Designing a generic payment service
IBM1
TL;DR: This work unify the different mechanisms in a common framework with application programming interfaces that allows applications to be developed independent of specific payment systems with the additional benefit of providing a central point of control for payment information and policies.
Abstract: The growing importance of electronic commerce has resulted in the introduction of a variety of different and incompatible payment systems. For business application developers, this variety implies the need to understand the details of different systems, to adapt the code as soon as new payment systems are introduced, and also to provide a way of picking a suitable payment instrument for every transaction. In our work, we unify the different mechanisms in a common framework with application programming interfaces. Our framework provides services for transparent negotiation and selection of payment instruments as well. This allows applications to be developed independent of specific payment systems with the additional benefit of providing a central point of control for payment information and policies.
Citations
More filters
[...]
TL;DR: This paper builds on an understanding of services and their interactions, to outline the non-functional properties of Services and their uses.
Abstract: A proper understanding of the general nature, potential and obligations of electronic services may be achieved by examining existing commercial services in detail. The everyday services that surround us, and the ways in which we engage with them, are the result of social and economic interaction that has taken place over a long period of time. If we attempt to provide electronic services, and do not take this history into account, then we will fail. Any attempt to provide automated electronic services that ignores this history will deny consumers the opportunity to negotiate and refine, over a large range of issues, the specific details of the actual service to be provided. To succeed, we require a rich and accurate means of representing services. An essential ingredient of service representation is capturing the non-functional properties of services. These include the methods of charging and payment, the channels by which the service is requested and provided, constraints on temporal and spatial availability, service quality, security, trust and the rights attached to a service. Not only are comprehensive descriptions essential for useful service discovery, they are also integral to service management, enabling service negotiation, composition, and substitution. This paper builds on an understanding of services and their interactions, to outline the non-functional properties of services and their uses.
322 citations
Cites background from "Designing a generic payment service..."
...The entities and information flows associated with payment models have previously been outlined in [37]....
[...]
IBM1
TL;DR: An overview of electronic payment systems is provided, focusing on issues related to security, which can actually provide better security than traditional means of payments, in addition to flexibility.
Abstract: The exchange of goods conducted face-to-face between two parties dates back to before the beginning of recorded history. Traditional means of payment have always had security problems, but now electronic payments retain the same drawbacks and add some risks. Unlike paper, digital "documents" can be copied perfectly and arbitrarily often, digital signatures can be produced by anybody who knows the secret cryptographic key, and a buyer's name can be associated with every payment, eliminating the anonymity of cash. Without new security measures, widespread electronic commerce is not viable. On the other hand, properly designed electronic payment systems can actually provide better security than traditional means of payments, in addition to flexibility. This article provides an overview of electronic payment systems, focusing on issues related to security.
250 citations
Additional excerpts
...efforts is the Generic Payment Service Framework developed as part of the European Commission project SEMPER [42-44]....
[...]
Dissertation•
01 Dec 1998TL;DR: An analysis of the protocols leads to the conclusion that the exchange of generatable items can be guaranteed to be strongly fair, and the need for a coherent framework for handling disputes in electronic payment systems is motivated.
Abstract: Commerce over open networks like the Internet, sometimes referred to as electronic commerce, is becoming more widespread. This makes it important to study, and solve the security problems associated with electronic commerce. There are three prominent characteristics of commerce which are relevant in this respect. First, the crux of a commercial transaction is usually one or more exchanges of items of value. Second, players in a commercial transaction do not necessarily trust each other fully. Thus, protecting players from each other is as important as protecting them from outside attackers. Third, commercial transactions have legal significance. Therefore, it must be possible to gather sufficient evidence during the transaction to enable correctly behaving players to win any subsequent disputes.
This dissertation addresses the problem of fairness in electronic commerce. A system that does not discriminate against a correctly behaving player is said to be fair. Several protocols are proposed for performing exchanges fairly. The protocols are practical, and provide a high degree of fairness. The basic approach optimises for the common case that all players behave correctly. This is known as the optimistic approach. These protocols attempt to guarantee fairness during a protocol run. This is known as strong fairness. When strong fairness is not possible, one can fall back on gathering enough evidence so that fairness can be restored later by initiating a dispute. This is known as weak fairness. An analysis of the protocols leads to the conclusion that the exchange of generatable items can be guaranteed to be strongly fair. Various techniques to add generatability to items, including one technique which uses a cryptographic primitive called verifiable encryption, are presented.
In the case of weak fairness, a subsequent dispute is necessary to restore fairness. In general, disputes can occur even after a correctly concluded transaction. Non-repudiation techniques are used to gather evidence that can be later used in disputes, A novel nonrepudiation technique called server-supported signatures is proposed.
