Standards and verification for fair-exchange and atomicity in e-commerce transactions

Electronic commerce can be defined as the conduct of commerce in goods and services, with the assistance of telecommunications and telecommunications-based tools. The economic growth potential of e-commerce is extraordinary-but so are the challenges that lie on the path toward success. One of the more pressing challenges is how to ensure the integrity and reliability of the transaction process: key aspects being fair-exchange and atomicity assurance. This paper delineates an extended fair-exchange standard, which includes atomicity assurance, intended for a wide audience including e-commerce designers, managers, users, and auditors. We demonstrate how such a standard prevents or mitigates important e-commerce concerns. To bridge theory with practice, we illustrate how the application of model checking can be used to verify the correctness of the implementation of e-commerce protocols to prevent the failure of such protocols when unforeseen circumstances occur.

[1]  Paul Benjamin Lowry,et al.  Model Checking for E-Commerce Control and Assurance , 2005 .

[2]  Indrajit Ray,et al.  Failure analysis of an e-commerce protocol using model checking , 2000, Proceedings Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2000.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[5]  William C. Regli,et al.  DAMLJessKB: A Tool for Reasoning with the Semantic Web , 2003, IEEE Intell. Syst..

[6]  Indrajit Ray,et al.  Fair exchange in E-commerce , 2002, SECO.

[7]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[8]  J. Doug Tygar,et al.  Atomicity versus Anonymity: Distributed Transactions for Electronic Commerce , 1998, VLDB.

[9]  James V. Hansen,et al.  Model checking for E-business control and assurance , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[10]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[11]  Andrew B. Whinston,et al.  E-Process Design and Assurance Using Model Checking , 2000, Computer.

[12]  Frank P. Coyle,et al.  XML, Web Services, and the Data Revolution , 2002 .

[13]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[14]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[15]  Bharat K. Bhargava,et al.  Global Scheduling for Flexible Transactions in Heterogeneous Distributed Database Systems , 2001, IEEE Trans. Knowl. Data Eng..

[16]  James V. Hansen,et al.  Model checking for design and assurance of e-Business processes , 2005, Decis. Support Syst..

[17]  Jeannette M. Wing,et al.  Model checking electronic commerce protocols , 1996 .