In a history-based trust-management system, users and service providers use information about past transactions to make trust-based decisions concerning current transactions. One category of such systems is represented by the reputation systems. However, despite the growing body of experience in building reputation systems, there are several limitations on how they are typically implemented. They often rely on scores that are evaluated by service providers and are often not reliable or well understood. We believe that reputation has to be based on objective and reliable information. In such context, transaction histories play an important role. In this paper, we present the VeryIDX system that implements an electronic receipt infrastructure and supports protocols to build and manage online transaction history of users. The receipt protocols are shown to have several essential security and privacy properties. We present a basic yet reasonably expressive language which provides service providers with a new way to establish trust based on users' transaction history. We also describe the architecture and prototype implementation of VeryIDX, based on several important design considerations of a real-world e-commerce system infrastructure.
Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user’s consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacypreserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.
Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to Mcommerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactions' information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.
Abstract-A main challenge in mobile commerce is to make it possible for users to manage their transaction histories from both online e-commerce transactions and in-person transactions. Such histories are typically useful to build credit or to establish trust based on past transactions. In this paper we propose an approach to manage electronic receipts on cellular devices by assuring their secure and privacy-preserving usage. We provide a comprehensive notion of transactions history including both on-line transaction and in-person transactions. We apply cryptographic protocols, such as secret sharing and zero knowledge proofs, in a potentially vulnerable and constrained setting. Specifically, our approach supports flexible strategies based on Shamir's secret sharing to cater to different user requirements and architectural constraints. In addition, aggregate zero knowledge proofs are used to efficiently support proofs of various receipt attributes. We have implemented the system on Nokia NFC cellular phones and report in the paper performance evaluation results.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.