Mobile Information Systems
Volume 4, Issue 1, Pages 51-68
http://dx.doi.org/10.1155/2008/402519
Employ a Mobile Agent for Making a Payment
1Department of Computing, Macquarie University, Sydney, Australia
2Department of Computer Science, City University of Hong Kong, Hong Kong
3Division of Mathematical Sciences, School of Physical & Mathematical Sciences, Nanyang Technological University, Singapore
Received 18 January 2008; Accepted 18 January 2008
Copyright © 2008 Hindawi Publishing Corporation. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract
The mobile agent paradigm offers flexibility and autonomy to e-commerce applications. But it is challenging to employ a mobile agent to make a payment due to the security consideration. In this paper, we propose a new agent-assisted secure payment protocol, which is based on SET payment protocol and aims at enabling the dispatched consumer-agent to autonomously sign contracts and make the payment on behalf of the cardholder after having found the best merchant, without the possibility of disclosing any secret to any participant. This is realized by adopting the Signature-Share scheme, and employing a Trusted Third Party (TTP). In the proposed protocol, the principle that each participant knows what is strictly necessary for his/her role is followed as in SET. In addition, mechanisms have been devised for preventing and detecting double payment, overspending and overpayment attacks. Finally the security properties of the proposed protocol are studied analytically. In comparison with other existing models, the proposed protocol is more efficient and can detect more attacks.