MilliCent

advertisement
Lecture 8
e-money
Today
• Secure Electronic Transaction (SET)
• CyberCash
• On line payment system using e-money
ECash
• NetCash
• MilliCent
• CyberCoin
SET CRiptography
• To assure payment security RSA pair of keys are
used to create digital signatures. Each member of
the exchange have two pairs of asymmetric keys
– A pair of exchange keys used to cript/decript the
information
– A pair of signing keys used to create and verify the digital
signature
• By contrast with PKI here the role of asymmetric
keys is inversed (private key is used to sign and
public to verify)
• To increase the security the PKI approach is used.
As result digital certificate of authenticity are used
to provide needed public keys for any public
receiver
Dual SIgnature
• The protocol comes with an improvement for digital
signing – dual signature.
• Let us consider the following scenario
– Seller B send an offer to buyer A and an
authorization to his bank to transfer the money in
case of A accept the offer
– Yet B need that back not see the terms of the offer
and also the buyer not see his account information
– Also B need to create a link between offer and
transfer to assure the automat transfer in case of
acceptance
• This is solved by digitally signing both messages during
the same operation resulting so called dual digital
signature
Dual Signature Operation
• The operation for dual signature is as follows:
– Take the hash (SHA-1) of the payment (PI) and order (OI)
information.
– These two hash values are concatenated [H(PI) || H(OI)] and
then the result is hashed.
– Customer encrypts the final hash with a private key
creating the dual signature.
DS = EKRC [ H(H(PI) || H(OI)) ]
NetCash
• There is an e-payment system that have the advantage of
total confidentiality of the buyer (at least is what they claim).
• It was designed at the Information Science Institute of
University of Southern California.
• Of course that full anonymity can not be achieved very easy.
As result the used money can be identified. Yet the system
have some supplementary measure to increase the
anonymity level to an acceptable one.
• The system is based on many distributed server where we
can change an electronic cheque (including a NetCheque
one) into electronic money.
• There are three enity involved in the system
– Buyers
– Sellers
– Coins deliver servers (SM)
MilliCent
• MilliCent is a simple and secure e-commerce
protocol created to handle low cost payments
(cents or les). It is based on decentralized
verification of emoney at the buyers severs level.
• The system is based on new concepts like broker
and scrip. The brokers who sell scrip will manage
the accounts and keep connection with the sellers.
Each seller will have his scrip (e money) that must
be locally validated to avoid double spending
• A piece of scrip represents an account the
customer has established with a vendor. In any
moment the sell it will process the accounts from
the most recent clients. The account balance is
actualized by the scrip value.
• When a client will make a buy using a scrip the cost
is deduced from the total scrip of the client.
• Vendor identifies the vendor for the scrip.
• Value gives the value of the scrip.
• ID# is the unique identifier of the scrip. Some portion of it is used to
select the master_scrip_secret used for the certificate.
• Cust_ID# is used to produce the customer secret. A portion of Cust_ID#
is used to select the master_customer_secret which is also used in
producing the customer secret.
• Expires is the expiration time for the scrip.
• Props are extra data describing customer properties (age, state of
residence, etc.) to the vendor.
• Certificate is the signature of the scrip.
References
• http://searchfinancialsecurity.techtarget.com/definiti
on/Secure-Electronic-Transaction
• http://ecommerce.hostip.info/pages/925/SecureElectronic-Transaction-SET.html
• https://www.netcash.com/engine/overview/welcome
• Bruce Schneier, Applied Cryptography Second Edition John,
Cryptography, Second Edition - John Wiley & Sons
• http://waste.informatik.huberlin.de/~grassmuck/Texts/ecash.e.html
• http://www.w3.org/Conferences/WWW4/Papers/24
6/
Cash flow(s)?
Download