安全电子交易协议的应用

安全电子交易(SET)协议是一种解决互联网上信用卡安全交易的安全协议,其工作流程符合传统的信用卡工作流程和规范。它是主要由MasterCard、VisaCard、微软以及IBM等著名公司联合提出的电子商务解决方案。文中主要阐述了安全电子交易协议的协议规范和应用特点,并针对电子图书产品的特点结合安全电子交易协议,修改其部分协议规范,提出一种实际安全电子商务系统的应用方案。该方案能够解决电子图书在线交易系统的的公平性问题,同时能够保持原有的SET协议的安全性、可追究型和匿名性等电子商务协议的特点。     

一种有效的公平电子商务协议

ｉＫＰ协议是ＩＢＭ公司提出的一组公开的基于信用卡的安全电子支付协议,该文则在ｉＫＰ协议基础上提出了一组有效的公平电子商务协议,该协议在ｉＫＰ协议中有机地融入了信息商品的传输,使得ｉＫＰ协议能够用于信息商品与支付信息的公平交换,并且引入了对交易的时延控制机制,避免了转发中可能的迟发或不发;所提出的协议仅增加了尽可能少的、必须的密码运算和消息,最后,文中对协议的安全性、公平性和有效性进行了分析。     

Conditional e-payments with transferability

We introduce a novel conditional e-cash protocol allowing future anonymous cashing of bank-issued e-money only upon the satisfaction of an agreed-upon public condition. Payers are able to remunerate payees for services that depend on future, yet to be determined outcomes of events. Moreover, payees are able to further transfer payments to third parties. Once the payment is complete, any double-spending attempt by the payer will reveal its identity; no double spending by any of payees in the payee transfer chain is possible. Payers cannot be linked to payees or to ongoing or past transactions. The flow of cash within the system is thus both correct and anonymous. We discuss several applications of conditional e-cash including online trading of financial securities, prediction markets, and betting systems.     

一个新的电子支付协议及其形式化分析

在安全电子支付协议中,付款方和收款方的可追究性及公平性非常重要.通常可以采用电子支付中的双方可追究协议来达到这个目的.在克服ISI支付协议缺陷的基础上,提出了一种新的公平可追究电子支付协议.经过使用改进的Kailar逻辑分析验证,新的协议满足可追究性和公平性原则.     

Credit Card Fraud Detection Using Hidden Markov Model

Due to a rapid advancement in the electronic commerce technology, the use of credit cards has dramatically increased. As credit card becomes the most popular mode of payment for both online as well as regular purchase, cases of fraud associated with it are also rising. In this paper, we model the sequence of operations in credit card transaction processing using a hidden Markov model (HMM) and show how it can be used for the detection of frauds. An HMM is initially trained with the normal behavior of a cardholder. If an incoming credit card transaction is not accepted by the trained HMM with sufficiently high probability, it is considered to be fraudulent. At the same time, we try to ensure that genuine transactions are not rejected. We present detailed experimental results to show the effectiveness of our approach and compare it with other techniques available in the literature.     

The status of e‐commerce applications in Malaysia

Abstract

The main focus of this study is the status of e‐commerce usage in Malaysia, specifically five main business processes and activities, namely, marketing, advertising, customer support and service, order and delivery and payment. A total of twenty applications categorized under the five processes and activities were identified and analysed. From the twenty applications studied, communications via e‐mail was found to be the most widely used (70%). On the other hand, applications categorized under the payment category such as the smart card and prepaid card was used by only seven percent of the organisations. This demonstrated that Malaysian organisations were using e‐commerce applications. However the usage was limited. The results of the survey indicated that security issues seemed to be the main barrier to the implementation of e‐commerce. Organizations were reluctant to use e‐commerce as they felt that the transactions conducted electronically were open to hackers and viruses, which are beyond their control. They were also skeptical about the security measures that were implemented to safeguard on‐line payment transactions.     

