Considerations of Public Key Infrastructure (PKI), Functioning as a Chain of Trust in Electronic Payments Systems
The growth of open networks created the interest to
commercialise it. The establishment of an electronic business
mechanism must be accompanied by a digital – electronic payment
system to transfer the value of transactions. Financial organizations
are requested to offer a secure e-payment synthesis with equivalent
level of security served in conventional paper-based payment
transactions. PKI, which is functioning as a chain of trust in security
architecture, can enable security services of cryptography to epayments,
in order to take advantage of the wider base either of
customer or of trading partners and the reduction of cost transaction
achieved by the use of Internet channels. The paper addresses the
possibilities and the implementation suggestions of PKI in relevance
to electronic payments by suggesting a framework that should be
followed.
[1] B. Corbitt, T. Thanasankit, H.Yi, Trust and e-commerce: a study of
consumer perceptions, Electronic Commerce Research and Applications,
2, 2003, pp. 203-215
[2] R. Lukose, B. Huberman, A methodology for managing risk in electronic
transactions over the Internet, Netnomics, 2000, pp. 25-36
[3] S. Gaines, Z. Norman, Some Security Principles and Their Application
to Computer Security, the National Science Foundation under Grant
No.MCS76-00720
[4] G. Whitson, Computer security: theory, process and management-
Consortium for Computing Sciences in Colleges, JCSC 18, 2003
[5] D. Pipkin, Information Security. Prentice Hall PTR, 2000
[6] L. Fera, M. Hu, G. Cheung, M. Soper, Digital cash payment systems,
Report, 1996
[7] S. Katsikas, The Role of Public Key Infrastructure in Electronic
Commerce- The electronic journal for e-Commerce Tools &
Applications, eJETA.org, Vol.1, No.1, 2002
[8] C. Westland, Transaction Risk in Electronic Commerce, Decision
Support Systems 33, Elsevier, 2002, pp. 82-103
[9] P. Skevington, T. Hart, Trusted third parties in electronic commerce, BT
Technology Journal, Vol. 15, No 2, 1997
[10] S. Lancaster, S. Yen, S. Huang, Public key infrastructure: a micro and
macro analysis, Computer Standards & Interfaces 25, Elsevier Science,
2003, pp. 437-446
[11] Y. Tan, A Trust Matrix Model for Electronic Commerce, Trust
Management, LNCS Springer-Verlag, 2692, 2003, pp. 33-45
[12] J. Camp, Designing for Trust, LNAI 2631, Springer-Verlag, 2003, pp.
15-29
[13] J. Daniel, Patterns of Trust and Policy, New Security Paradigms
Workshop Langdale, 1998, Cumbria UK
[14] S. Brainov, T. Sandholm, Contracting with Uncertain Level of Trust,
1999, ACM 158113-176
[15] M. Patton, A. Josang, Technologies for Trust in Electronic Commerce,
Electronic Commerce Research, Vol. 4, 2004, pp. 9-21
[16] ITU-T Recommendation X.509 (2000) Information Technology, Open
systems interconnection - The Directory: Public-key and attribute
certificate frameworks
[17] C. Corritorea, B. Krachera, S. Wiedenbeck, On-line trust: concepts,
evolving themes, a model, Int. J. Human-Computer Studies 58, 2003, pp.
