ITB Journal-May-2003 - Institute of Technology Blanchardstown
ITB Journal-May-2003 - Institute of Technology Blanchardstown
ITB Journal-May-2003 - Institute of Technology Blanchardstown
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>ITB</strong> <strong>Journal</strong><br />
• Objective 1 is achieved in steps 3 and 4 <strong>of</strong> the protocol. The merchant determines the<br />
price for his goods and sets this in the merchant signed voucher. The customer agrees<br />
to this price by cashing in the voucher.<br />
• The customer can only decrypt the goods by using the secret key. The customer<br />
receives this after the bank has determined that the transaction should go ahead and<br />
the funds have been transferred from the customer’s account. Thus objective 2 is<br />
realized.<br />
• The goods decryption key received by the customer is her pro<strong>of</strong> that the bank has<br />
successful conducted the transaction. The merchant’s pro<strong>of</strong> <strong>of</strong> transaction is the bank<br />
signed product identification code sent in step 5 <strong>of</strong> the protocol. Objective 3 has been<br />
achieved.<br />
• The customer’s identity is protected from the merchant because the customer does<br />
not transmit any messages directly to the merchant. Also even if the customer does<br />
have a voucher, she is under no obligation to cash in the voucher and decrypt the<br />
goods. Thus objective 4 is attained. Note that while anonymity from the merchant is<br />
obtained, complete anonymity for the customer is not obtained because the bank will<br />
be able to identity the customer and the goods that she purchases.<br />
• Objective 5 is achieved because no message within the protocol contains data that is<br />
either unsigned or unencrypted.<br />
• Objective 6 is discussed in later sections. But steps 1 and 2 <strong>of</strong> the protocol are<br />
performed <strong>of</strong>fline and only need to be conducted occasionally and do not need to be<br />
conducted for every transaction. This decreases the number <strong>of</strong> messages required for<br />
an average transaction. The iBank payment scheme only requires 1 signature from<br />
each entity (the merchant does not even need to do this online) and a one way hash<br />
calculation from the bank and the merchant.<br />
3.1 Notation<br />
The following notation is used to denote cryptographic operations. X and Y always represent<br />
communicating parties. K always represents a cipher key. When describing the following<br />
protocols, the sequence <strong>of</strong> messages is exchanged among three parties: C, the customer, M,<br />
the merchant: and B the bank, acquirer or notary entity.<br />
Exy(Message), Message, encrypted with the key XY using symmetric key cryptography. It is<br />
assumed that only X and Y knows the key, and that only these entities may know the contents<br />
<strong>of</strong> Message.<br />
Issue Number 7, <strong>May</strong> <strong>2003</strong> Page 81