What Is Transaction Verification?
Simple payment verification refers to the transaction verification of the information flow and capital flow between the consumer (customer), merchant (mer2chant) and bank (bank) and trusted third-party certification authority (CA) in the process of e-commerce consumption. In the e-commerce model, the interaction between various entities (consumers, merchants, banks, etc.) must follow certain rules to ensure the interests and safety of all parties and control transaction risks. This is the model of the agreement. A secure e-commerce protocol is a prerequisite to ensure the normal development of e-commerce activities. We can use formal methods to describe and verify network protocols, so as to find potential errors in the protocols.
- E-commerce consists of the interaction of information flow, capital flow and logistics between consumers (merchants), merchants (mer2chants) and banks (banks) and trusted third-party certification agencies (CAs). The open but insecure Internet is interconnected. In the e-commerce model, the interaction between various entities (consumers, merchants, banks, etc.) must follow certain rules to ensure the interests and safety of all parties and control transaction risks. This is the model of the agreement. A secure e-commerce protocol is a prerequisite to ensure the normal development of e-commerce activities. We can use formal methods to describe and verify network protocols, so as to find potential errors in the protocols. A number of network protocol verification tools based on time automata have been developed, and UPPAAL is one of the very good tools.
- Simple Network Payment Protocol (SNPP) was proposed by Semyon Dukach of the MIT Computer Science Laboratory. The protocol uses
- Consumers first choose a trusted bank to open an account to deposit cash and get the corresponding
- 1. Build the model
- The four process timeout constraints in the protocol are set to 15, 20, 20, and 20, respectively. If the consumer does not send a payment message after receiving the shipping information of the merchant for 15 units of time, a timeout message is sent; if the merchant does not receive the consumer's payment information for 20 units of time after sending the shipping confirmation message Send timeout information; if the merchant bank does not receive the payment message after sending a confirmation message to the merchant 20 units of time, it will send a timeout message; if the consumer bank does not receive the payment message after sending the reserved funds 20 units of time Is timeout, send a timeout message. After receiving the timeout information of the above process, the timeout timer sends a message to the external arbiter immediately.
- When building the model, assume that the consumer and merchant banks are different banks. In addition, under the premise of not affecting the detection of the key nature of the agreement, it is assumed that the bank payment process is an ideal process, that is, there is no network communication and other equipment failures.
- Define 5 process modules: consumer process, merchant process, consumer bank process, merchant bank process, timeout timer process. The consumer process only communicates with the merchant process, the merchant process only communicates with the merchant bank process, the merchant bank only communicates with the consumer bank, and the timeout timer is only responsible for receiving timeout information from the above processes.
- 2. Model verification
- application
- The simple network payment protocol was analyzed from the perspectives of currency atomicity and commodity atomicity. Through UPPAAL inspection, it was found that the original model of the protocol meets currency atomicity, but there are defects in the atomicity of commodities, which may cause consumers to receive the commodities And the case of non-payment. So on the basis of the original model, we added analysis of different inter-bank transaction behaviors and time-out behaviors in transactions, designed a time-out timer module, and proposed the use of arbitration status accessibility to notify external arbitration procedures to resolve transaction disputes, thereby The new model satisfies the atomicity of commodities [3] .