[Previous] [Next] [Index]
[Thread]
Re: HP e-commerce protocol
Some comments about your protocol, and some comparisons with the iKP design of
my colleagues here at IBM Research:
1. Your design requires changes in the credit card payment systems, due to the
new protocol between Fm and Fc. By avoiding such changes, iKP requires a
smaller incremental change to the existing systems.
2. An objective of iKP is privacy of the credit card and PIN numbers, in order
to reduce an existing source of fraud. This is not achieved in the HP protocol.
3. Steps III and IV of your protocol involve signatures under public keys.
There is no discussion of how the recipients of these messages may know the
public keys required to verify the signatures. In particular, step IV's
message is from Fc to M, which implies that all merchants must know the public
keys of all customer financial institutions. This is unrealistic.
4. You argue an advantage in "international compatibility" because you don't
use encryption. However, both iKP and CyberCash have received U.S. export
permission for schemes that involve RSA encryption of limited amounts of order
information. I don't know how France and Russia and any other countries that
control encryption technology will react, but I would suggest that they may
also accept limited usage of encryption. So "international compatibility" is
not necessarily a unique advantage of the HP protocol.
---------------------------------------------------------------------------------
Mark H. Linehan
IBM T. J. Watson Research Center, Hawthorne, New York
linehan@watson.ibm.com; LINEHAN at WATSON
http://w3.watson.ibm.com/~linehan/home.htm (inside IBM only)
(914) 784-7860; 8-863-7860; fax (914) 784-7484
Follow-Ups: