MICROPAYMENT PROTOCOLS

1
MICROPAYMENT PROTOCOLS
2
INTRODUCTION

• Overview of MicroPayments
• Protocols
• - NetBill
• - NetPay
• - PayCash

3
MICROPAYMENTS

1. - Fraction of a cent or very small amount that
   may be charged for online usage of Connection
   time.
2. - Payments of small sums of money, generally
   smaller than physical currency.

4
MICROPAYMENTS

• OBJECTIVES
• Minimize transaction overheads
• To use in place of Credit cards
• -Security
• Pay-per-view or pay-per-use type of commerce.

5
Efficient Protocols

• Anonymous (Privacy Protection)
• Tamper-proof records
• Integrity
• Non-repudiation, Atomicity
• Accountability
• Multiple currencies

6
NETPAY

• Secure
• Economical
• Easily implementable
• Debit-based protocol for a micropayment
• system
• Derived from Payword protocol
• Prevents Double spending

7
NETPAY

• PROS
• No involvement of third party in every
  transaction
• Minimizes the number of expensive public-key
  operations
• Hash function operations are used

8
NETPAY

• Consider a trading community
• -Untrusted parties
• Customer (C)
• Vendor (V)
• -Trusted parties
• Broker (B).
• --registers customers and Merchants

9
NETPAY

• PROTOCOL

Broker
M1
Vendor1
Customer
M1 IDc, n, IP address of V1
10
NETPAY

• The Broker does
• Debit money from the account of C
• Creates a payword chain W0, W1, ..., Wn, Wn1
  which satisfy Wi h(Wi1).
• h(.) is a one way hash function
• Seed Wn1 is a secret with the broker.
• -- Prevents overspending and forging paywords

11
NETPAY

• PROTOCOL

Broker
M1
M2
Vendor1
Customer
M2 W1, W2, ..., Wn PK-customer
12
NETPAY

• PROTOCOL

Broker
M1
M3
M2
Vendor1
Customer
M3 IDc, W0 SK-broker
13
NETPAY

• Transaction 2 Customer Vendor

M4
Vendor 1
Customer
M4 IDc, P
P (Wj, j), ( Wj1, j1), ..., (Wjm-1, jm-1)
payment P is verified by the vendor by hashing
the paywords Wi's in the payment P. ExW1 is
valid if the hash matches (W0)
14
NETPAY

• Transaction 2 Customer Vendor

M4
Vendor 1
Customer
M4 IDc, P
If payment P is valid Then P will be stored for
redemption at a later time with the broker.
15
NETPAY

• Transaction 2 Customer Vendor

M4
Vendor 1
Customer
M5
M5 IDv1, the receipt of the payment
16
NETPAY

• Transaction 3 Vendor-Vendor

M6
M7
Customer
Vendor 2
Vendor 1
M9
M8
M6 IP address of V1, IDc, P, O
M7 IDc, IDv2
V1 signs the index Index IDv1, IDv2, iSK-v1
M8 IDc, W0, Index
M9 IDv2, the receipt of the payment
17
NETPAY

• Transaction 4 Vendor Broker

M10
Broker
Vendor
M11
M10 IDc, IDv, P
M11 Statement of the vendor's account
18
NETBILL

• System for micropayments
• For information goods on the Internet
• PLUS POINT
• Provides an atomic certified delivery method so
  that a customer pays if and only if she receives
  her information goods intact.

19
NETBILL

• THIRD PARTY

NetBill server
Merchant Account
Customer Account
Financial Institution
Financial institution
E.g Banks
20
NETBILL
NetBill server
Customer
Merchant

• Three phases
• Price negotiation---Customer ??Merchant
• Goods delivery--- Customer ??Merchant
• Payment---Merchant ??NetBill

21
NETBILL

• The Transaction Protocol
• CÞ M Price request

• -Customer presents evidence of her identity
• -Requests a price quote on an item.
• -The customer may also bid for the item.

2. MÞ C Price quote -The merchant responds with
a price offer.

• CÞ M Goods request

22
NETBILL

• 4. MÞ C Goods, encrypted with a key K
• -The merchant provisionally delivers the goods,
  under
• encryption, but withholds the key.

5. CÞ M Signed Electronic Payment
Order -customer constructs, and digitally signs,
an electronic payment order (or EPO) and sends
it to the merchant.
6. MÞ N Endorsed EPO (including K) -Merchant
appends the key to the EPO digitally signs
the EPO, forwarding it to the NetBill
server. - Proof of Agreed Terms and Key
23
NETBILL

• 7. NÞ M Signed result (including K)
• - NetBill Debits Credits Accounts.
• - Also proof of Transaction by NetBill

8. MÞ C Signed result (including K)
24
PAYCASH

• Designed to offer
• - Strong security
• - Privacy protection.
• Based on CHAUMS ELECTRONIC COINS
• -- first to demonstrate anonymity in
  electronic coins.

25
PAYCASH
26
PAYCASH

• COIN X, g-1(f(X))
• - f(.) and g(.) are functions that are easy to
• calculate and hard to invert.
• Only Third Party (TP) can mint a coin- apply
  g-1(.)
• For anonymity TP should mint without knowing X or
  F(X)
• The user applies a Blinding Fn before Minting the
  coin.

27
PAYCASH

• Instead of Serial number X,pair of keys are used
• - Public Key (P) Secret key (S).
• Two Functions SIGN(S,Z) VERIFY(P,Sz)
• ? VERIFY(P,SIGN(S,Z)) Z.
• COIN P, g-1(f(P)) .
• To send a Coin, we send the four tuple
• record, Sign(S,record), P, g-1(f(P))

28
PAYCASH

• record, Sign(S,record), P, g-1(f(P))
• Check if f(p) g(g-1(f(P)) )
• Using P,
• VERIFY(P,SIGN(S,record)) record
• This verifies the sender because only he knows
  the secret Key, S
• P is stored with the third party after intial
  payment.

29
PAYCASH

• Multiple Value Coin
• For each P, Third Party keeps track of m(P).
• COIN N, P, g-N(f(P))
• Tuple record, Sign(S,record), n, P, g-n(f(P))
  
• Condition N gt k m(P)/c.
• e.g 10 gt2 5/1

30
REFERENCES

• 1. Rivest, R., Shamir, A., Adleman, L.
  (1978). A method for obtaining Digital Signatures
  and Public-Key Cryptosystems, Communications of
  the ACM, Vol. 21, 21(2)120-126.
• 2. 7   B. Cox, J. D. Tygar, and M. Sirbu.
  "NetBill Security and Transaction Protocol." In
  Proceedings of the First USENIX Workshop on
  Electronic Commerce, pages 77-88, July 1995.
• 3. Jon M Peha and Lldar M. Khamitov. PayCash a
  secure efficient Internet payment system. ACM
  International Conference Proceeding Series
  Proceedings of the 5th international conference
  on Electronic commerce

31
REFERENCES

• HyperLinks
• 1.Xiaoling Dai and Bruce W N Lo. Netpay--An
  efficient protocol for micropayments on the WWW.
• http//ausweb.scu.edu.au/aw99/papers/dai/paper.ht
  ml
• 2.http//citeseer.ist.psu.edu/cache/papers/cs/781/
  httpzSzzSzwww.ini.cmu.eduzSznetbillzSzpubszSzUsen
  ix.pdf/cox95netbill.pdf/
• 3.http//portal.acm.org/citation.cfm?id948022col
  lACMdlACMCFID20304359CFTOKEN79408948