Abstract
In this paper we present Merx, a secure payment system that enables a user to delegate a transaction to a third party while protecting the user’s privacy from a variety of threats. We assume that the user does not trust the delegated person nor the merchant and wishes to minimize the information transmitted to the user’s bank. Our system protects the user from fraud perpetrated by the delegated party or by the merchant. The scheme has a number of other applications such as delegating the withdrawal of cash from Automated Teller Machines ATM and allowing companies to restrict an employee’s expenses during business trips. Merx is designed to be used with mobile phones and mobile computing devices, especially in situations where end-users do not have access to the Internet. We evaluate the performance of the proposed mechanism and show that it requires negligible overhead and can be gradually deployed as it is able to piggyback on existing payment-network infrastructures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Near Field Communication (NFC) Forum (2007), http://www.nfc-forum.org
Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., Furlong, M.: Password sharing: implications for security design based on social practice. In: CHI 2007: Proceedings of the SIGCHI conference on Human factors in computing systems (2007)
Peirce, M.: Payment mechanisms designed for the Internet (2001), http://ntrg.cs.tcd.ie/mepeirce/Project/oninternet.html
Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steine, M., Tsudik, G., Waidner, M.: iKP – A family of secure electronic payment protocols. In: First USENIX Workshop on Electronic Commerce (1995)
Anderson, R.J., Manifavas, C., Sutherland, C.: Netcard - a practical electronic-cash system. In: Proceedings of the International Workshop on Security Protocols (1997)
Gabber, E., Silberschatz, A.: Agora: a minimal distributed protocol for electronic commerce. In: WOEC 1996: Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce (1996)
Sirbu, M., Tygar, J.D.: Netbill: An internet commerce system optimized for network delivered services. In: COMPCON 1995: Proceedings of the 40th IEEE Computer Society International Conference (1995)
Rivest, R.L., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: Security Protocols Workshop (1996)
Glassman, S., Manasse, M., Abadi, M., Gauthier, P., Sobalvarro, P.: The millicent protocol for inexpensive electronic commerce. In: Proc. of the Fourth Internation World Wide Web Conference (WWW) (1995)
Herzberg, A., Yochai, H.: Mini-Pay: Charging per Click on the Web. In: Proc. of the Sixth World Wide Web Conference (WWW) (1997)
Paulson, L.C.: Verifying the SET Protocol: Overview. In: FASec. (2002)
Patil, V., Shyamasundar, R.K.: e-coupons: An efficient, secure and delegable micro-payment system. Information Systems Frontiers Journal (2005)
Patil, V., Shyamasundar, R.: An efficient, secure and delegable micro-payment system. In: Proc. of IEEE International Conference on e-Technoloty, e-Commerce and e-Service (EEE) (2004)
Patil, V., Shyamasundar, R.: Towards a flexible access control mechanism for e-transactions. In: International Workshop on Electronic Government, and Commerce: Design, Modeling, Analysis and Security (EGCDMAS) (2004)
Patil, V., Shyamasundar, R.: ROADS: Role-based Authorization and Delegation System - Authentication, Authorization and Applications. In: Proc. of Int. Conf. on Computational & Experimental Engineering and Sciences (2003)
Ivatury, G., Pickens, M.: Mobile phone banking and low-income customers evidence from south africa. In: Consultative Group to Assist the Poor/The World Bank and United Nations Foundation (2006)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)
Blaze, M., Ioannidis, J., Keromytis, A.D.: Offline micropayments without trusted hardware. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 21. Springer, Heidelberg (2002)
Jablon, D.P.: Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26(5) (1996)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: SP 1992: Proceedings of the 1992 IEEE Symposium on Security and Privacy (1992)
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology (2007)
Anderson, R.J.: Liability and computer security: Nine principles. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875. Springer, Heidelberg (1994)
International Organization for Standardization: ISO 8583: Financial transaction card originated messages – Interchange message specifications (2003)
http://www.nttdocomo.co.jp/english/service/osaifu/index.html
Noldus Information Technology: LineControl reduces waiting time in supermarkets: Labor analysts use The Observer to get a grip on work processes (2004), http://www.noldus.com/site/doc200401100
Sullivan, B.: Study: ID theft usually an inside job. MSNBC (2004), http://www.msnbc.msn.com/id/5015565
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Soghoian, C., Aad, I. (2009). Merx: Secure and Privacy Preserving Delegated Payments. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-00587-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)