Abstract
Electronic commerce protocols often require users to reveal their identities and other information not necessary for reasons of security. Some applications such as contract signing are often argued to require a signer’s authenticated identity; but this authentication may give the recipient a false feeling of security if certificate registration procedures do not guarantee a mapping to a liable person, or correctness of certificate data. In this paper, we propose a separation of identity from liability. Liability-aware certificates allow certificate issuers to make explicit which liabilities it takes with respect to the transaction, the certificate data or the signer’s identity. We illustrate their use in the design of a pseudonym service providing pseudonym certificates for secure anonymous transactions.
Chapter PDF
References
Bellare, M., Garay, J.A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP – A Family of Secure Electronic Payment Protocols. In: Proc. First USENIX Workshop on Electronic Commerce, pp. 89–106. USENIX Assoc., Berkeley (1995)
Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Van Herreweghen, E., Waidner, M.: Design, Implementation and Deployment of the iKP Secure Electronic Payment System. IEEE J. Sel. Areas in Commun. 18 (April 2000) (in press)
Mastercard and Visa. SET Secure Electronic Transactions Protocol, Version 1.0. Book One: Business Specifications; Book Two: Technical Specification; Book Three: Formal Protocol Definition (May 1997), Available from http://www.setco.org/download.html
Asokan, N., Van Herreweghen, E., Steiner, M.: Towards a Framework for Handling Disputes in Payment Systems. In: Proc. 3rd USENIX Workshop on Electronic Commerce, Boston, MA, pp. 187–202. USENIX Assoc., Berkeley (1998)
The Anonymizer, http://www.anonymizer.com
Gülçü, C., Tsudik, G.: Mixing e-mail With Babel. In: Proc. 1996 Symposium on Network and Distributed System Security, pp. 2–16. IEEE Society Press, Los Alamitos (1996)
Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-Mixes: Untraceable Communication with Very Small Bandwidth Overhead. In: CI/ITC Conf.: Communication in Distributed Systems, Mannheim, Germany. Informatik- Fachberichte, vol. 267, pp. 451–463. Springer, Heidelberg (1991)
ISO/IEC 9594-8 (X.509): OSI - The Directory - Authentication Framework
Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Commun. ACM 28(10) (1985)
Lysyanskaya, A., Rivest, R., Sahai, A.: Pseudonym Systems. Master’s Thesis. MIT Laboratory for Computer Science (1999)
Chaum, D., Fiat, A., Naor, M.: Untraceable Electronic Cash. In: Advances in Cryptology – Eurocrypt 1989, pp. 319–327. Springer, Berlin (1989)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Van Herreweghen, E. (2000). Secure Anonymous Signature-Based Transactions. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_4
Download citation
DOI: https://doi.org/10.1007/10722599_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive