public key;electronic transaction;encryption;HTTP;SEPP">

Question 139. What is iKP?

iKP is the Internet Keyed Payments Protocol, an architecture for secure payments involving three or more parties [BGH95]. Developed at IBM's T.J. Watson Research Center and Zurich Research Laboratory, the protocol defines transactions of a "credit card" nature, where a buyer and seller interact with a third party "acquirer," such as a credit-card system or a bank, to authorize transactions. The protocol is based on public-key cryptography.

A typical iKP transaction involves six flows, with the following simplified descriptions:

INITIATE, which the buyer sends to the seller to begin the transaction

INVOICE, the seller's response, which optionally contains the seller's signature on the transaction data (amount, description, etc.)

PAYMENT, the buyer's response, which contains a payment "slip" including the buyer's account number and possibly a Personal Identification Number (PIN), encrypted with the acquirer's public key; and optionally, the buyer's signature on the transaction data

AUTH-REQUEST, which the seller sends to the acquirer, containing the encrypted payment slip

AUTH-RESPONSE, the acquirer's response to the seller, containing the acquirer's signature on the transaction data

CONFIRM, a confirmation from the seller to the buyer that the transaction has been authorized

Messages between the buyer and the seller are assumed to be sent over the Internet; the messages between the seller and the acquirer may be sent over the Internet, or over a private financial network. The main cryptographic protections are the encryption of the payment slip with the acquirer's public key and the acquirer's signature on the authorization. Neither the seller nor anyone else can obtain the payment slip, so the buyer's account number is kept private. (This is a significant improvement over conventional credit-card systems.) The buyer's and seller's signatures are optional, providing additional protection against repudiation.

As in the conventional credit-card case, the acquirer separately reconciles the transaction with the buyer's issuing bank; this is outside the scope of iKP.

iKP currently specifies RSA (see Question 8) as its public-key encryption and signature algorithm; the encryption technique is called "RSA encryption with integrity" and is based on Bellare and Rogaway's "Optimal Asymmetric Encryption" [BR94].

The protocol can be adapted to a variety of environments, including HTTP transactions on the World Wide Web (see Question 133); one embodiment of iKP is SEPP (see Question 140).

Additional information on iKP is available from <http://www.zurich.ibm.com/Technology/Security/extern/ecommerce/iKP.html>.
iKP has been submitted for consideration as an Internet standard.