Title: StoredAccount Payment Systems
1Stored-Account Payment Systems
- Payment Systems that support SET
- Backed by Visa and MasterCard
- American Express also adopted SET
- SET market acceptance is wanting
- Complexity of the specification complex software
- PKI all participants need certificates
- Legacy system of financial industry is not
compatible with SET - Using SET with smart cards in Europe
- Simplifying SET is ongoing
- Payment systems over SSL
- Merchant can be authenticated by its certificate
- Prevent attackers masquerades merchant to capture
card details - Buyer-merchant communication is encrypted
- Prevent attackers intercepts card details
2Centralized Account Payment
- Both the payer and payee hold accounts at the
same centralized on-line financial institution - The payer securely connects to the bank, and
informs it to move a certain amount from the
payers account into the payees account - The bank subtract an amount from one account and
add the amount to another account - Drawback all participants must have an account
with the same payment system - Centralized account model is popular on the
internet - PayPal, Yahoo! PayDirect, InternetCash, CyberGold
- Used by Amazon.com, eBay, AOL QuickCash
3Funding the Account
- The on-line accounts are not real bank account
- They are not governed by national banking
regulations - They do not provide the facilities of a real
certified bank - They are typically limited 10,000 or less
- The most popular method of funding an on-line
account is to use a payment card - Credit card or debit card
- Authentication of credit card owner is necessary
- Other methods of funding
- Transfer funds from a regular bank account
- Prepaid card from a physical store
4Card Owner Authentication
- International credit card owner authentication by
PayPal - The user sign up
- PayPal sends two credit lodgments to the credit
card account - Each deposit is a small random amounts between 1
cent to 99 cents - Each transaction is labeled with two different
unique PayPal merchant identifiers - The user query his/her credit card account
statement to obtain the credit amounts and
merchant identifiers - The user present them to PayPal to prove that
he/she is indeed the genuine card holder
5Account Transfer Authentication
- User-to-User payment
- Account holder is authenticated using an account
identifier and a password - Email address may be used as account identifier
- All communication is over SSL
- Payment procedure
- Payer log on the centralized account system
- Payer authorize payment transfer
- The payee are notified by email
- A email confirmation is sent to payer
- Payee log on the centralized account system to
verify the payment
6Account Transfer Authentication (continued)
- User-to-Merchant payment
- Customer shop inside merchants website
- Customer select payment system
- Merchants web server redirect the costumer to
payment system with transaction details - Customer log on payment system and authorize the
payment - Payment system redirect customer to merchants
website and send payment indication to merchants
server - Merchant deliver goods or service
7CyberCash
- http//www.cybercash.com
- Founded in 1994 to provide software and service
solutions for secure financial transactions over
the Internet - Acquired by VeriSign in 2001
- CyberCash wallet
- A client software runs alongside browser
- Aims to make purchase as transparent as possible
to the user by hiding the details of the payment
steps and message - CyberCash persona
- Unique CyberCash ID and pass phrase for every
user (customer and merchant) - Map the user's private/public key pair
- Unlock wallet
- Emergency close-out in case of fraud
8CyberCash Model
From Donal OMahony, et al., "Electronic Payment
Systems"
9Payment steps
Consumer
Merchant
CyberCash Server
Finish shopping
Order form
Credit-card data
Forward details
Authorize clear with bank
Issue receipt
Log transaction
10Payment steps (continued)
- A CyberCash purchase
- Customer click on "Pay" in a browser
- Payment-Req (PR)
- From the merchant to the buyer to launch the
CyberCash wallet - Contains summary of the order signed by the
merchant - The signature is verified by CyberCash server
later - Credit card payment (CH1)
- From the buyer to the merchant
- Contains card data, a hash code of the order, and
merchant's signature on the order - encrypted by public key of CyberCash server
(PKcs) - Signed by the buyer
11Payment steps (continued)
- Auth-Capture
- The merchant forward the encrypted data to
CyberCash server - The server verify
- Buyer's signature and card data
- Merchant's signature on the order details
- Charge-Action-Response
- After having authorized and captured the purchase
in the bank network - From the server to the merchant
- Contains unsigned receipts for the merchant and
buyer - Charge-Card-Response (CH2)
- The merchant forwards the unsigned receipt from
the server to the buyer
12Payment steps (continued)
- Binding credit cards
- A cardholder must register his/her credit card to
CyberCash persona - Message from customer to CyberCash server
- Kdes(card detail), PKcs(Kdes)
- Validation with issuer
- Message from CyberCash server to the customer
- Kdes(Success/Failure, card detail)
- CyberCash plan to update their payment protocol
to be SET-compatible
13Stored-Value Payment Systems
- What is it?
- Electronic Cash
- Hard-currency systems over an electronic medium
- Pros and cons
- Payment can be instantaneous and potentially
anonymous - Cost per transaction is smaller
- Support low-value transaction
- The proximity of payer and payee is not an issue
for electronic payments - Anonymous but traceable
- Provides privacy of purchases while discouraging
illicit sales
14Stored-Value Payment Systems (continued)
- High-security risks
- Anonymous payment is the favorite method of all
criminals - The key is to balance upholding individual
privacy with discouraging illicit activities - Counterfeit money is indistinguishable from
e-cash minted by an authorized issuing bank - If it is generate from compromised secret key
- High potential for undetected fraud
- Off-line stored-value payment system double
spending
15How E-cash works
- E-cash is typically stored in an electronic
device - hardware token
- Secure processor and nonvolatile memory
- Load the token with money
- Connect to bank bank terminal and withdraw from
their own account - Similar to taking cash out of an ATM
- Make payment using e-cash
- Offline transaction
- Buyer's hardware token interface with seller's
device - Buyer's device decrease while seller's device
increase by the equivalent amount - Online transaction
- Buyer's hardware token connect to seller's bank
account - Buyer's device decrease while seller's account
increase by the equivalent amount
16Securing E-Cash
- Main security concern
- Physical tampering of the device to add value
- Physically shield the device
- Protocol-based attack that mimics a paying device
- Replay attack
- To counter the replay attack secure
authentication protocol by using a key - Symmetric key Encryption
- Symmetric key shared by paying device and
receiving device - Bank issue a randomly generated master key to all
of its hardware devices - The symmetric key for the transaction is a
function of each device's unique identifier and
the master key
17Securing E-Cash (continued)
- The receiving device can regenerate the symmetric
key based on unique identifier and the master key - Can trace and effectively blacklist compromised
key - To counter replay attack challenge (nonce)
response system - Public key Encryption
- Public key of receiving device for encryption
- Private key of paying device for signature
- To counter replay attack A challenge is signed
by paying device
18Representing E-Cash
- Register-based cash
- A value stored in a counter of a hardware device
- To counter physical attack
- Encode the data stored in memory
- Electronic coins
- Discrete values of cryptographic tokens
- Each of some denomination
- A unique serial number is assigned to each coin
and signed by the issuing bank - A different signature is used for each currency
denomination - Each coin can only be used one time
- Recipient can no longer spend the coin but can
redeem it with the issuing bank for a new
electronic coin
19eCash?
- eCash (www.ecash.com)
- A stored-value cryptographic coin system for
internet-based commerce - eCash can withdraw from consumer's bank account,
store in his computer, and transfer to another
person - Double spending
- Digital representation of money can be perfectly
duplicated - Counter double spending issuing bank
authentication - Verify the coins being used in a transaction has
not already been spent before while protect
payer's privacy - Key technique Blind signature
20Blind Signature
- Sample steps in purchase of eCash
- Customer generate a note number of the eCash,
usually via a random number generator - Consumer mint his/her own eCash
- Bank digitally signs on the note number, after
getting money from customer, this create the
eCash - To protect consumer's privacy, the bank must be
infeasible to know the note number - Blind signature technique is used banks signs
on something he doesnt know the detail !!! - Customer got the eCash
- The value of coin is represented by the bank's
digital signature
21Using eCash
- Main problem how to prevent double spending
- The bank is involved in order to authenticate
eCash - Trilateral transactions
- Customer sends 'notes' to merchant, (i.e., M)
- Customer does not sign the 'notes'
- Merchant sends 'notes' to bank
- Bank verifies that the 'notes' is not used before
- A global database for spent eCash
- Bank issues new e-cash to merchant, or credit
merchant's account - Bank records customer's 'notes' is spent
- Disadvantages
- needs a global database of spent e-cash, hard to
be cost-effective for micro-payment
22Using eCash (continued)
- eCash provides the payer anonymity but not
anonymity of receiving eCash - Make purchasing illegal goods or services
possible over the internet with impunity - Cannot identify the purchaser
- Provides little incentive for selling illegal
goods or services - Purchaser knows the note number of the eCash
- Bank records the note number when the payee
authenticates them - The purchaser can indisputable "finger" a seller
of illegal goods and merchandise on the internet - The fingering also implicate the purchaser
23Perfect Crime with eCash
- Bruce Schneier's description of a perfect crime
- An anonymous kidnapper takes a hostage
- The kidnapper then prepares a large number of
blinded coins - These are sent anonymously to the bank as a
ransom demand - The bank signs the coins due to the hostage
situation - The kidnapper demands that the signed blinded
coins be published in a public place such as a
newspaper or on television - This will prevent the pick-up being traced.
Nobody else can unblind the coins - The kidnapper can safely take the blinded coins
from the newspaper or television and save them on
computer - The coins are then unblinded and the kidnapper
now has a fortune in anonymous eCash
24Next Session Highlights