Trust metrics, models and protocols for electronic commerce transactions

The paper introduces the notion of quantifiable trust for electronic commerce. It describes metrics and models for the measurement of trust variables and fuzzy verification of transactions. Trust metrics help preserve system availability by determining risk on transactions. Furthermore, when several entities are involved in electronic transactions, previously know techniques are applied for trust propagation. Malicious transacting entities may try to illegitimately gain access to private trust information. Suitable protocols are developed to minimize breach of privacy and incorporate a non repudiable context using cryptographic techniques.

[1]  Ravi Kalakota,et al.  Organizing for electronic commerce , 1995 .

[2]  J. D. Tygar,et al.  Building blocks for atomicity in electronic commerce , 1996 .

[3]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[4]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[5]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[6]  Michael K. Reiter,et al.  Path independence for authentication in large-scale systems , 1997, CCS '97.

[7]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[9]  B. Clifford Neuman,et al.  Requirements for network payment: the NetCheque perspective , 1995, Digest of Papers. COMPCON'95. Technologies for the Information Superhighway.

[10]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[11]  Terry Winograd,et al.  A communication agreement framework for access/action control , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Hans-Jürgen Zimmermann,et al.  Fuzzy Set Theory - and Its Applications , 1985 .

[13]  L. Zadeh Fuzzy sets as a basis for a theory of possibility , 1999 .

[14]  Tzi-cker Chiueh Optimization of fuzzy logic inference architecture , 1992, Computer.

[15]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[16]  Stephen T. Kent,et al.  Internet Privacy Enhanced Mail , 1993, CACM.

[17]  Hector Garcia-Molina,et al.  Making trust explicit in distributed commerce transactions , 1996, Proceedings of 16th International Conference on Distributed Computing Systems.

[18]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[19]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[21]  Jiawen Su,et al.  Building trust for distributed commerce transactions , 1997, Proceedings of 17th International Conference on Distributed Computing Systems.

[22]  William Stallings,et al.  Protect your privacy: a guide for PGP users , 1995 .