A multi-agent architecture for electronic payment

The Internet has brought about innumerable changes to the way enterprises do business. An essential problem to be solved before the widespread commercial use of the Internet is to provide a trustworthy solution for electronic payment. We propose a multi-agent mediated electronic payment architecture in this paper. It is aimed at providing an agent-based approach to accommodate multiple e-payment schemes. Through a layered design of the payment structure and a well-defined uniform payment interface, the architecture shows good scalability. When a new e-payment scheme or implementation is available, it can be plugged into the framework easily. In addition, we construct a framework allowing multiple agents to work cooperatively to realize automation of electronic payment. A prototype has been built to illustrate the functionality of this design. Finally we discuss the security issues

Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

Ubic: Bridging the gap between digital cryptography and the physical world

Advances in computing technology increasingly blur the boundary between the digital domain and the physical world. Although the research community has developed a large number of cryptographic primitives and has demonstrated their usability in all-digital communication, many of them have not yet made their way into the real world due to usability aspects. We aim to make another step towards a tighter integration of digital cryptography into real world interactions. We describe Ubic, a framework that allows users to bridge the gap between digital cryptography and the physical world. Ubic relies on head-mounted displays, like Google Glass, resource-friendly computer vision techniques as well as mathematically sound cryptographic primitives to provide users with better security and privacy guarantees. The framework covers key cryptographic primitives, such as secure identification, document verification using a novel secure physical document format, as well as content hiding. To make a contribution of practical value, we focused on making Ubic as simple, easily deployable, and user friendly as possible.Comment: In ESORICS 2014, volume 8712 of Lecture Notes in Computer Science, pp. 56-75, Wroclaw, Poland, September 7-11, 2014. Springer, Berlin, German

Year 2010 Issues on Cryptographic Algorithms

In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function