electronic check payment protocols and systems speaker: jerry gao ph.d. san jose state university...

Electronic Check Payment Protocols and Systems

Speaker: Jerry Gao Ph.D.

San Jose State Universityemail: [email protected]

URL: http://www.engr.sjsu.edu/gaojerry

May, 2000

Topic: Electronic Cash Payment Protocols and Systems

- Overview of electronic cash system

- Ecash (Digital Cash)

- NetCash

- Comparisons and summary

Jerry Gao Ph.D. 5/20000

Presentation Outline

All Rights Reserved


What is an electronic cash payment system?

E-commerce application systems must provide payment processing and transaction service to buyers and sellers.

A payment system, as a part of E-commerce application system, is a such system which support secured payment processes by providing reliable, secured, and efficient transaction services between sellers and buyers.

The basic requirements of a payment system:

- Provide secured and confidential transaction processes.- Conduct authentication and authorization for all involved parties.- Ensure the integrity of payment instructions for goods and services.- Simple, availability, cost-effective, efficient, and reliable.


Overview of Electronic Cash Payment Protocols and Systems



- Customers: Customers use the digital cash payment systems to make purchases.

- Dealers: Dealers have to bear the costs of payment transactions. - Providers for digital payment systems:

Providers are intermediaries between dealers and financial institutions.They provide services and training.

- Development vendors for digital payment systems:

- Financial institutions: Banking systems or organizations who use electronic payment systems.

- Trust Centers: They control digital signature keys, and help to secure customer confidence in certain payment systems. They are responsible for the integrity of transmitted data and authenticity of contractors.

Actors Involved in Electronic Cash Payment Systems



- Digital money:Payment systems must provide customers and private households with acceptable digital money.

Security: Ensure the security of transactions and information privacy of users.

- Scalability: A large number of customers and concurrent transactions should be handled in a scalable manner.

- Efficient and effective: Payment systems must support efficient and effective payment processing and accounting services for small payment transactions.

- Simple: Payment systems must provide customers with simple transparent transactions.

Basic Requirements for Electronic Cash Payment Systems



- Anonymous: Usually, customers wish to stay anonymous for all involved transactions..

- Double spending: Digital coins consists of a number of bits. Payment systems must be able to recognize and/or prevent repeated payments with the same digital coin.

- Exchange: Digital money should be convertible into “real” money whenever necessary.

- Store: Digital money must be stored locally on hard disks or other media.

- Value: Digital cash payment systems must provide a large number of digital coins for circulation and perform authentication checking.

Basic Requirements for Electronic Cash Payment Systems



- Saved time: - Reduce transaction process time- Speed up transaction processes

- Reduced costs:- Reduce transaction costs- Reduce cash distribution costs

- Flexibility:- Digital cash can take many forms, including prepaid cards- Digital cash can be converted into different currencies

- Reduce cash distribution risk: - Reduce the regular cash distribution risk

- Error free and efficient:- Reduce transaction errors

Advantages of Electronic Cash Payment Systems


Topic: Online Payment Protocols and Systems

Important features of electronic cash payment protocols and systems:

- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases.

- Liquidity: Digital cash have to be accepted by all concerned economic agents as a payment method.

- Prepaid cards: Buyers can buy prepaid cards that are accepted by special sellers.

- Electronic payment processing:

Special Features of Electronic Payment Protocols


Topic: Electronic Check Payment Protocols and Systems

Important features of electronic cash payment protocols and systems:

- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases.

- Liquidity: Digital cash have to be accepted by all concerned economic agents as a payment method.

- Prepaid cards: Buyers can buy prepaid cards that are accepted by special sellers.

- Electronic payment processing:

Special Features of Electronic Check Protocols and Payment Systems


Topic:Elect ronic Check Payment Protocols and Systems

Overview of NetBill:

- ECash is a payment protocol for anonymous digital money on the Internet. - It is developed by DigiCash Co, of Amsterdam, The Netherlands.- It is currently implemented and offered by Mark Twain Bank, St. Louis since 1995.- DeutscheBank Ag, Frankfurt (Main) offers Ecash as a pilot project to its customers since October 1997.

A public trial of the Millicent system was scheduled for the summer of 1997.