737-758
[18] J. Viega, T. Kohno, B. Potter, Trust (and mistrust) in secure
applications, Communications of the ACM, Vol. 44, No. 2, 2001
[19] T. Beth, M. Borcherding, B. Klien, Valuation of Trust in Open
Networks, Proceedings of the European Symposium on Research in
Computer Security, Brighton, 1994
[20] L Ho, Distributed Security Management in the Internet, Journal of
Network and Systems Management, Vol. 7, No. 2, 1999
[21] H.-W.-P. Beadle, R. Gonzalez, R. Safavi-Naini, S. Bakhtiari Review of
Internet Payment Schemes, Proceedings of ATNAC-96, 1996
[22] M. Chesher, R. Kaura, Electronic commerce and business
communications, Springer-Verlag, 1998
[23] E. Verheul, B. Koops, H. Tilborg, Public key infrastructure - Binding
cryptography -- A fraud-detectible alternative to key-escrow proposals,
Computer Law and Security Report, Vol. 13, no.1, 1997, pp. 3-14
[24] D. Pointcheval, Practical Security in Public-Key Cryptography, ICICS
2001, Lecture Notes in Computer Science Vol. 2288, 2002, pp. 1-17
[25] T. Aura, D. Gollmann, Communications security on the Internet, Focus
Software, No. 105, Volume 2, Issue 3, 2001, pp. 104-111
[26] I. Mavridis, G. Pangalos, T. Koukouvinos, S. Muftic, A Secure Payment
System for Electronic Commerce, 10th International Workshop on
Database & Expert Systems Applications, Florence, Italy, 1999
[27] P. Havinga, G. Smit, A. Helme, Survey of electronic payment methods
and systems, University of Twente, department of Computer Science
[28] Electronic Payment Systems Observatory (ePSO), Building Security and
Consumer Trust in Internet Payments, Background Paper No. 7, 2002
[29] Yu Hsiao-Cheng, His Kuo-Hua, Kuo Pei-Jen, Electronic payment
systems: an analysis and comparison of types, Technology in Society
24, 2002, pp. 331-347
[30] D. Abrazhevich, Classification and Characteristics of Electronic
Payment Systems, Lecture Notes in Computer Science, Vol. 2115, 2001,
pp. 81-90
[31] J. L. Abad-Peiro, N. Asokan, M. Steiner, M. Waidner, Designing a
generic payment service, Technical Report 212ZR055, IBM Zurich
Research Laboratory, 1996, Availiable:
http://www.semper.org/info/212ZR055.ps.gz,
[32] D. Bruschi, A. Curtil, E. Rosti, A quantitative study of Public Key InC.
Sundt, PKI ÔÇö Panacea1 or Silver Bullet, Information Security Technical
Report, Vol 5, No. 4, 2000, pp.53-65frastructures, Computers &
Security, Vol 22, No 1, 2003, pp. 56-67
[33] C. Sundt, PKI ÔÇö Panacea1 or Silver Bullet, Information Security
Technical Report, Vol 5, No. 4, 2000, pp.53-65
[34] S. Gritzalis, S. Katsikas, D. Lekkas, K. Moulinos, E. Polydorou,
Securing The Electronic Market: The KEYSTONE Public Key
Infrastructure Architecture, Computers & Security, Vol. 19, No. 8,
2000, pp. 731-746
[35] K. Liaquat, Deploying Public Key Infrastructures, Information Security
Technical Report, Vol. 3, No. 2, 1998, pp. 18-33
[36] R. Hunt, PKI and Digital Certification Infrastructure, Proceedings of
the 9th IEEE International Conference on Networks (ICON.01), 2001,
pp. 234-239
[37] A. Gómez, G. MartÛnez, Ó. Cánovas New security services based on
PKI, Future Generation Computer Systems 19, 2003, pp. 251-262
[38] J. Weise, Public Key Infrastructure Overview, Sun BluePrints™, 2001
[39] RSA Inc. Understanding Public Key Infrastructure (PKI), An RSA Data
Security White Paper, RSA Data Security, Inc., 1999
[40] M. Henderson, R. Coulter, Modelling Trust Structures for Public Key
Infrastructures, ACISP 2002, Lecture Notes in Computer Science, Vol.
