Abstract — This paper discusses the design, implementation and deployment of a secure and practical payment system for electronic commerce on the Internet. The system is basedontheiKP family of protocols – i =1, 2, 3 – developed at IBM Research. The protocols implement credit cardbased transactions between buyers and merchants while the existing financial network is used for payment clearing and authorization. The protocols are extensible and can be readily applied to other account-based payment models, such as debit cards. They are based on careful and minimal use of public-key cryptography and can be implemented in either software or hardware. Individual protocols differ in both complexity and degree of security. In addition to being both a pre-cursor and a direct ancestor of the well-known SET standard, iKP-based payment systems have been in continuous operation on the Internet since mid-1996. This longevity – as well as the security and relative simplicity of the underlying mechanisms – make the iKP experience unique. For this reason, this paper also reports on, and addresses, a number of practical issues arising in the course of implementation and real-world deployment of a secure payment system.

Existing payment smartcards developed for traditional point-of-sale transactions are being considered for use in Internet transactions. Such solutions have been suggested as alternatives to using payment protocols more specifically designed for Internet payments (such as SET [6]) but often lacking smartcard support. In this paper, we analyze EMV'96 [5], a representative example of an existing payment smartcard specification. We investigate which security requirements for an Internet payment system can and cannot be met when using EMV for Internet payments. We suggest possible modifications that can enhance the security of an Internet payment scheme based on EMV.

Electronic commerce protocols often require users to reveal their identities and other information not necessary for reasons of security. Some applications such as contract signing are often argued to require a signer's authenticated identity; but this authentication may give the recipient a false feeling of security if certificate registration procedures do not guarantee a mapping to a liable person, or correctness of certificate data. In this paper, we propose a separation of identity from liability. Liability-aware certificates allow certificate issuers to make explicit which liabilities it takes with respect to the transaction, the certificate data or the signer's identity. We illustrate their use in the design of a pseudonym service providing pseudonym certificates for secure anonymous transactions.

Micropayment is an electronic payment system for small value transaction. It needs to use a little amount of resources, such as communication and computation due to the small value payment. There are three main existing approaches to the micropayment, namely Millicent, NetCents and MiniPay. We argue that those existing approaches not only suffer from some problems, but also consume a great amount of resources. In this paper, we propose an agentbased approach to micropayment which does not suffer from problems in the existing approaches and employ a smaller amount of resources than the existing approaches.