Affiliations: Department of Computing, Macquarie University, Sydney,
Australia | Department of Computer Science, City University of
Hong Kong, Hong Kong. E-mail: duncan@cs.cityu.edu.hk | Division of Mathematical Sciences, School of Physical
& Mathematical Sciences, Nanyang Technological University, Singapore.
E-mail: hxwang@ntu.edu.sg
Abstract: The mobile agent paradigm offers flexibility and autonomy to
e-commerce applications. But it is challenging to employ a mobile agent to make
a payment due to the security consideration. In this paper, we propose a new
agent-assisted secure payment protocol, which is based on SET payment protocol
and aims at enabling the dispatched consumer-agent to autonomously sign
contracts and make the payment on behalf of the cardholder after having found
the best merchant, without the possibility of disclosing any secret to any
participant. This is realized by adopting the Signature-Share scheme, and
employing a Trusted Third Party (TTP). In the proposed protocol, the principle
that each participant knows what is strictly necessary for his/her role is
followed as in SET. In addition, mechanisms have been devised for preventing
and detecting double payment, overspending and overpayment attacks. Finally the
security properties of the proposed protocol are studied analytically. In
comparison with other existing models, the proposed protocol is more efficient
and can detect more attacks.
Keywords: Mobile agent, secure payment protocol, SET and Signature-Share scheme