Electronic Check Payment Protocol: NetBill



NetBill model:

MilliCent protocols use a form of electronic currency called Scrip to connect three involved parties:

- vendors, customers, and brokers.

Scrip is vendor specific.

A Millicent broker:--> medicate between vendors and customers to simplify the tasks they perform.--> aggregate micro-payments--> sell vendor Scrip to customers--> handle the real money in the Millicent system.--> maintain customer accounts and vendors (subScripion services)--> buy and produce large chunks of vendor Scrips (for licensed vendors)

Vendors: --> are merchants selling low-value services or information to customers

Customers: --> buy broker Scrip with real money from selected brokers.--> use the vendor Scrips to make purchases.

Electronic Check Payment Protocols: NetBill




NetBill Archecture: (Source: NetBill 1994 Prototype)

ConsumerApplication

Checkbook

MerchantApplication

Till

User Admin.Server

TransactionServer

SecurityServer

System Admin.Server

Payment &Collection Server

DB




Consumer Merchant NetBill Server

1. Credit card # (macro-payment protocol)

Transaction Sequence

2. $5.00 Broker scrip(Millicent protocol)

1. $0.19 Vendor scrp + request

Start of week




Customer Broker Vendor

1.0 Broker scrip

Transaction Sequence

2. $0.20 Vendor scrip $4.80 Broker scrip

3. $0.20 Vendor scrp + request

4. $0.19 Vendor scrip change + purchased ino/service

Purchasing from a vendor




Customer

Broker

Vendor

Broker sell vendor Scrip Brokers buy/produce large chunks of “vendor Scrip” for licensed vendors

Customer make purchases with vendor Scrips

Vendor sell low-value information and services



About Scrip: ---> a piece of data used to represent microcurrency within the Millicent systems.

Scrip has the following properties:- Scrip is vendor specific, thus has value at one specific vendor only.- Scrip can be spent only once by its owner.- Scrip can be represented any denomination of currency.- Scrip represents a prepaid value.- Scrip make no use of public-key cryptography.- Scrip cannot provide full anonymity. It can be traced and recorded.

Scrip like cash has a defined value and can be used to purchase merchandise.

Major differences between Scrip and cash:- Scrip can only spent once, and cash can be spent many times.- Scrip is vendor specific, and cash is not.- Scrip can only spent by the customer who obtained it from the broker.- Scrip has an expiration date and a digital signature.




Scrip Message Structure


Vendor Value Scrip-id customer-id expiration-date info certificate



Millicent Security Checking: ---> Provide three different security levels.

All transactions should be protected, and fraud must be detectable and traceable.

-----------------------------------------------------------------------------------------------Millicent Protocol Efficiency Ranking Secure Private

Scrip in the clear 1 No No

Encrypted connection 3 Yes Yes

Request signatures 2 Yes No________________________________________________________________

.




Authentication and signature: Millicent protocol uses one-way has functions- such as 128-bit MD5 and HMAC-MD5.

- The message is sent in clear, but is protected by the customer_secret in hash function.

- Upon receiving the request, the vendor calculates the hash function using a pre-selected message digest function.

- The vendor returns, upon receiving this information, the customer can compute the message digest to ensure authenticity.

- Signature: a request signature is generated based on the customer_secret by hashing

Encryption: No encryption, but maintains a level of security that prevents Scrip being stolen.





Customer Secret Scrip Request Signature

Request Signature

Compare

Vendor verifies the request signature

Request

Hash

Customer Vendor

1. Scrip, Request, Request signature

2. Change, Reply, Reply signature

Purchase using a request signature



Scrip certificate generation


Vendor Value Scrip-id customer-id expiration-date info

Master Scrip secret 5




To customer

Vendor secret keys

“certificate” Hash eg. MD5



Vendor secret keys


Vendor Value Scrip-id customer-id expiration-date info

certificate




certificate


Fromcustomer compare

Scrip validation



Comparisons of Electronic Check Payment Protocols



Analysis of Electronic Check Payment Protocols

electronic check payment protocols and systems speaker: jerry gao ph.d. san jose state university...

Documents

electronic payment systems

digital payment systems

digital cash payment

certain payment systems

systems customers

systems digital money

small payment transactions

costs of payment transactions