Security protocols in e-commerce are required to manage the transactions between buyers and sellers. In order to engage customers in e-commerce, these protocols should be well formulated and secured; they should protect both parties from fraudulent users and subsequently promote the growth of e-commerce. There are some protocols, known as fair exchange protocols, in e-commerce that are designed to guarantee fairness between the customer and the merchant so that neither party gains any advantage over the other. Therefore, in this paper, we introduce a new fair exchange protocol for trading products online between a buyer and a seller. The items to be exchanged in this protocol are a digital product and a payment. The following are the characteristics of this new protocol: (1) Dependency on a trusted third party is greatly reduced; further, the protocol also overcomes increased communication overheads and risks, hence leading to substantial improvement in the efficiency and practicality of the protocol. (2) The
protocol ensures fairness for all parties and provides an internal dispute resolution mechanism, thereby guaranteeing that none of the parties involved in the transaction suffer unfairly in case one of the entities disappears before the transaction is formalized. (3) The protocol consists of three messages exchanged between the buyer (customer) and the seller (merchant).
A fair exchange & customer anonymity protocolIJNSA Journal
The rapid development of technology and the reach of such technologies at affordable costs has made it
possible for all people across the world to make purchases at a click of the mouse and at their
convenience.Electronic commerce technologies and protocols facilitate the processing of online
transactions. Trust plays a major role in e-commerce transactions and various protocols help establishing
this trust by providing fair exchange and anonymity.
The research aims at designing and developing a protocol that provides both fair exchange and anonymity,
thus avoiding the need to have manual dispute resolution. It takes into account the technical flaws
researched and overcomes those by implementing methods to ensure that confidentiality and integrity of the
messages are maintained by making sure that the Trusted Third Party does not have the authority to view
or modify the messages but can only verify the authenticity of the other two parties.
This document discusses cyber or online contracts. It defines a cyber-contract as one created through communications over computer networks, whether entirely through email exchanges showing offer and acceptance, or a combination of electronic and other means. The key elements of a valid contract - offer, acceptance, consideration, and consent - still apply to online contracts. Digital signatures can verify the identity of parties to an online contract by encrypting messages with public and private keys. This allows confirmation that a message has not been altered and verifies the sender. Overall, the document outlines how traditional contract law elements can be applied to agreements made electronically.
This document provides an overview of e-finance and discusses several topics related to it. It begins with an introduction to e-finance and how the internet has revolutionized financial services. It then outlines the contents which will be discussed in chapters on the introduction to e-finance, a review of literature, instruments of e-finance, issues related to e-finance, and a conclusion. Specific instruments and trends discussed include internet banking, electronic bill payment, online brokerages, and online delivery of financial products. The document examines how traditional financial service providers are adapting to competition from new online players.
This document provides an overview of e-commerce, including definitions, history, processes, types, pros and cons, security concerns, and relevant laws in India. It discusses how e-commerce works by outlining the process from a customer's perspective of browsing a site, adding items to a cart, and completing a purchase. It also covers key topics like payment security, risks of data theft, and how laws like the Information Technology Act of 2000 aim to facilitate e-commerce transactions and address cybercrimes in India.
This chapter introduces banking technology as a confluence of several disparate disciplines such as finance (including risk management), information technology, computer science, communication technology, and marketing science. It presents the evolution of banking, the tremendous influence of information and communication technologies on banking and its products, the quintessential role played by computer science in full filing banks’ marketing objective of servicing customers better at less cost and thereby reaping more profits. It also highlights the use of advanced statistics and computer science to measure, mitigate, and manage various risks associated with banks’ business with its customers and other banks. The growing influence of customer relationship management and data mining in tackling various marketing-related problems and fraud detection problems in the banking industry is well documented.
1) The document discusses the future of virtual money and cybertrade in Asia, focusing on a Hong Kong business owner who sells a variety of products online without a physical shop.
2) It describes challenges to the growth of e-commerce in Asia, including lower telephone and internet penetration compared to the West.
3) One challenge is how to securely transfer money online for buyers and sellers; a company called CyberCash is working to make online payments secure through encryption during transactions.
E-Banking refers to electronic banking services offered by financial institutions. It evolved from traditional in-person banking due to innovations in internet technology. One of the first banks to offer online internet banking services was Stanford Federal Credit Union in 1994. E-banking allows customers to conduct banking transactions remotely using channels like ATMs, smart cards, phone/mobile banking, and internet banking. While e-banking provides benefits of convenience and lower costs, it also introduces risks like security threats from password/identity theft, phishing scams, trojan viruses, and skimming.
The document discusses the history and development of internet banking. It began in 1981 when four major New York banks offered home banking services using videotext systems. Internet banking allows customers to conduct bank transactions online instead of visiting a physical bank. It involves using electronic means to transfer funds between accounts directly. The document then discusses definitions, types, services, steps for using internet banking, who can use it, how it works, advantages, issues, security risks, problems, and ways to ensure security while banking online.
A fair exchange & customer anonymity protocolIJNSA Journal
The rapid development of technology and the reach of such technologies at affordable costs has made it
possible for all people across the world to make purchases at a click of the mouse and at their
convenience.Electronic commerce technologies and protocols facilitate the processing of online
transactions. Trust plays a major role in e-commerce transactions and various protocols help establishing
this trust by providing fair exchange and anonymity.
The research aims at designing and developing a protocol that provides both fair exchange and anonymity,
thus avoiding the need to have manual dispute resolution. It takes into account the technical flaws
researched and overcomes those by implementing methods to ensure that confidentiality and integrity of the
messages are maintained by making sure that the Trusted Third Party does not have the authority to view
or modify the messages but can only verify the authenticity of the other two parties.
This document discusses cyber or online contracts. It defines a cyber-contract as one created through communications over computer networks, whether entirely through email exchanges showing offer and acceptance, or a combination of electronic and other means. The key elements of a valid contract - offer, acceptance, consideration, and consent - still apply to online contracts. Digital signatures can verify the identity of parties to an online contract by encrypting messages with public and private keys. This allows confirmation that a message has not been altered and verifies the sender. Overall, the document outlines how traditional contract law elements can be applied to agreements made electronically.
This document provides an overview of e-finance and discusses several topics related to it. It begins with an introduction to e-finance and how the internet has revolutionized financial services. It then outlines the contents which will be discussed in chapters on the introduction to e-finance, a review of literature, instruments of e-finance, issues related to e-finance, and a conclusion. Specific instruments and trends discussed include internet banking, electronic bill payment, online brokerages, and online delivery of financial products. The document examines how traditional financial service providers are adapting to competition from new online players.
This document provides an overview of e-commerce, including definitions, history, processes, types, pros and cons, security concerns, and relevant laws in India. It discusses how e-commerce works by outlining the process from a customer's perspective of browsing a site, adding items to a cart, and completing a purchase. It also covers key topics like payment security, risks of data theft, and how laws like the Information Technology Act of 2000 aim to facilitate e-commerce transactions and address cybercrimes in India.
This chapter introduces banking technology as a confluence of several disparate disciplines such as finance (including risk management), information technology, computer science, communication technology, and marketing science. It presents the evolution of banking, the tremendous influence of information and communication technologies on banking and its products, the quintessential role played by computer science in full filing banks’ marketing objective of servicing customers better at less cost and thereby reaping more profits. It also highlights the use of advanced statistics and computer science to measure, mitigate, and manage various risks associated with banks’ business with its customers and other banks. The growing influence of customer relationship management and data mining in tackling various marketing-related problems and fraud detection problems in the banking industry is well documented.
1) The document discusses the future of virtual money and cybertrade in Asia, focusing on a Hong Kong business owner who sells a variety of products online without a physical shop.
2) It describes challenges to the growth of e-commerce in Asia, including lower telephone and internet penetration compared to the West.
3) One challenge is how to securely transfer money online for buyers and sellers; a company called CyberCash is working to make online payments secure through encryption during transactions.
E-Banking refers to electronic banking services offered by financial institutions. It evolved from traditional in-person banking due to innovations in internet technology. One of the first banks to offer online internet banking services was Stanford Federal Credit Union in 1994. E-banking allows customers to conduct banking transactions remotely using channels like ATMs, smart cards, phone/mobile banking, and internet banking. While e-banking provides benefits of convenience and lower costs, it also introduces risks like security threats from password/identity theft, phishing scams, trojan viruses, and skimming.
The document discusses the history and development of internet banking. It began in 1981 when four major New York banks offered home banking services using videotext systems. Internet banking allows customers to conduct bank transactions online instead of visiting a physical bank. It involves using electronic means to transfer funds between accounts directly. The document then discusses definitions, types, services, steps for using internet banking, who can use it, how it works, advantages, issues, security risks, problems, and ways to ensure security while banking online.
Internet banking, also known as e-banking, allows users to perform banking functions through their personal computer by accessing their bank's website. The ICICI Bank launched online banking in India in 1996. E-banking provides benefits like convenience and accessibility for customers as well as cost savings for banks by reducing branch transactions and operational costs. However, security concerns remain an issue as online banking increases the risks of hackers accessing customer accounts. Regulations and security measures will need to continue evolving to fully address privacy and fraud protection as virtual and branchless banking models grow in the future.
Indian banks are facing substantial changes as the banking landscape transforms. Consumer needs and demographics are shifting, requiring banks to adopt new technologies and channels to improve efficiency, reduce costs and better serve customers. Younger populations and growing incomes are increasing demand for retail banking products. Banks are utilizing technologies like online banking, mobile banking, ATMs and core banking solutions to lower operating expenses, enhance the customer experience and manage this changing environment.
