Using Smart Cards for Fair Exchange

  • Holger Vogt
  • Henning Pagnia
  • Felix C. Gärtner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2232)


Fair exchange protocols ensure that the participating parties, customer and vendor, can engage in electronic commerce transactions without the risk of suffering a disadvantage. This means that neither of them delivers his digital item without receiving the other party’s item. In general, fair exchange cannot be solved without the help of a trusted third party (TTP), a dedicated computer which is trusted by both participants. Trust can be established by carefully securing the TTP or even better by introducing tamper-proof hardware. However, if the communication to the TTP is unreliable or disrupted, then the exchange cannot be performed in a timely fashion or not at all. Up to now, this has been a problem especially for the exchange of time-sensitive items, i.e., items which lose value over time. We present a novel approach to perform fair exchange using tamper-poof hardware on the customer’s side. More specifically, co-located to the customer’s machine we use a smart card which partially takes over the role of the TTP. The challenge of designing protocols in this environment lies in the fact that the communication between the smart card and the vendor is under control of the customer. Our approach has the following benefits: It supports the exchange in mobile environments where customers frequently experience a disconnection from the network. Furthermore, our approach is the first to handle time-sensitive items properly.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Asokan. Fairness in electronic commerce. PhD thesis, University of Waterloo, May 1998.Google Scholar
  2. 2.
    N. Asokan, M. Schunter, and M. Waidner. Optimistic protocols for fair exchange. In Tsutomu Matsumoto, editor, 4th ACM Conference on Computer and Communications Security, pages 6–17, Zürich, Switzerland, April 1997. ACM Press.Google Scholar
  3. 3.
    Holger Bürk and Andreas Pfitzmann. Value exchange systems enabling security and unobservability. Computers & Security, 9(8):715–721, 1990.CrossRefGoogle Scholar
  4. 4.
    IBM. The IBM 4758 PCI Cryptographic Coprocessor, 2001. Homepage:
  5. 5.
    Günter Karjoth. Secure mobile agent-based merchant brokering in distributed marketplaces. In Proceedings of the Second International Symposium on Agent Systems and Applications and Fourth International Symposium on Mobile Agents (ASA/MA2000), volume 1882 of Lecture Notes in Computer Science, pages 44–56,Zürich, Switzerland, September 2000. Springer-Verlag.CrossRefGoogle Scholar
  6. 6.
    Henning Pagnia, Holger Vogt, Felix C. Gärtner, and Uwe G. Wilhelm. Solving fair exchange with mobile agents. In ASA/MA 2000, volume 1882 of Lecture Notes in Computer Science, pages 57–72. Springer-Verlag, 2000.Google Scholar
  7. 7.
    J. D. Tygar. Atomicity in electronic commerce. In Proceedings of the 15th Annual ACM Symposium on Principles of Distributed Computing (PODC’96), pages 8–26, New York, May 1996. ACM.Google Scholar
  8. 8.
    Holger Vogt, Henning Pagnia, and Felix C. Gärtner. Modular fair exchange protocols for electronic commerce. In Proceedings of the 15th Annual Computer Security Applications Conference, pages 3–11, Phoenix, Arizona, December 1999. IEEE Computer Society Press.Google Scholar
  9. 9.
    U. G. Wilhelm. A Technical Approach to Privacy based on Mobile Agents protected by Tamper-resistant Hardware. PhD thesis, Éole Polytechnique Fédérale de Lausanne, Switzerland, May 1999.Google Scholar
  10. 10.
    Jianying Zhou and Dieter Gollmann. An effiicient non-repudiation protocol. In Proceedings of the 10th IEEE Computer Security Foundations Workshop, pages 126–132. IEEE Computer Society Press, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Holger Vogt
    • 1
  • Henning Pagnia
    • 1
  • Felix C. Gärtner
    • 1
  1. 1.Department of Computer ScienceDarmstadt University of TechnologyDarmstadtGermany

Personalised recommendations