electronic check payment protocols and systems speaker: jerry gao ph.d. san jose state university...
Post on 20-Dec-2015
217 views
TRANSCRIPT
Electronic Check Payment Protocols and Systems
Speaker: Jerry Gao Ph.D.
San Jose State Universityemail: [email protected]
URL: http://www.engr.sjsu.edu/gaojerry
May, 2000
Topic: Electronic Cash Payment Protocols and Systems
- Overview of electronic cash system
- Ecash (Digital Cash)
- NetCash
- Comparisons and summary
Jerry Gao Ph.D. 5/20000
Presentation Outline
All Rights Reserved
Topic: Electronic Cash Payment Protocols and Systems
What is an electronic cash payment system?
E-commerce application systems must provide payment processing and transaction service to buyers and sellers.
A payment system, as a part of E-commerce application system, is a such system which support secured payment processes by providing reliable, secured, and efficient transaction services between sellers and buyers.
The basic requirements of a payment system:
- Provide secured and confidential transaction processes.- Conduct authentication and authorization for all involved parties.- Ensure the integrity of payment instructions for goods and services.- Simple, availability, cost-effective, efficient, and reliable.
Jerry Gao Ph.D. 5/2000
Overview of Electronic Cash Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Topic: Electronic Cash Payment Protocols and Systems
- Customers: Customers use the digital cash payment systems to make purchases.
- Dealers: Dealers have to bear the costs of payment transactions. - Providers for digital payment systems:
Providers are intermediaries between dealers and financial institutions.They provide services and training.
- Development vendors for digital payment systems:
- Financial institutions: Banking systems or organizations who use electronic payment systems.
- Trust Centers: They control digital signature keys, and help to secure customer confidence in certain payment systems. They are responsible for the integrity of transmitted data and authenticity of contractors.
Actors Involved in Electronic Cash Payment Systems
Jerry Gao Ph.D. 5/2000
Topic: Electronic Cash Payment Protocols and Systems
- Digital money:Payment systems must provide customers and private households with acceptable digital money.
Security: Ensure the security of transactions and information privacy of users.
- Scalability: A large number of customers and concurrent transactions should be handled in a scalable manner.
- Efficient and effective: Payment systems must support efficient and effective payment processing and accounting services for small payment transactions.
- Simple: Payment systems must provide customers with simple transparent transactions.
Basic Requirements for Electronic Cash Payment Systems
Jerry Gao Ph.D. 5/2000
Topic: Electronic Cash Payment Protocols and Systems
- Anonymous: Usually, customers wish to stay anonymous for all involved transactions..
- Double spending: Digital coins consists of a number of bits. Payment systems must be able to recognize and/or prevent repeated payments with the same digital coin.
- Exchange: Digital money should be convertible into “real” money whenever necessary.
- Store: Digital money must be stored locally on hard disks or other media.
- Value: Digital cash payment systems must provide a large number of digital coins for circulation and perform authentication checking.
Basic Requirements for Electronic Cash Payment Systems
Jerry Gao Ph.D. 5/2000
Topic: Electronic Cash Payment Protocols and Systems
- Saved time: - Reduce transaction process time- Speed up transaction processes
- Reduced costs:- Reduce transaction costs- Reduce cash distribution costs
- Flexibility:- Digital cash can take many forms, including prepaid cards- Digital cash can be converted into different currencies
- Reduce cash distribution risk: - Reduce the regular cash distribution risk
- Error free and efficient:- Reduce transaction errors
Advantages of Electronic Cash Payment Systems
Jerry Gao Ph.D. 5/2000
Topic: Online Payment Protocols and Systems
Important features of electronic cash payment protocols and systems:
- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases.
- Liquidity: Digital cash have to be accepted by all concerned economic agents as a payment method.
- Prepaid cards: Buyers can buy prepaid cards that are accepted by special sellers.
- Electronic payment processing:
Special Features of Electronic Payment Protocols
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Important features of electronic cash payment protocols and systems:
- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases.
- Liquidity: Digital cash have to be accepted by all concerned economic agents as a payment method.
- Prepaid cards: Buyers can buy prepaid cards that are accepted by special sellers.
- Electronic payment processing:
Special Features of Electronic Check Protocols and Payment Systems
Jerry Gao Ph.D. 5/2000
Topic:Elect ronic Check Payment Protocols and Systems
Overview of NetBill:
- ECash is a payment protocol for anonymous digital money on the Internet. - It is developed by DigiCash Co, of Amsterdam, The Netherlands.- It is currently implemented and offered by Mark Twain Bank, St. Louis since 1995.- DeutscheBank Ag, Frankfurt (Main) offers Ecash as a pilot project to its customers since October 1997.
A public trial of the Millicent system was scheduled for the summer of 1997.
Electronic Check Payment Protocol: NetBill
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
NetBill model:
MilliCent protocols use a form of electronic currency called Scrip to connect three involved parties:
- vendors, customers, and brokers.
Scrip is vendor specific.
A Millicent broker:--> medicate between vendors and customers to simplify the tasks they perform.--> aggregate micro-payments--> sell vendor Scrip to customers--> handle the real money in the Millicent system.--> maintain customer accounts and vendors (subScripion services)--> buy and produce large chunks of vendor Scrips (for licensed vendors)
Vendors: --> are merchants selling low-value services or information to customers
Customers: --> buy broker Scrip with real money from selected brokers.--> use the vendor Scrips to make purchases.
Electronic Check Payment Protocols: NetBill
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Protocol: NetBill
NetBill Archecture: (Source: NetBill 1994 Prototype)
ConsumerApplication
Checkbook
MerchantApplication
Till
User Admin.Server
TransactionServer
SecurityServer
System Admin.Server
Payment &Collection Server
DB
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Protocol: NetBill
Consumer Merchant NetBill Server
1. Credit card # (macro-payment protocol)
Transaction Sequence
2. $5.00 Broker scrip(Millicent protocol)
1. $0.19 Vendor scrp + request
Start of week
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Protocol: NetBill
Customer Broker Vendor
1.0 Broker scrip
Transaction Sequence
2. $0.20 Vendor scrip $4.80 Broker scrip
3. $0.20 Vendor scrp + request
4. $0.19 Vendor scrip change + purchased ino/service
Purchasing from a vendor
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Protocol: NetBill
Customer
Broker
Vendor
Broker sell vendor Scrip Brokers buy/produce large chunks of “vendor Scrip” for licensed vendors
Customer make purchases with vendor Scrips
Vendor sell low-value information and services
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
About Scrip: ---> a piece of data used to represent microcurrency within the Millicent systems.
Scrip has the following properties:- Scrip is vendor specific, thus has value at one specific vendor only.- Scrip can be spent only once by its owner.- Scrip can be represented any denomination of currency.- Scrip represents a prepaid value.- Scrip make no use of public-key cryptography.- Scrip cannot provide full anonymity. It can be traced and recorded.
Scrip like cash has a defined value and can be used to purchase merchandise.
Major differences between Scrip and cash:- Scrip can only spent once, and cash can be spent many times.- Scrip is vendor specific, and cash is not.- Scrip can only spent by the customer who obtained it from the broker.- Scrip has an expiration date and a digital signature.
Electronic Check Payment Protocol: NetBill
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Scrip Message Structure
Electronic Check Payment Protocol: NetBill
Vendor Value Scrip-id customer-id expiration-date info certificate
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Millicent Security Checking: ---> Provide three different security levels.
All transactions should be protected, and fraud must be detectable and traceable.
-----------------------------------------------------------------------------------------------Millicent Protocol Efficiency Ranking Secure Private
Scrip in the clear 1 No No
Encrypted connection 3 Yes Yes
Request signatures 2 Yes No________________________________________________________________
.
Electronic Check Payment Protocol: NetBill
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Authentication and signature: Millicent protocol uses one-way has functions- such as 128-bit MD5 and HMAC-MD5.
- The message is sent in clear, but is protected by the customer_secret in hash function.
- Upon receiving the request, the vendor calculates the hash function using a pre-selected message digest function.
- The vendor returns, upon receiving this information, the customer can compute the message digest to ensure authenticity.
- Signature: a request signature is generated based on the customer_secret by hashing
Encryption: No encryption, but maintains a level of security that prevents Scrip being stolen.
Electronic Check Payment Protocol: NetBill
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Electronic Check Payment Protocol: NetBill
Customer Secret Scrip Request Signature
Request Signature
Compare
Vendor verifies the request signature
Request
Hash
Customer Vendor
1. Scrip, Request, Request signature
2. Change, Reply, Reply signature
Purchase using a request signature
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Scrip certificate generation
Electronic Check Payment Protocol: NetBill
Vendor Value Scrip-id customer-id expiration-date info
Master Scrip secret 5
Master Scrip secret 6
Master Scrip secret 7
Master Scrip secret 6
To customer
Vendor secret keys
“certificate” Hash eg. MD5
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Vendor secret keys
Electronic Check Payment Protocol: NetBill
Vendor Value Scrip-id customer-id expiration-date info
certificate
Master Scrip secret 5
Master Scrip secret 6
Master Scrip secret 7
certificate
Master Scrip secret 6
Fromcustomer compare
Scrip validation
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Comparisons of Electronic Check Payment Protocols
Jerry Gao Ph.D. 5/2000
Topic: Electronic Check Payment Protocols and Systems
Analysis of Electronic Check Payment Protocols