Accountable mobile E-commerce scheme via identity-based plaintext-checkable encryption

Abstract

© 2016 Elsevier Inc. All rights reserved. In mobile e-commerce systems, users conduct transactions using wireless or Internet-based devices, such as mobile phones and tablets. It is different from traditional e-commerce systems relying on workstations or desktops, which is usually used in a fixed location. Recently, privacy and accountability have become users' primary concerns in mobile e-commerce applications. In this paper, a novel mobile e-commerce scheme is developed to address the fundamental requirements. We first propose an identity-based plaintext-checkable encryption (IBPCE) scheme where anyone can check whether a ciphertext is the encryption of a plaintext under a specific identity without knowing the secret key. Furthermore, the proposed IBPCE scheme is incorporated into the mobile e-commerce scenario, which results in an accountable mobile e-commerce (AMEC) scheme. Our proposed AMEC scheme has several superior features: (1) Users can register to the e-commerce system by using their mobile identities, such as mobile phone numbers; (2) The transactions between a buyer and a vendor are encrypted; (3) If there is a dispute, an offline adjudicator can identify who is dishonest by checking the encrypted transactions. We evaluate the proposed scheme and confirm that the new scheme can effectively balance the need for privacy and accountability.