Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Conclusion
References
All Topics
Business and Management
Finance

A mechanism for establishing policies for electronic commerce

Profile image of Naftaly MinskyNaftaly Minsky

Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183)

https://doi.org/10.1109/ICDCS.1998.679732
visibility

description

10 pages

link

1 file

Abstract

This paper introduce s a m e chanism for establishing policies for electronic commerce in a uni ed and secure manner. A commercial policy can be viewed a s the embodiment of a contract between the principals involved i n a c ertain type o f c ommercial activity, and it may be c oncerned with such issues as: ensuring that a p ayment for services is refunded under speci ed circumstances; preventing certi cates representing e-cash from being duplicated; ensuring that credit card numbers are used only for the transaction they are intended for; and, for certain socially sensitive transactions like the purchase of drugs, ensuring auditability by proper authorities. Our mechanism is based o n a p r eviously published concept of law-governed interaction. It makes a strict separation between the formal statement of a policy, which we call a law," and the enforcement of this law, which is carried our by a set of policy-independent trusted controllers. A new policy under this scheme is created b asically by formulating its law, and can be easily deployed throughout a distributed system. This mechanism enables a single agent to engage in several di erent activities, subject to disparate policies. Two examples policies are discussed here i n d etail: one ensures refundability of payment, under certain circumstances; the other provides for payment by means of non-copyable tickets.

Related papers

A framework for electronic commerce security
L. Labuschagne

Information Security for Global Information Infrastructures, 2000

This paper suggests a framework that can be used to identify the security requirements for a specific electronic commerce environment. The first step is to identify all the security requirements applicable to this environment. Next, all participants need to be identified. This is following by breaking down the transactions to different autonomous actions. These actions are then mapped onto the participants involved, which serve as a model for the electronic commerce environment. This information is then used to identify the security requirements for a secure electronic commerce environment. The security requirements, in turn, are then used to develop the security architecture, consisting of appropriate security procedures and mechanisms, and the security policy.

View PDFchevron_right
An integrated approach for securing electronic transactions over the Web
Panagiotis Kanellis

Benchmarking: An International Journal, 2002

The decentralised nature of Web-based information systems demands a careful evaluation of the pantheon of security issues in order to avoid the potential occurrence of business risks that could not be easily mitigated. Understanding that information security is not merely a technical solution implemented at each endpoint of the inter-organizational application, this paper describes an integrated approach based on a rigorous, multi-level and multi-dimensional model. Having as a starting point the overall business goals and objectives, the model drives the development of a strategy from the lower levels of securing data in storage and transition to the higher levels of business processes. Its use and applicability is demonstrated over``Billing Mall''a system for electronic bill presentation and payment.

View PDFchevron_right
A Multi-Agent Model for Secure and Scalable E-Business Transactions
Jacques Calmet

2006

E-business applications require not only effective security mechanisms but also sufficient system resources to make them fast and reliable. We propose an e-business model that is highly decentralized and robust against attacks. The model is well suited for distributed environments like a Grid and is based on a multi-agent system. This underlying multi-agent system relies upon a fully generic approach called Agent-Oriented Abstraction. This enables to define different needs and requirements of an e-business model that are then assigned to decentralized instances like e.g. an instance supporting contract negotiations. Security features support the agents contributing to this e-business model with regard to legal aspects of their contract negotiations. One such feature is achieved by using so-called agent Alliances. Since an Alliance uses secure multi-party computations an instance that is realized by an Alliance of n agents is robust against up to n/3-corrupted members. The main other characteristics of our model are as follows: corporate knowledge is defined through distributed virtual knowledge owned by the agents, the utility of decisions is assessed through a choice of models and trust is achieved through security and legal validation.

View PDFchevron_right
Modelling secure and fair electronic commerce
G. Pernul

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217), 1998

discuss security requirements which in the past were recognised as being very important for electronic market participants but had only received limited or little attention in the electronic commerce research community.

