FEIPS: A Secure Fair-Exchange Payment System for Internet Transactions

To be considered secure, a payment system needs to address a number of security issues. Besides fundamental security requirements, like confidentiality, data integrity, authentication and non-repudiation, another important requirement for a secure payment system is fair exchange. Many existing payment protocols require that customers must pay for products before their delivery (in the case of delivery of digital goods) or the delivery of the receipt (in the case of delivery of physical goods). This unfair situation should be eliminated afterward; that is, it is necessary to rebalance fairness for customers. To address these issues, we propose the Fair Exchange Internet Payment Protocol (FEIPS). The FEIPS protocol is designed for the payment of physical goods and falls into the category that uses a trusted third party for ensuring fair exchange. Although FEIPS has a strong emphasis on fair exchange, it still guarantees strong security properties, including confidentiality, data integrity, authentication and non-repudiation. The FEIPS protocol is designed to be simple and practical, unlike other similar protocols designed for the payment of physical goods. To demonstrate that FEIPS satisfies the desired properties, we perform a formal verification using the HLPSL language and the AVISPA tool.