Formal specification and verification of the SET/A protocol with an approach

Abstract

In this paper, we specify the SET/A protocol which is an agent-based payment protocol for credit card transactions in UML statechart diagrams. Then we translate them into the NuSMV language and analyze the payment protocol using the NuSMV model checker. Although the payment protocol satisfies desired properties including data integrity and deadlock freedom in the absence of an agent failure, a failure analysis reveals that not all desired properties are satisfied when the agent crashes. The agent may fail while it is travelling to a merchant's server or when it is running in the merchant's server. To ensure that a transaction is resilient to the agent failure, an extended SET/A protocol is proposed. Whenever a timeout occurs, the cardholder sends an inquiry request to the merchant directly for finding out the transaction result. Our work contributes the e-commerce field by using an integrated approach for modelling and analyzing the SET/A protocol.