An optimistic fair exchange protocol based on signature policies

The growth of the e-commerce has allowed companies and individuals to sell and purchase almost any kind of product and service through the Internet. However, during the purchase transaction there is a moment during which the seller has sensitive information from the buyer, typically his/her credit card information, while the buyer has nothing from the seller. This situation clearly places the buyer at disadvantage and is, together with fear of fraud, one of the reasons of the lack of confidence in e-commerce. For resolving this situation a new fair exchange protocol based on signature policies is presented. A signature policy is a set of rules to create and validate electronic signatures, under which an electronic signature can be determined to be valid in a particular transaction context. Due to the signature policy-based design, the proposed protocol allows the buyer to decide if trust or not in the rules that will manage the transaction, increasing the user's confidence in e-commerce. Security, fairness and timeliness characteristics of the protocol are evaluated. Implementation guidelines are also provided taking into consideration latest security standards.