Abstract
In this paper, we propose a secure and efficient software framework for non-repudiation service based on an adaptive secure methodology in e-commerce (electronic commerce). First, we introduce an explicit security framework of the e-commerce transaction called notary service. The proposed framework supports non-repudiation of service for a successful e-commerce transaction in terms of generation, delivery, retrieval, and verification of the evidence for resolving disputes. Second, we propose an adaptive secure methodology to support secure and efficient non-repudiation of service in the proposed framework. Our adaptive secure methodology dynamically adapts security classes based on the nature and sensitivity of interactions among participants. The security classes incorporate security levels of cryptographic techniques with a degree of information sensitivity. As Internet e-businesses exponentially grow, a need for high security level categories to identify a group of connections or individual transactions is manifest. Therefore, development of an efficient and secure methodology is in high demand. We have done extensive experiments on the performance of the proposed adaptive secure methodology. Experimental results show that the adaptive secure methodology provides e-commerce transactions with high quality of security services. Our software framework incorporating the adaptive secure methodology is compared with existing well-known e-commerce frameworks such as SSL (Secure Socket Layer) and SET (Secure Electronic Transaction).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Barron N. RSAEuro Technical Reference. RSAEuro Co., 1996.
Bellare M. iKP-A family of secure electronic payment protocols. In: Proceedings of First USENIX Workshop on Electronic Commerce, 1995.
Ford W, Baum M. Secure Electronic Commerce. Upper Saddle River, NJ: Prentice Hall, 1997.
ISO10181-4. Information Technology-Security Frameworks for Open Systems: Non-repudiation Framework. International Organization for Standardization, 1989.
ISO/IEC10888-1. Information Technology-Security Techniques-non-repudiation-Part 1: General. International Organization for Standardization, 1997.
Jacobson V. Congestion avoidance and control. Computer Communication Review 1988;18(4):314–329.
Kan P, Patridge C. Improving round-trip time estimates in reliable transport protocols. Computer Communication Review 1987;17(5):2–7.
Mani A. Securing the commercial internet. Communications of the ACM 1996;39(6):29–35.
MasterCard, Visa. SET: Secure Electronic Transaction Specification-Book 1: Business Description, 1997.
Stach J, Park EK. Performance of an enhanced GSM protocol supporting non-repudiation of service. Computer Communications 1999;22:675–680.
Stallings W. Network and Internetwork Security Principle And Practice. Upper Saddle River, NJ: Prentice Hall, 1995.
Wagner D, Schneier B. Analysis of the SSL 3.0 protocol. In: Proceedings of the Second USENIX Workshop on Electronic Commerce 1996:29-40.
You C.Onthe efficient implementation of fair non-repudiation. Computer Communication Review 1998;28(5):50–60.
Zhou J, Gollmann D. Evidence and non-repudiation. Journal of Network and Computer Applications 1998;28(5):50–60.
Zhou J, Deng R, Bao F. Evolution of fair non-repudiation with TTP. In: Proceedings of Information Security and Privacy 1999a:258-269.
Zhou J, Lamb K. Securing digital signatures for nonrepudiation. Computer Communications 1999b;22(8):710–716.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Tak, S.W., Park, E.K. A Software Framework for Non-Repudiation Service based on Adaptive~Secure Methodology in Electronic Commerce. Information Systems Frontiers 6, 47–66 (2004). https://doi.org/10.1023/B:ISFI.0000015874.51455.ab
Issue Date:
DOI: https://doi.org/10.1023/B:ISFI.0000015874.51455.ab