Trust Issues in Ecommerce

Secure Periodical Payments

Electronic periodical payments, or direct debits, are a popular payment mechanism in many countries. These are where customers can authorise merchants to bill them repeatedly for the provision of some service without further interaction with them being required. However, as currently implemented, there are often very few restrictions on these payments, and ambiguity about how they can be cancelled. Our research has been into ways of including a clearly specified contract between the customer and the merchant in a signed restricted X.509 proxy certificate, that the merchart subsequently uses to request and validate payments. We believe the use of commonly accepted technologies like X.509 certificates and web services may assist in the acceptance of these proposals.

Some of our results to date may be seen in our papers:

• Grigori Goldman and Lawrie Brown, Analysis of the Periodical Payment Framework using Restricted Proxy Certificates, presented at the Thirty-Third Australasian Computer Science Conference (ACSC2010), Brisbane, Australia; and published in Conferences in Research and Practice in Information Technology (CRPIT), Vol. 102, Jan 2010, B. Mans and M. Reynolds, eds.
• Grigori Goldman, Electronic Payments: Periodical Payment Framework using Restricted Proxy Certificates, PhD Thesis, School of Information Technology & Electrical Engineering, UNSW@ADFA, Canberra Australia, 2009.
• Grigori Goldman, Periodical Payment Model using Restricted Proxy Certificates, presented at the Thirtieth Australasian Computer Science Conference (ACSC2007), Ballarat, Australia; and published in Conferences in Research and Practice in Information Technology (CRPIT), Vol. 62, Jan 2007, Gillian Dobbie, ed.

Assesing Trust of Web Services

Mechanisms for providing suitable levels of trust in the identities of the parties to Ecommerce applications is a topic with many unresolved issues. The traditional mechanisms of face-to-face contact and reputation often do not translate into the electronic realm. New mechanisms based around the use of cryptograpic algorithms and digital certificates issued by Certification Authorities are evolving, but their use in practical applications, and means for providing transitivity of trust through chains of certificates are still not well understood.

Currently, Dr Lawrie Brown in conjunction with his colleagues Dr Ed Lewis, Dr Jan Newmarch, and our research students, are investigating these issues from several aspects, including from the perspective of the customer, as well as the business provider.

Some of our results to date may be seen in our papers:

• Yinan Yang, Ed Lewis, and Lawrie Brown, Cultural and Social Aspects of Security and Privacy - The Critical Elements of Trusted Online Service, presented at HCI International 2007, Beijing, China, 22-17 July 2007; and published in N. Aykin (Ed.): Usability and Internationalization, Part II, HCII 2007, Lecture Notes in Computer Science Vol. 4560, pp 546-553, Springer-Verlag Berlin Heidelberg 2007.
• Yinan Yang, Lawrie Brown, Ed Lewis and Jan Newmarch, W3 Trust-Profiling Framework (W3TF) to Assess Trust and Transitivity of Trust of Web-based Services in a Heterogeneous Web Environment, accepted for presentation at APWEB 2006 - The Eighth Asia Pacific Web Conference, 16-18 Jan 2006, Harbin, China. The proceedings will be published in the Springer-Verlag, Lecture Notes in Computer Science series, and the paper is © Springer-Verlag 2006.
• Yinan Yang, W3 TRUST MODEL (W3TM): A TRUST PROFILING FRAMEWORK TO ASSESS TRUST AND TRANSITIVITY OF TRUST OF WEB-BASED SERVICES IN A HETEROGENEOUS WEB ENVIRONMENT, PhD Thesis, School of Information Technology & Electrical Engineering, UNSW@ADFA, Canberra Australia, 2004.
• Y. Yang, L. Brown, J. Newmarch, and E. Lewis, W3 Trust Model: a Way to Evaluate Trust and Transitivity of Trust of Online Services, Internet Computing Conference, Las Vegas, June 2002.
• Y. Yang, L. Brown, J. Newmarch, and E. Lewis, eCommerce Trust via the Proposed W3 Trust Model, PACCS01 research student conference, UNSW@ADFA, July 2001.
• Y. Yang, L. Brown, J. Newmarch, E. Lewis, " Trust MetaData: Enabling Trust and a Counterweight to Risks of E-Commerce", Asia-Pacific Web Conference, Hong Kong, Sept 1999.
• Y. Yang, L. Brown, J. Newmarch, and E. Lewis, "A Trusted W3 Model: Transitivity of Trust in a Heterogeneous Web Environment", AusWeb'99, Ballina, NSW, Apr 1999.
• Y. Yang, L. Brown, J. Newmarch, " Which One is for You: Issues of Trust in Digital Signature Certificates", presented at the UniforumNZ'99 conference in NZ, April 1999.
• Y. Yang, L. Brown, J. Newmarch, " Which One is for You: Issues of Trust in Digital Signature Certificates", presented at the AUUG98 Conference, Sydney, Sept 1998.