Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Cryptographic Protocols Lecture 12 Supakorn Kungpisdan NETE46301.

Similar presentations


Presentation on theme: "Advanced Cryptographic Protocols Lecture 12 Supakorn Kungpisdan NETE46301."— Presentation transcript:

1 Advanced Cryptographic Protocols Lecture 12 Supakorn Kungpisdan NETE46301

2 Outlines Payment Protocols Account-based Payment Protocols Token-based Payment Protocols NETE46302

3 Primitive transactions –Payment –Value Subtraction –Value Claim 5-May-153 Value claim Value subtraction Payment Client Merchant Payment Gateway Issuer Acquirer Electronic Payment Model

4 E-Payment Model (cont.) Payment, Value substraction Value subtraction, Value claim Value claim, Value subtraction Payment, Value substraction Payment Gateway (PG)

5 5-May-155SNC, Monash University Account-based Payment Systems Electronic Payment Systems Token-based Payment Systems Credit card, Electronic Checks Micropayment, Electronic Cash Types of Payment Systems

6 5-May-156SNC, Monash University Types of Payment Systems (cont.) Account-based payment systems –Represented by the transfer between accounts –Credit-card, debit-card, or electronic check –PayPal, Amex’s PayFlow, SET, iKP, NetChex –Requires payment authorization from banks in every transaction –Suitable for high-value transactions Token-based payment systems –Represented by electronic money –Micropayment, electronic coins, or electronic cash –CyberCash, PayWord, Millicent –No payment authorization required in every transaction –Suitable for low-value transactions

7 Outlines Payment Protocols Account-based Payment Protocols Token-based Payment Protocols NETE46307

8 8

9 Outlines Payment Protocols Account-based Payment Protocols Token-based Payment Protocols NETE46309

10 Micropayment Represented by electronic money Lightweight compared to credit-card payment in terms of cryptographic operations No payment authorization required in every transaction Suitable for Low-value payment transactions e.g. from 1 cents to 2 dollars Prepaid and Postpaid micropayment

11 2. PayWord Certificate 1 Certificate request 4. Certificate verification, first payment 5. Repeated payment 3. Generate coins 6. Redeem coins 7. Billing Client Bank Merchant PayWord

12 PayWord (cont.) Postpaid micropayment protocol based on public-key operations. Three parties are involved in the system: client, merchant, and bank. The bank issues the client a PayWord certificate containing an authorized amount CL NETE463012

13 PayWord (cont.) 1.Client generates a set of coins {c 0,..., c n }, where n = CL, which is specific to the merchant. 2.The set of coins is generated as follows: c i = h(c i+1 ), where i = 1,..., n 3.In the first payment, the client sends the merchant a commitment: commitment = {certificate, c 0 } NETE463013

14 PayWord (cont.) 4.In each payment, the client sends the coin c i to the merchant. 5.The merchant can infer the value of the coin i by applying a number of hash operations to c i as follows: c 0 = h i (c i ). 6.At the end of the month, the merchant sends the highest value of c i together with the commitment (containing c 0 ) to the bank. NETE463014

15 PayFair Prepaid coupon Request amount Money Deduct Coupon verification Coupon verification Client Merchant Bank Verification response Payment

16 5-May-1516SNC, Monash University PayFair A prepaid micropayment protocol which deploys symmetric-key operations and hash functions. The bank returns the message containing a payment token {N, RN} SK, RN = random number, N = serial number The client generates a set of coins w i, i = 0, …, n w i = h(w i+1 )

17 PayFair (cont.) For each payment, NETE463017

18 Limitations of PayWord & PayFair PayWord, High Computation at the client due to asymmetric cryptographic operation Payment information (price of goods) is revealed to other parties. PayFair, The prepaid coupon is merchant-specific when used. The client has to contact the bank for issuing a new prepaid coupon every time she runs out of credits. The bank is able to impersonate as any client to make a payment to a merchant. The client cannot refund un-used coins and coupons.

19 Kungpisdan’s Approach Lightweight protocol Provide a general-purposed prepaid card: able to make payments to many merchant. Extend validity period of a prepaid coupon Enhance the ability to identify the originator of the message (to prevent impersonation). All private information must be kept secret. Offer the ability to refund and cancel prepaid card

20 Setup Protocol 2. Bank coupon 1 bank coupon request Deduct money Client Bank 3. Create coins Merchant coupon for M 1 Remaining bank coupon Merchant M1M1 Bank coupon

21 Payment Initialization Protocol 4. Coupon verification 6. Updated bank coupon Client Merchant Bank 5. M 1 ’s coupon Merchant coupon for M1 M1 Remaining bank coupon Deposit to M 1 ’s account

22 Payment Protocol 6 Client Merchant Bank Payment Merchant coupon for M 1 M1M1

23 Extra Credit Request Protocol 10. Updated bank coupon 8. Authorization request Merchant Bank 9. Approval 7. Extra credit request M1M1 Client Remaining bank coupon Remaining bank coupon Requested value

24 Coupon Cancellation Protocol 12. Cancellation response 11. Bank coupon cancellation request Merchant Bank M1M1 Client Remaining bank coupon Deposit to the client’s account

25 Coin Return Protocol 16. Updated bank coupon 14. Authorization request Merchant Bank 15. Approval 13. Coin return request M1M1 Client Remaining M 1 ’s coupon Requested value Remaining bank coupon Deduct From M 1 ’s account

26 Extension to Postpaid Micropayment 2. Bank coupon 1 Certificate request 4. Bank coupon verification, first payment 5. Repeated payment 3. Generate coins 6. Redeem coins 7. Billing Client Bank Merchant

27 Question? Next Group discussion NETE463027

28 Group Discussion Work in a group of 6 students Design an Internet bill payment protocol based on any cryptographic operations –Symmetric encryption, Public-key encryption, Hash functions and MACs Must have the following process: –Client and merchant (biller) registration –The client can add a merchant –The client can make a payment to the merchant Give a demo by the end of the class NETE463028


Download ppt "Advanced Cryptographic Protocols Lecture 12 Supakorn Kungpisdan NETE46301."

Similar presentations


Ads by Google