The Internet Open Trading Protocol (IOTP) is an electronic commerce protocol being developed by the Internet Engineering Task Force. IOTP aims at providing an interoperable framework for electronic commerce (e-commerce) over the Internet. IOTP is expected to evolve into one of the central building blocks for the developing of next generation e-commerce on the Internet. The success of electronic commerce depends upon effective electronic payment systems. There are many security mechanisms specific to different payment systems. Each payment system defines its own messages and has its own security requirements. Yet one of the major concerns in the internet is interoperability. One way to achieve this is to define a higher level of abstraction, that is, a common electronic payment framework specifying a set of protocols that can be used with any payment system. we introduce a rights insertion, rights verification and rights transfer phase for IOTP. Although many payment systems already implement their own security mechanisms, there still may be a need for additional security mechanisms at the framework level. Finally a number of solutions have been proposed based on the problem and discussed on the prospect of electronic payment system. This is the philosophy of a payment framework proposal, IOTP, described in this paper. It would help to increase the efficiency of electronic payment systems.

1. ITU-T Recommendation X.200, Information Technology - Open Systems Interaction - Basic Reference Model, July 1994.
2. World Wide Web Consortium XML Working Group “Extensible Markup Language (XML) 1.0,” W3C Recommendation, Feb. 1998,
3. W3C Recommendation, available at, http://www.w3.org/TR/REC-xml.
4. Ouyang, C., Kristensen L. M., and Billington, J. An improved architectural specification of Internet Open Trading Protocol. In Proceedings of 3rd Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, 119--137. DAIMI PB-554, University of Aarhus, ISSN 0105-8517, 2001.
5. Raju barskar and Gulfishan Firdose Ahmed“E-Commerce Payment System Security in Banking Technology: A Review” In proceeding of International Conference on Next Generation Communication and Computing System (ICNGC2S-10), ISBN: 978-93-81068-00-7, pp-276-279, December-2010, Chandigarh, India.
6. Papa, M., Bremer, O., Hale, J., and Shenoi, S. Formal analysis of e-commerce protocols. IEICE Transactions on Information and Systems, E84-D(10): 1313--1323, 2001.
7. D. Burdett. Internet Open Trading Protocol - IOTP. RFC 2801. IETF Trade Working Group, April 2000.
8. S.H. Kwok, K.C. Wong, K.F. Tsang, S.C. Cheung, K.Y. Tam, Digital rights management in Internet open trading protocol (IOTP), Proceedings of the International Conference on Electronic Commerce (ICEC 2000), August 2000, pp. 179– 185.
9. Abhijit Chaudhury, Jean-Pierre Kuilboer (2003): e-Business and e-commerce Infrastructure: Technologies Supporting the e-Business Initiative, McGraw-Hill Irwin, First Edition.
10. Sandholm, T. and Lesser, V. Issues in Automated Negotiation and Electronic Commerce:Extending the Contract Net Framework, First International Conference on Multiagent Systems (ICMAS95). 1995. San Francisco: AAAI Press and MIT Press. pp. 328-335.
11. Ghosh, A., K., (1998) ‘E-Commerce Security: Weak Links, Best Defences’, John Wiley &Sons, Inc.
12. Kwok, S.H., S.C. Cheung, K.C. Wong, K.F. Tsang, S.M. Lui and K.Y. Tam, 2002. Integration of digital rights management into the Internet Open Trading Protocol. Decision Support Systems, 34: pp.413-425.
13. Internet Open Trading Protocol-IOTP Version 1.0,http://www.ietf.org/internet-drafts/draft-ietf-tradeiotp-v1.0-protocol-07.txt.
14. Vesna Hassler: Security Fundamentals for E-commerce, Artech House, 2001.

Internet Open Trading Protocol payment handler Electronic payment framework security issues