The SET payment protocol uses digital signatures to authenticate messages and authorize transactions. It is assumed that these digital signatures make authorizations non-rcpudiable, i.e., provable to a third-party verifier. This paper evaluates what can be proved with the digital signatures in SET. The analysis shows that even a successful and completed SET protocol run does not give the parties enough evidence to prove certain important transaction features. A comparison with the similarly-structured iKP protocol shows a number of advantages of i KI’ as opposed to SET with respect to the use of its signatures as evidence tokens. It is shown that non-repudiation requires more than digitally signing authorization messages. Most importantly, protocols claiming non-repudiaton should explicitly specify the rules to be used for deriving authorization statements from digitally signed messages.
CITATION STYLE
Van Herreweghen, E. (2001). Non-repudiation in SET: Open issues. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1962, pp. 140–156). Springer Verlag. https://doi.org/10.1007/3-540-45472-1_11
Mendeley helps you to discover research relevant for your work.