信用卡在线安全支付的分析与构建

阐述了信用卡在线支付原理及应用手段,指出了其中存在的漏洞,提出了一种基于安全支付协议的解决方案,并对该方案进行了分析。     

Kailar逻辑的缺陷

近年来,电子商务协议的设计逐渐成为热点.可追究性是指电子商务协议迫使个人或组织对自己在电子交易中的行为负责的能力.缺乏可追究性,电子交易容易引起争议.因此,Rajashekar Kailar提出了一种用于分析电子商务协议中可追究性的形式化分析方法,简称Kailar逻辑.该文指出这一逻辑的缺陷：（1） 不能分析协议的公平性;(2) 对协议语句的解释及初始化假设是非形式化的,存在局限性;(3) 无法处理密文.     

利用电子钱包的有效的公正支付系统

该文提出了一个有效的利用电子钱包的公正支付系统。系统中用户只拥有一个银行账号;提款时用户得到一个关于本人身份字的盲签名并向银行提供构造正确的供跟踪的信息;支付时用户在防窜扰卡的协助下向商家证明所支付电子现金的有效性,并提供可跟踪的正确信息;委托人完全离线,不参与系统中除跟踪协议以外的任何协议的执行,仅需要保存好自己的密钥并在需要跟踪时使用之。系统的安全性基于离散对数困难问题,分析表明该系统是安全有效的。     

基于有穷自动机模型的电子商务支付协议公平性研究

文中将形式化方法,即有穷自动机理论分析方法应用到电子商务支付协议的研究中,证明了ISI协议不满足支付过程的公平性,在此基础上提出了具体的修改办法。     

Verifying the SET Purchase Protocols

SET (Secure Electronic Transaction) is a suite of protocols proposed by a consortium of credit card companies and software corporations to secure e-commerce transactions. The Purchase part of the suite is intended to guarantee the integrity and authenticity of the payment transaction while keeping the Cardholder's account details secret from the Merchant and his choice of goods secret from the Bank. This paper details the first verification results for the complete Purchase protocols of SET. Using Isabelle and the inductive method, we show that their primary goal is indeed met. However, a lack of explicitness in the dual signature makes some agreement properties fail: it is impossible to prove that the Cardholder meant to send his credit card details to the very payment gateway that receives them. A major effort in the verification went into digesting the SET documentation to produce a realistic model. The protocol's complexity and size make verification difficult, compared with other protocols. However, our effort has yielded significant insights.     

网上银行系统中安全代理协议(SAP)的研究与实现

网上银行系统是近年来国内外金融电子化领域十分热门的研究方向,也是实现电子商务系统的重要环节。在网上银行系统的技术实现上,支付安全性是必须重点考虑的课题。目前国内外普遍采用ＳＳＬ或ＳＥＴ这两种安全协议来保证信用卡信息在互联网上安全保密地传递,该文详细分析比较了这两种协议的优劣,并为克服ＳＳＬ协议固有的局限性提出了安全代理协议,为当前网上银行系统的实现提供了切实可行的安全解决方案。     

一个公平、有效的安全电子交易协议

SET（安全电子交易）协议是由MasterCard和VISA制定的，基于信用卡的安全支付协议。在SET协议基础上提出了一种有效公平的安全电子交易协议（SET－1），该协议不仅保持了SET原有安全和有效的特性，而且实现了交易有效证据的生成和保存，从而保证了交易的公平性，同时还引入交易状态机制。最后，讨论该协议的安全性、有效性和公平性。     

可信计算在移动支付中的应用研究

随着移动互联网的不断普及和移动电子商务的发展,使得移动终端（如手机,PAD）成为更加便捷的交易终端,移动支付已经渗透到移动通信、金融等众多领域。如何构建安全便捷、可信赖的移动电子支付环境,成为信息安全领域关注的热点之一。     

Employing transaction aggregation strategy to detect credit card fraud

Credit card fraud costs consumers and the financial industry billions of dollars annually. However, there is a dearth of published literature on credit card fraud detection. In this study we employed transaction aggregation strategy to detect credit card fraud. We aggregated transactions to capture consumer buying behavior prior to each transaction and used these aggregations for model estimation to identify fraudulent transactions. We use real-life data of credit card transactions from an international credit card operation for transaction aggregation and model estimation.     

