A transaction is a partial order of messages between two processes. Transactions proceed in three successive phases:
A message is secure if and only if the following properties can be established as required:
A transaction is secure if and only if all messages in the transaction are secure and the following relational properties can be established as required:
A secure message protocol is used to exchange singular messages between two processes with one or more of the secure message properties. A secure transaction protocol, on the other hand, is used to exchange related secure messages between two processes with one or more of the secure transaction properties.
The secure message properties defined above are well-known, and are already provided in several existing security protocols, such as SET [16], PGP [12] and SSL [3].
The relational properties of atomicity and isolation are also familiar from classical database theory [5], where they provide for computational separation of transactions. In secure transactions we seek a similar effect, so that transactions that involve exchanges of things of value (cash or commodities) occur atomically (all exchanges occur or none do) and in isolation (no item can be exchanged unless it is received in a successful transaction).
The other relational property, causality, allows each process in a transaction to deduce and verify the order in which data messages were sent and received in the transaction. If some of these data messages constitute a negotiation between the processes of the transaction, then causality ensures that each process can prove exactly how the negotiation progressed.
Next we discuss mechanisms that can be used to ensure these relational properties.