View PDFchevron_right
Transforming a Secure eCommerce Application into a Multi-Agent based Solution for eContracting
Djamel Khadraoui

The eCommerce domain needs more and more automation, speed and security for its cus- tomers. That's why the number of B2B applications handling electronic contracts and digital signatures is still increasing. These ones are based on certiflcates and use secure communication protocols. Nevertheless most of them don't take into account negotiation regarding to contracts clauses and arbitration of potential con∞icts. In the Multi-Agent System (MAS) domain contract notion exists too. Social contracts make social control and management of cooperation between agents possible. This paper will consist in combining notions of electronic contract and social contract in order to integrate agents within an eCommerce platform for the automation and au- tonomous negotiation of electronic contracts terms. We experiment our proposal in the context of secure eBusiness application trading intangible assets where we consider a speciflc business case related to the translation sector.

View PDFchevron_right
COPS: a model and infrastructure for secure and fair electronic markets
G. Pernul

Decision Support Systems, 2000

Existing electronic markets in the open network Internet often show a lack of security and fairness. New forms of trading are just coming up and the variety of different market structures and digital goods we will probably see in the future is yet unthinkable.

View PDFchevron_right
E-law Protection: for both Buyers and Sellers
Hameed khan

Journal of Management and Sustainability, 2012

Law was brought into practice since the inception of humankind on the planet. The importance of law in human life is unquestioned. Civilization operates under commandments, from inception to demise and its implementation is mandatory for constraint of human behaviors in various different situations. Since transgressions to law can vary in there occurrence, crimes committed on-line are of no exception, and therefore constitutes a need for regulation, required to make on-line transactions efficient and without disturbance. In reality, online lawful transactions, under law, are arduous due to difference in locations and accordingly in legal litigations. In such circumstances, friction arises due to in-existing suitable systems in such circumstances. But with the induction of e-laws can yield better results for consumer-vendor protection and also for on-line transactions, it will yield better results.

View PDFchevron_right
A language for modelling secure business transactions
G. Pernul

Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)

Among other areas electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter-and intra-organisational business processes. Although workflow management techniques are capable to specify and conduct at least parts of market transactions, these techniques are not or very rarely used for this purpose yet. In both fields users demand security and integrity to protect for example their privacy, their property rights or digital payments. To satisfy these security demands a variety of existing security services, mechanisms, protocols, and organisational measures are existent and may be used. At one hand side, to encourage using these techniques it is necessary to have a tool which enables a firm's executive to formulate market transactions security demands at a high abstraction level. On the other hand executing market transactions needs a more formal, machine readable description of the transaction and its security requirements. In this paper we present a methodology to specify secure protocols, which are usable to automatically conduct business processes as well as market transactions.

View PDFchevron_right
Trust management for e-transactions
shyamasundar R.K.

Sadhana, 2005

There has been enormous increase in transactions and cooperativecomputing services on the internet. This is both a technical and a social phenomenon. Transactions and services over the internet have global reach and users, known or unknown to the service provider, might be interested in availing access or participating in the cooperative transaction in a distributed manner. Thus, it is very important for service providers to identify and establish trustworthiness of potential collaborators, which they do by writing contracts (e.g. access control, security policies; the words contract and policy are used interchangeably) without violating the privacy and confidentiality laws that prevail across geographical boundaries. But as the system becomes complex and dynamic, contractual incompleteness arises since it becomes cumbersome to mention potentially large set of outcomes of the user's choice of action. Trust plays a crucial role in the design of optimal contracts; not all the relevant, valuable information on the user's choice of action is incorporated in the equilibrium contract. It may also be noted in that traditional transactions, the notion of seeing is believing plays a vital role. However, in e-transactions, this is not the case. The challenge is to see how in such a scenario trust can indeed be generated. Note that the presence of trust facilitates cooperative behaviour and allows for exchange to occur in situations where its absence would preclude trade. In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. We shall also bring out the relative deficiencies and how these issues are tackled in our ongoing work that facilitates execution of optimal contracts.