2384, 2002, pp. 56-70
[41] S. Gritzalis, D. Gritzalis, A Digital Seal solution for deploying Trust on
Commercial Transactions, Information Management and Computer
Security, Vol.9, No.2, 2001, pp.71-79
[42] M. Benantar, The Internet public key infrastructure, IBM, 2001
[1] B. Corbitt, T. Thanasankit, H.Yi, Trust and e-commerce: a study of
consumer perceptions, Electronic Commerce Research and Applications,
2, 2003, pp. 203-215
[2] R. Lukose, B. Huberman, A methodology for managing risk in electronic
transactions over the Internet, Netnomics, 2000, pp. 25-36
[3] S. Gaines, Z. Norman, Some Security Principles and Their Application
to Computer Security, the National Science Foundation under Grant
No.MCS76-00720
[4] G. Whitson, Computer security: theory, process and management-
Consortium for Computing Sciences in Colleges, JCSC 18, 2003
[5] D. Pipkin, Information Security. Prentice Hall PTR, 2000
[6] L. Fera, M. Hu, G. Cheung, M. Soper, Digital cash payment systems,
Report, 1996
[7] S. Katsikas, The Role of Public Key Infrastructure in Electronic
Commerce- The electronic journal for e-Commerce Tools &
Applications, eJETA.org, Vol.1, No.1, 2002
[8] C. Westland, Transaction Risk in Electronic Commerce, Decision
Support Systems 33, Elsevier, 2002, pp. 82-103
[9] P. Skevington, T. Hart, Trusted third parties in electronic commerce, BT
Technology Journal, Vol. 15, No 2, 1997
[10] S. Lancaster, S. Yen, S. Huang, Public key infrastructure: a micro and
macro analysis, Computer Standards & Interfaces 25, Elsevier Science,
2003, pp. 437-446
[11] Y. Tan, A Trust Matrix Model for Electronic Commerce, Trust
Management, LNCS Springer-Verlag, 2692, 2003, pp. 33-45
[12] J. Camp, Designing for Trust, LNAI 2631, Springer-Verlag, 2003, pp.
15-29
[13] J. Daniel, Patterns of Trust and Policy, New Security Paradigms
Workshop Langdale, 1998, Cumbria UK
[14] S. Brainov, T. Sandholm, Contracting with Uncertain Level of Trust,
1999, ACM 158113-176
[15] M. Patton, A. Josang, Technologies for Trust in Electronic Commerce,
Electronic Commerce Research, Vol. 4, 2004, pp. 9-21
[16] ITU-T Recommendation X.509 (2000) Information Technology, Open
systems interconnection - The Directory: Public-key and attribute
certificate frameworks
[17] C. Corritorea, B. Krachera, S. Wiedenbeck, On-line trust: concepts,
evolving themes, a model, Int. J. Human-Computer Studies 58, 2003, pp.
737-758
[18] J. Viega, T. Kohno, B. Potter, Trust (and mistrust) in secure
applications, Communications of the ACM, Vol. 44, No. 2, 2001
[19] T. Beth, M. Borcherding, B. Klien, Valuation of Trust in Open
Networks, Proceedings of the European Symposium on Research in
Computer Security, Brighton, 1994
[20] L Ho, Distributed Security Management in the Internet, Journal of
Network and Systems Management, Vol. 7, No. 2, 1999
[21] H.-W.-P. Beadle, R. Gonzalez, R. Safavi-Naini, S. Bakhtiari Review of
Internet Payment Schemes, Proceedings of ATNAC-96, 1996
[22] M. Chesher, R. Kaura, Electronic commerce and business
communications, Springer-Verlag, 1998
[23] E. Verheul, B. Koops, H. Tilborg, Public key infrastructure - Binding
cryptography -- A fraud-detectible alternative to key-escrow proposals,
Computer Law and Security Report, Vol. 13, no.1, 1997, pp. 3-14
[24] D. Pointcheval, Practical Security in Public-Key Cryptography, ICICS
2001, Lecture Notes in Computer Science Vol. 2288, 2002, pp. 1-17
[25] T. Aura, D. Gollmann, Communications security on the Internet, Focus
Software, No. 105, Volume 2, Issue 3, 2001, pp. 104-111
[26] I. Mavridis, G. Pangalos, T. Koukouvinos, S. Muftic, A Secure Payment
System for Electronic Commerce, 10th International Workshop on
Database & Expert Systems Applications, Florence, Italy, 1999
[27] P. Havinga, G. Smit, A. Helme, Survey of electronic payment methods
and systems, University of Twente, department of Computer Science
[28] Electronic Payment Systems Observatory (ePSO), Building Security and
Consumer Trust in Internet Payments, Background Paper No. 7, 2002
[29] Yu Hsiao-Cheng, His Kuo-Hua, Kuo Pei-Jen, Electronic payment
systems: an analysis and comparison of types, Technology in Society
24, 2002, pp. 331-347
[30] D. Abrazhevich, Classification and Characteristics of Electronic
Payment Systems, Lecture Notes in Computer Science, Vol. 2115, 2001,
pp. 81-90
[31] J. L. Abad-Peiro, N. Asokan, M. Steiner, M. Waidner, Designing a
generic payment service, Technical Report 212ZR055, IBM Zurich
Research Laboratory, 1996, Availiable:
http://www.semper.org/info/212ZR055.ps.gz,
[32] D. Bruschi, A. Curtil, E. Rosti, A quantitative study of Public Key InC.
