Presentation is loading. Please wait.

Presentation is loading. Please wait.

20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I.

Similar presentations


Presentation on theme: "20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I."— Presentation transcript:

1

2 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I

3 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Micropayments Replacement of cash –Cheaper (cash very expensive to handle) –Electronic moves faster –Easier to count, audit, verify Small transactions –Beverages –Phone calls –Tolls, transportation, parking –Copying –Internet content –Lotteries, gambling

4 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Micropayments Transactions have low value, e.g. less than $1.00 Must process the transaction at low cost Technological savings: –Don’t verify every transaction –Use symmetric encryption Float-preserving methods –Prepayment –Grouping Aggregate purchases (to amortize fixed costs) Provide float to processor Partial anonymity (individual purchases disguised)

5 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Micropayments Prepaid cards –Issued by non-banks –Represent call on future service –Not money since usable only with one seller Electronic purse –Issued by bank –Holds representation of real money –In form of a card (for face-to-face or Internet use) –In virtual form (computer file for Internet use) –The two forms are converging, e.g. wireless

6 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Purse Issues Loading (charging) the purse with money Making a payment (removing money from the card) Clearance (getting money into the seller’s account)

7 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Smart card system Issued by Zentraler Kreditausschuß (Germany) Card contains counters representing money value –Max balance 400 DEM = $188 Card is loaded through a loading terminal –Debits customer’s bank account Spending at merchant terminal or on Internet –Amount deducted from card, added to merchant terminal (card) –No real-time authorization End-of-day: merchant uploads transactions Money credited to merchant account Bank fee: 0.3%, minimum $0.01

8 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Loading GeldKarte LOADING TERMINAL (ATM) LOADING MANAGER SAM ISSUING BANK SAM AUTHORIZATION SERVER ACCOUNT DATABASE 3. AUTHORIZATION REQUEST 4. AUTHORIZATION 5. AUTHORIZATION 2. AUTHORIZATION REQUEST 6. UPDATE ACCOUNTS 7. SAM EXCHANGE 9. OFFLINE FILE TRANSFER SAM = SECURITY APPLICATION MODULE SOURCE: SHERIF 1. LOAD REQUEST + PIN 8. VALUE TRANSFER

9 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Payment Customer inserts GeldKarte in slot (at merchant terminal or PCMCIA card) Merchant authenticates customer card Customer authenticates merchant card Transfer purchase amount Generate electronic receipts (Later) Merchant presents receipt to issuing bank to obtain credit to merchant account No purse-to-purse transactions OFFLINE (NO THIRD PARTY)

10 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Card Authentication Merchant SAM generates a random number RAND (to prevent replay attack), sends to customer card with request for customer card ID (CID) Card sends CID, a generated sequence number SNo, RAND, and H(CID) encrypted with a symmetric secret key SK C (known to card, not customer) No public-key encryption Merchant computes SK C from CID and his own secret key SK M (known to card, not merchant) Merchant can now validate integrity of the card message by computing H(CID)

11 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Value Exchange Customer sends StartPayment message Merchant sends MID, merchant’s transaction number TNo, SNo, a MAC encrypted with SK C, CID and the value M to be transferred, all encrypted with SK C Customer can decrypt this message with SK C and validate merchant Customer checks CID, M and SNo (prevent replay) Customer card verifies at least M remaining, subtracts M, increments SNo, records payment data, generates proof of payment: { M, MID, SNo, TNo, ANo, MAC }, send to merchant card

12 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Value Exchange, cont. Merchant verifies payment: –compute actual payment amount M' from the proof of payment, compare with M –verify MID and TNo –increment TNo, increase balance by M –notify merchant of success –record transaction data with different secret key K ZD Merchant requests payment from bank (later) –sends encrypted proofs of payment to bank –TNo prevents more than one credit per transaction

13 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Clearance Uses a “shadow account” (Börsenverechnungskonto) to track the contents of the card –When card is loaded, shadow account is credited –When money is spent, shadow account is debited online transactions immediately offline transactions later If card is lost or damaged, money can be replaced Problem: every transaction is recorded, no anonymity Solution: “Weisse Karte.” Bought for cash, not connected to any bank account

14 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Security DES (customer), triple DES (merchant) (cipher block chaining or cipher feedback mode) 128-bit hashes Each card has unique ID, unique symmetric key, PIN stored in “secret zone” and in bank Unique transaction numbers

15 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS GeldKarte Internet Payment Wireless potential “Caroline” Trusted Wallet Device GeldKarte Reader USB or Infrared Connection to PC

16 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Austrian Quick Purse Austrian schillings (ATS) only –Minimum payment 0.01 ATS = 6/100¢! –Maximum payment 1999.99 ATS = $128

17 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Quick Card Clearing Money accumulates on merchant card Merchant terminal uploads summary auditing data (not all data: transactions cannot be traced) Bank downloads redlist (stolen cards) database If merchant has no terminal, card can be brought to value transfer terminal

18 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Quick Internet Payment Customer selects goods on the Web and chooses the "Quick payment” option Merchant server contacts the payment server, transmits client's IP- address and transaction value, short description of goods and merchant ID Payment server locks the merchant for the transaction, contacts wallet over TCP at a special port designated for Quick im Internet. The client then accesses the card reader and looks for customer Quick card Before card is debited, client displays a message box to the customer that describes the ordered goods as well as the total amount of the transaction and allows the customer to either permit the transaction or cancel it.

19 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Q A &


Download ppt "20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I."

Similar presentations


Ads by Google