View PDFchevron_right
Foundations of Secure E-Commerce: The Order Layer
Amir Herzberg

2006

We present specifications and provable protocol, for secure ordering and provision of digital goods and services. Notably, our protocol includes fully automated resolution of disputes between providers and customers. Disputes may involve the timely receipt of orders and goods, due to communication failures and malicious faults, as well as disputes of fitness of goods and order. The protocol and specifications are modular, with precise yet general-purpose interfaces. This allows usage as an underlying service to different ecommerce scenarios and applications, in particular secure online banking and brokerage. The protocol is practical, efficient, reliable and secure, under realistic failure and delay conditions. Our design and specifications are a part of a layered architecture for secure e-commerce applications .

View PDFchevron_right

References (18)

  1. J.-M. Andreoli, F. Pacull, and R. Pareschi. XPECT: A framework for electronic commerce. IEEE Internet Computing, pages 40 48, July- August 1997.
  2. M. Blaze, J. Feigenbaum, and J. Lacy. Decen- tralized trust managemnt. In Proceedings of the IEEE Symposium on Security and Privacy, M a y 1996.
  3. D. Chaum. Transaction systems to make big brother obsolete. In Communication of the ACM, October 1985.
  4. S. Glassman, M. Manasse, M. Abadi, P. Gau- thier, and P. Sobalvarro. The Millicent protocol for inexpensive electronic commerce. In Fourth International World Wide Web Conference P r o- ceedings, pages 603 618, December 1995.
  5. S. Ketchpel and H. Garcia-Molina. Making trust explicit in distributed commerce transactions. In Proceedings of the International Conference o n Distributed Computing Systems, pages 270 281, 1996.
  6. S. Ketchpel, H. Garcia-Molina, and A. Paepcke. Shopping models: A exible architecture for in- formation commerce. In Digital Libraries, 1997.
  7. C. Lai, G. Medvinsky, and C. Neuman B. En- doresements, licensing, and insurance for dis- tributed system services. In Proceedings of the Second ACM Conference on Computer and Com- munication Security, N o vember 1994.
  8. G. Medvinsky and C. Neuman. Netcash: A de- sign for practical electronic currency on the inter- net. In Proceedings of the 1st ACM Conference on Computer and Communication Security, 1993.
  9. N.H. Minsky. The imposition of protocols over open distributed systems. IEEE Transactions on Software Engineering, F ebruary 1991.
  10. N.H. Minsky and V. Ungureanu. Regulated coor- dination in open distributed systems. In David Garlan and Daniel Le Metayer, editors, Proc. of Coordination'97: Second International Con- ference o n C o ordination Models and Languages; LNCS 1282, pages 81 98, September 1997.
  11. N.H. Minsky and V. Ungureanu. Uni ed support for heterogeneous security policies in distributed systems. In 7th USENIX Security Symposium, January 1998.
  12. R. Needham and M. Schroeder. Authentication revisited. Operating Systems Review, page 7, Jan- uary 1987.
  13. C. Neuman. Proxy-based authorization and ac- counting for distributed systems. In Proceed- ings of the 13th International Conference on Dis- tributed Computing Systems, 1993.
  14. P. P anurach. Money in electronic commerce: Digital cash, electronic fund transfer and ecash. Communications of the ACM, 396, June 1996.
  15. M. Sirbu and J.D. Tygar. Netbill: An Internet commerce system. In IEEE COMPCON, March 1995.
  16. J. Su and D. Manchala. Building trust for dis- tributed commerce transactions. In 17th IEEE International Conference on Distributed Comput- ing SystemsICDCS, M a y 1997.
  17. J. Su and J.D. Tygar. Building blocks for atom- icity in electronic commerce. In Proceedings of USENIX Security Symposium, 1996.
  18. M. Waidner. Development of a secure electronic marketplace for Europe. In Proceedings of Es- orics, September 1996.

Related papers

Regulating e-commerce through certified contracts
Victoria Ungureanu

18th Annual Computer Security Applications Conference, 2002. Proceedings., 2002

Access control has traditionally assumed a single, monolithic authorization policy, generally expressed as an access matrix. We argue that this assumption does not fit ecommerce applications, which are governed by a potentially large set of independently stated, evolving contracts. In order to support this growing class of applications we propose an enforcement mechanism which uses certified-contracts as authorization policies. A certified-contract is obtained: (a) by expressing contract terms in a formal, interpretable language, and (b) by having it digitally signed by a trusted principal. We show that this approach would make dissemination, revision, and annulment of contracts more manageable and more efficient. We propose a language for stating contract terms, and present several formal examples of certified contracts. The paper describes the implementation of the enforcement mechanism, which can be used as an extension to a web server, or as a separate server with interface to application. The proposed model does not require any modification of the current certificate infrastructure, and only minor modifications to servers.

