Sciweavers

SP
1996
IEEE

On two Proposals for On-line Bankcard Payments using Open Networks: Problems and Solutions

14 years 3 months ago
On two Proposals for On-line Bankcard Payments using Open Networks: Problems and Solutions
Recently, two major bankcard payment instrument operators VISA and MasterCard published speci cations for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic technologies to supply some security services that are wellunderstood to be inadequate in open networks, and otherwise specify systems similar to today's private-network versions. In this paper we reason that when an open network is used for underlying electronic commerce some subtle vulnerabilities will emerge and the two speci cations are seen not in anticipation of them. A number of weaknesses are found as a result of missing and misuse of security services. Missing and misused services include: authentication, nonrepudiation, integrity, and timeliness. We identify problems and devise solu...
Wenbo Mao
Added 07 Aug 2010
Updated 07 Aug 2010
Type Conference
Year 1996
Where SP
Authors Wenbo Mao
Comments (0)