-No Subject-

• To: www-security <www-security%nsmx.rutgers.edu@watlny03.watson.ibm.com>, nedbob <nedbob%sequent.com@watlny03.watson.ibm.com>
• Subject: -No Subject-
• From: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>
• Date: 9 May 95 16:27:21
• Cc: e-pay <e-pay@zurich.vnet.ibm.com>
• Keywords: e-pay

Ned Smith said:

>What was not evident to me while reading the paper was how the information
>was kept secret. The models described in the paper assume the order
>information was initiated by the consumer - as if the consumer inherently
>knew product codes and prices. What isn't shown is the fact that the
>merchant provided this information in the first place. It makes no sense to
>try to hide information that is already known.

The iKP assumption is that order negotiation between the customer and merchant
has privacy protection by
using SSL or SHTTP or some such mechanism.  This gives maximum flexibility for
the customer and merchant
to conduct this phase of the order in any way they wish.  We can expect that
merchants may show infinite
innovation in the style of their "catalog pages." A very general mechanism is
needed to protect the
potentially lengthy "conversation" between the customer and the merchant over
what to order, price, terms,
delivery address(es), etc.  iKP makes no attempt to provide such a mechanism.

I think of iKP as the electronic analog of the credit card slip and its
associated processing.  This is a 3-way
relationship among the customer, merchant, and the acquirer (the bank that the
merchant clears the slips through).  iKP provides security for the 3-way
transaction that occurs when you pay by credit card.  The reason we propose iKP
is that SHTTP and similar mechanisms only protect the customer<->merchant
communications.  Such mechanisms don't address the security requirements of
this 3-way transaction.

> The requirement to separate
> order info from payment protocol specifically SHTTP and SSL smacks of a
> hidden agenda. ... I don't think the proponents of iKP are really serious
about
>privacy in general or wrt client/aquirer privacy.

The security issues addressed are described in the iKP paper.  Privacy could be
added to the list, but there's no point if what I called the "order phase"
isn't already protected by SHTTP or whatever.  And once you're using SHTTP (or
whatever), you don't need privacy protection within iKP. Note that iKP is
careful not to pass information to parties that don't need it.  For example,
the acquirer doesn't learn the details of the order (just the total amount),
and the merchant doesn't learn the credit card number.

Realize that the credit-card payment system doesn't provide anonymity at all.
If that's what you want, you need a digital cash payment mechanism.

Lastly, on behalf of my colleagues here at IBM Research, I must say that there
really is no hidden agenda.  Common on - the protocol is described & debated
openly.  Whatever design issues may exist are certainly not hidden.

-----------------------------
----------------------------------------------------
Mark H. Linehan
IBM T. J. Watson Research Center, Hawthorne, New York
linehan@watson.ibm.com; LINEHAN at WATSON
http://w3.watson.ibm.com/~linehan/home.htm (inside IBM only)
(914) 784-7860; 8-863-7860; fax (914) 784-7484

• Previous: Re: Credit Card privacy
• Next: [WWW National Conference] Registration Form and Accomodations
• Index(es):
  • Index
  • Thread