Download presentation
Presentation is loading. Please wait.
Published byAnna Britney Wheeler Modified over 9 years ago
1
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt
2
Understanding Networked Applications: A First Course Electronic payments by David G. Messerschmitt
3
Understanding Networked Applications A First Course 3 Electronic payments: the players Consumer Merchant Financial institutions Physical tokens representing value
4
Understanding Networked Applications A First Course 4 Some forms of spending money Demand deposit Cash reserves Credit Debit Check Cash Loan Withdrawal
5
Understanding Networked Applications A First Course 5 Questions about value tokens Who will back the value? How is fraud, counterfeiting, etc. prevented? Will value restored if lost or stolen? Is it subject to regulation? Who pays for the system? Is it traced?
6
Understanding Networked Applications A First Course 6 Policy dilemmas Multiplicity of incompatible payment systems? Tracing and auditing: –Criminal prosecution –Taxation vs –Personal privacy
7
Understanding Networked Applications A First Course 7 Some privacy initiatives Open Profiling Standard TRUSTe Anonymous digital cash
8
Understanding Networked Applications A First Course 8 Electronic credit and debit Standard authentication, confidentiality, and non-repudiation techniques can be used –Asymmetric encryption and certificates Framework must take into account different institutions involved Example: Secure Electronic Transactions (SET) of Visa/Mastercard
9
Understanding Networked Applications A First Course 9 Participants Consumer (cardholder) Merchant Acquirer: financial institution acting as transaction clearinghouse for merchant Issuer: financial institution that issued consumer credit/debit card Association: Visa or Mastercard
10
Understanding Networked Applications A First Course 10 SET chain of trust Cardholder Acquirer Issuer AssociationSET Root Merchant (self-signed, included in all software)
11
Understanding Networked Applications A First Course 11 SET order/payment protocol initiate purchase authorize capture ConsumerMerchant Acquirer Issuer authorize capture
12
Understanding Networked Applications A First Course 12 Smartcard Card that contains encapsulated electronics and can be used for various forms of electronic commerce (and other things)
13
Understanding Networked Applications A First Course 13 Prepaid smartcard options Memory card –Memory plus password/PIN protection Shared-secret –Mutual authentication of any terminal sharing the secret Signature-carrying –Carries signatures created by institution Signature-creating –Hardware to create signature based on secret key
14
Understanding Networked Applications A First Course 14 Smartcard merits Memory –Closed system: single institution –No authentication of terminal Shared-secret –Requires encapsulated module in terminal, one to carry each card secret –One secret per institution implies that all cards of that institution can be compromised
15
Understanding Networked Applications A First Course 15 Smartcard merits (con’t) Signature –Terminals need only public keys –Easy to handle multiple institutions All but signature-carrying have unique card identity, and hence institutions can invade privacy by linking transactions
16
Understanding Networked Applications A First Course 16 Hard vs. digital cash Withdraw Deposit
17
Understanding Networked Applications A First Course 17 Digital cash 010110101101010111010110101 011010110101011010110101011 010101101010110111101011111 011010000000110101010110101 Since digital cash is represented by data, it is easily replicated. How do we prevent: Counterfeiting? Multiple spending?
18
Understanding Networked Applications A First Course 18 What is a digital cash token? Unique identifier Value attribute Bank digital signature Bit string Prevents counterfeiting Prevents spending more than once
19
Understanding Networked Applications A First Course 19 Financial institution perspective Consumer’s demand deposit Branch ATMDigital branch Currency in wallet Currency in smartcard Merchant Merchant’s demand deposit Vault cash Digital cash liability Payment Deposit Withdrawal May return as more digital cash
20
Understanding Networked Applications A First Course 20 Digital cash must be deposited Consumer walletConsumer smartcard Merchant Hard currency SpendDeposit Digital cash Deposit Withdraw as new digital cash
21
Understanding Networked Applications A First Course 21 Possible characteristics of digital cash Anonymity of consumer –Merchant knows who paid, but that information is not inherent to the digital cash itself –Financial institution knows what merchant deposited Attribution of cheating –Double spending Authorized traces
22
Understanding Networked Applications A First Course 22 Spending anonymity Withdrawal Payment Deposit Withdrawal and deposit are traceable, but can we break the chain somewhere?
23
Understanding Networked Applications: A First Course Supplements by David G. Messerschmitt
24
Understanding Networked Applications A First Course 24 Message digest MD algorithm Message Message digest MD is a fixed length (128 or 160 bit) summary of message One way: message cannot be recovered from MD Collision-free: computationally infeasible to find a message corresponding to a given MD
25
Understanding Networked Applications A First Course 25 Digital signature based on a message digest MD Encrypt secret key Message Decrypt public key MD Compare Signature generation Signature checking
26
Understanding Networked Applications A First Course 26 Dual signature Offer Payment authorization Dual signature Merchant Acquirer Consumer MD Acquirer can verify binding of offer and authorization, does not see offer Merchant can verify binding of offer and authorization, does not see authorization
27
Understanding Networked Applications A First Course 27 Spending anonymity Create $$, including identifier Blind signature If the consumer’s software creates the digital cash, and the bank signs it blindly, the bank will not see the identifier. The cut and choose protocol assures the bank the $$ is proper. Repeat n times Cut and choose one
28
Understanding Networked Applications A First Course 28 Blind signature analogy Token Carbon Put token and carbon in envelope $$ Present to bank for embossing Remove token from envelope $$ Consumer gets bank to sign cash token without observing contents
29
Understanding Networked Applications A First Course 29 Cut and choose protocol $$ Randomly choose one, check others Blind signature $$ Although the bank can’t see what it is signing, with the cut and choose the incentive for the consumer is to generate legitimate instances of digital cash.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.