View PDFchevron_right
Establishing Business Rules for Inter-Enterprise Electronic Commerce
Victoria Ungureanu

Lecture Notes in Computer Science, 2000

Conventional mechanisms for electronic commerce provide strong means for securing transfer of funds, and for ensuring such things as authenticity and non-repudiation. But they generally do not attempt to regulate the activities of the participants in an e-commerce transaction, treating them, implicitly, as autonomous agents. This is adequate for most cases of client-to-vendor commerce, but is quite unsatisfactory for inter-enterprise electronic commerce. The participants in this kind of e-commerce are not autonomous agents, since their commercial activities are subject to the business rules of their respective enterprises, and to the preexisting agreements and contracts between the enterprises involved. These policies are likely to be independently developed, and may be quite heterogeneous. Yet, they have to interoperate, and be brought to bear in regulating each e-commerce transaction. This paper presents a mechanism that allows such interoperation between policies, and thus provides for inter-enterprise electronic commerce.

View PDFchevron_right
Scalable Regulation of Inter-enterprise Electronic Commerce
Victoria Ungureanu

Lecture Notes in Computer Science, 2001

In the current electronic-commerce literature, a commercial transaction is commonly viewed as an exchange between two autonomous principals operating under a contract between themwhich needs to be formalized and enforced. But the situation can be considerably more complex in the case of inter-enterprise (also called business-to-business, or B2B) commerce. The participants in a B2B transaction are generally not autonomous agents, since their commercial activities are subject to the policies of their respective enterprises. It is our thesis, therefore, that a B2B transaction should be viewed as being governed by three distinct policies: the two policies that regulate the activities of the two principals, while operating as representatives of their respective enterprises, and the policy that reflects the contract between the two enterprises. These policies are likely to be independently developed, and may be quite heterogeneous. Yet, they have to interoperate, and must all be brought to bear in regulating each B2B transaction. This paper presents a mechanism for formulating such interoperating policies, and for their scalable enforcement, thus providing for regulated inter-enterprise electronic commerce.

View PDFchevron_right
A Formal Model of Distributed Security for Electronic Commerce Transactions Systems
Sylvanus Ehikioya

International Journal of Networked and Distributed Computing, 2019

Every distributed system requires a secure environment for its users. Security becomes even more important if users exchange sensitive information and value, across the network. An e-commerce environment is an example of a distributed system in which security is of a high priority. It is important that messages are confidential and tamper proof; users cannot repudiate transactions, and only authorized and properly authenticated users can access resources. These functionalities require proper security layer to provide access and sharing functions between the e-commerce systems and their respective customers. A Distributed Security Management System (DSMS) provides these services/functionalities. The DSMS is a security middleware for e-commerce servers, which coordinates secure communication, access and sharing of resources between the distributed applications, objects, databases and entities that make up the system. It is designed to provide an interface between clients and the databases of the merchants in a secure way, such that authorized clients can retrieve and send information to the system securely. It is required to have high quality and high tolerance for errors since the server is required to be always available continually. It must also have a user-friendly interface and feature set. The DSMS design discussed in this paper provides these requirements using public and private key systems, data encryption standard encryption, log files and a secure hashing algorithm. A prototype of the system was implemented using the Java security platform.

View PDFchevron_right
A certification scheme for electronic commerce
Bruno Crispo

Security Protocols, 1997

This paper examines trust in distributed systems. The particular example that we choose is that of key certi cation, although the techniques have more general application. Existing system do not provide su cient evidence to help to resolve disputes. We address this problem.

View PDFchevron_right

Related topics

  • Business
  • Computer Science
  • Computer Security
  • Business Communication
  • Credit Cards
  • Transaction Processing
  • Distributed Computing Systems
  • Mechanism in Biology
  • Commercial policy

    • Cited by

    Norm Enforceability in Electronic Institutions?
    Adriana Giret

    Lecture Notes in Computer Science, 2011

    Nowadays Multi-Agent Systems require more and more regulation and normative mechanisms in order to assure the correct and secure execution of the interactions and transactions in the open virtual organization they are implementing. The Electronic Institution approach for developing Multi-Agent Systems implements some enforceability mechanisms in order to control norms execution and observance. In this paper we study a complex situation in a regulated environment in which the enforceability mechanisms provided by the current Electronic Institutions implementation cannot deal appropriately with norm observance. The analyzed situation is exemplified with a specific scenario of the mWater regulated environment, an electronic market for water-rights transfer. After this example is presented, we extrapolate it to a more generic domain while also addressing the main issues for its application in general scenarios.

    View PDFchevron_right
    Law-Governed Internet Communities
    Victoria Ungureanu

    Lecture Notes in Computer Science, 2000

    We consider the problem of coordination and control of large heterogeneous groups of agents distributed over the Internet in the context of Law-Governed Interaction (LGI) [2, 5]. LGI is a mode of interaction that allows a group of distributed heterogeneous agents to interact with each other with confidence that an explicitly specified policy, called the law of the group, is complied with by everyone in the group. The original LGI model [5] supported only explicit groups, whose membership is maintained and controlled by a central server. Such a central server is necessary for applications that require each member of the group to know about the membership of the entire group. However, in the case where members do not need to know the membership of the entire group, such a central server can become an unnecessary performance bottleneck, as group size increases, as well as a single point of failure. In this paper, we present an extension to LGI allowing it to support implicit groups, also called communities, which require no central control of any kind, and whose membership does not have to be regulated, and might not be completely known to anybody.

    View PDFchevron_right
    A Consensus-Based Integration Method for Security Rules
    Trong Tran

    Lecture Notes in Computer Science, 2009

    Policy-based security is an effective approach to manage knowledge systems by handling all behaviors of a system thought a set of rules. This approach has such advantages as capacity to define general high-level targets, ease for configuration, and flexibility in development and maintenance. However, the resolution of conflicts is unavoidable requirement because of many elements of subjectivity as well as objectivity in administrative processes. To this end, several works have been done, and they gave concrete results. In this paper, we will propose a new approach to solve conflicts and to integrate rules in a policy. A new representation of rules is given, the distances between rules are defined as well as postulates are presented and analyzed. Algorithms for integrating policy also have been proposed and examined.

    View PDFchevron_right
    Enforcement of Communal Policies for P2P Systems
    Naftaly Minsky

    Lecture Notes in Computer Science, 2004

    Peer-to-peer (P2P) computing, where peers in a community interact directly with each other rather than through intermediary servers, is emerging as a powerful paradigm for collaboration over the Internet. However, this paradigm poses a difficult challenge: how to ensure the harmonious, safe, and secure operation of these communities, particularly if they are large and geographically distributed, such that the collaborating principals may not even know or trust each other. Generally, members of such a community must conform to an application specific communal policy (or protocol), if the community is to operate smoothly and securely. Typically, the purpose of such a policy is either (a) to provide for effective coordination between members of the community, and/or (b) to ensure the security of community members, and of the information they share with each other. The question we address in this paper is, how can such a communal policy be established reliably and in a scalable manner? That is, how can one ensure-in a manner consistent with the decentralized nature of the P2P model-that all members of a given P2P community comply with its communal policy? While some communities can rely on voluntary compliance with their stated policy, we believe that many policies required for future P2P applications will not lend themselves to voluntary compliance alone. Such policies, we maintain, need to be enforced to be reliable. We illustrate the nature of such policies by means of an example of a community that operates like Gnutella, but which is established to exchange more sensitive and critical information than music files. Then, we propose to employ the intrinsically distributed control mechanism called Law-Governed Interaction (LGI) for the scalable enforcement of communal P2P policies. To demonstrate the efficacy of the proposed approach, we show how our example policy can be formulated and enforced under LGI. Finally, we modify an existing open-source Gnutella client to work with LGI and show that the use of LGI incurs little overhead.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved