Lightweight Security Primitives for E-Commerce

Yossi Matias, Alain Mayer, Avi Silberschatz

Research output: Contribution to conferencePaperpeer-review


Emerging applications in electronic commerce often involve very low-cost transactions, which execute in the context of ongoing, extended client-server relationships. For example, consider a website (server) which o ers repeated authenticated personalized stock quotes to each of its subscribers (clients). The value of a single transaction (e.g., delivery of a web-page with a customized set of quotes) does not warrant the cost of executing a handshake and key distribution protocol. Also, a client might not always use the same machine during such an extended relationship (e.g., a PC at home, a laptop on a trip). Typical transp ort/session-layer security mechanisms such as SSL and S-HTTP either require handshake/key distribution for each transaction or do not support client mobility. We propose a new security framework for extended relationships between clients and servers, based on persistent shared keys. We argue that this is a preferred model for inexpensive transactions executing within extended relationships. Our main contribution is the design and implementation of a set of lightweight application-layer primitives, for (1) generating and maintaining persistent shared keys without requiring a client to store any information between transactions and (2) securing a wide range of web-transactions (e.g., subscription, authenticated and/or private delivery of information, receipts) with adequate computational cost. Our protocols require public key infrastructure only for servers/vendors, and its usage only once per client (upon rst interaction).

Original languageEnglish
StatePublished - 1997
Externally publishedYes
Event1st USENIX Symposium on Internet Technologies and Systems, USITS 1997 - Monterey, United States
Duration: 8 Dec 199711 Dec 1997


Conference1st USENIX Symposium on Internet Technologies and Systems, USITS 1997
Country/TerritoryUnited States


Dive into the research topics of 'Lightweight Security Primitives for E-Commerce'. Together they form a unique fingerprint.

Cite this