Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 4, Issue 1, Pages 51-68
http://dx.doi.org/10.1155/2008/402519

Employ a Mobile Agent for Making a Payment

Yan Wang,1 Duncan S. Wong,2 and Huaxiong Wang1,3

1Department of Computing, Macquarie University, Sydney, Australia
2Department of Computer Science, City University of Hong Kong, Hong Kong
3Division of Mathematical Sciences, School of Physical & Mathematical Sciences, Nanyang Technological University, Singapore

Received 18 January 2008; Accepted 18 January 2008

Copyright © 2008 Hindawi Publishing Corporation. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

The mobile agent paradigm offers flexibility and autonomy to e-commerce applications. But it is challenging to employ a mobile agent to make a payment due to the security consideration. In this paper, we propose a new agent-assisted secure payment protocol, which is based on SET payment protocol and aims at enabling the dispatched consumer-agent to autonomously sign contracts and make the payment on behalf of the cardholder after having found the best merchant, without the possibility of disclosing any secret to any participant. This is realized by adopting the Signature-Share scheme, and employing a Trusted Third Party (TTP). In the proposed protocol, the principle that each participant knows what is strictly necessary for his/her role is followed as in SET. In addition, mechanisms have been devised for preventing and detecting double payment, overspending and overpayment attacks. Finally the security properties of the proposed protocol are studied analytically. In comparison with other existing models, the proposed protocol is more efficient and can detect more attacks.