CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
UEPS - A Second Generation Electronic Wallet
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
KryptoKnight Authentication and Key Distribution System
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
The changing environment for security protocols
IEEE Network: The Magazine of Global Internetworking
Supporting Dispute Handling in E-Commerce Transactions, a Framework and Related Methodologies
Electronic Commerce Research
Hi-index | 0.01 |
There have been many studies of the management of personal secrets such as PIN codes, passwords, etc., in access control mechanisms. The leakage of personal secrets is one of the most significant problems in access control. To reduce such risks, we suggest away of authenticating customers without transferring explicit customer secrets. Furthermore, we give a secure on-line transaction scheme based on our access control mechanism. Needham gave an example of Personal Identification Number (PIN) management for banking systems [Nee97] that presented away to control PIN codes. It inspired us to develop an access control model for electronic transactions which enforces a strict role definition for personal secret generation and maintenance. We extend it to a payment model. Our scheme provides enhanced privacy for customers, nonrepudiation of origin for the customer order and payment transactions, and protection from personal secret leakage. Since it does not rely on either public key cryptosystems or auxiliary hardware such as chip cards and readers, its deployment within existing environments could be cost-effective.