The issue of handling disputes in electronic commerce is complex and hitherto not well- understood. Some aspects of the problem, within the limited context of electronic payment systems, are addressed. First, a unified definition of electronic payment systems, called the generic payment service is presented. Based on the generic payment service, a uniform way to express payment dispute claims is proposed. The need for a coherent framework for handling disputes in electronic payment systems is motivated.
200 citations
Patent•
08 Apr 2003
TL;DR: In this paper, a system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D 1.
Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D 1 . C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
193 citations
Journal Article•
TL;DR: This paper builds on an understanding of services and their interactions, to outline the non-functional properties of Services and their uses.
Abstract: A proper understanding of the general nature, potential and obligations of electronic services may be achieved by examining existing commercial services in detail. The everyday services that surround us, and the ways in which we engage with them, are the result of social and economic interaction that has taken place over a long period of time. If we attempt to provide electronic services, and do not take this history into account, then we will fail. Any attempt to provide automated electronic services that ignores this history will deny consumers the opportunity to negotiate and refine, over a large range of issues, the specific details of the actual service to be provided. To succeed, we require a rich and accurate means of representing services. An essential ingredient of service representation is capturing the non-functional properties of services. These include the methods of charging and payment, the channels by which the service is requested and provided, constraints on temporal and spatial availability, service quality, security, trust and the rights attached to a service. Not only are comprehensive descriptions essential for useful service discovery, they are also integral to service management, enabling service negotiation, composition, and substitution. This paper builds on an understanding of services and their interactions,
to outline the non-functional properties of services and their uses.
168 citations
References
More filters
TL;DR: A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of an unsecured underlying telecommunication system.
Abstract: A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of an unsecured underlying telecommunication system. The technique does not require a universally trusted authority. One correspondent can remain anonymous to a second, while allowing the second to respond via an untraceable return address. The technique can also be used to form rosters of untraceable digital pseudonyms from selected applications. Applicants retain the exclusive ability to form digital signatures corresponding to their pseudonyms. Elections in which any interested party can verify that the ballots have been properly counted are possible if anonymously mailed ballots are signed with pseudonyms from a roster of registered voters. Another use allows an individual to correspond with a record-keeping organization under a unique pseudonym, which appears in a roster of acceptable clients.
4,075 citations
01 Jan 2003
TL;DR: In this article, a technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication -in spite of an unsecured underlying telecommunication system.
Abstract: A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of an unsecured underlying telecommunication system. The technique does not require a universally trusted authority. One correspondent can remain anonymous to a second, while allowing the second to respond via an untraceable return address. The technique can also be used to form rosters of untraceable digital pseudonyms from selected applications. Applicants retain the exclusive ability to form digital signatures corresponding to their pseudonyms. Elections in which any interested party can verify that the ballots have been properly counted are possible if anonymously mailed ballots are signed with pseudonyms from a roster of registered voters. Another use allows an individual to correspond with a record-keeping organization under a unique pseudonym, which appears in a roster of acceptable clients.
2,819 citations
06 May 1996
TL;DR: This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships, and describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.
Abstract: We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Existing systems that support security in networked applications, including X.509 and PGP, address only narrow subsets of the overall trust management problem and often do so in a manner that is appropriate to only one application. This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services.
2,247 citations
11 Jul 1995
TL;DR: The NetBill protocol is presented and its security and transactional features are described, including an atomic certified delivery method so that a customer pays if and only if she receives her information goods intact.
Abstract: NetBill is a system for micropayments for information goods on the Internet. This paper presents the NetBill protocol and describes its security and transactional features. Among our key innovations are: • An atomic certified delivery method so that a customer pays if and only if she receives her information goods intact. • Outsourcing access control: different users can use different access control servers. • A credential mechanism allowing users to prove membership in groups. This supports discounts. • A structure for constructing pseudonyms to protect the identities of consumers.
403 citations
01 Dec 1993
TL;DR: This paper proposes an extension of access control to integrate licensing called Stateful Access Control and it addresses some aspects of virus protection.
Abstract: Licensing is a topic of increasing importance for software publishers and users. More and more, the magnitude of financial transfers between these two partners are determined by some electronic licensing service being part of the system on which the licensed software is running. In order to ease the use and management of such licensing schemes and to enable economic software usage in enterprise-wide computer systems through flexible and fair billing structures, various organizations are working on formulating requirements, defining architectures, and building standard interfaces for so called license brokerage systems. The trustworthiness of these services is essential because large amounts of money can depend on them. Most of these licensing services are currently operating independently of access control and rely on proprietary and unpublished security algorithms. This paper proposes an extension of access control to integrate licensing called Stateful Access Control and it addresses some aspects of virus protection.
322 citations