Micro Payment System (1)
Transcript of Micro Payment System (1)
-
8/8/2019 Micro Payment System (1)
1/22
1
Chapter 11
Micropayment Systems
11.1 Introduction
11.2 Overview of Micropayment System
11.3 Millicent
11.4 PayWord
Introduction
Online Credit card payment involves substantial minimal fee pertransaction not applicable for charging smaller amounts
Difficulties: - delay- user involvement
- potential for disputes (refunds, chargeback)
- handling cost
Micropayment charging amounts smaller or close to the minimal credit cardtransaction fee
Low value per transaction small profit high processing rate paymentverification inexpensively
Successful micropayment system not involve computationally expensivecryptographic techniques
-
8/8/2019 Micro Payment System (1)
2/22
2
Overview of Micropayment System
Operated by one or more payment service provider (PSP) receivingaggregated payment from customers passing to the merchants
Payment protocol - payment approval (customer agrees to pay)
- payment authorization (PSP)
Payment approval and payment authorization integrated orseparated
The single PSP solution is simple and efficient but expect more PSPs to
emerge as the demand grows and market matures
Unrealistic all customer and merchants have accounts with multiple PSPs
Micropayment system support interoperability among multiple PSPs
Overview of Micropayment System
Micropayments via a single PSP
-
8/8/2019 Micro Payment System (1)
3/22
3
Overview of Micropayment System
Payments via the PSP
Overview of Micropayment System
Micropayments via two interoperating PSPs
-
8/8/2019 Micro Payment System (1)
4/22
4
Millicent
A decentralized micropayment scheme allow payments as low as $0.001 tobe made
Efficiently validated at a vendors site
Without any additional communication, expensive public key encryption oroffline processing allow it to scale effectively for repeated small payments
Uses a form of electronic currency scrip
Scrip vendor-specific fast and efficient to verify - it is not of great concernif loses a small piece of change
Using fast symmetric encryption the protocol can be both lightweight andsecure
The Millicent Model
Millicent
-
8/8/2019 Micro Payment System (1)
5/22
5
Millicent
i. Broker (Financial Institutions / Network Service Providers)
Aggregating micropayments
Not efficient customer buys vendor scrip from every vendor
Customer will make enough micropayments in total at different vendors to cover the cost of a macropayment transaction
Broker provides all the different vendor scrip needs of a customer in returnfor a single macropayment sell vendor scrip to customers
The aggregation of different vendor scripsjustifies a macropaymenttransaction to purchase these pieces of scrip
Millicent
i. Broker (Financial Institutions / Network Service Providers)
Replacing subscription services
Vendormaintains account information forcustomers who have paid touse the service for a set length of time
Customers have to maintain account information foreach different vendor
Broker frees both the customer and vendor replacing a subscriptionservice with a pay-per-access micropayment system
-
8/8/2019 Micro Payment System (1)
6/22
6
Millicent
i. Broker (Financial Institutions / Network Service Providers)
Selling vendor scrip
Brokers handle the real money in the Millicent system maintain accountsof customers and vendors.
Have an agreement with each vendor whose scrip the broker sells
Two ways in which a broker gets the vendor scrip:
1. Scrip warehouse (buy and store)2. Licensed scrip production (generate)
Efficient: - doesnt need to store a large number of scrip pieces
- vendor does less computation doesnt have to generate
- license smaller to transmit
Millicent
ii. Vendors
Merchants selling low-value services or information
Accept his or herown vendor scrip validate it locally prevent anydouble spending
Sell scrip at discount orscrip-producing license profit for brokers
-
8/8/2019 Micro Payment System (1)
7/22
7
Millicent
iii. Customers
Buy broker scrip with real money from their chosen broker
Broker scrip has value at that broker only
A macropayment scheme (SET or E-Cash) could be used to buy thebroker scrip
Using broker scrip - customerbuys vendor scrip for specific vendorsused to make purchases
Millicent
Purchasing with Millicent
Buying broker scrip
-
8/8/2019 Micro Payment System (1)
8/22
8
Millicent
Purchasing with Millicent
Purchasing from a vendor
Millicent
Purchasing with Millicent
Further purchases from the same vendor
-
8/8/2019 Micro Payment System (1)
9/22
9
Millicent
Scrip
Properties:
Represents a prepaid value
Represents any denomination of currency
The security is based on the assumption
Vendor-specific
Can be spent only once Can be spent only by its owner
Cannot be tampered with or its value changed
Computationally expensive to counterfeit scrip
Make no use of public key cryptography
Cannot provide full anonymity
Millicent
Scrip
Structure:
-
8/8/2019 Micro Payment System (1)
10/22
10
Millicent
