Multifunctional Smart Cards for Electronic Commerce-Application of the Role and Task-Based Security Model

نویسنده

  • Kathrin Schier
چکیده

Electronic commerce demands different security requirements for its many different applications. In the near future one smartcard may be used for many electronic commerce applications, such as payment systems, access to banking services and financial transactions over the Internet. A role and task based security model (R&T model) can ensure a secure access to many different services through an application based security framework. It can be used and implemented in a multifunctional smartcard in order to ensure both the users personal need for application based security and his right to informational self determination as the fundamental right of privacy is defined in the German legal system. A successful application of the model can help the user navigate a secure way through the jungle of electronic commerce. 1 Electronic commerce The ever increasing growth of the virtual business world will lead to more and more electronic based payment systems. The present day use of credit and debit card based payment is already widespread. It will become more commonplace, because of the increasing acceptance of such cards within the retail trade. The number of businesses accepting electronic payment is steadily growing. The introduction of the „electronic wallet“ in Germany will increase the use of electronic money and therefore decrease the use of conventional currency. In the future one or more cards will be used for a wide variety of purposes, not only in electronic commerce. In general, the probability is high that one multifunctional card will achieve wider acceptance than a large number of single function cards. Although the Internet was never designed for secure transactions, it has become the technical medium for network based financial transactions. The need for the development of secure payment systems has therefore become blatantly apparent. The multitude of payment media, including credit and debit cards, cheques and traditional currency, has spawned a corresponding number of technical systems which support them. Even though many of them are already in use, no single system has become accepted as the de facto standard. A review of different electronic payment systems and their security aspects can be found in [1], [2] and [3]. One special property of conventional currency should not be neglected: Anonymity. Transactions cannot be traced back to individual customers, the identity of which therefore remains unknown. The billing and accounting systems related to cheques and credit cards presuppose a direct link between customer and transaction. The anonymity property cannot therefore apply to these media. Electronic payment systems need to preserve the anonymity property of traditional currency while also offering a payment mode which links individuals and their transactions. Unfortunately, most electronic wallet systems do not support anonymous use. These systems protocol individual transaction data, which allow them to reidentify individual users. The transactions are protocoled by a separate clearing house, which allows the electronic wallet transactions to be treated as a different account. Financial institutions claim that this system, by which the bank and the clearing house both store transaction data, makes checks for misuse possible and therefore more secure. The loss of anonymity may, however, affect the behaviour of the consumer and infringe on personal rights. The right to informational self determination is endangered, unless an anonymous payment system is not available. There is a trend within the financial community towards offering services, such as money transfer, checking the status of accounts, etc., as so-called „home banking“. Home banking services can be accessed directly („online“) from the users home computer via the Internet. As homebanking becomes more and more widespread, additional services, such as stock market trading or investment information, will also be made available. In addition to this, automatic teller machines (ATM) will eventually provide access to all banking services. Personal contact between the customer and the bank employee will be reduced and finally substituted by the networked based direct banking services. This shift in emphasis towards online banking services may not always be of advantage to the customer. These risks and other global digital commerce problems are discussed in [4]. Developments to date show that, in order to support the large number of existing electronic commerce applications, many different cards are required. A typical (physical) wallet contains a variety of cards, including bank and credit cards, social security cards, telephone cards, customer cards. This ever increasing multitude of „plastic“, with its associated volume of personal identification numbers (PIN), already tends to confuse the user. Not only does the risk of forgetting PINs increase, but also the danger of associating a card with the wrong PIN. This causes added risks, such as the customer may be tempted to write down the PINs and keep them in the wallet. Most of these applications, such as electronic payment systems, network based financial transactions and electronic banking services, will use a smartcard for their implementation. This paper presents an electronic commerce application of the role and task based security model (R&T model) for multifunctional smartcards [5]. One multifunctional card implementation of the R&T model model could support not only several different electronic commerce applications, but also non-financial functions. For each application the user will have an individual security level, which is already wellknown from single application cards. For a specific application the user can choose the required security level, which may e.g. offer an anonymous use. Before describing the R&T model in a semi-formal way, some requirements are mentioned.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Presentation of an Ideal Safe SMS based model in mobile Electronic commerce using Encryption hybrid algorithms AES and ECC

Mobile commerce is whatever electronic transfer or transaction via a mobile modem through a mobile net in which the true value or advance payment is done for goods, services or information. A mobile payment system should be beneficial for all related persons. For a payment system to be a Successful system, End-user, seller, exporter and operators should see a additional value in it. End-user ...

متن کامل

Feasibility of Electronic Commerce at Cooperative in Gilan Province to Select an Appropriate E-Commerce Model by Using Fuzzy Analysis Network Process

Electronic commerce as one of the most important of Innovation aspects in the process of doing business is used by many organizations and companies in the world. Cooperatives as the main part of the country's economy have fundamental role in improving and promoting of economic. Therefore, innovation methods and tools, new processes and perform business tasks such as e-commerce will play an i...

متن کامل

Feasibility of Electronic Commerce at Cooperative in Gilan Province to Select an Appropriate E-Commerce Model by Using Fuzzy Analysis Network Process

Electronic commerce as one of the most important of Innovation aspects in the process of doing business is used by many organizations and companies in the world. Cooperatives as the main part of the country's economy have fundamental role in improving and promoting of economic. Therefore, innovation methods and tools, new processes and perform business tasks such as e-commerce will play an i...

متن کامل

Analysis of Security Models For Smart Cards

Smart cards are an old breed of ubiquitous embedded-computing devices that are increasingly gaining popularity for electronic business transactions. When these smart cards are used over networks that can be covertly snooped, such as the Internet, there is a potential threat to the security of these transactions. In this report, I describe and analyze security models for smart cards that are use...

متن کامل

A Multifunctional Smart Card based Platform to Support e-Government in South Africa

Advancements in technology and the proliferation of the internet have redefined public expectation of government services delivery. Government is being encouraged to look at how technologies like smart cards can be used in enhancing secure and reliable service delivery preferably through the internet. This paper details work in progress, aimed at developing a multifunctional smart card based pl...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1998