A Non-Repudiation Message Transfer Protocol for E-commerce

In the business world, exchange of signatures or receipts is a common practice in case of future dispute. Likewise, it is critical in E-commerce applications to have the security service that generates, distributes, validates, and maintains the evidence of an electronic transaction. Quite of number of non-repudiation protocols have been proposed in distributed systems and evaluated based on some evaluation criteria. However, in the context of ecommerce, there are additional evaluation criteria to be considered: Fairness to both the message sender and the message receiver with respective to their control over the completion of a transaction, the degree of trust on a third party, and existence dependency on a third-party for dispute settlement on a committed transaction. In this paper, we identify the set of requirements for a message transfer protocol in E-commerce, and propose a new nonrepudiation message transfer protocol that meets these additional criteria. Our protocol protects the confidentiality of message contents such that no unauthorized intermediary is able to see the contents. And, the protocol is superior to other protocols in that continuous existence of the third-party authority is not needed beyond the completion of a message transfer. Furthermore, with respect to the control over the commitment of a transaction, our protocol is fair to both the message sender and the receiver.