This document discusses electronic and mobile banking. It provides an overview of how electronic banking allows customers to access banking services through electronic channels without time or geographic limitations. Mobile banking allows customers to perform banking transactions through a mobile device like checking balances and transferring funds. The document then outlines the evolution of electronic and mobile banking from early online services in the 1980s to modern services. It discusses the advantages for banks, businesses, and customers in using these services and some potential disadvantages like security and fraud risks. Finally, the document discusses regulations and adoption of these services in India.
IRJET- Ecommerce Transactions: Secure Gateway in Payment SystemIRJET Journal
The document discusses secure payment systems for e-commerce transactions. It describes how credit/debit card transactions currently work over the internet, noting security risks due to lack of authentication and encryption. The proposed work aims to explore using Secure Sockets Layer (SSL) protocol, Secure Electronic Transaction (SET) protocol, and secure communication tunnel techniques to securely transmit payment information. It provides flowcharts depicting the system flow and data flow between users, merchants and payment gateways. The secure payment system would encrypt transaction data and authenticate all parties to prevent fraud and theft of financial information online. A table compares the key security features of SET, SSL and secure tunnels for implementing a secure electronic payment system over the internet.
Internet banking began in 1981 when four major New York banks offered home banking services using videotext systems. Internet banking allows customers to conduct bank transactions online instead of visiting a bank teller. It involves using electronic means to transfer funds directly between accounts rather than using cash or checks. Common internet banking services include bill payment, accessing credit cards, shopping, and phone recharging. While offering advantages like lower costs, faster transactions, and increased efficiency and coverage, internet banking also presents security risks like fraudulent websites, fake emails, and trojan horse programs capturing user credentials.
Online banking offers conveniences for both customers and banks. It allows customers to bank anywhere at any time and reduces costs for banks by eliminating physical branches. While online banking replaces in-person interactions with security measures like passwords and encryption, the level of security is comparable to traditional banking. As mobile devices and technology continue to advance, online banking will become even more integrated into daily life through mobile payments and money transfers between connected devices.
Internet banking allows customers to conduct financial transactions online through secure websites or mobile apps. It was first introduced in the United States in 1994 and later adopted in India, with ICICI Bank being the first to offer internet banking services there in 1997. Customers can use internet banking to pay bills, shop online, book tickets, and access other banking services conveniently from anywhere at any time. While it offers benefits of convenience and lower costs, security risks require banks and customers to take precautions like using encrypted connections and not disclosing login credentials.
The document discusses online banking, including its definition as conducting financial transactions electronically rather than at a physical branch. It outlines the requirements and procedures for online banking, such as having internet access, registering with a bank, and logging in with a username and password. The key features and advantages of online banking are also summarized, such as lower transaction costs, ability to access accounts anywhere, and immediate money transfers.
This document provides an overview of e-commerce in Bangladesh. It discusses the definition and history of e-commerce, the different dimensions of e-commerce including business to business, business to consumer, and business to government. It also outlines some of the major sectors involved in e-commerce in Bangladesh, examples of e-commerce companies, constraints to e-commerce development like infrastructure and skills shortages, and the prospects and benefits of further e-commerce growth.
Future trends and legal aspects (111 kb)IMRAN KHAN
This document discusses future trends and legal aspects related to web design. It begins by explaining how e-commerce and m-commerce have impacted business globally and allowed transactions to occur remotely. It then outlines several objectives to be achieved, including explaining legal rights and obligations for web designers.
The document proceeds to discuss emerging trends in e-commerce and m-commerce, including different models like B2B, B2C, C2C, and B2E. It also covers modes of electronic payment. Success factors for e-commerce are described, such as providing a secure purchasing process, reliable infrastructure, and customer value. Issues that can still arise are noted, like not fully understanding customer needs. In closing, the document
E-BANKING (ORGANISATION, MANAGEMENT AND TECHNOLOGY)SUKET GUPTA
The document discusses various aspects of e-banking in India including core banking systems, online and mobile banking services, ATMs, payment and settlement systems like NEFT and RTGS. It provides details on the types of online and mobile banking services offered by banks in India as well as advantages and disadvantages of online banking. Key points covered include centralization of IT infrastructure leading to core banking, the increasing number of ATMs and branches enabled for NEFT and RTGS, and growth of digital payment options in India.
Banking professionals can now take advantage of our well-structured and subject-oriented Online Banking PowerPoint Presentation Slides. This electronic banking PPT theme helps you to showcase the obstacles faced by the banking sector that still operates offline. Further, present the problem statement through financial impact, projected revenue, and competition benchmark using our E-banking PowerPoint template. Get access to key stats on online banking, and customer channel preference to present a convincing web banking PPT presentation. Elucidate retail, corporate, or any other online banking type through this easy-to-understand internet banking PowerPoint theme. The digital banking PPT template deck helps you illustrate the leading players in the industry along with the services they offer. This E-banking PowerPoint presentation helps you convey the federal rules and regulations concerning online banking to your audience. Web banking PPT deck helps you in highlighting the implementation process. You can easily explain E-banking software providers, workforce training, costing, and integration with E-commerce platforms. https://bit.ly/30uZUqH
This document discusses mobile banking in India. It explains that mobile banking allows people to check balances, transfer money between accounts, and make purchases online without going to a bank. It also discusses telephone banking, debit cards, and micro ATMs which are run by business correspondents to enable banking in remote areas. The document predicts that profits from mobile banking in India will reach 20 trillion rupees within 5 years as more people, especially in cities, adopt these services due to their simplicity and low costs. Banks are promoting mobile banking because it is cheaper than ATM expenses.
Alternative banking, as the name suggest, is the NEWER METHOD OF CARRYING ON BANKING OPERATIONS
It includes
1. ATM (AUTOMATIC TELLER MACHINE)
2. POS TERMINAL
3. INTERNET BANKING
4. MOBILE BANKING
5. NEFT
6. RTGS
7. ECS
This document discusses e-commerce and its various types. It defines e-commerce as any business transactions conducted over the internet, including the buying and selling of goods and services. The document outlines the main applications of e-commerce as online marketing and purchasing, retail and wholesale, finance/banking, online publishing, and online booking. It also describes the six main types of e-commerce as business-to-business, business-to-consumer, consumer-to-consumer, consumer-to-business, business-to-administration, and consumer-to-administration.
Abstract—In developing countries there is a number of commodities and services which are financially supported by the
government as financial aid to their citizens. Such commodities
as bread, cooking gas and car fuel, all that commodities and
services follow a same systematic manual distribution process.
This typical and manual process is time and effort consumed for
the government, it also weak in term of control and monitoring,
so that the middle non-governmental entities can smuggle these
commodities outside the legal channels for double profit seeking
or intentional political reasons. In all cases, this will lead
to unsatisfactory situation within citizens and open doors for
corruption and chaos. This paper introduces model for solving
this problem by increasing the control for whole process and
thus decreasing the smuggling and wasting rates. The proposed
model is based on Identity-based Cryptography, so it provides the same security features and services as traditional PKI without the overhead of key management when the number of users in the system gets large.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
E-banking allows customers to perform banking transactions online through the bank's website or a mobile app. There are two main types of ATMs - leased-line ATMs that have a dedicated phone line and dial-up ATMs that use a normal phone line. ATMs have input devices like a card reader and keypad, and output devices like a display screen, receipt printer, and cash dispenser. Mobile banking applications include SMS banking, WAP banking, and STK banking. Security measures for e-banking include encryption, public/private key infrastructure, and keeping PIN numbers secret.
This document discusses various risks associated with online banking and technology-based banking products and services. It addresses operational risk, credit risk, and reputational risk. Operational risks include internal fraud, external fraud, business disruptions, system failures, and more. Credit risk relates to uncertainty in a counterparty's ability to meet obligations. Reputational risk could result from negative publicity, whether true or not, that leads to loss of customers, revenues, and increased costs. Effective risk management, including risk assessment and mitigation strategies, is important for banks offering online and technology-based services.
Electronic banking, also known as e-banking, allows customers to conduct financial transactions electronically using the internet or other electronic channels without visiting a brick-and-mortar branch. E-banking first emerged in the 1920s and grew in popularity through the 1960s with electronic funds transfers and credit cards. It is now estimated that 40% of banking transactions are conducted online. Technologies that have enabled e-banking include ATMs, online and mobile banking, telephone banking, and smart cards. E-banking offers benefits like convenience, lower costs, and increased customer relationships but also faces challenges around technology adoption, costs, and security concerns.
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...IJNSA Journal
The rapid development of technology and the reach of such technologies at affordable costs has made it possible for all people across the world to make purchases at a click of the mouse and at their convenience.Electronic commerce technologies and protocols facilitate the processing of online transactions. Trust plays a major role in e-commerce transactions and various protocols help establishing this trust by providing fair exchange and anonymity.
The research aims at designing and developing a protocol that provides both fair exchange and anonymity, thus avoiding the need to have manual dispute resolution. It takes into account the technical flaws researched and overcomes those by implementing methods to ensure that confidentiality and integrity of the messages are maintained by making sure that the Trusted Third Party does not have the authority to view or modify the messages but can only verify the authenticity of the other two parties.
The vast spreading of information in the last decade has led to great development in e-commerce. For instance, e-trade and e-bank are two main Internet services that implement e-transaction from anyplace in the world. This helps merchant and bank to ease the financial transaction process and to give user friendly services at any time. However, the cost of workers and communications falls down considerably while the cost of trusted authority and protecting information is increased. E-payment is now one of the most central research areas in e-commerce, mainly regarding online and offline payment scenarios. In this paper, we will discuss an important e-payment protocol namely Kim and Lee scheme examine its advantages and delimitations, which encourages the author to develop more efficient scheme that keeping all characteristics intact without concession of the security robustness of the protocol. The suggest protocol employs the idea of public key encryption scheme using the thought of hash chain. We will compare the proposed protocol with Kim and Lee protocol and demonstrate that the proposed protocol offers more security and efficiency, which makes the protocol workable for real world services.
An Improvement To The Set Protocol Based On Signcryptionijcisjournal
The document summarizes an improvement to the SET payment protocol based on using signcryption. The SET protocol ensures security for online credit card transactions but has some disadvantages. Signcryption allows simultaneous encryption and signature verification in one step, providing better performance than separate signature and encryption. The proposed improvement uses identity-based signcryption in the SET protocol to reduce the number of encryption/decryption operations and make it less time consuming compared to signature-then-encryption. It details the setup phase and modified protocol steps using signcryption for order and payment messages between the customer, merchant and payment gateway.
Internet banking, also known as e-banking, allows users to perform banking functions through their personal computer by accessing their bank's website. The ICICI Bank launched online banking in India in 1996. E-banking provides benefits like convenience and accessibility for customers as well as cost savings for banks by reducing branch transactions and operational costs. However, security concerns remain an issue as online banking increases the risks of hackers accessing customer accounts. Regulations and security measures will need to continue evolving to fully address privacy and fraud protection as virtual and branchless banking models grow in the future.
Indian banks are facing substantial changes as the banking landscape transforms. Consumer needs and demographics are shifting, requiring banks to adopt new technologies and channels to improve efficiency, reduce costs and better serve customers. Younger populations and growing incomes are increasing demand for retail banking products. Banks are utilizing technologies like online banking, mobile banking, ATMs and core banking solutions to lower operating expenses, enhance the customer experience and manage this changing environment.
This document discusses electronic and mobile banking. It provides an overview of how electronic banking allows customers to access banking services through electronic channels without time or geographic limitations. Mobile banking allows customers to perform banking transactions through a mobile device like checking balances and transferring funds. The document then outlines the evolution of electronic and mobile banking from early online services in the 1980s to modern services. It discusses the advantages for banks, businesses, and customers in using these services and some potential disadvantages like security and fraud risks. Finally, the document discusses regulations and adoption of these services in India.
IRJET- Ecommerce Transactions: Secure Gateway in Payment SystemIRJET Journal
The document discusses secure payment systems for e-commerce transactions. It describes how credit/debit card transactions currently work over the internet, noting security risks due to lack of authentication and encryption. The proposed work aims to explore using Secure Sockets Layer (SSL) protocol, Secure Electronic Transaction (SET) protocol, and secure communication tunnel techniques to securely transmit payment information. It provides flowcharts depicting the system flow and data flow between users, merchants and payment gateways. The secure payment system would encrypt transaction data and authenticate all parties to prevent fraud and theft of financial information online. A table compares the key security features of SET, SSL and secure tunnels for implementing a secure electronic payment system over the internet.
Internet banking began in 1981 when four major New York banks offered home banking services using videotext systems. Internet banking allows customers to conduct bank transactions online instead of visiting a bank teller. It involves using electronic means to transfer funds directly between accounts rather than using cash or checks. Common internet banking services include bill payment, accessing credit cards, shopping, and phone recharging. While offering advantages like lower costs, faster transactions, and increased efficiency and coverage, internet banking also presents security risks like fraudulent websites, fake emails, and trojan horse programs capturing user credentials.
Online banking offers conveniences for both customers and banks. It allows customers to bank anywhere at any time and reduces costs for banks by eliminating physical branches. While online banking replaces in-person interactions with security measures like passwords and encryption, the level of security is comparable to traditional banking. As mobile devices and technology continue to advance, online banking will become even more integrated into daily life through mobile payments and money transfers between connected devices.
Internet banking allows customers to conduct financial transactions online through secure websites or mobile apps. It was first introduced in the United States in 1994 and later adopted in India, with ICICI Bank being the first to offer internet banking services there in 1997. Customers can use internet banking to pay bills, shop online, book tickets, and access other banking services conveniently from anywhere at any time. While it offers benefits of convenience and lower costs, security risks require banks and customers to take precautions like using encrypted connections and not disclosing login credentials.
The document discusses online banking, including its definition as conducting financial transactions electronically rather than at a physical branch. It outlines the requirements and procedures for online banking, such as having internet access, registering with a bank, and logging in with a username and password. The key features and advantages of online banking are also summarized, such as lower transaction costs, ability to access accounts anywhere, and immediate money transfers.
This document provides an overview of e-commerce in Bangladesh. It discusses the definition and history of e-commerce, the different dimensions of e-commerce including business to business, business to consumer, and business to government. It also outlines some of the major sectors involved in e-commerce in Bangladesh, examples of e-commerce companies, constraints to e-commerce development like infrastructure and skills shortages, and the prospects and benefits of further e-commerce growth.
Future trends and legal aspects (111 kb)IMRAN KHAN
This document discusses future trends and legal aspects related to web design. It begins by explaining how e-commerce and m-commerce have impacted business globally and allowed transactions to occur remotely. It then outlines several objectives to be achieved, including explaining legal rights and obligations for web designers.
The document proceeds to discuss emerging trends in e-commerce and m-commerce, including different models like B2B, B2C, C2C, and B2E. It also covers modes of electronic payment. Success factors for e-commerce are described, such as providing a secure purchasing process, reliable infrastructure, and customer value. Issues that can still arise are noted, like not fully understanding customer needs. In closing, the document
E-BANKING (ORGANISATION, MANAGEMENT AND TECHNOLOGY)SUKET GUPTA
The document discusses various aspects of e-banking in India including core banking systems, online and mobile banking services, ATMs, payment and settlement systems like NEFT and RTGS. It provides details on the types of online and mobile banking services offered by banks in India as well as advantages and disadvantages of online banking. Key points covered include centralization of IT infrastructure leading to core banking, the increasing number of ATMs and branches enabled for NEFT and RTGS, and growth of digital payment options in India.
Banking professionals can now take advantage of our well-structured and subject-oriented Online Banking PowerPoint Presentation Slides. This electronic banking PPT theme helps you to showcase the obstacles faced by the banking sector that still operates offline. Further, present the problem statement through financial impact, projected revenue, and competition benchmark using our E-banking PowerPoint template. Get access to key stats on online banking, and customer channel preference to present a convincing web banking PPT presentation. Elucidate retail, corporate, or any other online banking type through this easy-to-understand internet banking PowerPoint theme. The digital banking PPT template deck helps you illustrate the leading players in the industry along with the services they offer. This E-banking PowerPoint presentation helps you convey the federal rules and regulations concerning online banking to your audience. Web banking PPT deck helps you in highlighting the implementation process. You can easily explain E-banking software providers, workforce training, costing, and integration with E-commerce platforms. https://bit.ly/30uZUqH
This document discusses mobile banking in India. It explains that mobile banking allows people to check balances, transfer money between accounts, and make purchases online without going to a bank. It also discusses telephone banking, debit cards, and micro ATMs which are run by business correspondents to enable banking in remote areas. The document predicts that profits from mobile banking in India will reach 20 trillion rupees within 5 years as more people, especially in cities, adopt these services due to their simplicity and low costs. Banks are promoting mobile banking because it is cheaper than ATM expenses.
Alternative banking, as the name suggest, is the NEWER METHOD OF CARRYING ON BANKING OPERATIONS
It includes
1. ATM (AUTOMATIC TELLER MACHINE)
2. POS TERMINAL
3. INTERNET BANKING
4. MOBILE BANKING
5. NEFT
6. RTGS
7. ECS
This document discusses e-commerce and its various types. It defines e-commerce as any business transactions conducted over the internet, including the buying and selling of goods and services. The document outlines the main applications of e-commerce as online marketing and purchasing, retail and wholesale, finance/banking, online publishing, and online booking. It also describes the six main types of e-commerce as business-to-business, business-to-consumer, consumer-to-consumer, consumer-to-business, business-to-administration, and consumer-to-administration.
Abstract—In developing countries there is a number of commodities and services which are financially supported by the
government as financial aid to their citizens. Such commodities
as bread, cooking gas and car fuel, all that commodities and
services follow a same systematic manual distribution process.
This typical and manual process is time and effort consumed for
the government, it also weak in term of control and monitoring,
so that the middle non-governmental entities can smuggle these
commodities outside the legal channels for double profit seeking
or intentional political reasons. In all cases, this will lead
to unsatisfactory situation within citizens and open doors for
corruption and chaos. This paper introduces model for solving
this problem by increasing the control for whole process and
thus decreasing the smuggling and wasting rates. The proposed
model is based on Identity-based Cryptography, so it provides the same security features and services as traditional PKI without the overhead of key management when the number of users in the system gets large.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
E-banking allows customers to perform banking transactions online through the bank's website or a mobile app. There are two main types of ATMs - leased-line ATMs that have a dedicated phone line and dial-up ATMs that use a normal phone line. ATMs have input devices like a card reader and keypad, and output devices like a display screen, receipt printer, and cash dispenser. Mobile banking applications include SMS banking, WAP banking, and STK banking. Security measures for e-banking include encryption, public/private key infrastructure, and keeping PIN numbers secret.
This document discusses various risks associated with online banking and technology-based banking products and services. It addresses operational risk, credit risk, and reputational risk. Operational risks include internal fraud, external fraud, business disruptions, system failures, and more. Credit risk relates to uncertainty in a counterparty's ability to meet obligations. Reputational risk could result from negative publicity, whether true or not, that leads to loss of customers, revenues, and increased costs. Effective risk management, including risk assessment and mitigation strategies, is important for banks offering online and technology-based services.
