E-PAYMENT SECURITY - Recommendations about the use of a PKI for e-payment security

El Hanan Bakkali

2004

Abstract

The security of the electronic payment requires not only the deployment of cryptographic technologies such as encoding and the electronic signature, but above all, the existence of third parties of confidence whose role is to enable the users of electronic payment applications to have confidence in the use of these technologies. In general, Authorities of Certification belonging to the same infrastructure of management and publication of public keys, commonly called Public Key Infrastructure or PKI, can ensure the role of these third parties of confidence. In this paper, first of all, I will pass in review the various methods of electronic payment. Then, the requirements of the participants of these methods will be presented. Finally, I will introduce some elements of response to the question on which this paper is focused: "Which PKI for the electronic payment security". Indeed, I will present my recommendations concerning both the desirable qualities and the characteristics of such a PKI, namely, the nature of its entities, its trust model and the format of its certificates.

References

  1. Clarke, R., 2001. The Fundamental Inadequacies of Conventional Public Key Infrastructure, In ECIS'01.
  2. Freir, A., Karlton, P. and Kocher, P., 1996, The SSL Protocol version 3.0, Internet Draft.
  3. Josang, A., Pedersen, I.G., and Povey, D., 2000, PKI Seeks a Trusting Relationship, in ASISP 2000.
  4. Housley, R., Ford, W., and Solo, D., 1999, Internet PKI; Part I: X.509 Certificate and CRL Profile, IETF X.509 PKI (PKIX) Network Working Group, RFC2459.
  5. MasterCard and Visa, Secure Electronic Transaction (SET) Specifications book 1,2,3, 1997.
  6. O'Mahony, D., Peirce, M., and Tewari, H., 1997, Electronic Payment Systems, Artech House.
  7. Asia PKI Forum, 2002, http://www.asia-pkiforum.org/ Netcheck, 2003, http://www.netcheck.com The Government of Canada PKI, 2004, http://www.cse.dnd.ca/en/services/pki/pki.html Verisign Server, 2004, http://www.verisign.com/
Download


Paper Citation


in Harvard Style

Hanan Bakkali E. (2004). E-PAYMENT SECURITY - Recommendations about the use of a PKI for e-payment security . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 317-323. DOI: 10.5220/0001396803170323


in Bibtex Style

@conference{icete04,
author={El Hanan Bakkali},
title={E-PAYMENT SECURITY - Recommendations about the use of a PKI for e-payment security},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={317-323},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001396803170323},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - E-PAYMENT SECURITY - Recommendations about the use of a PKI for e-payment security
SN - 972-8865-15-5
AU - Hanan Bakkali E.
PY - 2004
SP - 317
EP - 323
DO - 10.5220/0001396803170323