一种分析电子商务安全协议的新逻辑

针对典型电子商务安全协议逻辑分析方法存在的问题,如安全属性分析存在局限性、缺乏形式化语义、对混合密码原语的处理能力不强等,提出了一种新的逻辑分析方法。新逻辑能够分析电子商务安全协议的认证性、密钥保密性、非否认性、可追究性、公平性及原子性。以匿名电子现金支付协议ISI作为分析实例,证明了新逻辑方法的有效性。分析找出了该协议的安全漏洞和缺陷:不满足商家的非否认性、密钥保密性、可追究性、公平性以及原子性,客户面临商家恶意欺骗的潜在威胁。     

MicroBTC: Efficient,Flexible and Fair Micropayment for Bitcoin Using Hash Chains

While Bitcoin gains increasing popularity in different payment scenarios, the transaction fees make it difficult to be applied to micropayment. Given the wide applicability of micropayment, it is crucial for all cryptocurrencies including Bitcoin to provide effective support therein. In light of this, a number of low-cost micropayment schemes for Bitcoin have been proposed recently to reduce micropayment costs. Existing schemes, however, suffer from drawbacks such as high computation cost, inflexible payment value, and possibly unfair exchanges. The paper proposes two new micropayment schemes, namely the basic MicroBTC and the advanced MicroBTC, for Bitcoin by integrating the hash chain technique into cryptocurrency transactions. The basic MicroBTC realizes micropayment by exposing hash pre-images on the hash chain one by one, and it can also make arbitrary micropayments by exposing multiple hash pre-images. We further design the advanced MicroBTC to achieve non-interactive refund and efficient hash chain verification. We analyze the complexity and security of the both MicroBTC schemes and implement them using the Bitcoin source code. Extensive experiments were conducted to validate their performance, and the result showed that a micropayment session can be processed within about 18ms for the basic MicroBTC and 9ms for the advanced MicroBTC on a laptop. Both schemes enjoy great efficiency in computation and flexibility in micropayments, and they also achieve fairness for both the payer and the payee.

     

Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) are envisioned to support the development of a wide range of attractive applications such as payment services which require the design of payment systems that satisfy additional requirements associated with VANETs. The wide range of scenarios (with or without connectivity restriction) arising from vehicle-to-vehicle and vehicle-to-roadside communications have opened up new security challenges which must be considered by payment system designers to achieve the same security capabilities independent of the scenario where payment occurs. We propose and implement a new payment protocol (called KCMS-VAN protocol) for those scenarios where the client cannot communicate directly with the credit card issuer (the client’s financial institution) for authentication. Our proposed protocol uses symmetric-key operations which require low computational power and can be processed much faster than asymmetric ones. We also present a performance evaluation of the proposed payment protocol and the results obtained demonstrate that optimal performance can be achieved with it.     

The concept of decentralized and secure electronic marketplace

For commerce (electronic or traditional) to be effective, there must be a degree of trust between buyers and sellers. In traditional commerce, this kind of trust is based on such things as societal laws and customs, and on the intuition people tend to develop about each other during interpersonal interactions. The trustworthiness of these factors is based, to a large extent, on the geographical proximity between buyers and sellers. But this proximity is lost in e-commerce. In conventional electronic marketplaces the trust among participants is supported by a central server which imposes certain trading rules on all transactions. But such centralized marketplaces have serious drawbacks, among them: lack of scalability, and high cost. In this paper we propose the concept of Decentralized Electronic Marketplace (DEM) which allow buyers and sellers to engage in commercial transactions, subject to an explicitly stated set of trading rules, called the law of this marketplace—which they can trust to be observed by their trading partners. This trust is due to a decentralized, and thus scalable, mechanism that enforces the stated law of the DEM. We implement an electronic marketplace for airline tickets in order to illustrate the feasibility of the proposed concepts for decentralized and secure electronic marketplace.     

CMP协议的缺陷及改进

近年来，安全电子商务协议的设计和分析逐渐成为热点。机密性、公平性等性质是衡量电子商务协议安全与否的重要标志，也是协议能否顺利使用的重要前提。机密性和公平性是安全电子商务协议的基本性质，但可证实电子邮件协议CMP作为电子商务协议的一种却并不满足这些性质。该文指出可证实电子邮件协议CMP的几个缺陷，对其分析并提出了改进方案，改进后的协议满足了机密性和公平性。