Electronic banking, also known as e-banking, allows customers to conduct financial transactions electronically using the internet or other electronic channels without visiting a brick-and-mortar branch. E-banking first emerged in the 1920s and grew in popularity through the 1960s with electronic funds transfers and credit cards. It is now estimated that 40% of banking transactions are conducted online. Technologies that have enabled e-banking include ATMs, online and mobile banking, telephone banking, and smart cards. E-banking offers benefits like convenience, lower costs, and increased customer relationships but also faces challenges around technology adoption, costs, and security concerns.
A Fair Exchange & Customer Anonymity Protocol Using A Trusted Third Party for...IJNSA Journal
The rapid development of technology and the reach of such technologies at affordable costs has made it possible for all people across the world to make purchases at a click of the mouse and at their convenience.Electronic commerce technologies and protocols facilitate the processing of online transactions. Trust plays a major role in e-commerce transactions and various protocols help establishing this trust by providing fair exchange and anonymity.
The research aims at designing and developing a protocol that provides both fair exchange and anonymity, thus avoiding the need to have manual dispute resolution. It takes into account the technical flaws researched and overcomes those by implementing methods to ensure that confidentiality and integrity of the messages are maintained by making sure that the Trusted Third Party does not have the authority to view or modify the messages but can only verify the authenticity of the other two parties.
The vast spreading of information in the last decade has led to great development in e-commerce. For instance, e-trade and e-bank are two main Internet services that implement e-transaction from anyplace in the world. This helps merchant and bank to ease the financial transaction process and to give user friendly services at any time. However, the cost of workers and communications falls down considerably while the cost of trusted authority and protecting information is increased. E-payment is now one of the most central research areas in e-commerce, mainly regarding online and offline payment scenarios. In this paper, we will discuss an important e-payment protocol namely Kim and Lee scheme examine its advantages and delimitations, which encourages the author to develop more efficient scheme that keeping all characteristics intact without concession of the security robustness of the protocol. The suggest protocol employs the idea of public key encryption scheme using the thought of hash chain. We will compare the proposed protocol with Kim and Lee protocol and demonstrate that the proposed protocol offers more security and efficiency, which makes the protocol workable for real world services.
An Improvement To The Set Protocol Based On Signcryptionijcisjournal
The document summarizes an improvement to the SET payment protocol based on using signcryption. The SET protocol ensures security for online credit card transactions but has some disadvantages. Signcryption allows simultaneous encryption and signature verification in one step, providing better performance than separate signature and encryption. The proposed improvement uses identity-based signcryption in the SET protocol to reduce the number of encryption/decryption operations and make it less time consuming compared to signature-then-encryption. It details the setup phase and modified protocol steps using signcryption for order and payment messages between the customer, merchant and payment gateway.
A Novel Fair Anonymous Contract Signing Protocol for E-Commerce Applications IJNSA Journal
With the economy developing and popular Internet, the general concept of contract signing has changed. In the past, people usually sign a contract at the same time and same place face to face, but actually each party involved in contract may live in different part of earth, they want to sign something for business or some other things in economic, efficient, secure and fairway. A fair contract signing protocol allows two potentially mis-trusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other’s signature, or neither party does. Based on the LUCAS signature scheme, a new digital anonymous contract signing protocol is proposed in this paper. Like the existing LUCAS-based solutions for the same problem, our protocol is fair, anonymous and optimistic. Furthermore, the proposed protocol satisfied a new
property, i.e., it is abuse-free. That is, if the protocol is executed unsuccessfully, either of the two parties can not show the validity of intermediate results to others.
This document discusses electronic commerce (e-commerce), including its definition, history, types, processes, advantages, disadvantages, and laws governing it. Some key points:
- E-commerce involves buying and selling of goods/services over electronic networks like the internet. It facilitates online transactions including marketing, sales, delivery, and payments.
- Early forms of e-commerce included EDI in the 1960s. Amazon was one of the first major online retailers in the 1990s.
- The UNCITRAL Model Law on e-commerce from 1997 provides guidelines to regulate e-commerce and promote uniformity across jurisdictions. The Indian IT Act of 2000 was based on this.
- E-
This document provides a legal and practical analysis of TradeTrust-enabled electronic bills of lading (TT eBLs). It addresses the lack of interoperability between existing electronic bill of lading platforms, which has hindered wider adoption. TradeTrust provides a solution by enabling any party to issue TT eBLs using blockchain technology, allowing them to function similarly to paper bills of lading. This achieves both technical and potential legal interoperability without requiring all parties to use the same platform. The document analyzes how TT eBLs comply with the Model Law on Electronic Transferable Records and the laws of Singapore, England, and several US states. It provides guidance to industry on using TT eBLs and addresses considerations
This document analyzes the Secure Electronic Transaction (SET) system for securing electronic payments. SET uses cryptography techniques like SSL and nested encryption tunnels to securely transmit payment information between customers, merchants, and payment gateways. The system aims to provide authentication, data confidentiality, non-repudiation, access control, and data integrity. It allows customers to securely purchase items online by encrypting transaction data and verifying identities. The main advantage is it protects payment information and can be easily used, without additional software, by securing the conventional communication channels used for online transactions.
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOLIJNSA Journal
This paper presents an efficient fair document exchange protocol. The exchange of the documents will be between two parties. The protocol is based on the verifiable and recoverable encryption of a document’s key. This verifiable and recoverable encryption of the document’s key will allow one party to verify the encrypted key. It will also ensure this party that the Semi Trusted Third Party will be able to recover the key if the other party misbehaves. The protocol also incorporates the concept of enforcing the honesty of one party. The proposed protocol consists of only three messages and is more efficient than related protocols.
The document defines e-commerce as conducting commercial transactions electronically using information and communication technologies. It outlines three main e-commerce technologies: electronic markets, electronic data interchange, and internet commerce. Electronic markets enable online searching and purchasing. Electronic data interchange standardizes transactions between organizations. Internet commerce allows advertising and one-time sales of goods and services online.
The document provides guidelines from DATA, a non-profit organization, for consumer practices in the emerging field of digital assets. It recommends that digital asset companies provide transparent disclosures to consumers about products, costs, risks and limitations. Specifically, it recommends disclosing fees, ability to cancel transactions, risks like volatility in value and potential loss of funds, applicable regulations, and public nature of blockchain transactions. The guidelines are intended to ensure consumers understand emerging digital asset products while allowing companies to operate successfully.
DEVELOPING THE E-COMMERCE MODEL A CONSUMER TO CONSUMER USING BLOCKCHAIN NETWO...IJMIT JOURNAL
E-commerce has increased recently because of the development of the internet and has become a new concept that is applicable to trade transaction and services providing, using information technology. This is known as e-commerce thatis a means of communicating information،products or services through technical tools. This research proposed model is able to take advantage of Blockchain technology to develop e-commerce especially consumer toconsumer. The proposed model adds some advantages to ecommerce operations, and the possibility of developing them to reach a high percentage of profits by using blockchain technology which led to verify the information of products offered for sale. In addition, to the possibility of distributing feedback to all Blockchain users, through which it develops the mechanism of trust and cooperation between consumers, it is considered a reference point to explore the behaviour of commercial consumers which is stored in the data file of consumers. This model facilitates business processes between consumer andconsumer, eliminates the central role of large business companies in controlling and setting restrictions, and to the development and expansion of this type of trade
E-contracts are contracts formed through electronic means like online shopping sites or apps. The document discusses the introduction, definition, nature, elements and types of e-contracts under Indian law. Key points include: e-contracts must meet all requirements of a valid contract under the Indian Contract Act; digital signatures can validate e-contracts; and Indian courts have recognized the formation of contracts through electronic communications and documents.
This document proposes a token-based contract signing protocol using one-time private keys (OTPK) to provide secure authentication between parties. The protocol aims to solve issues with exchanging digital signatures for electronic contracts by ensuring fairness - that either both parties receive each other's signatures or neither does. It uses an offline trusted third party that is only involved if one party fails to send their signature. The key aspects are:
1) OTPK allows generation of a single-use private key for each authentication, improving security by preventing key storage.
2) The protocol simulates paper-based contract signing by exchanging digital signatures in a fair manner with or without a third party.
3) It aims to provide
INTRODUCTION 351consumers are placing their orders online, but.docxmariuse18nolet
INTRODUCTION 351
consumers are placing their orders online, but companies still provide toll-free numbers for those who are hesitant to provide confidential information, such as credit card numbers, online. Airlines were among the first providers to provide a financial incentive to purchase online. Later, they shifted to an additional financial cost if toll-free numbers of support personnel were accessed to make a purchase.
Concerns about Internet security have been blown out of proportion. Although online business transactions are not perfectly secure, they are no riskier than ordering via telephone or fax. Computer hackers are similar to everyday criminals who try to find ways to circumvent security systems and procedures, although there are some additional security issues associated with electronic commerce. First, the Internet is an open network without any physical barriers to prevent theft (e.g., hidden cameras, safes, security guards). Second, the same technologies that are being used for commerce can be used to breach security (e.g., computer software used to search for passwords).
Several methods can be used to restrict access and improve security in electronic commerce. First, a form of authentication can be required through the use of some combination of account numbers, passwords, and IP (Internet protocol) addresses. Second, a firewall can be used to monitor traffic between an organization's network and the Internet. This barrier can restrict access to certain IP addresses or applications. A third method is to use coding or encryption techniques to transform data to protect their meaning. These security methods can be used individually or together depending on the level of security desired. For instance, firms that are transmitting payment information will be more inclined to use all three levels of defense. This next section covers four topics: the traits of a networked economy, the definition and scope of electronic commerce, the use of electronic marketing, and the beginning of electronic commerce.