Scrip Certification Generation
Millicent
Validating scrip at the time of purchase
-
8/8/2019 Micro Payment System (1)
11/22
11
Millicent
To prevent double spending - vendorchecks the ID# has not already beenspent
Maintains bit vectors corresponding to the issued serial number (ID#s) tokeep track of spent scrip
Vendordiscards the fully spent or expired vector keep valid scrip ID# -speed up transactions
Computation costs: Recalculate certificate one hash function
Prevent double spending one local ID# database lookup
Making purchase across network one network connection
Different levels ofefficiency, security and privacy sending scrip over anetwork
Millicent
Three main Millicent protocols:
1. Scrip in the clear
2. Encrypted network connection
3. Request signatures
1. Scrip in the clear
Sending and receiving the purchase content and change in the clear
No network security interception might be occurred
-
8/8/2019 Micro Payment System (1)
12/22
12
Millicent
2. Encrypted network connection
Purchase using encrypted network connection
Millicent
2. Encrypted network connection
Generating a customer_secret
-
8/8/2019 Micro Payment System (1)
13/22
13
Millicent
2. Encrypted network connection
Buying vendor scrip
Millicent
3. Request signatures
Generating a request signature
-
8/8/2019 Micro Payment System (1)
14/22
14
Millicent
3. Request signatures
Purchase using a request signature
Millicent
3. Request signatures
Vendor verifies the request signature
-
8/8/2019 Micro Payment System (1)
15/22
15
Millicent
Characteristics of the Three Millicent Protocols
Millicent
Application
1. Paying for information content
2. Database searching
3. Access to a service
4. Authentication to distributed services
5. Metering usage
6. Usage-based charges
7. Discount coupons
8. Preventing subscription sharing
-
8/8/2019 Micro Payment System (1)
16/22
16
Millicent
Drawbacks
1. Both broker and vendor must be trusted to issue the correct change noway to prove that change scrip is owned
2. The user cannot independently verify the validity of a piece of scrip sincethe user cannot regenerate the scrip certificate
PayWord
Credit-based micropayment scheme
Reduce the number ofpublic-key operation uses hash functions and
symmetric key cryptography faster
Uses chains of hash value to represent user credit
Each hash value (PayWord) can be sent to a merchant as payment
PayWord chain vendor-specific user digitally signs a commitment tohonor payment for that chain
Brokers maintain account for users and vendors not necessary for both avendor and user to have an account at the same broker
Need some assurance that users will honor their PayWord payment sincePayWord is a credit-based scheme
-
8/8/2019 Micro Payment System (1)
17/22
17
PayWord
PayWord certificate authorizes a user to generate PayWord chainsguarantees that a specific broker will redeem them
Broker and vendors do not need PayWord certificates
Users obtain a certificate when they initially setup an account with a broker
Certificate have to be renewed every month limits fraud and ensuring thatusers who have overdrawn account will not be issued with a new certificate
PayWord
Obtaining a PayWord user certificate
-
8/8/2019 Micro Payment System (1)
18/22
18
PayWord
Since identified certificates with a user identifier and address are used noanonymity is provided
Broker might maintain blacklists of certificates that have been revoked ifsecret key was lost or stolen avoid others to generate PayWord chainsunder their name
Vendor has responsible to obtain any revoked certificate list from a broker
PayWord
PayWord Chains
Represent user credit at a specific vendor
Is a chain of hash value
Each PayWord (hash value) in the chain has the same value (1 cent)
-
8/8/2019 Micro Payment System (1)
19/22
19
PayWord
Generating a PayWord chain
PayWord
PayWord Chains
Vendor and broker need to know to whom the spent PayWords belong usersaccount can be charged
The user is authenticated by signing a commitment authorize the broker toredeem allows the vendor to be confident that he will be paid
A commitment to a PayWord chain has the form:
Comm = {V, CU, W0, E, ICOMM} SKU
-
8/8/2019 Micro Payment System (1)
20/22
20
PayWord
Paying a vendor with PayWords
PayWord
Verifying the first PayWord
-
8/8/2019 Micro Payment System (1)
21/22
21
PayWord
Verifying further payments
PayWord
Reclaiming PayWords with a broker
-
8/8/2019 Micro Payment System (1)
22/22
PayWord
Hash functions are computationally cheap
Broker could perform certificate generation and PayWord redemption offline efficiency
Payment verification requires only one hash computation vendor need onlystore the highest payment hash received
PayWord is most efficient forrepeated micropayments to a specific vendor
Minimizes communication costs
broker does not have to be contacted for a new vendor payment
need not change and return the unused vendor-specific scrip to the broker (unlikeMillicent system)
Provides more opportunity for user fraud if a users secret key iscompromised