Sundt, PKI ÔÇö Panacea1 or Silver Bullet, Information Security Technical
Report, Vol 5, No. 4, 2000, pp.53-65frastructures, Computers &
Security, Vol 22, No 1, 2003, pp. 56-67
[33] C. Sundt, PKI ÔÇö Panacea1 or Silver Bullet, Information Security
Technical Report, Vol 5, No. 4, 2000, pp.53-65
[34] S. Gritzalis, S. Katsikas, D. Lekkas, K. Moulinos, E. Polydorou,
Securing The Electronic Market: The KEYSTONE Public Key
Infrastructure Architecture, Computers & Security, Vol. 19, No. 8,
2000, pp. 731-746
[35] K. Liaquat, Deploying Public Key Infrastructures, Information Security
Technical Report, Vol. 3, No. 2, 1998, pp. 18-33
[36] R. Hunt, PKI and Digital Certification Infrastructure, Proceedings of
the 9th IEEE International Conference on Networks (ICON.01), 2001,
pp. 234-239
[37] A. Gómez, G. MartÛnez, Ó. Cánovas New security services based on
PKI, Future Generation Computer Systems 19, 2003, pp. 251-262
[38] J. Weise, Public Key Infrastructure Overview, Sun BluePrints™, 2001
[39] RSA Inc. Understanding Public Key Infrastructure (PKI), An RSA Data
Security White Paper, RSA Data Security, Inc., 1999
[40] M. Henderson, R. Coulter, Modelling Trust Structures for Public Key
Infrastructures, ACISP 2002, Lecture Notes in Computer Science, Vol.
2384, 2002, pp. 56-70
[41] S. Gritzalis, D. Gritzalis, A Digital Seal solution for deploying Trust on
Commercial Transactions, Information Management and Computer
Security, Vol.9, No.2, 2001, pp.71-79
[42] M. Benantar, The Internet public key infrastructure, IBM, 2001
@article{"International Journal of Information, Control and Computer Sciences:64210", author = "Theodosios Tsiakis and George Stephanides and George Pekos", title = "Considerations of Public Key Infrastructure (PKI), Functioning as a Chain of Trust in Electronic Payments Systems", abstract = "The growth of open networks created the interest to
commercialise it. The establishment of an electronic business
mechanism must be accompanied by a digital – electronic payment
system to transfer the value of transactions. Financial organizations
are requested to offer a secure e-payment synthesis with equivalent
level of security served in conventional paper-based payment
transactions. PKI, which is functioning as a chain of trust in security
architecture, can enable security services of cryptography to epayments,
in order to take advantage of the wider base either of
customer or of trading partners and the reduction of cost transaction
achieved by the use of Internet channels. The paper addresses the
possibilities and the implementation suggestions of PKI in relevance
to electronic payments by suggesting a framework that should be
followed.", keywords = "Electronic Payment, Security, Trust", volume = "2", number = "9", pages = "3258-8", }
