################################################ # # # ## ## ###### ####### ## ## ## ## ## # # ## ## ## ## ## ### ## ## ## ## # # ## ## ## ## #### ## ## ## ## # # ## ## ###### ###### ## ## ## ## ### # # ## ## ## ## ## #### ## ## ## # # ## ## ## ## ## ## ### ## ## ## # # ####### ###### ####### ## ## ## ## ## # # # ################################################ The following paper was originally published in the Proceedings of the First USENIX Workshop on Electronic Commerce New York, New York, July 1995 For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: office@usenix.org 4. WWW URL: https://www.usenix.org iKP -- A Family of Secure Electronic Payment Protocols Mihir Bellare (1), Juan A. Garay (1), Ralf Hauser (2), Amir Herzberg (1), Hugo Krawczyk (1), Michael Steiner (2), Gene Tsudik (2), Michael Waidner (2) (1) IBM T.J. Watson Research Center, P.O. Box 704, Yorktown Heights, NY 10598, USA, {mihir, garay, amir, hugo}@watson.ibm.com (2) IBM Zurich Research Laboratory, Samerstrasse 4, CH-8803 Ruschlikon, Switzerland, {rah, sti, gts, wmi@zurich.ibm.com Abstract This paper proposes a family of protocols -- iKP (i=1,2,3) -- for secure electronic payments over the Internet. The protocols implement credit card-based transactions between the customer and the merchant while using the existing financial network for clearing and authorization. The protocols can be extended to apply to other payment models, such as debit cards and electronic checks. They are based on public-key cryptography and can be implemented in either software or hardware. Individual protocols differ in key management complexity and degree of security. It is intended that their deployment be gradual and incremental. The iKP protocols are presented herein with the intention to serve as a starting point for eventual standards on secure electronic payment. Note: The most recent version of this document is available from