Lecture 8 e-money Today • Secure Electronic Transaction (SET) • CyberCash • On line payment system using e-money ECash • NetCash • MilliCent • CyberCoin SET CRiptography • To assure payment security RSA pair of keys are used to create digital signatures. Each member of the exchange have two pairs of asymmetric keys – A pair of exchange keys used to cript/decript the information – A pair of signing keys used to create and verify the digital signature • By contrast with PKI here the role of asymmetric keys is inversed (private key is used to sign and public to verify) • To increase the security the PKI approach is used. As result digital certificate of authenticity are used to provide needed public keys for any public receiver Dual SIgnature • The protocol comes with an improvement for digital signing – dual signature. • Let us consider the following scenario – Seller B send an offer to buyer A and an authorization to his bank to transfer the money in case of A accept the offer – Yet B need that back not see the terms of the offer and also the buyer not see his account information – Also B need to create a link between offer and transfer to assure the automat transfer in case of acceptance • This is solved by digitally signing both messages during the same operation resulting so called dual digital signature Dual Signature Operation • The operation for dual signature is as follows: – Take the hash (SHA-1) of the payment (PI) and order (OI) information. – These two hash values are concatenated [H(PI) || H(OI)] and then the result is hashed. – Customer encrypts the final hash with a private key creating the dual signature. DS = EKRC [ H(H(PI) || H(OI)) ] NetCash • There is an e-payment system that have the advantage of total confidentiality of the buyer (at least is what they claim). • It was designed at the Information Science Institute of University of Southern California. • Of course that full anonymity can not be achieved very easy. As result the used money can be identified. Yet the system have some supplementary measure to increase the anonymity level to an acceptable one. • The system is based on many distributed server where we can change an electronic cheque (including a NetCheque one) into electronic money. • There are three enity involved in the system – Buyers – Sellers – Coins deliver servers (SM) MilliCent • MilliCent is a simple and secure e-commerce protocol created to handle low cost payments (cents or les). It is based on decentralized verification of emoney at the buyers severs level. • The system is based on new concepts like broker and scrip. The brokers who sell scrip will manage the accounts and keep connection with the sellers. Each seller will have his scrip (e money) that must be locally validated to avoid double spending • A piece of scrip represents an account the customer has established with a vendor. In any moment the sell it will process the accounts from the most recent clients. The account balance is actualized by the scrip value. • When a client will make a buy using a scrip the cost is deduced from the total scrip of the client. • Vendor identifies the vendor for the scrip. • Value gives the value of the scrip. • ID# is the unique identifier of the scrip. Some portion of it is used to select the master_scrip_secret used for the certificate. • Cust_ID# is used to produce the customer secret. A portion of Cust_ID# is used to select the master_customer_secret which is also used in producing the customer secret. • Expires is the expiration time for the scrip. • Props are extra data describing customer properties (age, state of residence, etc.) to the vendor. • Certificate is the signature of the scrip. References • http://searchfinancialsecurity.techtarget.com/definiti on/Secure-Electronic-Transaction • http://ecommerce.hostip.info/pages/925/SecureElectronic-Transaction-SET.html • https://www.netcash.com/engine/overview/welcome • Bruce Schneier, Applied Cryptography Second Edition John, Cryptography, Second Edition - John Wiley & Sons • http://waste.informatik.huberlin.de/~grassmuck/Texts/ecash.e.html • http://www.w3.org/Conferences/WWW4/Papers/24 6/ Cash flow(s)?