Professional Documents
Culture Documents
Network Security: Electronic Payment Systems II: E-Cash, Micro-Payment (Source: Various On-Line Slides and Documents)
Network Security: Electronic Payment Systems II: E-Cash, Micro-Payment (Source: Various On-Line Slides and Documents)
Network Security: Electronic Payment Systems II: E-Cash, Micro-Payment (Source: Various On-Line Slides and Documents)
Agenda
Universality
Transferability (electronically)
Divisibility
Non-forgeability
Privacy
Anonymity
Off-line
Electronic Cash
Basic protocol
Protocol basic steps:
1. C buys/withdraws e-cash from Bank
2. BC: e-coins
Merchant
3. CM: e-coins
4. M Bank: ask to check e-coin
validity
5. B M: verifies coin validity
Parties still to complete transaction
afterward merchant
Sep 2009
5
4
Bank
2
1
Customer
5
Sep 2009
Atomicity problem
On-line
Off-line
Advantages of e-cash
More efficient
Lower transaction costs
Available to anyone, unlike credit cards (which require
special authorization)
Disadvantages
Blind Signatures
Goal
10
How?
Basic: Sign anything
11
Problem
How to make the bank trust the validity of the stuff in sealed envelope?
12
13
14
Checkfree
Clickshare
15
CyberCash
CyberCoins
16
DigiCash
Trailblazer in e-cash
Allowed customers to purchase goods and services using
anonymous electronic cash
Coin.Net
17
Micropayments
Replacement of e-cash
Cheaper
inexpensive to handle
Recycling faster
Easier to count, audit, verify
Beverages
Phone calls
Tolls, transportation,
parking
Copying
Internet content
Lotteries, gambling
Micropayments
Prepaid cards
Issued by non-banks
Represent call on future
service
Not money since usable only
with one seller
Issued by bank
Holds representation of real
money
In form of a card (for face-toface or Internet use)
Saving in choosing
technologies
Float-preserving methods
Prepayment
Grouping
Aggregate purchases
(amortizing)
Provide float to processor
Partial anonymity (individual
purchases disguised)
Remote Micropayments
Remote micropayments
instant service
transactions as cheap as 1 but in large number
reasonable profit to payment provider
Information Security by Van K Nguyen
Hanoi University of Technology
Users (buyers)
Vendors (sellers)
Brokers (intermediaries)
User
Vendor
Web
Browser
Web
Server
Scrip
Broker
Server
Broker
Assumptions
Micropayment Efficiency
Servers must be up
More servers required, longer queues, lost packet delay
Remove the provider from the process (user + vendor only)
Payword Concept
WN
WN-1 = H(WN )
WN-2
WN-2 = H(WN-1 )
W1 = H(W2 )
W1
W0
W0 = H(W1 )
Payword
Payword
Buying Paywords
AU,
USER
ADDRESS
PKU,
USER
PUBLIC KEY
TU,
USER
CERTIFICATE
COORDINATES OF BANK
ACCOUNT OR CC
$U
EXPIRATION
DATE
IU } SKB
USER INFORMATION
(CARD #, CREDIT LIMIT)
BROKER
PRIVATE KEY
Making Payment
M IS VENDOR
SPECIFIC AND
USER-SPECIFIC
(NO USE TO
ANYONE ELSE)
FIRST
PAYWORD
EXPIRATION
DATE OF
COMMITMENT
EXPENSIVE: REQUIRES
DIGITAL SIGNATURE
EXTRA INFORMATION
(VALUE OF CHAIN)
USER
PRIVATE KEY
Major Ideas
MicroMint
BROKER
NEW COINS
SPENDING OF COINS
VENDOR
CUSTOMER
TRANSFER OF INFORMATION
SOURCE: SHERIF
Information Security by Van K Nguyen
Hanoi University of Technology
Millicent
BROKER
USER BUYS BROKER
SCRIP ($ WEEKLY)
BROKERS PAY
FOR VENDOR SCRIP
($$$ MONTHLY)
USER
( DAILY)
TRANSFER OF INFORMATION
(CHANGE IN MESSAGE HEADER)
VENDOR
SOURCE: COMPAQ
Millicent
Broker
User
Vendor
MilliCent Components
Wallet
easy to integrate
as a web relay
utility for price
management
Broker software
Tokens
Wallet
New
tokens
Vendor software
Spent
tokens
User
Vendor
Broker
Server
Broker
Vendor
Server
Broker
Server
Price
File
HTTP
User (millions
of consumers)
Browser
Document
Tree
Site Map
Wallet
HTTP
Browser
Cache
Price
Configurator
Vendor
Server
Wallet
Contents
Web
Server
Vendor
Web
Server
Scrip
Broker
Server
MilliCent Scrip
Props
Stamp
Secret
Vendor Server
Millicent
relay to web-server
Vendor
Server
Web
Server
Millicent processing:
Major Ideas