Beruflich Dokumente
Kultur Dokumente
21)
1. Introduction
The electronic Payment Systems Observatory
(ePSO)[1] defines that electronic payment is the
transfer of an electronic means of payment from the
payer to the payee through an electronic payment
instrument. An electronic payment system contains a
customer, a merchant and a bank. There are three
payment protocol models: Cash, Cheque and Card.
Cash is the token that can be authenticated
independently by the issuer such as Digital-cash and
Payword; Cheque is payment instruments whose
validity requires reference to the issuer such as
NetBill; Card is a payment method through existing
credit card mechanism such as SET. For electronic
payment prevails as a definitive alternative to
* *
Acknowledgements: This work is supported by the National
Natural Science Foundation of China (No. 60473057, No.
90104026), the National High Technology Research and
Development Program of China (No. 2002AA144040).
1
Ling Zhang, PhD candidate; main research fields: formal
specification and verification of electronic commerce protocols.
2
Jinping Yin, male, professor; main research fields: artificial
intelligence, pattern recognition, algorithm and information
security.
3
Mengjun Li, male, PhD; main research fields: verification of
security protocols.
69
Fig. 1
2. Dynamic Game
The object of studying in game theory is the
70
(ak )
2) If
k =1
number),
(a k )
v
k =1
Q .
(a k )
k =1
(a k )
v
k =1
(a k )
k =1
Q .
3. System Model
and
Ai = Ii I i A( I i )
( ak ) k =1 Q \ Z
w
( k )vk=1 )
( k )vk =1 )
*
A strategy profile (si )iN is a Nash equilibrium
iff
71
Hi(q):
MSi(q):
Ri(q):
Guarded Conditions
aAi(i(q))
Updated States
trans.i.j.m
MSi(q) m
Acti(q)=1
evidence.i.m
MSi(q) m
Acti(q)=1
rec.i.j.m
Acti(q)= 1
i is active
Hi(q.a)=Hi(q).rec.i.j.m
acc.i.j.m
last(Hi(q)) = rec.i.j.m
i has received m
Acti(q)=1
i has verified m
validi(m,q,condm)1
Hi(q.a)=Hi(q).acc.i.j.m
MSi(q.a)=MSi(q){m}
quit.i
Acti(q)=1
i is active
Acti(q.a)= 0
i is inactive
faillocal.i
Acti(q)=1
i is active
failremote.i
Acti(q)=1
i is active
Table 2
aANET
(NET(q))
ANET(NET(q))
Guarded Conditions
Updated States
trans.i.j.m
i,j N, ij
rec.i.j.m
delete.i.j.m
MSNET(q) (i.j.m)
NET has (j,i,m)
i, j N, ij
NET
records
delete
event and deletes (i.j.m)
Table 3
HNET(q.a)=HNET(q). delete.i.j.m
MSNET(q.a)=MSNET(q)\{(i.j.m)}
ATTP(TTP(q))
73
Guarded Conditions
trans.TTP.j.m
MSTTP(q) m
i N, ActTTP(q)=1
rec.TTP.i.m
i N, ActTTP(q)=1
TTP is active
HTTP(q.a)=HTTP(q).rec.TTP.i.m
acc.TTP.i.m
ActTTP(q)=1
last(HTTP(q))=rec.TTP.i.m
validTTP(m,q,condm)=1)
74
Updated States
TTP
records
trans event
3.6 Payoff
A payoff is a number, also called utility, which
reflects the desirability of an outcome to a player, for
whatever reasons. The expected payoff incorporates
the players attitude towards risk. Denote the items
exchanged in the protocol by i and j. Furthermore,
Denote the value that j is worth to i (i, j=1,2; ij) by
ri(j). Require only that r1(2)>r1(1)>0 and
r2(1)>r2(2)>0 hold. The payoff ui(q) for i assigned to
the terminal action sequence q is defined as Def.4.
i + (q) = true;
i + (q) = false.
r ( ),
ui (q) = i i
0,
i (q) = true;
i (q) = false.
4. Conclusions
This paper proposes a dynamic game-based model
using CSP[2] for an electronic payment system. The
system is modeled in terms of the events that they can
perform. Model channels in three kinds of qualities
and participants dishonest behaviors, which enable to
analyze cooperative and adversarial behaviors. And a
process and channel failure model is proposed, which
helps to analyze a protocols security properties in
failed environment. Self-interested property is
applicable to all electronic payment protocols. It is
able to represent a trade-off between complexity and
what they achieve. Self-interested property is
participant-centric and applicable widely to describe
participants private interests of protocols such as
75