20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments II.

Slides:



Advertisements
Similar presentations
CP3397 ECommerce.
Advertisements

E-Commerce Payment Systems
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Copyright 1996 RSA Data Security, Inc. All rights reserved.Revised 1/1/96 PayWord and MicroMint: Two Simple MicroPayment Schemes Ronald L. Rivest (MIT)
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments I.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 10 Micropayments II.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Electronic Check Payment Protocols and Systems
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9: Micropayments II.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 3 Virtual Money.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 12 Peer-to-Peer Systems.
Summary of Reading Assignments: Credits and Debits on the Internet & New Payment Systems Hope To Cash In Dr. Deepak Khazanchi.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
“Electronic Payment System”
Payment Systems for Electronic Commerce
Electronic Payment Systems In any commercial transaction payment is an integral part for goods supplied. Four types of payments may be made in e-commerce.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Traditional and Electronic Payment Methods Chapter 3.
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Chris Olston, cs294-7, Spring Atomicity in Electronic Commerce J. D. Tygar -- UCB presented by Chris Olston.
Secure Electronic Transaction (SET)
Bitcoin (what, why and how?)
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Traditional and Electronic Payment Methods Chapter 3.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
An Authenticated Payword Scheme without Public Key Cryptosystems Author: Chia-Chi Wu, Chin-Chen Chang, and Iuon-Chang Lin. Source: International Journal.
Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.
TM MilliCent Scrip, Security and Secrets TM Dr. Mark S. Manasse DIGITAL Systems Research Center, Palo Alto
Business Administration term project 2 (25%) financial Management Systems Debit card and credit card payments By Ashleigh Gray.
© 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Electronic Payment Systems.
Payment Systems Unit 34: E-commerce M2 - Compare two different payment systems used in e-commerce systems.
Figure 15.1 Conventional Cryptography
2/16/001 E-commerce Systems Electronic Payment Systems.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Module 9 Micropayment systems. Properties of micropayment systems Micropayments do not have a real-world cash equivalent – cash cannot be divided into.
Micropayments Revisited Ronald L. Rivest (with Silvio Micali) MIT Laboratory for Computer Science RSA Conference 2002.
Adam Shields Sarah Purdy. What is PayPal? PayPal is an online payment service that allows individuals and businesses to transfer funds electronically.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
Multi-Vendor PayWord with Payment Approval Andrea Huszti University of Debrecen Debrecen, Hungary.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Presentation transcript:

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments II

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Remote Micropayments Remote micropayments –Buyer is not physically in seller’s presence –Can’t insert card into vendor’s machine –No physical goods, only information goods if micropayment will work, goods must be cheap, e.g. $0.01 –Subscriptions, credit cards, checks, ACH (even PayPal) too expensive Examples: web pages, stock quotes,news articles, weather report, directory lookup Need instant service for large numbers of 1¢ transactions + reasonable profit to payment provider

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Remote Micropayment Parties Users (buyers) Vendors (sellers) Brokers (intermediaries) –issue “scrip” (virtual money) to users –redeem scrip from vendors for real money Assumptions –User-Broker relationship is long-term –Vendor-Broker relationship is long-term –User-Vendor relationship is short-term

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Micropayment Efficiency Providers need to process a peak load of at least 2500 transactions/second Public-key cryptography is expensive –1 hash = 10 symmetric encryptions = 10,000 RSA signature verifications Need to minimize Internet traffic –Servers must be up –More servers required, longer queues, lost packet delay –Remove the provider from the process (user + vendor only) For small payment amounts, perfection is not needed –Losing a micropayment –Keep micropayment fraud low

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Payword Based on “paywords,” strings that will be accepted by vendors for purchases User authenticates himself to a broker with one signature verification, establishes means of paying “real” money for paywords User sets up with broker a linked chain of paywords to be used with a specific vendor. (Linking is used to make authentication of the paywords very cheap.) User pays vendor by revealing paywords to vendor Marginal cost of a payment: one hash computation

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Payword User sets up Payword account with a broker (pays real money) Broker issues user a “virtual card” (certificate) –broker name, user name, user IP address, user public key Certificate authenticates user to vendor User creates payword chains (typical length: 100 units) specific to a vendor

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Buying Paywords User visits broker over secure channel (e.g. SSL), giving coordinates of bank account or credit card: U, A U, PK U, T U, $ U Broker issues a subscription card C U = { B, U, A U, PK U, E, I U } SK B Vendor will deliver goods only to A U USER NAME USER ADDRESS USER PUBLIC KEY USER CERTIFICATE COORDINATES OF BANK ACCOUNT OR CC BROKER NAME EXPIRATION DATE USER INFORMATION (CARD #, CREDIT LIMIT) BROKER PRIVATE KEY

