Beruflich Dokumente
Kultur Dokumente
Remote Micropayment
Shervin Erfani Fall 2012
Outline
1. 2. 3. 4. 5. 6. 7. What is Remote Micropayment? Remote Micropayment History MilliCent Architecture MicroMint Coins What is Statistical Payment? Micali-Rivest Schemes for Statistical Payment Summary
Small transactions
Beverages Phone calls Tolls, transportation, parking Copying Internet content Lotteries, gambling
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
Micropayment Types
Prepaid cards
Issued by non-banks Represent call on future service Not money since usable only with one seller
Electronic purse
Issued by bank Holds representation of real money In form of a card (for face-to-face or Internet use) In virtual form (computer file for Internet use) The two forms are converging, e.g. wireless
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
A trusted third party involves to verify the needed security between the two parties of the transaction. The scheme commonly uses a virtual purse or a virtual jeton holder to carry the various monetary values available to the user.
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
Remote Micropayment
Remote micropayments characteristics
Buyer is not physically in sellers presence Cant insert card into vendors machine No physical goods, only information goods
If micropayment will work, goods must be cheap, e.g. $0.01
Examples: web pages, stock quotes, news articles, weather report, directory lookup Need instant service for large numbers of 1 transactions + reasonable profit to payment provider
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
MilliCent (1995 - )
To support transactions from as small as 1/10 of a cent up to $5.00 The payment system uses symmetric cryptography Associated with Compaq after that company purchased Digital Equipment Corporation
SOURCE: Sherif
PayPal
Is a micropayment system that charges payments to user's paypal accounts Current pricing model is 5% of purchase plus 5 cents Touted as targeted for purchases under $10 U.S.
SOURCE: Wikipedia
Making a payment
Removing money from the card
Clearance
Getting money into the sellers account
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
Concept of PayWord
Based on paywords*, strings will be accepted by vendors for purchases. User authenticates himself to a broker with one signature verification, establishes means of paying real money for paywords. User sets up with broker a linked chain of paywords to be used with a specific vendor.
Linking is used to make authentication of the paywords very cheap.
10
Certificate authenticates user to vendor. User creates payword chains specific to a vendor
Typical length: 100 units
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
11
Millicent
The parties involved in a transaction are the buyer, vendor, and broker. Vendors produce vendor-specific scrip, sell to brokers for real money at discount. Brokers sell scrip from many vendors to many users. Scrip is prepaid: promise of future service from vendor. Users spend scrip with vendors, receive change.
USER EXCHANGES BROKER SCRIP FOR VENDOR SCRIP (AS NEEDED)
BROKER
USER BUYS BROKER SCRIP ($ WEEKLY)
USER
VENDOR
SOURCE: COMPAQ
12
Millicent (Cont.)
Broker
issues broker scrip to user Exchanges broker scrip for vendor scrip Interfaces to banking system Collects funds from users Pays vendors (less commission)
User
Buys broker scrip from brokers Spends by obtaining vendor-specific scrip from broker
Vendor
Sells scrip to brokers Accepts vendor scrip from users Gives change to users in vendor scrip
October 22, 2012 88-590-02 E-Commerce, S. Erfani University of Windsor 13
Scrip Properties
Represents a prepaid value Represents any denomination of currency The security is based on the assumption of vendor-specific Can be spent only once Can be spent only by its owner Cannot be tampered with or its value changed Computationally expensive to counterfeit scrip Make no use of public-key cryptography Cannot provide full anonymity
October 22, 2012 88-590-02 E-Commerce, S. Erfani University of Windsor 14
MilliCent Components
Wallet
Integrated with browser as a proxy User Interface (content, usage)
Wallet Tokens Vendor Server
Vendor software
Easy to integrate as a web relay Utility for price management
New tokens
Spent tokens
User
Vendor
Broker Server
Broker software
Handles real money
Broker
SOURCE: MICHAEL I. SHAMOS, CMU
15
Broker Server
Vendor (thousands)
Price File
Price Configurator
Document Tree Site Map
HTTP
Wallet HTTP
Wallet Contents
Vendor Server
Web Server
Vendor
Value ID#
Cust ID#
Expires
Props
Stamp
Secret
Millicent processing:
Validates scrip and generates change Sells subscriptions Handles replays, cash-outs, and refunds
October 22, 2012 88-590-02 E-Commerce, S. Erfani University of Windsor
Price File
Document Tree
Vendor Site
19
Drawback of MilliCent
Both broker and vendor must be trusted to issue the correct change
No way to prove that change scrip is owned
20
MicroMint
Developed by Rivest and Shamir in 1997 for micropayments. Brokers produce coins having short lifetimes, sell coins to users. Users pay vendors with coins. Vendors exchange the coins with brokers for real money. BROKER
NEW COINS
SPENDING OF COINS
CUSTOMER
TRANSFER OF INFORMATION
VENDOR
SOURCE: SHERIF
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
21
22
23
24
25
26
27
1/1000 FAIRNESS:
User, Merchant and Bank cannot cheat. Not always fair to User (might be overcharged). Fair to Merchant and Bank on average.
999/1000
$10
VOID
28
29
If C has value, M sends to bank C & D = SigM(C). Bank verifies signatures and F(D), charges U $10 and credits M with $10. No risk to bank; U may pay a lot more than the transaction value.
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
30
Bank only sees 0.1% of transactions. No risk to bank. Because of signatures, neither U nor M can cheat. (If protocol is implemented properly!) U may pay a lot more than the transaction value. We want a protocol in which U never pays more than the transaction value.
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
31
32
S
i =1
MaxSi =
MaxS
i =1
m 1
i +1
MaxSi = S m = n
User can cheat (by not incrementing S), but Bank will catch him. Bank on average receives as much as it pay out.
October 22, 2012
88-590-02 E-Commerce, S. Erfani University of Windsor
33
34
Summary
Micropayment systems must be fast and cheap. They MUST lack features of higher-value payment systems. They use of hashing instead of cryptography. Micropayment parties: buyer, seller, broker Micromint models minting coins.
High overhead to prevent counterfeiting
35
References
M. H. Sherif, Protocols for Secure Electronic Commerce. Boca Raton, FL: CRC Press LLC., 2004, Chapters 10.5 to 10.9. T. O. Lee, et al., An agent-based micropayment systems for e-commerce, pp. 247-263, E-Commerce Agents, Lecture Notes in Computer Science, J Liu and Y. Ye, (Eds.). Berling, Heidelberg: Spring-Verlag, 2001. R. Rivest and A. Shamir, PayWord and MicroMint: Two simple micropayment schemes, Lecture Notes in Computer Science, vol. 1189, pp. 69-87, 1997. S. Jarecki and A. Odlyzko, An efficient micropayment system based on probabilistic polling, Lecture Notes in Computer Science, vol. 1318, pp. 173-191, 1997. Electronic Payment Systems (20-763) Official Course Web http://euro.ecom.cmu.edu/program/courses/tcr763/2002pgh/cards7.ppt R. Parhaonyi et, al., Second generation micropayment systems: lessons learned, http://wwwhome.cs.utwente.nl/~pras/publications/2005-I3E2ndgeneration- payments.pdf
36
37