Non-repudiation in SET: Open Issues
نویسنده
چکیده
The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-repudiable, i.e., provable to a third-party veri er. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the parties enough evidence to prove certain important transaction features. A comparison with the similarly-structured iKP protocol shows a number of advantages of iKP as opposed to SET with respect to the use of its signatures as evidence tokens. It is shown that non-repudiation requires more than digitally signing authorization messages. Most importantly, protocols claiming non-repudiaton should explicitly specify the rules to be used for deriving authorization statements from digitally signed messages.
منابع مشابه
An efficient non-repudiation billing protocol in heterogeneous 3G-WLAN networks
The wireless communication with delivering variety of services to users is growing rapidly in recent years. The third generation of cellular networks (3G), and local wireless networks (WLAN) are the two widely used technologies in wireless networks. 3G networks have the capability of covering a vast area; while, WLAN networks provide higher transmission rates with less coverage. Since the two n...
متن کاملA Game Approach to the Veri cation of Exchange Protocols Application to Non-repudiation Protocols
Non-repudiation Protocols. During the last decade open networks, above all the Internet, have known an impressive growth. As a consequence, new security issues, like non-repudiation have to be considered. Repudiation is de ned as the denial of an entity of having participated in all or part of a communication. Consider for instance the following scenario: Alice wants to send a message to Bob; a...
متن کاملAn Intensive Survey of Non-Repudiation Protocols
With the phenomenal growth of the Internet and open networks in general, security services, such as non-repudiation, become crucial to many applications. Non-repudiation services must ensure that when Alice sends some information to Bob over a network, neither Alice nor Bob can deny having participated in a part or the whole of this communication. Therefore a non-repudiation protocol has to gen...
متن کاملCompliance Requirements for Business-process driven SOAs
Business processes form the foundation for all organizations, and as such, are impacted by industry regulations. Without explicit business process definitions, flexible rules frameworks, and audit trails that provide for non-repudiation, organizations face litigation risks. This requires organizations to review their business processes and ensure that they meet the compliance standards set fort...
متن کاملAudit Mechanisms in Electronic Health Record Systems: Protected Health Information May Remain Vulnerable to Undetected Misuse
Inadequate audit mechanisms may result in undetected misuse of data in software-intensive systems. In the healthcare domain, electronic health record (EHR) systems should log the creating, reading, updating, or deleting of privacy-critical protected health information. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing ...
متن کامل