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Making Payment Commitment to a payword chain = promise by user to pay vendor for all paywords given out by user before E –N = value in jetons needed for purchases (1 payword = 1 jeton) –W N = last payword, a random value chose by user User creates payword chain backwards by hashing W N W N-1 = H(W N ); W N-2 = H(W N-1 ) = H(H(W N )), etc., giving W = { W 0, W 1,... W N-1, W N } User “commits” this chain to a vendor, sends M = { V, C U, W 0, D, I M } SK U VENDOR NAME EXPIRATION DATE OF COMMITMENT EXTRA INFORMATION (VALUE OF CHAIN) USER PRIVATE KEY “FIRST” PAYWORD EXPENSIVE: REQUIRES DIGITAL SIGNATURE  CAN EASILY COMPUTE THIS WAY  DIFFICULT TO COMPUNTE THIS WAY M IS VENDOR SPECIFIC AND USER-SPECIFIC (NO USE TO ANYONE ELSE)

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Making Payment, cont. Vendor can use PK U and PK B to read the commitment to know that U is currently authorized to spend paywords. User “spends” paywords with the vendor in order W 1, W 2,..., W N. To spend payword W i, user sends the vendor the unsigned token P = { W i, i }. To verify that P is legitimate, vendor hashes it i times to obtain W 0. If this matches W 0 in the commitment, the payment is good. If V stores the last payword value seen from U, only one hash is needed. (If last hash was W i, when vendor receives W i+1, can hash it once and compare with W i.) P does not have to be signed because hash is one-way.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Settlement with Payword Even if vendor has no relationship with broker B, can still verify user paywords (only need broker’s public key) For vendor to get money from B requires relationship Vendor sends broker B a reimbursement request for each user that sent paywords with M, W L (last payword received by vendor) Broker verifies each commitment using PK U and performs L hashes to go from W L to W 0 Broker pays V, aggregates commitments of U and bills U’s credit card or debits money from U’s bank account

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Payword Payment Properties Payment and verification by vendor are offline (no use of a trusted authority). Payment token P does not reveal the goods Fraud by user (issuing paywords without paying for them) will be detected by the broker; loss should be small Vendor keeps record of unexpired paywords to guard against replay

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS MicroMint Brokers produce “coins” having short lifetimes, sell coins to users Users pay vendors with coins Vendors exchange the coins with brokers for “real” money BROKER CUSTOMER VENDOR SOURCE: SHERIF NEW COINS SPENDING OF COINS TRANSFER OF INFORMATION PURCHASE NEW COINS RETURN UNUSED COINS EXCHANGE COINS FOR OTHER FORMS OF VALUE

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Minting Coins in MicroMint Idea: make coins easy to verify, but difficult to create (so there is no advantage in counterfeiting) In MicroMint, coins are represented by hash-function collisions, values x, y for which H(x) = H(y) If H() results in an n-bit hash, we have to try about 2 n/2 values of x to find a first collision Trying c 2 n/2 values of x yields about c 2 collisions Collisions become cheaper to generate after the first one is found

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Coins as k-way Collisions A k-way collision is a set { x 1, x 2,..., x k } with H(x 1 ) = H(x 2 ) =... = H(x k ) It takes about 2 n(k-1)/k values of x to find a k-way collision Trying c 2 n(k-1)/k values of x yields about c k collisions If k > 2, finding a first collision is slow, but subsequent collisions come fast If a k-way collision { x 1, x 2,..., x k } represents a coin, easily verified by computing H(x 1 ), H(x 2 ),..., H(x k ) A broker can easily generate 10 billion coins per month using one machine

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Selling MicroMint Coins Broker generates 10 billion coins and stores (x, H(x)) for each coin, having a validity period of one month The function H changes at the start of each month Broker sells coins { x 1, x 2,..., x k } to users for “real” money, records who bought each coin At end of month, users return unused coins for new ones

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Spending MicroMint Coins User sends vendor a coin { x 1, x 2,..., x k } Vendor verifies validity by checking that H(x 1 ) = H(x 2 ) =... = H(x k ). (k hash computations) Valid but double-spent coins (previously used with a different vendor) cannot be detected at this point At end of day, vendor sends coins to broker Broker verifies coins, checks validity, checks for double spending, pays vendor (Need to deal with double spending at this point)

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Detecting MicroMint Forgery A forged coin is a k-way collision { x 1, x 2,..., x k } under H() that was not minted by broker Vendor cannot determine this in real-time Small-scale forgery is impractical Forged coins become invalid after one month New forgery can’t begin before new hash is announced Broker can issue recall before the month ends Broker can stay many months ahead of forgers

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Millicent Vendors produce vendor-specific “scrip”, sell to brokers for “real” money at discount Brokers sell scrip from many vendors to many users Scrip is prepaid: promise of future service from vendor Users “spend” scrip with vendors, receive change BROKER USER VENDOR SOURCE: COMPAQ USER SPENDS VENDOR SCRIP FOR INFORMATION TRANSFER OF INFORMATION (CHANGE IN MESSAGE HEADER) USER BUYS BROKER SCRIP ($ WEEKLY) BROKERS PAY FOR VENDOR SCRIP ($$$ MONTHLY) (¢ DAILY) USER EXCHANGES BROKER SCRIP FOR VENDOR SCRIP (AS NEEDED)

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Millicent Broker –issues broker scrip to user –exchanges broker scrip for vendor scrip –interfaces to banking system –collects funds from users –pays vendors (less commission) User –buys broker scrip from brokers –spends by obtaining vendor-specific scrip from broker Vendor –sells scrip to brokers –accepts vendor scrip from users –gives change to users in vendor scrip

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Q A &

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.