combining World Wide Web and Wireless Security
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
Mobile Payments - State of the Art and Open Problems
WELCOM '01 Proceedings of the Second International Workshop on Electronic Commerce
A SET Based Approach to Secure the Payment in Mobile Commerce
LCN '02 Proceedings of the 27th Annual IEEE Conference on Local Computer Networks
Payments and banking with mobile personal devices
Communications of the ACM - Wireless networking security
Security Issues in Mobile Ecommerce
DEXA '00 Proceedings of the 11th International Workshop on Database and Expert Systems Applications
Computer
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Design, implementation, and deployment of the iKP secure electronic payment system
IEEE Journal on Selected Areas in Communications
A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
A generic proxy for secure smart card-enabled web applications
ICWE'10 Proceedings of the 10th international conference on Web engineering
A snapshot of trusted personal devices applicable to transaction processing
Personal and Ubiquitous Computing
Hi-index | 0.24 |
Credit card transactions are a popular and diffused means of payment over the network. Unfortunately, current technology does not allow us to technically solve disputes that may arise in such transactions. Thus these disputes are often solved on legal and administrative basis. In these cases, responsibility is not necessarily allocated fairly and the problems of managing the resulting risks have proven to be an impediment to the growth of electronic commerce. In this paper we present a protocol for credit card transactions over the network that uses personal trusted devices (e.g., a cellphone or a PDA) to improve the technical management of disputes and permit a more fairly allocation of risks between customer and merchant. The protocol also defines a practical trade off between the security properties of these devices and the resource limitations deriving from their form factor. Furthermore, by means of formal methods, we specify the security requirements of a personal trusted device and analyse the security properties of the protocol. Finally, we argue that a cellphone practically fulfills the above security requirements and thus can be used as a personal trusted device.