Abstract
Presents a new commerce protocol that allows customers and merchants to conduct face-to-face credit-card authorizations with a credit card company securely, with the option of anonymity for the customer, the merchant, or both. Our protocol guarantees that both parties agree to and know the outcome of each transaction. Our protocol has three advantages over others. First, we need only two message authentication code (MAC) operations per party per transaction, fewer than most popular protocols. Second, our own MAC function, OTPMAC (One-Time Pad MAC), does not rely on the existence of one-way functions or on any other unproven hypothesis. Third, our protocol generates a new one-time identifier per party per transaction, preventing the linkage of multiple transactions to a single party. Additionally, the protocol can operate in modes using alternatives to the one-time pad, including cryptographic pseudo-random number generators and conventional cryptographic MAC functions.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - Annual Computer Security Applications Conference, ACSAC |
Pages | 317-326 |
Number of pages | 10 |
ISBN (Electronic) | 0769508596 |
DOIs | |
State | Published - 2000 |
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Software
- Safety, Risk, Reliability and Quality
Keywords
- Atherosclerosis
- Authorization
- Business
- Credit cards
- Cryptographic protocols
- Cryptography
- Media Access Protocol
- Message authentication
- Random number generation
- Security