Journal of Software, Vol 6, No 10 (2011), 1985-1992, Oct 2011
doi:10.4304/jsw.6.10.1985-1992

A Certificateless and Across Administrative Domains Authenticated Key Exchange Scheme for E-payment

Ming Chen, Kaigui Wu, Jie Xu, Jianjun Du

Abstract


E-payment scheme allows two users to securely exchange e-cash and digital product over an open network. A problem in the across administrative domains E-payment scenarios is how the participants can carry out the exchange between administrative domains. In other words, the parti-cipants are administrated by two trusted administrators respectively. How can they verify their identities each other? In this paper, a certificateless cross-domain authenticated key exchange (CL-CD-AKE) scheme was proposed to solve this problem, and the security and the effectiveness of the proposed CL-CD-AKE scheme were analyzed in the extended random oracle model. Following this work, an E-payment scheme, achieving unforgeability and unreusability of e-cash, customer anonymity and fairness, was then proposed, and the CL-CD-AKE scheme was adopted by the E-payment scheme to deal with the problem of cross-domain authentication and key agreement.


Keywords


electronic commerce; electronic payment; ID-based cryptography; certificateless authenticated key exchange; across administrative domains

References


[1] D. Chaum, “Blind signatures for untraceable payments,” Proceedings of Crypto' 82. Berlin, Germany: Springer-Verlag, 1982.

[2] D. Boneh, and M. K. Franklin, “Identity-based Encryption from the Weil Pairing,” Proc. of CRYPTO'01. Berlin, Germany: Springer-Verlag, 2001.

[3] S. S. Al-Riyami, and K. G. Paterson, “Certificateless public key cryptography,” In: Laih CS, ed. Proc. of the Advances in Cryptology, LNCS 2894, Berlin, Germany: Springer-Verlag, 2003.

[4] J. Camenisch, S. Hohenberger, and A. Lysyanskaya, “Balancing accountability and privacy using e-cash,” In SCN '06, LNCS 4116, Berlin, Germany: Springer-Verlag, 2006.

[5] M. Green, and S. Hohenberger, “Blind identity-based encryption and simulatable oblivious transfer,” In: Kurosawa, K. (ed.), ASIACRYPT 2007, LNCS 4833, Berlin, Germany: Springer-Verlag, 2007, pp. 265–282.
http://dx.doi.org/10.1007/978-3-540-76900-2_16

[6] X. Chen, F. Zhang, and S. Liu, “ID-based restrictive partially blind signatures and applications,” Journal of Systems and Software, Vol. 80, No. 2, pp. 164–171, 2007.
http://dx.doi.org/10.1016/j.jss.2006.02.046

[7] C. J. Wang, Y. Tang, and Q. Li, “ID-Based Fair Off-Line Electronic Cash System with Multiple Banks,” Journal of Computer Science and Technology, Vol. 22, No. 3, pp.487-493, 2007.
http://dx.doi.org/10.1007/s11390-007-9055-1

[8] S. Wang, Z. Chen, and X. Wang, “A New Certificateless Electronic Cash Scheme with Multiple Banks Based on Group Signatures,” In proceedings of IEEE International Symposium on Electronic Commerce and Security 2008, Guangzhou, China. IEEE Computer Society, August, 2008.

[9] W. S. Juang, “RO-cash: An efficient and practical recoverable pre-paid offline e-cash scheme using bilinear pairings,” Journal of Systems and Software, Vol. 83, pp. 638–645, 2010.
http://dx.doi.org/10.1016/j.jss.2009.11.006

[10] S. J. Lin and D. C. Liu, “An incentive-based electronic payment scheme for digital content transactions over the Internet,” Journal of Network and Computer Applications, Vol. 32, pp. 589-598, 2009.
http://dx.doi.org/10.1016/j.jnca.2008.08.003

[11] J. H. Yang, and C. C. Cheng, “An Efficient Fair Electronic Payment System Based Upon Non-Signature Authenticated Encryption Scheme,” International Journal of Innovative Computing, Information and Control, Vol. 5, No. 11A, pp. 3861-3873, 2009.

[12] T. Dahlberg, N. Mallat, J. Ondrus and A. Zmijewska, “Past, present and future of mobile payments research a literature review,” Electron Comm Res, Vol. 7, No. 2, pp. 165-181, 2008.
http://dx.doi.org/10.1016/j.elerap.2007.02.001

[13] D. Cooper, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” RFC5280. Obtained through the Internet: http://www.ietf.org/rfc/rfc5280.txt. [accessed 1/9/2009].

[14] L. Chen, Z. Cheng and N. P. Smart, “Identity-based key agreement protocols from pairings,” Int. J. Inf. Secur, vol 6, No. 4, pp. 213-241, 2007.
http://dx.doi.org/10.1007/s10207-006-0011-9

[15] L. Zhang, F. Zhang, Q. Wu, and J. Domingo-Ferrer, “Simulatable certificateless two-party authenticated key agreement protocol,” Information Sciences, Vol. 180, No. 2, pp. 1020-1030, 2010.
http://dx.doi.org/10.1016/j.ins.2009.11.036

[16] W. Diffie, and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22, No. 6, pp. 644–654, 1976.
http://dx.doi.org/10.1109/TIT.1976.1055638

[17] J. Zhang and S. Gao, “Efficient provable certificateless blind signature scheme,” In proceedings of IEEE International Conference on Networking, Sensing and Control (ICNSC), 2010. Chicago, USA: IEEE Computer Society, 2010, pp. 292–297.

[18] FIPS 197, “Announcing the Advanced Encryption Standard (AES),” Obtained through the Internet: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. [accessed 10/2/2010].

[19] I. Ray, I. Ray, and N. Natarajan, “An anonymous and failure resilient fair-exchange e-commerce protocol,” Decision Support Systems, Vol. 39, No. 3, pp. 267-292, 2005.
http://dx.doi.org/10.1016/j.dss.2003.10.011

[20] H. Pagnia, H. Vogt, and F. C. GÓ“rtner, “Fair Exchange,” The Computer Journal, Vol. 46, No. 1, pp. 55-76, 2003.
http://dx.doi.org/10.1093/comjnl/46.1.55


Full Text: PDF


Journal of Software (JSW, ISSN 1796-217X)

Copyright @ 2006-2012 by ACADEMY PUBLISHER – All rights reserved.