Authentication
Verifying the appropriate access by a user through the use of some combination of account numbers, passwords, and IP (Internet protocol) addresses.
Firewall
A filter is used to monitor traffic between an organization's network and the Internet. This barrier can restrict access to certain IP addresses, applications or content.
INTRODUCTION 349
Traits of a Networked Economy
Some people view electronic commerce as a boom-and-bust cycle, but that is really not true. In the mid-1990s, there was a dramatic increase in activity in the broad field of e-commerce. Companies such as eBay, Amazon, and Expc dia provide tangible evidence of the impact that e-commerce has had on th business world. These companies, and hundreds like them, created an ecc nomic boom unlike anything seen before. It began to unravel in 2000, wit the dot-com bust." The impacts are still being felt. Most traditional comp; nies.
An Enhanced Privacy Preserving Buyer-Seller Protocol for Anonymous TransactionIDES Editor
Due to the rapid growth of the internet and e-commerce,
more and more digital products and multimedia contents
are sold and transmitted over the internet. However, it
also poses threats to copyright protection and to customers’
privacy.Digital watermarks are used for protecting the digital
contents from unauthorized duplication and distribution over
internet. This can be achieved by inserting a unique digital
watermark into each copy of the content before it is sold by
the content owner (seller) to a buyer. This paper proposes a
new enhanced privacy preserving Buyer-Seller watermarking
protocol for anonymous transaction. Apart from solving the
generic problems, this novel method is also finding solutions
to Anonymity, Unlinkability and Loyalty marketing problem.
The document discusses e-contracts in India, including their emergence and legal issues. It provides an overview of different types of e-contracts like click-wrap, shrink-wrap, and electronic data interchange agreements. Key elements of valid e-contracts under Indian law are explained. Relevant sections of the Indian Evidence Act and Information Technology Act pertaining to e-contracts and electronic records are summarized. Issues around stamp duties, consumer disputes, and conflict of laws regarding e-contracts are also covered briefly. The methodology used for the study involved analysis of legal documents, cases, and literature on e-contracts.
Industrial revolution and notions of technology .pptxVishweshSingh16
The document discusses the United Nations Commission on International Trade Law's (UNCITRAL) Model Law on Electronic Commerce (MLEC) from 1996. The MLEC aims to facilitate electronic commerce by establishing principles of non-discrimination of electronic documents, technological neutrality, and functional equivalence of electronic and paper documents. It sets rules for electronic contracting, digital signatures, and attribution of electronic messages. The MLEC has been influential as many states have based domestic e-commerce laws on it, helping unify international standards in the area. It also establishes that electronic documents cannot be denied validity solely due to their electronic form.
E-COMMERCE ADMINISTRATION & MANAGEMENT - Australia Perspective.pptJOHN BABATUNDE LEE
This document discusses consumer protection issues in online commerce. It begins with an introduction on consumers and technology, and the importance of trust and confidence for online transactions. It uses online financial services as a case study, examining problems regarding product complexity, online calculators, independence, disclosure, identification, complaints, privacy, access and cost, and jurisdiction. It then outlines the key elements of Australia's policy framework for online consumer protection: contracts, payments, and conduct. The document goes on to discuss relevant Australian legislation and industry codes of conduct. It concludes by looking at international regimes like the EU Directive and OECD Guidelines.
This document provides an overview of electronic commerce (e-commerce) and discusses security considerations related to electronic payments. It defines e-commerce, electronic money, and related terms. It also outlines threats to e-commerce like intercepted credit card numbers, and security requirements to address threats like verifying identities and protecting communications. Examples of electronic payment systems are also summarized, along with the relevant regulatory framework.
Electronic commerce (e-commerce) involves conducting business transactions electronically over the internet. It allows businesses and consumers to buy and sell goods and services online. There are different types of e-commerce models including business-to-business (B2B), business-to-consumer (B2C), consumer-to-business (C2B), and consumer-to-consumer (C2C). E-commerce provides advantages such as reduced costs, greater access to global markets, and convenience. However, it also presents disadvantages like customer relations problems, threats of hacking, and loss of paper audit trails.
Similar to DESIGN AND EVALUATION OF A NEW FAIR EXCHANGE PROTOCOL BASED ON AN ONLINE TTP (20)
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
DESIGN AND EVALUATION OF A NEW FAIR EXCHANGE PROTOCOL BASED ON AN ONLINE TTP
1. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
DOI : 10.5121/ijnsa.2012.4402 21
DESIGN AND EVALUATION OF A NEW FAIR
EXCHANGE PROTOCOL BASED ON AN
ONLINE TTP
Abdullah AlOtaibi and Hamza Aldabbas
Software Technology Research Laboratory (STRL)
De Montfort University, Leicester, United Kingdom
Otaibi_as@hotmail.com, hamza@dmu.ac.uk
ABSTRACT
Security protocols in e-commerce are required to manage the transactions between buyers and sellers. In
order to engage customers in e-commerce, these protocols should be well formulated and secured; they
should protect both parties from fraudulent users and subsequently promote the growth of e-commerce.
There are some protocols, known as fair exchange protocols, in e-commerce that are designed to
guarantee fairness between the customer and the merchant so that neither party gains any advantage
over the other. Therefore, in this paper, we introduce a new fair exchange protocol for trading products
online between a buyer and a seller. The items to be exchanged in this protocol are a digital product and
a payment. The following are the characteristics of this new protocol: (1) Dependency on a trusted third
party is greatly reduced; further, the protocol also overcomes increased communication overheads and
risks, hence leading to substantial improvement in the efficiency and practicality of the protocol. (2) The
protocol ensures fairness for all parties and provides an internal dispute resolution mechanism, thereby
guaranteeing that none of the parties involved in the transaction suffer unfairly in case one of the entities
disappears before the transaction is formalized. (3) The protocol consists of three messages exchanged
between the buyer (customer) and the seller (merchant).
KEYWORDS:
E-commerce, Fair exchange protcocol, TTP (Trusted Third Party); protocols; security; fairness.
1. INTRODUCTION
Over the past few years the Internet has become an essential business platform by aiding
trading, distribution and sales between organisations, consumers, and even between consumers.
This has brought ecommerce to an entirely new level[1]. Nowadays, without doubt, the
development of information and communication technology is playing an enormous part in
making individuals’ lives easier than before. Due to the rapid growth of e-commerce in recent
years, much business today is conducted online. In other words, more businesses than ever
before are using the Internet to sell their commodities to people all over the world. The Internet
provides them with a platform for selling their items to all kinds of people without the
restrictions of geographical borders. Customer choice in buying goods and services has been
greatly enhanced by this growth of e-commerce. For various reasons, many customers today
opt to buy their items through the Internet; firstly, they have the convenience of making
purchases from the comfort of their homes removing the need to go to shopping centres or
2. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
22
suffering the inconvenience of traffic jams and parking problems. Secondly, customers have the
opportunity to quickly compare the prices of various traders. Thirdly, goods and services are
delivered to the customer’s home. Lastly, customers are able to buy products at any time, from
anywhere in the world.
In traditional commerce, customers do not have to worry that they will be given the product
that they paid for. This is because the customer goes to a shop, selects a product, pays for it and
takes it away. Customers also do not have to worry that their financial data will be revealed to
a third party, as they make payment in cash. In addition to the above points, customers can also
remain anonymous and avoid the merchants tracing their buying habits by making their
payments in cash. However, in e-commerce, such factors can become a major concern for
customers; for example, through online payment, personal data and financial information that is
not encrypted might be revealed to fraudulent persons.
There must be trust between the buyer and the seller, but in e-commerce, customers are worried
that dishonest dealers might send them the wrong or inferior product. There must be a system in
place to ensure that the data being sent through any secure means are heavily protected. There
is no doubt that e-commerce has made the exchange of goods and services easier but it also
poses risks to both the customer and the merchant, in terms of security, safeguarding users’
privacy, trust and anonymity [2, 3].
2. FAIRNESS IN ELECTRONIC COMMERCE
According to Asokan [5], a fair system refers to a system “that does not discriminate against a
correctly behaving player. As long as a player behaves correctly, a fair system must ensure that
other players will not gain any advantage over the correctly behaving players.” In a fair
exchange scenario, the transacting parties, for example X and Y, follow a fair exchange
process. This process must not allow a situation where X can obtain Y’s items while Y cannot
obtain X’s items. A process that involves a fair exchange protocol between X and Y must fulfil
three conditions:
1. Effectiveness: If the protocol is executed correctly and the parties X and Y honourtheir
commitment, then both parties will have each other’s items.
2. Timeliness: The protocol will be executed within an acceptable timeframe.
3. Fairness: There are two types of fairness:
• Strong fairness: This means that at the end of the protocol, either eachparty
obtains the expected item from the other, or no party obtains the expected item.
This means that a party who behaves correctly does not suffer any
disadvantage. For example, both parties shouldreceive the expected items, or
neither do so.
• Weak fairness: This means that at the end of the exchange, either strongfairness
is achieved, or the correctly behaving party thatdoesnot receive the expected
item can prove to a third partythat Y has received (or stillcanreceive) X’s item,
without anymore involvement from X (regardless of whether Y behaves
correctly or not), and vice versa. Although strong fairness isdesirable,
sometimes it is very expensive or impossible to guarantee, that is why the two
forms of fairness exist.
3. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
23
Weak fairness is important because it provides a platform for dispute resolution. The
disadvantaged party can seek a dispute resolution outside the system. The party that suffered a
disadvantage can achieve strong fairness by using an external dispute resolution system, such as
a court of law, provided it can prove that it was treated unfairly. There are a number of fair
exchange protocols that can ensure strong fairness by using a trusted third party. Most of these
protocols, apart from Burk and Pfitzmann [6], refer to the fairness definition of Asokan [5].
Other protocols (such as those of Jakobsson, Pagnia and Jansen [7], and Sandholmand Lesser
[8]) are difficult to juxtapose, as they do not precisely define the kind of fairness that has been
attained. The Asokanas [9] definition of fairness will be used as a foundation for the
formalization in the sections below, as other explanations of fairness (such as the notions of
money atomicity and goods atomicity of Tygar [2]), have not been exactly defined.
3. TYPES OF FAIR EXCHANGE PROTOCOLS
Fair exchange protocols (whether they are for certified email, certified delivery, contract
signing or fair purchase) may be classified into two main types, depending on the use of the
TTP. Those protocols that do not involve the use of a TTP are the first type, while those
protocols that involve the use of a TTP form the second type [4, 7, 10].
3.1.Protocols that involve a TTP
The protocols that involve the use of a TTP can be divided into three types, which are as
follows [11]:
3.1.1. Protocols that are based on inline TTP.
Inline TTP-based protocols use the TTP for sending the traded commodities to the respective
parties. This means that the TTP receives the items from each party, authenticates them and
delivers them to the respective parties. For example, if there is a customer and a merchant in a
transaction, then the two parties will exchange items such as a digital product (held by the
merchant) and a payment (held by the customer). The protocol is then carried out in the
following way. Both the customer and the merchant send their items to the TTP. The customer
sends the payment while the merchant delivers the digital product. Then, the TTP authenticates
the received items and, after approving them, it delivers the payment to the merchant and the
digital product to the customer. Figure 1 illustrates a model of a fair exchange protocol that
involvesan inline TTP.
We realize in this protocol that the TTP is actively involved in the exchange of items between
the transacting parties. Engaging the TTP in this type of protocol guarantees that the parties
involved in the transaction exchange their items fairly. Direct contact between the transacting
parties is not normally necessary in inline TTP-based protocols.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
24
Figure 1: Inline TTP-based fair exchange model
The protocols that use an inline TTP to guarantee fairness for all parties involved in the
transaction because the TTP will deliver the respective items to the parties;however, they also
have some drawbacks. Firstly, it is expensive to run inline TTP protocols, asthey require the
availability of the TTP during the execution of the protocol, which will lead to extra costs [12].
Secondly, in this type of protocol, the TTP may become the source of a communication
bottleneck, hence leading to performance problems [5, 7, 13, 14] and[5, 5]. This is because the
items to be exchanged must pass through the TTP. Thirdly, in the case of a crash at the TTP,
the protocol will not be carried out and the parties will not be able to receive the items that they
expect. Lastly, in the case of an attack, the TTP will be the main target [13].
Burk and Pfitzmann [6] suggestedan inline TTP-based fair exchange protocol that allows the
transacting parties (where the parties are the customer and the merchant, and the items are the
payment and the digital product) to reach an agreement on the items to be exchanged. Both
parties then communicate with the TTP to confirm the contract that they have agreed upon. The
payment is subsequently sent to the TTP by the customer.
Upon receiving the payment, the TTP confirms and verifies whether or not the payment is in
accord with the agreement between the parties. After verifying that the payment is in accord
with the agreement, the TTP sends a message to the merchant confirming that the correct
payment from the customer has been received. After that, the digital product is sent to the TTP
by the merchant. When the digital product is received by the TTP from the merchant, the TTP
confirms and verifies whether or not the product certifies the agreement made by the two
parties. If the digital product is in line with the description of the customer and fulfils the
agreement between the two parties, the TTP then delivers the digital product and the payment
to both the customer and the merchant, respectively.
3.1.2. Protocols that are based on online TTP
Protocols that make use of an online TTP involve less participation on the part of the TTP. In
such a protocol, the TTP will not be used during the protocol run for delivering the parties’
items, but rather, for verifying the items, and for generating and/or storing proof of exchange of
the items [4]. The figure below illustrates the use of online TTP in fair exchange protocols. If
the commodities to be traded between the transacting parties are a digital product and a
payment, the customer starts the exchange, and when the payment is received by the merchant
from the customer, the merchant verifies it with the TTP (a bank for example) before sending
the digital product to the customer.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
25
The TTP must therefore be online for the exchange process to be completed and should be
contacted in case there is any dispute. Figure 2 illustrates a model of a fair exchange protocol
that is based on an online TTP. There is minimal involvement on the part of the TTPin this type
of protocol, but the TTP must be available during the exchange process. This can be viewed as
a drawback because the TTP may become the source of a communication bottleneck. In
addition, the TTP might be targeted by dishonest users.
Figure 2: Online TTP-based fair exchange model
Zhang et al.[16] suggested a fair exchange protocol that uses an online TTP. This protocol is
for the exchange of an item, such as a physical product, and a payment. The customer makes an
online payment (i.e. via the protocol messages) to the merchant, where a delivery agent is used
to deliver the product to the customer, which means that the product is not transmitted
electronically. The protocol is based on the theory of cross validation [17]. In this protocol, the
customer first begins the process by ordering a product from the merchant. The merchant then
sends the invoice to the customer. Once the customer is happy with the invoice, they first send
a coded payment to the merchant and secondly to the TTP (the bank). It is taken for granted
that the merchant can download the coded payment (that was sent by the customer to the TTP)
from the TTP (the bank). The merchant then makes a comparison of the two encrypted
payments (i.e. the one received from the customer and the one downloaded from the TTP). If
the merchant is satisfied that the encrypted messages compare, it means that the payment is
valid. The merchant then delivers the product to the delivery agent after confirming the coded
payment. The customer then takes the product from the delivery agent and, after confirming
that the correct product has been sent, they send the decryption key to the merchant, who will
then decode the coded payment.
3.1.3. Protocols that are based on offline TTP
In offline TTP protocols, the transacting parties exchange their commodities directly without
the use of the TTP unless a problem occurs. Such type of protocols is also known in the
literature as“Optimistic fair exchange protocols”. These protocols will thus be called optimistic
fair exchange protocols. The example below illustrates how optimistic fair exchange protocols
work if the commodities to be traded between the transacting parties are a payment and a digital
product. The two parties directly trade their items, and in case of any problem, the TTP will be
6. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
26
involved to mediate between the parties. Figure 3 illustrates a model of a fair exchange protocol
that uses an offline TTP (optimistic fair exchange protocol).
Figure 3: Offline TTP-based fair exchange model
In the optimistic fair exchange protocol, the role of the offline TTP is greatly reduced because
the TTP is not involved in every exchange. As a result, the issue of the TTP being the source of
a communication bottleneck, which is found in protocols that involve inline and online TTPs, is
greatly reduced, as the parties exchange their items directly and rarely use the TTP.
The other advantage of these protocols is that the issue of having the TTP as the only source of
failure is decreased, as the TTP will not be involved in the transaction unless there is a dispute.
In addition to the above advantages, it will be less costly to run the TTP, as it will not be
actively involved in the exchange process.
Zhang et al.[15] suggested an optimistic fair exchange protocol for trading two valuable
documents (the two documents can be a payment and a digital product) between two parties;
Party A and Party B (the two parties can be a customer and a merchant).The process of
exchanging the items in Zhang’s protocol consists of four messages to be exchanged between
Party A and Party B. Party A begins the exchange process by transmitting the first message to
Party B with the coded document of Party A,together with the coded key that decodes the
decrypted document. After receiving the first message, Party B verifies its authenticity and, if
satisfied, then transmits the second message to Party A,together with the coded document of
Party B and the encrypted key that decodes it.
Upon receiving the second message, Party A verifies its validity and, if approved, then
transmits the third message with the decoding key to Party B. After receiving the decoding key,
Party B then uses it to decode the decrypted document that was obtained in the first message.
After that, Party B transmits the fourth message with the decoding key to Party A. After
receiving the decoding key, Party A then uses it to decode the coded document that was
obtained in the second message. In case of any problem, the TTP will be involved.
3.2.Protocols that do not involve a TTP
In this type of protocol, the two parties involved in the transaction exchange their items without
the involvement of a TTP.
3.2.1. Gradual Exchange Protocols
Gradual exchange protocols [18, 19] can be used when the commodities to be exchanged can be
partitioned into a number of parts. The gradual exchange protocol is based on the principle of
7. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
27
having several rounds to complete the process of exchanging items between the transacting
parties. The parties exchange some items in every round and the number of rounds is equivalent
to the number of parts into which the commodities are divided. The process of exchanging
commodities continues until the transaction is completed and each party receives what s/he
expects. In each round, both the customer and the merchant send part of their commodity and
also receive part of the other party's commodity (see Figure 4). The number of parts delivered
to each party is almost the same at any given time [14].
Figure 4: Gradual exchange protocols.
The major drawback of the gradual exchange protocol is that several rounds are needed to
complete the exchange process. If there are many rounds to be made, a number of
communication steps are required, which can heavily load the communication channel to be
used between the two parties. Here, it is actually taken for granted that the items to be traded
between the transacting parties are of the same size [11]. As a result, this type of protocol does
not support items of different sizes. Gradual exchange protocol lacks the involvement of a TTP,
which makes it problematic,as it is impossible to guarantee fairness for both parties without a
TTP who can mediate and solve problems that may arise.
