Yan Wang
Abstract
The mobile agent paradigm offers flexibility and autonomy to e-commerce applications. But it is challenging to employ a mobile agent to make a payment due to the security consideration. In this paper, we propose a new agent-assisted secure payment protocol, which is based on SET payment protocol and aims at enabling the dispatched consumer-agent to autonomously sign contracts and make the payment on behalf of the cardholder after having found the best merchant, without the possibility of disclosing any secret to any participant. This is realized by adopting the Signature-Share scheme, and employing a Trusted Third Party (TTP). In the proposed protocol, the principle that each participant knows what is strictly necessary for his/her role is followed as in SET. In addition, mechanisms have been devised for preventing and detecting double payment, overspending and overpayment attacks. Finally the security properties of the proposed protocol are studied analytically. In comparison with other existing models, the proposed protocol is more efficient and can detect more attacks.
- Amason. http://www.amason.com.Google Scholar
- eBay. http://www.eBay.com/.Google Scholar
- Visa International and MasterCard International. Secure Electronic Transaction (SET) specification, Version 1.0, May 1997.Google Scholar
- R.M.A. Corradi and C. Stefanell, Mobile agent integrity in e-commerce application. In Proceedings of 19th IEEE International Conference on Distributed Computing Systems, 1999, 59-64.Google ScholarCross Ref
- J. Cheng and V. Wei, Defenses against the truncation of computation results of free-roaming agent. In Proceedings of Fourth Oniternational Conference on Information and Communication Security, pages 1-12, 2002. LNCS 2513, Springer-Verlag. Google ScholarCross Ref
- D. Chess, Security issues in mobile code systems. In Proceedings of Mobile Agents and Security, pages 1-14, 1998. LNCS 1419, Springer-Verlag. Google ScholarCross Ref
- R. Guttman and P. Maes, Agent-mediated integrative negotiation for retail electronic commerce. In Proceedings of the Workshop on Agent Mediated Electronic Trading (AMET'98), pages 1-13, 1998. Google Scholar
- F. Ishikawa, N. Yoshioka, Y. Tahara and S. Honiden, Behavior descriptions of mobile agents for web services integration. In ICWS, pages 342-349, 2004. Google ScholarCross Ref
- F. Ishikawa, N. Yoshioka, Y. Tahara and S. Honiden, Mobile agent system for web services integration in pervasive networks. In IWUC, pages 38-47, 2004Google Scholar
- B.P.J. Claessens and J. Vandewalle, Can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions. In ACM Transactions on Internet Technology, volume 3, pages 28-48, February 2003. Google ScholarDigital Library
- P. Maes, R. Guttman and A. Moukas, Agents that buy and sell, CACM 42 (3) (1999), 81-91. Google Scholar
- A. Menezes, P. Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. Google ScholarDigital Library
- M.B.P. Kotzanikolaou and V. Chrissikopoulos, Secure transactions with mobile agents in hostile environments. In ACISP2000, pages 289-297, 2000. LNCS 1841, Springer-Verlag. Google ScholarCross Ref
- X. Pang, K.-L. Tan and Y. Wang, A secure agent-mediated payment protocol. In Fourth International Conference on Information and Communications Security (ICICS2002), volume LNCS 2512, Springer-Verlag, pages 422-433, Singapore, December 2002. Springer-Verlag. Google ScholarCross Ref
- T.D. Rodrigo and A. Stanski, The evolving future of agent-based electronic commerce, in: Electronic Commerce: Opportunity and Challenges, S.M. Rahman and M.S. Raisinghani, eds, 2000, pp. 337-351. Google ScholarCross Ref
- A. Romao and M.M. da Silva, An agent-based secure internet payment system for mobile computing. In Proceedings of TrEC'98, Hamburg, Germany, Springer, 1998. Google Scholar
- J.G.S. Berkovits and V. Swarup, Authentication for mobile agents. In Proceedings of Mobile Agents and Security, pages 114-136, 1998. LNCS 1419, Springer-Verlag. Google ScholarCross Ref
- T. Sander and C. Tschudin, Technical Report TR-97-049, International Computer Science Institute, November 1997.Google Scholar
- V. Varadharajan, Security enhanced mobile agents. In Proceedings of the 7th ACM conference on Computer and Communications Security (CCS'00), pages 200-209, Athens, Greece, November 1-4, 2000. Google ScholarDigital Library
- Y. Wang and T. Li, LITESET/A++: A new agent-assisted secure payment protocol. In Proceedings of 6th IEEE International Conference on E-Commerce Technology (IEEE CEC'04), San Diego, California, USA, July 2004. IEEE Computer Society. Google ScholarCross Ref
- Y. Wang, K.-L. Tan and J. Ren, Pumamart: A parallel and autonomous agents based internet marketplace, Electronic Commerce Research and Applications 3(3) (2004), 294-310.Google Scholar
- Y. Wang, K.-L. Tan and J. Ren, Towards autonomous and automatic evaluation and negotiation in agent-mediated internet marketplaces, Electronic Commerce Research 5(2005), 343-365. Google Scholar
- U. Whilem and X. Defago, Objects protgs cryptographiquement. In Proceedings of RenPar'97, Lausanne, Switzerland.Google Scholar
- B. Yee, A sanctuary for mobile agents. In Proceedings of the DARPA Workshop on Foundations for Secure Mobile Code, Monterey CA, USA, March 1997.Google Scholar
- X. Yi, C.K. Siew, X.F. Wang and E. Okamoto, A secure agent-based framework for the internet trading in mobile computing environments, Distributed and Parallel Databases 8(2000), 85-117. Google Scholar
- Y. Zheng, Digital signcryption or how to achieve cost (signature and encryption) ¿ cost (signature) + cost (encryption). In Proceedings of Advances in Cryptology-CRYPO'97, volume 1294, pages 165-179. Springer-Verlag, 1997. Google ScholarCross Ref
- J. Zhou and K. Lam, Securing digital signatures for non-repudiation, Computer Communications 22 (1999), 710-716. Google ScholarDigital Library
Index Terms
- Employ a mobile agent for making a payment
Recommendations
Verifiable distributed oblivious transfer and mobile agent security
The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent's privacy and the hosts' privacy. In this paper, we introduce a ...
Adaptation of proxy certificates to non-repudiation protocol of agent-based mobile payment systems
Non-repudiation of a mobile payment transaction ensures that when a buyer (B) sends some messages to a seller (S), neither B nor S can deny having participated in this transaction. An evidence of a transaction is generated by wireless PKI mechanism such ...
A Mobile Autonomous Agent-based Secure Payment Protocol Supporting Multiple Payments
IAT '05: Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent TechnologyIn agent based e-commerce applications, it is challengeable to employ one mobile agent to complete all transactions including payments due to the security consideration. In this paper, we propose a new agent-assisted secure payment protocol, which is ...
Comments