Transcript Introduction History:

Introduction
History:

Exchange of goods/services conducted face to face
between 2 parties dates back to before the beginning
of recorded history.
As trade became more complicated, abstracted
representation of values were devised:







Cash
Checks
Money orders
Credit cards
Online use of credit cards
Smart card
Electronic Money
Problems
Traditional means of payments




Counterfeit
Forged signature
Bounced checks
…
Electronic money has same problems



Easy to copy
Digital signature can be reproduced by anybody who
knows the secret cryptographic signing key.
The buyer’s name is associated with payment – lack
of anonymity.
Credit Card
Advantages


Allows credit
People can buy more than they can afford
Widespread but lack:



Anonymity
Security
Inability to reach everyone
In the United States, about 40% of the
population does not have a credit card.
Payment Size:



Macro payments involve large payments from about
10 USD onwards.
Small payments are from 0.1 USD or higher.
Micro payments can involve fractions of Cents.
Credit cards too expensive for small/micro
payments


Fixed charge of 2-4.5% (higher on internet)
The most expensive e-Payment mechanism
MasterCard: $0.29 + 2% of transaction value
A $100 charge costs the merchant $2.29

This cost reflects the security problems
Security Problems
Security problems:



All info is exposed to the merchant
There is a greater threat over the Internet
where merchants can be located anywhere
All purchases are traceable
ePayment - Problems
Problem:


Banks not set up for instantaneous transactions
Security
System design problems



Keep transaction costs low
Scale to huge number of transactions (100 billion per
day)
Bank systems (SWIFT, FedWire) do not talk to the
Internet
Requirements
Money atomicity: no money is lost or created in a
transfer
Goods atomicity: money and goods are exchanged
atomically
(both or none)
Non-repudiation: No party can deny its role in the
transaction; Digital signatures
Desirable Properties







Universally accepted
Transferable electronically
Divisible into change (pay for $10 item with $100 bill)
Forge-proof, Theft-proof
Private (no one except parties know the amount)
Anonymous (no one can identify the payor)
Work off-line (no need for on-line verification)
The Participants
Payer makes the
payment. (customer or
buyer).
Payee receives the
payment. (merchant or
seller).
Issuer is the third party of
the payer, (bank or
service-provider of the
payer).
Acquirer is the third party
of the payee,
(bank/service-provider of
the payee).
Broker is both issuer and
acquirer (when a protocol
requires a single third
party to be shared by
payer and payee).
Observer is usually an
uninvolved third party
used in the privacy
analysis of a payment
system. Observer has
information about the
transaction.
Certification

A registration and certification authority for the management of
authentication and symmetric keys like Kerberos or public keys
certification
Arbiter

To resolves disputes.
Trusted Third Parties
Notaries

To enforce payment receipt notifications, clearings or witnessing of
transactions.
Electronic Payment
Systems
Notational Fund Transfer
Digital Currency
Notational Fund Transfer
In credit card or check transactions, sensitive
information is being exchanged.



For example, you give your credit card to a merchant,
who sends the card number through phone line and
receives confirmation.
Banks meanwhile receive the same information and
adjust buyer's and merchant's accounts accordingly.
The information being transmitted online in this case
is encrypted for security.
The primary example is the use of digital credit
cards (e.g. CyberCash (www.cybercash.com)
and VISA/MasterCard's SET-based
transactions).
The Internet may be more secure than
phone lines for this same old payment
methods. (Can you encrypt your voice
when you give your credit card number
over the phone? Can you be sure who the
other person is?)
Secure Credit Card




Most important point in using a credit card for
payments through the Internet is the secure
transmission of the credit card data.
Payer transmits the credit card data or their
equivalent to the payee who submits them in
turn to the acquirer for online validation.
Acquirer resolves the actual payment via the
established financial networks.
The drawback : Unsuitability for micro
payments.
What is ECash
ECash is the digital analogue to
physical coins. It has the same
properties as does the legal tender to
which you're used: you can't spend
one coin twice, the coin has no
memory of who owned it or what it
was used to purchase, and it's difficult
to forge.
Digital money is created against existing
money. In the long run, digital money may
be created on its own if users accept it on
its face value, which will be determined by
how dependable its issuers are. All monies
are only as good as their issuers.
Very flexible: Can be made to behave like
e-checks or anonymous cash as situation
warrants.
Ecoin
It is the unit of payment and represents a fixed
amount of money. It is a combination of random
elements chosen by the payer and digital
signatures of the bank.
Models of e-cash
On-line payment means that Bob calls the Bank
and verifies the validity of Alice's token before
accepting her payment and delivering his
merchandise. (This resembles many of today's
credit card transactions.)
Off-line payment means that Bob submits Alice's
electronic coin for verification and deposit
sometime after the payment transaction is
completed. (This method resembles how we
make small purchases today by personal check.)
Smart Card
An electronic device about the size of a credit card that
contains an embedded integrated circuit (program and
memory)
Uses:




Storing digital cash
Storing information; giving hospitals or doctors personal data
without filling out a form
Generating network IDs by storing X.509 certificates, private
keys and RSA crypto-engines; establishing your identity when
logging on to an Internet access provider or to an online bank
Specialized Applications such as SIM (Subscriber Information
Modules) in GSM wireless telephones -- a SIM contains all the
generic information required to access the telephone network
Smart cards can be typically classified into broad
categories based on how they communicate with another
device:




Contact - Direct Communication - the card must be inserted into
a smart card reader which connects to a conductive module on
the card
Connectionless - antenna or other electromagnetic interface is
imbedded in the card
Hybrid cards are dual chip cards with each chip containing its
respective contact or connectionless interface; the chips are not
connected to each other in the card
Combo cards have a single ship with both contact and
connectionless interfaces.
Power for the smart card may be supplied either by an
embedded battery or by a microwave frequency -- the
card needs to be within 2 to 3 inches of the card reader.
Smart Card Applications
Applications








Ticketless travel: Seoul bus system: 4M
cards, 1B transactions since 1996
Authentication, ID
Medical records
Ecash
Store loyalty programs
Personal profiles
Government: Licenses
Mall parking
...
May emerge as the ultimate interface
device for the mobile digital economy.


It will hold your cash, ID information, house
and office keys, subway tokens, all types of
preference files (for house temperature
setting, driver seat setting, etc.) and other
information.
You will exchange these information and
digital products with other people, transact
business, present to police officers, check into
a hotel or a sports arena, and all other things
yet to be imagined.
Over a billion smart cards are in use,
primarily in Europe. Because the current
infrastructure in the US is designed for
credit cards with magnetic strips, there has
been a slower rate of adoption of smart
cards in the US. The use of Smart Cards
in Europe received its initial boost from the
French government in 1985 when it
purchased 16 million cards for use by its
then state-owned bank.
Smart Card Standards
OpenCard Framework is supported by Sun
Microsystems, IBM, Oracle, Netscape. It is a
standard for NCs, emphasizes portability and
personalization, and adopts Java.
Personal Computer Smart Card (PCSC)
Workgroup Standard is proposed by Microsoft
and supported by Schlumberger Electronic
Technologies.
Sun’s Java Card API, endorsed by Citibank,
Visa, First Union National Bank, VeriFone.
Motorola formed a Smart Card Systems
Business unit for contactless cards using radio.
Generic Transaction
Alice chooses a random x and r and
supplies the bank with B = r3f(x)mod n.
The bank returns the third root of B
modulo n: r.f(x)1/3 mod n
Alice gives Bob (x, f(x)1/3 mod n)
Bob calls the bank immediately to verify
that the coin has not been spent.
Double Spending
Bit Sequences can be copied exactly any
number of times.
Alice can copy a Ecoin many times and
spend it repeatedly.
Exposing Double Spenders
To get a coin
Choose ai, ci, di and ri, 1≤i ≤k
Send bank Bi = r3.f(xi,yi) mod n, 1≤i ≤k

xi=g(ai,ci) yi=g(XOR(ai,(u||v+i)),di).
Bank chooses k/2 random Bi and sends them.
For the others, the blinding function must be
revealed.
Bank checks that the values u and v are correct.
The coin C is extracted
Exposing Double Spenders
To Pay
Alice sends C to Bob
Bob chooses a random binary string
z1,z2,…,zk/2
Alice responds as follows for all 1 ≤ i ≤ k
 If zi=1 then Alice sends Bob ai, ci and yi
 If zi=0 then Alice sends Bob xi,
XOR(ai,(u||v+i)) and di
Exposing Double Spenders
Bob verifies that C is of proper form and
Alice’s responses fit.
C and Alice’s responses are sent to the
bank which verifies it and stores ai (for
zi=1) and XOR(ai,ui||vi) (for zi=0)
Exposing Double Spenders
If C is used twice, there is a high
probability that for at least one i, ai and
XOR(ai, ui||vi) is available.
Digicash Concept
Merchant
5
4
Bank
3
2
1
Consumer
1. Consumer buys Digicash from Bank
2. Bank sends Digicash bits to consumer
3. Consumer sends Digicash to merchant
4. Merchant checks with Bank that Digicash
is valid (not already spent)
5. Bank verifies that Digicash is valid
6. Parties complete transaction
Consumer still has (invalid) Digicash
Anonymous
Complex transaction (checking with Bank)
Atomicity a problem
ALICE SEND UNSIGNED
BLINDED COINS TO THE BANK
Withdrawal
(Minting):
WALLET
SOFTWARE
ALICE BUYS DIGITAL
COINS FROM A BANK
BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM
BOB VERIFIES COINS
NOT SPENT
ALICE PAYS BOB
Spending:
BOB DEPOSITS
Personal
Transfer:
CINDY VERIFIES COINS
NOT SPENT
CINDY GETS COINS BACK
ALICE TRANSFERS COINS TO CINDY
Micro payment
If transaction costs can be made
low enough to handle even subdollar payments, why should
digital product sellers be limited to
accepting credit card payments
and other large-scale payment
methods?
Aggregation
Used when individual transactions are too small
for credit card (e.g. $2.00)
Consumer and Merchant sign up with
Aggregator
Consumer makes purchase. Merchant notifies
Aggregator.
Aggregator keeps Consumer’s account. When
amount owed is large enough (or every month),
charges to Consumer’s credit card
Aggregator sends money (less fees) to Merchant
QPASS, CyberCash, GlobeID