Jakobsson [20] suggested a new way of fair exchange for a digital product and a payment
without the use of a TTP;in this instance, the protocol is based on the principle of dividing the
payment into two parts. The two parts are then combined before the full payment can be
realized, i.e. the first part of the payment cannot be used without the second part, and vice
versa.
In the Jakobsson protocol [20], the first part of the payment is sent to the merchant by the
customer. The merchant then submits the digital product to the customer after receiving the first
initial payment. The customer then submits the second part of the payment to the merchant
upon receiving the digital product. The merchant then combines the first and the second parts of
the payment to construct the total payment. This protocol does not necessarily provide fairness
for the two parties because the customer can vanish after receiving the digital product without
sending the payment of the second part. Fairness is not guaranteed in this transaction, as the
customer may receive the digital product, whilst the merchant may not receive the second part
of the payment,i.e. the total payment could not be constructed
8. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
28
4. THEPROPOSED PROTOCOL
4.1.Notation
The notations used in the description are presented in Table 1:
Table 1: Notation
Symbol Interpretation
C, M, FSP IDs for Customer, Merchant and Financial Service Provider
N Invoice
D
Di
Pi
Product
Product information
Payment Information
A B : X A sends X to B
X Y Transmission from entity X to entity Y
PK Public Key
SK Secret Key (Private Key)
TSK Temporary Session Key
X:PK Public Key of Entity ‘X’
X:SK Secret Key of Entity ‘X’
X:PKS[ ] The data are signed using the Private Key of Entity ‘X’
X:SKE[ ] The data are encrypted using the Secret Key of Entity ‘X’.
4.2.Assumptions
• An area linked to the merchant’s account, known as a public catalogue server, is
controlled by the FSP. The merchant can access the server and download messages at
any time without any restrictions.
• The protocol is well secured in the sense that any obtained enciphered messages cannot
be decoded without the decryption keys.
• The customer opens an account with a FSP and the merchant registers with the FSP.
• The customer processes the payment through the FSP.
• The channel of transactions between the transacting parties is well secured during the
exchange process.
• The pre-exchange phase occurs after the customer identifies the commodity that he or
she wants to buy from the merchant. During this phase, it is assumed that both of the
transacting parties have mutually agreed on the commodity and the price.
• All the entities involved in the transaction have trust and confidence in the FSP. The
FSP is expected to be fair and objective.
9. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
29
4.3.Protocol description
This new protocol is intended to achieve fairness when exchanging a digital commodity D and
a payment. The fundamental principle of this new protocol is to decrease the communication
overheads by separating the transaction process into two phases. The protocol is also aimed at
resolving the bottleneck issue through an online-based TTP.
4.3.1. Pre-exchange phase
Figure 1 below demonstrates the activities of the pre-exchange phase. The customer, (C), first
selects the commodity, then the merchant (M) enciphers the commodity by using a temporary
session key that C will use when decoding the commodity. During this phase, M creates the
invoice for the commodity to be purchased. M subsequently submits the TSK with the invoice
to the FSP. Both the TSK and the invoice are kept and maintained by the FSP. The FSP signs
the invoice using its secret key and transmits it back to the merchant. The invoice contains the
following information:
The product specifications, Di
The identity of the customer, C
The identity of the merchant, M.
Pr-m1: Merchant Financial Service Provider (FSP)
M: SK S [TSK, N].
Pre-m2: Financial Service Provider (FSP) Merchant
FSP: SK S [N].
Figure 1: Pre-exchange phase
4.3.2. Exchange phase
During this phase, the transacting parties (C and M) and the FSP exchange three
messages (Figure 2). These messages are as follows:
10. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
30
Figure 2: The exchange phase
M1: Merchant Consumer
M: SK S [ TSK E [D], N, FSP: PK, FSP: SK S [N] ].
N: [Di, Merchant ID, C].
The merchant submits the invoice and the digital commodity to the customer. The digital
commodity is enciphered using the session key, and the whole message is enciphered using the
private key of the merchant. The message consists of the FSP public key. The public key
contains the necessary information about the service provider that the consumer should send the
payments to. Upon obtaining message M1 from M, C confirms the validity of D and N as well
as FSP’s signature on N. In order to verify the validity of D, C has to confirm two things: the
digital commodity D itself and the enciphered D.
It is then the customer’s wish to either complete or terminate the exchange process. Should he
or she decide to complete the process, the customer then submits the following: Pi and N to the
FSP. Should the customer decide to terminate the exchange process after obtaining Message 1
and before submitting Message 2 to the FSP, then both parties do not lose anything. On the
other hand, if the customer sends Message 2 to the FSP, then the exchange process must be
implemented, and the protocol will ensure that both parties exchange each other’s item fairly.
M2: Consumer FSP
C: PK E [Payment Information, N].
The payment information contains the following data:
The name of the financial institution of the customer
Personal information of the customer, C;
The account details of the customer.
The total amount of money the customer will pay for the digital commodity.
The customer submits the payment verification to the FSP. The message also contains the
invoice. The merchant downloads Message 2 from the FSP server. Then, the merchant verifies
the payment confirmation.
11. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
31
M3: Merchant Consumer
M: SK S [TSK].
After downloading Message 2, the merchant confirms whether the payment is valid or not. If
the payment is valid, the merchant submits the TSK to C. On the other hand, if the payment is
not valid, M dismisses the transaction and terminates the exchange process. Hence, if the
payment is invalid, M will not submit the TSK to C because it is the obligation of the customer
to submit the correct payment in order to obtain the decoding key in Message 3.
4.3.3. After exchange (dispute resolution)
Disputes are normally associated with C; M will not lodge a complaint, as they obtain the
payment first and then submit the TSK to C. Thus, the customer is the weakest link in this
exchange process because they have to submit the correct payment in order to obtain the
decoding key for the enciphered commodity that they obtained in Message 1.
The diagram below shows the messages that are sent in the case of the customer making a
complaint (Figure 3)
Figure 3: Dispute resolution
Af-M1: Customer FSP
SK S [Payment Confirmation, Invoice]
Af-M2: FSP Merchant
FSP sends a warning message to the Merchant.
SKS [Payment Confirmation, Invoice]
Af-M3: FSP C: SKS [TSK]
Or
FSP C: abort
Upon obtaining message Af-M1 above, the FSP will counter-check the payment against the
cost of the commodity. If the payment is correct, then the FSP delivers it to M. The aim of
forwarding the payment to M is because C might not send any payment to M during the
12. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
32
exchange phase or might submit an incorrect payment. On the other hand, if the FSP confirms
that the payment is incorrect, it submits a termination message to C.
The customer will not gain an unfair advantage whether C sends an incorrect payment to M or
whether no payment is sent at all. This is because the FSP will confirm the payment against the
price of the product. If the correct payment has been sent, the FSP will submit the decoding
key to C and will also forward the payment to M in order to guarantee fairness for all parties.
Hence, all parties involved in the transaction will achieve fairness. However, if the payment is
invalid, then the FSP will decline the customer’s request for dispute resolution.
4.4.The Protocol Analysis
The following cases are considered:
• C claims to the FSP that he has received an incorrect digital product, but he should not
have submitted the payment to M; it is the mistake of the customer to submit the
payment to M if he had any doubt about the digital product. If the customer submits
the payment to M, it implies that he is happy with the digital commodity D. Hence,
such a claim will not occur, as C is aware of the rules of the protocol that allow C to
confirm the commodity before submitting the payment to M. Therefore, C has to
consider his own interest by avoiding risks.
• C claims to the FSP that he has not obtained the decoding key from M. This scenario
has three possibilities:
1. C claims to the FSP that he has not obtained the decoding key from M, in spite of
having already submitted the correct payment to M. C has the right to lodge a
complaint about this to the FSP, and the FSP will resolve the dispute as indicated
previously.
2. C claims to the FSP that he has not obtained the decoding key from M and that he
submitted an incorrect payment to M. In order to lodge a complaint to the FSP, C
submits Message 3 to the FSP, i.e. the message he obtained from M, in addition to the
correct payment for the product. In the case of C submitting the correct payment to the
FSP, then M will have obtained two payments (the incorrect payment from C, and the
correct payment from FSP), and this is the consequence that C has to suffer for being
fraudulent.
3. C complains to the FSP that he has not obtained the decoding key from M, and hence
has not submitted the payment to M, i.e. C has obtained Message 1 from M but has not
submitted Message 2 to M. In order for C to obtain the decoding key, C has to submit
to the FSP the correct payment, together with Message 1 that was obtained from M.
Therefore, in a scenario where C has not submitted Message 2 to M, then the FSP will
submit it (which is the correct payment), and the FSP will also submit the decoding key
to C. Therefore, fairness is ensured for both parties.
Of course, M will not lodge a complaint, as M has the decoding key for the payment. We need
to consider the following scenario:
1. M complains to have obtained an incorrect payment from C. This is highly unlikely to
occur because C is aware that if he submits an incorrect payment, he cannot obtain the
13. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
33
decoding key and the FSP will dismiss the process. However, if it is C’s mistake and
M wants to negotiate with C, then there is no problem but the FSP will not order M to
submit the decoding key, as M has not obtained the correct payment. Hence, if M has
obtained an incorrect payment, he will not submit the decoding key.
5. COMPARISONS
In this section, the proposed protocol presented in this paper will be compared to Zhang et al.
[16], Devane et al.[8], Q. Zhang et al. and Zhou et al.[21].
Zhang et al. [16] suggested a fair exchange protocol that uses online TTP. This protocol is for
the exchange of an item, such as a physical product and a payment. In this instance, we have
observed a limitation in the fairness of the protocol. If the merchant claims that he has received
an incorrect decryption key for the payment token, or did not receive one at all, the third party
(bank) will provide the K1-1 after checking that the customer is satisfied. The third party (bank)
will also provide the K1-1 if the customer is not traceable. However, if the customer is not
intentionally untraceable and also does not have the required product, then by having the K1-1
from the third party, the merchant is certainly at an advantage.
Devane et al. [8] suggested a fair exchange protocol that can be used for buying items online.
We have observed a limitation in the fairness of the protocol; the merchant will receive the
payment only after the customer has confirmed receipt of the items, however, there is no
guarantee that the customer will make the payment after acquiring the items. In this instance,
the customer is certainly in an advantaged position.
Q. Zhang et al. created a protocol [16] that gives users a centric online m-payment solution. We
have observed that this protocol has a weakness in terms of fairness. This issue of fairness can
arise when the merchant falsely claims that he does not consent to the terms and conditions
after the transaction. On the other hand, the customer can falsely claim that the merchant has
not posted the product; the third party then requests the merchant to produce the delivery
cabinet history and submit proof. There are certain limitations in the fairness of this protocol.
For example, if the merchant makes an allegation that he or she received an incorrect decoding
key for the payment token, or indeed never received it, then according to the extended protocol,
the third party (TP) would issue the Kf' after obtaining the customer’s consent. If the customer
were untraceable, the third party (TP) would also issue the Kf'. Consider a scenario where the
customer is not traceable due to unforeseen circumstances, and has not received the requested
item, then by acquiring Kf' from the third party, the merchant would definitely be in aposition
of unfair advantage.
Zhou and Gollmann proposed a non-repudiation protocol that uses an online TTP [21].
According to the definition of fairness, the protocol is not fair. This is because, if B gives up
after B finishes the first step, B does not know the subject matter of the message, but he
receives the Non-Repudiation of Delivery Token. Besides, the protocol is designed to transport
more messages when running and it includes C in the evidence, which increases the amount of
data transport.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
34
Table2: Comparison of fair exchange protocols
Type of
fairness
#
Messages
(exchange
phase)
Efficiency
Load
onTTP
Weaknesse
s
FairnessItems tobeexchanged
Protocol
Strong
7 +physical
Deliveryand
collection
MediumHigh1Yes
Payment and a Product
(digital or physical)Zhang et al
Strong7MediumHigh1Yes
Payment and digital
product
Devane et al
Fairness
is not
ensured
5MediumHigh3Yes
Provide the originator and
the intended recipient with
evidence after an execution
Zhou et al
Strong
12MediumHigh1Yes
Payment and digital
product
Q. Zhang et al
Strong3HighLow0Yes
Payment and digital
product
Proposed
protocol
Table 3: Protocol Comparisons
Ray et al [23]
Devane
et al [8]
Ray et
al[7]
Zhang et
al[15]
Alaraj
et al[2]
Proposed
protocol
# of messages in the exchange
phase
6 7 4 4 3 3
# of messages in dispute
resolution phase
Not specified
Not
specified
3 to 5 3 3 3
TTP type Inline Online Offline Offline Offline Online
TTP hold item Yes No Yes No No No
Both parties are involved
indispute resolution
Not specified
Not
specified
Yes No No No
# of modular exponentiations
in the exchange phase
20 28 27 20 11 19
# of modularexponentiations
in the dispute resolution
phase
Not specified
Not
specified
5 to 6 6 7 7
Table 4:The timing of executing of the proposed protocol for product size = 128 KB
ID Action Source Destination Time (ns) Transferred Bytes
Pr-M1
Generate Temporary Session
Key
Merchant Merchant 123996 8 (Not Transferred)
Pr-M1
Encrypting Temporary Session
Key
Merchant Merchant 166949
24 (Not
Transferred)
Pr-M1
Sending Encrypted Temporary
Session Key
Merchant FSP 23791019 24
Pr-M1 Sending Invoice Details Merchant FSP 76782686 77
Pr-M2
Generating message digest for
signing invoice
FSP FSP 19450
16 (Not
Transferred)
M1
Encrypting product using
session key
Merchant Merchant 871214
1160 (Not
Transferred)
M1
Encrypting the product and
invoice and FSP PK
Merchant Merchant 1168236
1732 (Not
Transferred)
M1
Sending the product and
invoice and FSP PK to the
customer
Merchant Customer 1732021596 1732
15. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
35
6. CONCLUSION
We have introduced in this paper, a new fair exchange protocol for trading a digital commodity
and a payment in the B2C domain. The new protocol consists of three messages, to be
exchanged between the transacting parties and the FSP, which (to the best of our knowledge) is
the minimum number of messages to be exchanged between three parties in fair exchange
protocols in the literature. The only way in which M might act unfairly is after obtaining the
payment from C and then refusing to send the decoding key or submitting an incorrect
decoding key. In this case, the FSP can be used to resolve such a dispute. The protocol can
ensure fairness for both transacting parties.
References
[1] M. Alshehri, H. Aldabbas, J. Sawle and M. A. Baqar. "Adopting E-commerce to user's needs".
International Journal of Computer Science & Engineering Survey (IJCSES), vol 3, no.1, February
2012.
[2] A. Alaraj and M. Munro, "An efficient e-commerce fair exchange protocol that encourages customer
and merchant to be honest," Computer Safety, Reliability, and Security, pp. 193-206, 2008.
[3] H. Aldabbas, T. Alwada'n, H. Janicke and A. Al-Bayatti, "Data Confidentiality in Mobile Ad hoc
Networks", International Journal of Wireless & Mobile Networks (IJWMN), vol. 4, no. 1, February
2012.
[4] A. Nenadic, A Security Solution for Fair Exchange and Non-Repudiation in e-Commerce, 2005.
[5] N. Asokan, M. Schunter and M. Waidner, "Optimistic protocols for fair exchange," in Proceedings of
the 4th
ACM Conference on Computer and Communications Security, pp. 7-17, 1997.
[6] H. Bürk and A. Pfitzmann, "Value exchange systems enabling security and unobservability," Comput.
Secur., vol. 9, pp. 715-721, 1990.
[7] I. Ray, I. Ray and N. Natarajan, "An anonymous and failure resilient fair-exchange e-commerce
protocol," Decis. Support Syst., vol. 39, pp. 267-292, 2005.
[8] S. Devane, M. Chatterjee and D. Phatak, "Secure e-commerce protocol for purchase of e-goods-using
smart card," in Information Assurance and Security, 2007. IAS 2007. Third International Symposium
on, pp. 9-14, 2007.
[9] G. Ateniese, B. de Medeiros and M. T. Goodrich, "TRICERT: A distributed certified e-mail scheme,"
in ISOC 2001 Network and Distributed System Security Symposium (NDSS’01), 2001.
[10] M.Schunter :Optimistic fair exchange. PhD Thesis, University of Saarland, Germany, 2000.
[11] S. Kremer, O. Markowitch and J. Zhou, "An intensive survey of fair non-repudiation protocols,"
Comput. Commun., vol. 25, pp. 1606-1621, 2002.
[12] S. Micali, "Simple and fast optimistic protocols for fair electronic exchange," in Proceedings of the
Twenty-Second Annual Symposium on Principles of Distributed Computing, pp. 12-19, 2003.
M1 Decrypt Merchant Message Customer Customer 1370844
1259 (Not
Transferred)
M2
Validate invoice received from
customer
FSP FSP 27555
16 (Not
Transferred)
M3
Sending Session Key to
Customer
Merchant Customer 11918201 8
16. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
36
[13] P. Liu, P. Ning and S. Jajodia, "Avoiding loss of fairness owing to process crashes in fair data
exchange protocols," in Dependable Systems and Networks, 2000. DSN 2000. Proceedings
International Conference, pp. 631-640, 2000.
[14] V. Shmatikov and J. C. Mitchell, "Analysis of a fair exchange protocol," in Proceedings of the
Seventh Annual Symposium on Network and Distributed System Security (NDSS 2000), 2000.
[15] N. Zhang, Q. Shi, M. Merabti and R. Askwith, "Practical and efficient fair document exchange over
networks," Journal of Network and Computer Applications, vol. 29, pp. 46-61, 2006.
[16] Q. Zhang, K. Markantonakis and K. Mayes, "A practical fair-exchange e-payment protocol for
anonymous purchase and physical delivery," in Computer Systems and Applications. IEEE
International Conference, pp. 851-858, 2006.
[17] I. Ray and H. Zhang, "Experiences in developing a fair-exchange e-commerce protocol using
common off-the-shelf components," Electronic Commerce Research and Applications, vol. 7, pp.
247-259, 2008.
[18] M. Blum, "How to exchange (secret) keys," ACM Transactions on Computer Systems (TOCS), vol.
1, pp. 175-193, 1983.
[19] S. Even, O. Goldreich and A. Lempel, "A randomized protocol for signing contracts," Commun
ACM, vol. 28, pp. 637-647, 1985.
[20] M. Jakobsson, "Ripping coins for a fair exchange," in Advances in Cryptology—EUROCRYPT’95,
pp. 220-230, 1995.
[21] J. Zhou and D. Gollman, "A fair non-repudiation protocol," in Security and Privacy, 1996.
Proceedings, 1996 IEEE Symposium, pp. 55-61, 1996.
[22] A. Alaraj,Enforcing Honesty in E Commerce Fair Exchange Protocols. PhD Thesis, University of
Durham, UK, 2008.
[23] I. Ray, I. Ray, and N. Narasimhamurthy: A Fair-Exchange E-Commerce Protocol with Automated
Dispute Resolution. In proceedings of the 14th Annual IFIP WG 11.3 Working Conference on
Database Security, The Netherlands, pp. 27-38, 2000