Towards Pseudonymous e-Commerce

The lack of privacy is one of the main reasons that limits trust in e-commerce. Current e-commerce practice enforces a customer to disclose her identity to the e-shop and the use of credit cards makes it straightforward for an e-shop to know the real identity of its customers. Although there are some payment systems based on untraceable tokens, they are not as widely used as credit cards. Furthermore, even without buying anything, a customer is already disclosing some information about who or where she may be by just connecting to the e-shop's web server and leaving behind an IP-address. In this paper, we present novel components that enable secure pseudonymous e-commerce. On the one hand, these components allow a customer to browse through an e-shop, select goods, and pay the goods with her credit card such that neither the e-shop operator nor the credit card issuer nor an eavesdropper is able to get any information about the customer's identity. On the other hand, it is guaranteed that none of the involved parties is able to act dishonestly during the credit card payment. Such a system could greatly enhance trust in e-commerce since it overcomes the customers' privacy concerns.     

Cryptography Regulations for E-commerce and Digital Rights Management.

Strong encryption is an urgent need for e-commerce development, as it allows the privacy and secure transactions of the financial data. International regulations must allow the spreading of e-commerce and the associated encryption products, in order to establish a secure e-commerce environment that customers can trust and allowing an international deployment of e-commerce solutions without restrictions.     

A Software Framework for Non-Repudiation Service based on Adaptive~Secure Methodology in Electronic Commerce

In this paper, we propose a secure and efficient software framework for non-repudiation service based on an adaptive secure methodology in e-commerce (electronic commerce). First, we introduce an explicit security framework of the e-commerce transaction called notary service. The proposed framework supports non-repudiation of service for a successful e-commerce transaction in terms of generation, delivery, retrieval, and verification of the evidence for resolving disputes. Second, we propose an adaptive secure methodology to support secure and efficient non-repudiation of service in the proposed framework. Our adaptive secure methodology dynamically adapts security classes based on the nature and sensitivity of interactions among participants. The security classes incorporate security levels of cryptographic techniques with a degree of information sensitivity. As Internet e-businesses exponentially grow, a need for high security level categories to identify a group of connections or individual transactions is manifest. Therefore, development of an efficient and secure methodology is in high demand. We have done extensive experiments on the performance of the proposed adaptive secure methodology. Experimental results show that the adaptive secure methodology provides e-commerce transactions with high quality of security services. Our software framework incorporating the adaptive secure methodology is compared with existing well-known e-commerce frameworks such as SSL (Secure Socket Layer) and SET (Secure Electronic Transaction).     

The smart card market in 2000

Schlumberger, a leader in the smart card industry, forecasts an increase in shipments of 25% during 2000. The driver behind the industry’s continuing growth will be the mobile phone sector, where handsets offering access to the Internet – for e-commerce and information services – will be powered by multi-application, high security SIM cards.     

Global Internet Trading

More than 20 of the world’s largest banks have joined forces to remove the final obstacle to business-to-business e-commerce – trust in a trading partner’s identity. To supply this trust, member banks of the Identrus group are to issue their corporate customers with smart cards to carry digital certificates that will authenticate their identity.     

Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times

Abstract

Strong passwords are essential to the security of any e-commerce site as well as to individual users. Without them, hackers can penetrate a network and stop critical processes that assist consumers and keep companies operating. For most e-commerce sites, consumers have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One fact is well known about password creation—consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site use either positive or negative password practices. This paper also addresses the issue of crack times in relationship to password choices. The results of this study will show the actual password practices of current consumers, which could enforce the need for systems administrators to recommend secure password practices on e-commerce sites and in general.     

A remote user authentication scheme without using smart cards

User authentication is one of the fundamental procedures to ensure secure communications over an insecure public network channel. Especially, due to tamper-resistance and convenience in managing a password file, various user authentication schemes using smart cards have been proposed. A smart card however far from ubiquitous because of the high cost of a smart card and the infrastructure requirements. In this paper, we study secure user authentication using only a common storage device such as a universal serial bus (USB) memory, instead of using smart cards. We first show that the existing schemes using smart cards cannot be immediately converted into schemes using a common storage device. We then propose a practical and secure user authentication scheme, capable of supporting the use of the common storage device, which retains all the advantages of schemes using smart cards.     

Australia: raising the E-commerce comfort level

On the basis of our involvement in the technology sector, we believe that Australia views e-commerce as the use of modern technologies to conduct business transactions and make online interactions easier. Transactions involve the Internet, as well as smart cards, automated phone systems, and electronic communications to solicit, service, and maintain business relationships. Overcoming trust issues is a top priority for both business-to-consumer and business-to-business e-commerce in Australia     

电子商务安全管理体系的构建

为了提供一个安全可靠的电子商务应用环境,在分析电子商务安全的基本要素后,提出安全的电子商务环境应包括精心规划的管理体系,严密的技术措施和完善的法律体系。所以,电子商务的安全管理应该从技术、管理、法律等方面综合考虑,才能构建一个完整的电子商务安全管理体系。     

P2P networking: an information sharing alternative

Peer-to-peer networking offers unique advantages that will make it a more effective alternative to several existing client-server e-commerce applications, if it can mature into a secure and reliable technology. The paper discusses the advantages of P2P networks: load balancing; dynamic information repositories; fault tolerance; content-based addressing and improved searches. It also considers the disadvantages of P2P     

Securing e-commerce applications

Although smart cards are now beginning to make a significant impact in the traditional financial, identity and transit markets, many industry insiders report that the e-commerce market is still disappointingly slow. In fact, some people have told CTT “each year people say this is the year for smart cards to really take off in e-commerce, and each year the reality fails to live up to expectations.” Part of the problem is a classic ‘chicken and egg’ situation: Without chip technology, there is little point in implementing a chip acceptance device. Likewise, without a critical mass of chip readers in operation, what is the point of implementing a chip card?     

