Abstract
We present in this paper a new architecture for remote banking and e-commerce applications. The proposed solution is designed to be low cost and provides some good guarantees of security for a client and his bank issuer. Indeed, the main problem for an issuer is to identify and authenticate one client (a cardholder) using his personal computer through the web when this client wants to access to remote banking services or when he wants to pay on a e-commerce site equipped with 3D-secure payment solution. The proposed solution described in this paper is MasterCard Chip Authentication Program compliant and was experimented in the project called SOPAS. The main contribution of this system consists in the use of a smartcard with a I2C bus that pilots a terminal only equipped with a screen and a keyboard. During the use of services, the user types his PIN code on the keyboard and all the security part of the transaction is performed by the chip of the smartcard. None information of security stays on the personal computer and a dynamic token created by the card is sent to the bank and verified by the front end. We present first the defined methodology and we analyze the main security aspects of the proposed solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, R. (1994) Why Cryptosystems Fail. Communications of the ACM. pp. 32–41 ftp://ftp.cl.cam.ac.uk/users/rja14/wcf.ps.gz.
DCSSI (2004) EBIOSV2: expression of needs and identification of security objectives
Ekelhart, A., Fenz, S., Tjoa, A.M., Weippl, E.R. (2007) Security Issues for the Use of Semantic Web in E-Commerce. BIS 2007, LNCS 4439, Springer-Verlag, pp. 1–13.
EMVCO (2000) EMV specifications http://www.emvco.com/specifications.cfm
Khu-smith, V., Mitchell, C.J. (2003) Enhancing E-commerce Security Using GSM Authentication Vorapranee, EC-Web 2003, LNCS 2738, pp. 7283, Springer-Verlag Berlin Heidelberg.
ISO (2006) ISO/CEI 15408 Version 3.1 Common Criteria for Information Technology Security Evaluation.
ISO 7816 (1995) Standardization of smartcards.
Katsikas, S. K., Lopez, J., Pernul, G. (2005) Trust, Privacy and Security in E-Business: Requirements and Solutions, PCI, Lecture Notes in Computer Science 3746, pp. 548–558, Springer-Verlag Berlin Heidelberg.
Kleist, V.F. (2004) A Transaction Cost Model of Electronic Trust: Transactional Return, Incentives for Network Security and Optimal Risk in the Digital Economy. Electronic Commerce Research, vol. 4, pp. 41–57.
Konar, D., Mazumdar, C. (2006) An Improved E-Commerce Protocol for Fair Exchange. ICDCIT 2006, LNCS 4317, Springer-Verlag, pp. 305–313.
MasterCard (2004) Chip Authentication Program Functional Architecture.
Pasquet, M., Vacquez, D., Rosenberger, C. (2008) “SOPAS: A Low-cost and Secure Solution For E-Commerce”, Workshop on Security and High Performance Computing Systems, IEEE High Performance Computing Systems Conference.
Pasquet, M., Rosenberger, C., Cuozzo, F. (2008) “Security for electronic commerce”, Encyclopedia of Information Science and Technology, 2nd edition, Vol. 4, 14 pages.
Payeras-Capell, M.M., Ferrer-Gomila, J.L., Huguet-Rotger, L. (2005) Anonymous Payment in a Fair E-commerce Protocol with Verifiable TTP, TrustBus, Lecture Notes in Computer Science 3592, pp. 60–69, Springer-Verlag Berlin Heidelberg.
Pfitzmann, A. (1997) Trusting Mobile User Devices and Security Modules. Computer, pp. 61–68.
Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., Hutchison, D. (2004) Towards Pseudonymous e-Commerce. Electronic Commerce Research, Springer, vol. 4, pp. 83–111.
Schlaeger, C., Pernul, G. (2005) Authentication and Authorisation Infrastructures in b2c e-Commerce, EC-Web, Lecture Notes in Computer Science 3590, pp. 306–315, Springer-Verlag Berlin Heidelberg.
Visa Corporation. (2001) 3DSecure Functional Specification, Chip Card Specification v1.0.
Acknowledgements
Authors would like to thank all SOPAS project members: Alliansys, Credit Mutuel, Cartes Bancaires, Fime, Gemalto, the Basse-Normandie Region, and the French Ministry of Industry (DGE), for their kind cooperation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag London Limited
About this chapter
Cite this chapter
Pasquet, M., Vacquez, D., Rosenberger, C. (2010). A Low-Cost and Secure Solution for e-Commerce. In: Chbeir, R., Badr, Y., Abraham, A., Hassanien, AE. (eds) Emergent Web Intelligence: Advanced Information Retrieval. Advanced Information and Knowledge Processing. Springer, London. https://doi.org/10.1007/978-1-84996-074-8_17
Download citation
DOI: https://doi.org/10.1007/978-1-84996-074-8_17
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84996-073-1
Online ISBN: 978-1-84996-074-8
eBook Packages: Computer ScienceComputer Science (R0)