A non-repudiation message transfer protocol for e-commerce

In the business world, exchange of signatures or receipts is a common practice in case of future dispute. Likewise, it is critical in e-commerce applications to have the security service that generates, distributes, validates, and maintains the evidence of an electronic transaction. Quite of number of non-repudiation protocols have been proposed in distributed systems and evaluated based on some evaluation criteria. However, in the context of e-commerce, there are additional evaluation criteria to be considered: fairness to both the message sender and the message receiver with respective to their control over the completion of a transaction, the degree of trust on a third party, and existence dependency on a third-party for dispute settlement on a committed transaction. We identify the set of requirements for a message transfer protocol in e-commerce, and propose a new non-repudiation message transfer protocol that meets these additional criteria. Our protocol protects the confidentiality of message contents such that no unauthorized intermediary is able to see the contents. And, the protocol is superior to other protocols in that continuous existence of the third-party authority is not needed beyond the completion of a message transfer. Furthermore, with respect to the control over the commitment of a transaction, our protocol is fair to both the message sender and the receiver.

[1]  Indrajit Ray,et al.  An Optimistic Fair Exchange E-commerce Protocol with Automated Dispute Resolution , 2000, EC-Web.

[2]  Brian D. Davison,et al.  Review of Web caching and replication by Michael Rabinovich and Oliver Spatscheck. Addison Wesley 2002. , 2003, SGMD.

[3]  Martín Abadi,et al.  Certified email with a light on-line trusted third party: design and implementation , 2002, WWW.

[4]  Jianying Zhou Non-Repudiation in Electronic Commerce , 2002, DEXA Workshops.

[5]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[6]  Alfons Kemper,et al.  Databases and transaction processing: an application-oriented approach , 2002, SGMD.

[7]  Panagiotis Louridas Some guidelines for non-repudiation protocols , 2000, CCRV.

[8]  Joonsang Baek,et al.  Improving fairness and privacy of Zhou-Gollmann's fair non-repudiation protocol , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[9]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.