Secure e-payment protocol with new involved entities

Most of the secure electronic payment solutions that have been proposed in the last years are focused on the traditional payment model: one customer buys goods/services to one merchant, and a payment e-transaction is performed via a processor and banking institutions. However, nowadays, more versatile e-commerce scenarios could be considered with different constraints but with interesting challenges and advantages. On one hand, new customers habits and new connectivity solutions and technologies such as hotspots in public wireless LANs, enough band-width in 3G cellular networks, powerful smart-phones, embedded browsers, etc. are adapting the current market offers. On the other hand, new intermediate entities aim to participate in the purchase transaction by providing value-added and customized services to the different parties, with the corresponding benefits. An important assumption for our proposal is that this intermediary is an a priori untrustworthy entity for the customer. In this paper, we describe a new e-payment model with an intermediary that links one customer with multiple merchants. Additionally, this model considers merchants and intermediaries with Internet connectivity constraints; therefore our solution is based on a client-centric approach, i.e. only the client equipment has the capability of online communicating with the banking networks by means of a payment service provider. For that reason, our solution is focused on the protection of the end-to-end e-payment transactions that are transmitted through a powerful client handheld device.