Why e-business will be good for business

E-business — B2B transactions on-line — is going to be big business. But, at present, e-business is far from secure. Fraudulent identities, transaction interceptions and hacked Web sites have companies justifiably worried about conducting business on-line. PKI systems, with certificates of identity carried on smart cards, look as if they will provide the answer.     

Network smart card review and analysis

Smart cards are secure tokens that have provided security services to a wide range of applications for over thirty years. Along with other technology advances, smart card technology has changed dramatically as well. However, its communication standards, largely unchanged, do not match with those of mainstream computing, which has limited its success in the Internet age. For nearly a decade, researchers have sought to connect smart cards to the Internet. The benefits are plentiful, including providing services over the Internet and eliminating smart card specific infrastructure. A key to this quest is to equip smart cards with a secure and effective networking capability. Various approaches have been taken to find this key. There is still much work to do. This paper reviews years of research in this area, looks at the state of the art, and analyzes and compares various networking options for smart cards. Furthermore, the paper outlines remaining technical challenges for making smart cards a part of the Internet world.     

Recovering from a lost digital wallet: A smart cards perspective extended abstract

Multi-application smart cards enable a user to potentially have a diverse set of applications on her smart card. The growing trend of services convergence fuelled by Near Field Communication and smart phones has made multi-application smart cards a tangible reality. In such an environment, cardholders might have a number of applications on their smart cards and if a card is lost, all of the applications would be lost with it. In addition, consumers might decide to upgrade their smart cards and require a seamless and secure framework to migrate their applications from the old smart card to the new one. Currently, the recovery of a smart card-based service might take from a day to a week at best as each of the lost cards can only be replaced by the respective card issuer, during which time the card issuer might lose business from the user because she is not able to access the provisioned services. Similarly, there is at present no migration mechanism proposed for smart card applications. The proposed framework in this paper enables a user to acquire a new smart card as she desires and then migrate/restore all of her applications onto it—allowing her to recover from her lost digital wallet in a secure, efficient, seamless and ubiquitous manner.     

Trusted Agent-Mediated E-Commerce Transaction Services via Digital Certificate Management

Agent-mediated e-commerce (AMEC) transaction services will be a paradigm shift from the existing client–server e-commerce model. In order to fulfill the leverage of AMEC intermediary services with secure and trusted service capabilities, we propose an agent-oriented public key infrastructure (PKI) operating with a variety of digital certificates. Under this agent-oriented PKI, several trusted AMEC transaction service models will be demonstrated using human and agent certificates showing, delegation, and verification protocols. We establish human/agent authentication, authorization, delegation, access control, and trusted relationships before these trusted AMEC intermediary services can be realized. This paper shows that a trusted AMEC system can be implemented in the FIPA compliant multi-agent system.     

跨域客户间口令认证的密钥交换协议

为实现跨域客户与客户之间安全的通信,并提高该过程的效率和实用性,提出一种使用普通存储设备或移动智能设备实现基于口令认证的密钥交换协议.该协议使用普通存储设备和随机数取代昂贵的智能卡和时钟同步系统,使得它在私钥环境下可以抵抗各种已知的攻击,达到相应的安全性要求.保留了智能卡的优点,无需保存客户的口令表或者验证表,消除智能卡在实际应用中受到的各种限制.普通存储设备和随机数的引入增强了协议的安全性、提高了协议执行的效率和实用性.     

XML Web服务安全技术纵览

基于XML技术的Web服务是一种崭新的分布式计算模型,基于一系列开放的标准技术,其松散耦合、语言中立、平台无关性、开放性使得它将成为下一代电子商务的架构,成为下一代的WWW。然而Web服务要被广泛地接受,要取得成功,其安全性是一个重要因素。该文介绍了Web服务的安全问题和现有的XML与Web服务安全相关技术的发展,并对其进行了展望。     

银行芯片卡安全机制的研究

基于芯片卡的银行卡系统由于在安全性方面优于传统的磁条卡系统,银行卡系统由磁条卡向芯片卡迁移已提到日程上。文章从银行芯片卡的卡片安全控制、电子签名管理、密钥管理、数据加密等方面研究银行芯片卡系统的安全机制的建立过程。     

电子商务文档安全传输系统的设计与实现

设计并实现了电子商务文档安全传输系统。该系统基于加密及签名等技术保证文档传输的完整性,同时还达到了抗抵赖和防伪造的目的,为电子商务文档的传输提供了安全平台。     

移动电子商务安全支付的业务模型分析及优化

本文介绍了移动电子商务安全支付的技术标准,分析了移动电子商务安全支付的业务模型——SeMoPS模型。最后,优化了SeMoPS模型的业务流程。