Skip to main content
SpringerLink
Log in

A Low-Cost and Secure Solution for e-Commerce

  • Chapter
  • First Online:
Emergent Web Intelligence: Advanced Information Retrieval

Part of the book series: Advanced Information and Knowledge Processing ((AI&KP))

  • 692 Accesses

Abstract

We present in this paper a new architecture for remote banking and e-commerce applications. The proposed solution is designed to be low cost and provides some good guarantees of security for a client and his bank issuer. Indeed, the main problem for an issuer is to identify and authenticate one client (a cardholder) using his personal computer through the web when this client wants to access to remote banking services or when he wants to pay on a e-commerce site equipped with 3D-secure payment solution. The proposed solution described in this paper is MasterCard Chip Authentication Program compliant and was experimented in the project called SOPAS. The main contribution of this system consists in the use of a smartcard with a I2C bus that pilots a terminal only equipped with a screen and a keyboard. During the use of services, the user types his PIN code on the keyboard and all the security part of the transaction is performed by the chip of the smartcard. None information of security stays on the personal computer and a dynamic token created by the card is sent to the bank and verified by the front end. We present first the defined methodology and we analyze the main security aspects of the proposed solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anderson, R. (1994) Why Cryptosystems Fail. Communications of the ACM. pp. 32–41 ftp://ftp.cl.cam.ac.uk/users/rja14/wcf.ps.gz.

  2. DCSSI (2004) EBIOSV2: expression of needs and identification of security objectives

    Google Scholar 

  3. Ekelhart, A., Fenz, S., Tjoa, A.M., Weippl, E.R. (2007) Security Issues for the Use of Semantic Web in E-Commerce. BIS 2007, LNCS 4439, Springer-Verlag, pp. 1–13.

    Google Scholar 

  4. EMVCO (2000) EMV specifications http://www.emvco.com/specifications.cfm

  5. Khu-smith, V., Mitchell, C.J. (2003) Enhancing E-commerce Security Using GSM Authentication Vorapranee, EC-Web 2003, LNCS 2738, pp. 7283, Springer-Verlag Berlin Heidelberg.

    Google Scholar 

  6. ISO (2006) ISO/CEI 15408 Version 3.1 Common Criteria for Information Technology Security Evaluation.

    Google Scholar 

  7. ISO 7816 (1995) Standardization of smartcards.

    Google Scholar 

  8. Katsikas, S. K., Lopez, J., Pernul, G. (2005) Trust, Privacy and Security in E-Business: Requirements and Solutions, PCI, Lecture Notes in Computer Science 3746, pp. 548–558, Springer-Verlag Berlin Heidelberg.

    Google Scholar 

  9. Kleist, V.F. (2004) A Transaction Cost Model of Electronic Trust: Transactional Return, Incentives for Network Security and Optimal Risk in the Digital Economy. Electronic Commerce Research, vol. 4, pp. 41–57.

    Google Scholar 

  10. Konar, D., Mazumdar, C. (2006) An Improved E-Commerce Protocol for Fair Exchange. ICDCIT 2006, LNCS 4317, Springer-Verlag, pp. 305–313.

    Google Scholar 

  11. MasterCard (2004) Chip Authentication Program Functional Architecture.

    Google Scholar 

  12. Pasquet, M., Vacquez, D., Rosenberger, C. (2008) “SOPAS: A Low-cost and Secure Solution For E-Commerce”, Workshop on Security and High Performance Computing Systems, IEEE High Performance Computing Systems Conference.

    Google Scholar 

  13. Pasquet, M., Rosenberger, C., Cuozzo, F. (2008) “Security for electronic commerce”, Encyclopedia of Information Science and Technology, 2nd edition, Vol. 4, 14 pages.

    Google Scholar 

  14. Payeras-Capell, M.M., Ferrer-Gomila, J.L., Huguet-Rotger, L. (2005) Anonymous Payment in a Fair E-commerce Protocol with Verifiable TTP, TrustBus, Lecture Notes in Computer Science 3592, pp. 60–69, Springer-Verlag Berlin Heidelberg.

    Google Scholar 

  15. Pfitzmann, A. (1997) Trusting Mobile User Devices and Security Modules. Computer, pp. 61–68.

    Google Scholar 

  16. Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., Hutchison, D. (2004) Towards Pseudonymous e-Commerce. Electronic Commerce Research, Springer, vol. 4, pp. 83–111.

    Article  Google Scholar 

  17. Schlaeger, C., Pernul, G. (2005) Authentication and Authorisation Infrastructures in b2c e-Commerce, EC-Web, Lecture Notes in Computer Science 3590, pp. 306–315, Springer-Verlag Berlin Heidelberg.

    Google Scholar 

  18. Visa Corporation. (2001) 3DSecure Functional Specification, Chip Card Specification v1.0.

    Google Scholar 

Download references

Acknowledgements

Authors would like to thank all SOPAS project members: Alliansys, Credit Mutuel, Cartes Bancaires, Fime, Gemalto, the Basse-Normandie Region, and the French Ministry of Industry (DGE), for their kind cooperation.

Author information

Authors and Affiliations

  1. Laboratoire GREYC, UMR 6072, ENSICAEN, Université de Caen Basse Normandie, CNRS, 6 boulevard Maréchal Juin, F-14020, Caen, France

    Marc Pasquet & Christophe Rosenberger

  2. DRI (Department of Industrial Relationships), ENSICAEN, 6 boulevard Maréchal Juin, F-14020, Caen, France

    Delphine Vacquez

Authors
  1. Marc Pasquet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Delphine Vacquez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christophe Rosenberger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Pasquet .

Editor information

Editors and Affiliations

  1. Fac. Sciences Mirande, Université de Bourgogne, Dijon CX, France

    Richard Chbeir

  2. INSA de Lyon, avenue Jean Capelle 7, Villeurbanne CX, 69621, France

    Youakim Badr

  3. Technology, Norwegian University of Science &, O.S. Bragstads plass 2E, Trondheim, 7491, Norway

    Ajith Abraham

  4. College of Business & Administration, Kuwait University, Safat, Kuwait

    Aboul-Ella Hassanien

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag London Limited

About this chapter

Cite this chapter

Pasquet, M., Vacquez, D., Rosenberger, C. (2010). A Low-Cost and Secure Solution for e-Commerce. In: Chbeir, R., Badr, Y., Abraham, A., Hassanien, AE. (eds) Emergent Web Intelligence: Advanced Information Retrieval. Advanced Information and Knowledge Processing. Springer, London. https://doi.org/10.1007/978-1-84996-074-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-1-84996-074-8_17

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84996-073-1

  • Online ISBN: 978-1-84996-074-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation