Title: MICROPAYMENT PROTOCOLS
1MICROPAYMENT PROTOCOLS
2INTRODUCTION
- Overview of MicroPayments
- Protocols
- - NetBill
- - NetPay
- - PayCash
3MICROPAYMENTS
- - Fraction of a cent or very small amount that
may be charged for online usage of Connection
time. - - Payments of small sums of money, generally
smaller than physical currency.
4MICROPAYMENTS
- OBJECTIVES
- Minimize transaction overheads
- To use in place of Credit cards
- -Security
- Pay-per-view or pay-per-use type of commerce.
5Efficient Protocols
- Anonymous (Privacy Protection)
- Tamper-proof records
- Integrity
- Non-repudiation, Atomicity
- Accountability
- Multiple currencies
6NETPAY
- Secure
- Economical
- Easily implementable
- Debit-based protocol for a micropayment
- system
- Derived from Payword protocol
- Prevents Double spending
7NETPAY
- PROS
- No involvement of third party in every
transaction - Minimizes the number of expensive public-key
operations - Hash function operations are used
8NETPAY
- Consider a trading community
- -Untrusted parties
- Customer (C)
- Vendor (V)
- -Trusted parties
- Broker (B).
- --registers customers and Merchants
9NETPAY
Broker
M1
Vendor1
Customer
M1 IDc, n, IP address of V1
10NETPAY
- The Broker does
-
- Debit money from the account of C
- Creates a payword chain W0, W1, ..., Wn, Wn1
which satisfy Wi h(Wi1). - h(.) is a one way hash function
- Seed Wn1 is a secret with the broker.
- -- Prevents overspending and forging paywords
-
11NETPAY
Broker
M1
M2
Vendor1
Customer
M2 W1, W2, ..., Wn PK-customer
12NETPAY
Broker
M1
M3
M2
Vendor1
Customer
M3 IDc, W0 SK-broker
13NETPAY
- Transaction 2 Customer Vendor
M4
Vendor 1
Customer
M4 IDc, P
P (Wj, j), ( Wj1, j1), ..., (Wjm-1, jm-1)
payment P is verified by the vendor by hashing
the paywords Wi's in the payment P. ExW1 is
valid if the hash matches (W0)
14NETPAY
- Transaction 2 Customer Vendor
M4
Vendor 1
Customer
M4 IDc, P
If payment P is valid Then P will be stored for
redemption at a later time with the broker.
15NETPAY
- Transaction 2 Customer Vendor
M4
Vendor 1
Customer
M5
M5 IDv1, the receipt of the payment
16NETPAY
- Transaction 3 Vendor-Vendor
M6
M7
Customer
Vendor 2
Vendor 1
M9
M8
M6 IP address of V1, IDc, P, O
M7 IDc, IDv2
V1 signs the index Index IDv1, IDv2, iSK-v1
M8 IDc, W0, Index
M9 IDv2, the receipt of the payment
17NETPAY
- Transaction 4 Vendor Broker
-
M10
Broker
Vendor
M11
M10 IDc, IDv, P
M11 Statement of the vendor's account
18NETBILL
- System for micropayments
- For information goods on the Internet
- PLUS POINT
- Provides an atomic certified delivery method so
that a customer pays if and only if she receives
her information goods intact.
19NETBILL
NetBill server
Merchant Account
Customer Account
Financial Institution
Financial institution
E.g Banks
20NETBILL
NetBill server
Customer
Merchant
- Three phases
- Price negotiation---Customer ??Merchant
- Goods delivery--- Customer ??Merchant
- Payment---Merchant ??NetBill
21NETBILL
- The Transaction Protocol
- CÞ M Price request
-
- -Customer presents evidence of her identity
- -Requests a price quote on an item.
- -The customer may also bid for the item.
2. MÞ C Price quote -The merchant responds with
a price offer.
22NETBILL
- 4. MÞ C Goods, encrypted with a key K
- -The merchant provisionally delivers the goods,
under - encryption, but withholds the key.
5. CÞ M Signed Electronic Payment
Order -customer constructs, and digitally signs,
an electronic payment order (or EPO) and sends
it to the merchant.
6. MÞ N Endorsed EPO (including K) -Merchant
appends the key to the EPO digitally signs
the EPO, forwarding it to the NetBill
server. - Proof of Agreed Terms and Key
23NETBILL
- 7. NÞ M Signed result (including K)
- - NetBill Debits Credits Accounts.
- - Also proof of Transaction by NetBill
8. MÞ C Signed result (including K)
24PAYCASH
- Designed to offer
- - Strong security
- - Privacy protection.
- Based on CHAUMS ELECTRONIC COINS
- -- first to demonstrate anonymity in
electronic coins.
25PAYCASH
26PAYCASH
- COIN X, g-1(f(X))
- - f(.) and g(.) are functions that are easy to
- calculate and hard to invert.
- Only Third Party (TP) can mint a coin- apply
g-1(.) - For anonymity TP should mint without knowing X or
F(X) - The user applies a Blinding Fn before Minting the
coin.
27PAYCASH
- Instead of Serial number X,pair of keys are used
- - Public Key (P) Secret key (S).
- Two Functions SIGN(S,Z) VERIFY(P,Sz)
- ? VERIFY(P,SIGN(S,Z)) Z.
- COIN P, g-1(f(P)) .
- To send a Coin, we send the four tuple
- record, Sign(S,record), P, g-1(f(P))
28PAYCASH
- record, Sign(S,record), P, g-1(f(P))
- Check if f(p) g(g-1(f(P)) )
- Using P,
- VERIFY(P,SIGN(S,record)) record
- This verifies the sender because only he knows
the secret Key, S - P is stored with the third party after intial
payment.
29PAYCASH
- Multiple Value Coin
- For each P, Third Party keeps track of m(P).
- COIN N, P, g-N(f(P))
- Tuple record, Sign(S,record), n, P, g-n(f(P))
- Condition N gt k m(P)/c.
- e.g 10 gt2 5/1
30REFERENCES
- 1. Rivest, R., Shamir, A., Adleman, L.
(1978). A method for obtaining Digital Signatures
and Public-Key Cryptosystems, Communications of
the ACM, Vol. 21, 21(2)120-126. - 2. 7 B. Cox, J. D. Tygar, and M. Sirbu.
"NetBill Security and Transaction Protocol." In
Proceedings of the First USENIX Workshop on
Electronic Commerce, pages 77-88, July 1995. - 3. Jon M Peha and Lldar M. Khamitov. PayCash a
secure efficient Internet payment system. ACM
International Conference Proceeding Series
Proceedings of the 5th international conference
on Electronic commerce
31REFERENCES
- HyperLinks
- 1.Xiaoling Dai and Bruce W N Lo. Netpay--An
efficient protocol for micropayments on the WWW. - http//ausweb.scu.edu.au/aw99/papers/dai/paper.ht
ml - 2.http//citeseer.ist.psu.edu/cache/papers/cs/781/
httpzSzzSzwww.ini.cmu.eduzSznetbillzSzpubszSzUsen
ix.pdf/cox95netbill.pdf/ - 3.http//portal.acm.org/citation.cfm?id948022col
lACMdlACMCFID20304359CFTOKEN79408948