Micro Payment System (1)

8/8/2019 Micro Payment System (1)

1/22

1

Chapter 11

Micropayment Systems

11.1 Introduction

11.2 Overview of Micropayment System

11.3 Millicent

11.4 PayWord

Introduction

Online Credit card payment involves substantial minimal fee pertransaction not applicable for charging smaller amounts

Difficulties: - delay- user involvement

- potential for disputes (refunds, chargeback)

- handling cost

Micropayment charging amounts smaller or close to the minimal credit cardtransaction fee

Low value per transaction small profit high processing rate paymentverification inexpensively

Successful micropayment system not involve computationally expensivecryptographic techniques


2/22

2

Overview of Micropayment System

Operated by one or more payment service provider (PSP) receivingaggregated payment from customers passing to the merchants

Payment protocol - payment approval (customer agrees to pay)

- payment authorization (PSP)

Payment approval and payment authorization integrated orseparated

The single PSP solution is simple and efficient but expect more PSPs to

emerge as the demand grows and market matures

Unrealistic all customer and merchants have accounts with multiple PSPs

Micropayment system support interoperability among multiple PSPs


Micropayments via a single PSP


3/22

3


Payments via the PSP


Micropayments via two interoperating PSPs


4/22

4

Millicent

A decentralized micropayment scheme allow payments as low as $0.001 tobe made

Efficiently validated at a vendors site

Without any additional communication, expensive public key encryption oroffline processing allow it to scale effectively for repeated small payments

Uses a form of electronic currency scrip

Scrip vendor-specific fast and efficient to verify - it is not of great concernif loses a small piece of change

Using fast symmetric encryption the protocol can be both lightweight andsecure

The Millicent Model

Millicent


5/22

5

Millicent

i. Broker (Financial Institutions / Network Service Providers)

Aggregating micropayments

Not efficient customer buys vendor scrip from every vendor

Customer will make enough micropayments in total at different vendors to cover the cost of a macropayment transaction

Broker provides all the different vendor scrip needs of a customer in returnfor a single macropayment sell vendor scrip to customers

The aggregation of different vendor scripsjustifies a macropaymenttransaction to purchase these pieces of scrip

Millicent


Replacing subscription services

Vendormaintains account information forcustomers who have paid touse the service for a set length of time

Customers have to maintain account information foreach different vendor

Broker frees both the customer and vendor replacing a subscriptionservice with a pay-per-access micropayment system


6/22

6

Millicent


Selling vendor scrip

Brokers handle the real money in the Millicent system maintain accountsof customers and vendors.

Have an agreement with each vendor whose scrip the broker sells

Two ways in which a broker gets the vendor scrip:

1. Scrip warehouse (buy and store)2. Licensed scrip production (generate)

Efficient: - doesnt need to store a large number of scrip pieces

- vendor does less computation doesnt have to generate

- license smaller to transmit

Millicent

ii. Vendors

Merchants selling low-value services or information

Accept his or herown vendor scrip validate it locally prevent anydouble spending

Sell scrip at discount orscrip-producing license profit for brokers


7/22

7

Millicent

iii. Customers

Buy broker scrip with real money from their chosen broker

Broker scrip has value at that broker only

A macropayment scheme (SET or E-Cash) could be used to buy thebroker scrip

Using broker scrip - customerbuys vendor scrip for specific vendorsused to make purchases

Millicent

Purchasing with Millicent

Buying broker scrip


8/22

8

Millicent


Purchasing from a vendor

Millicent


Further purchases from the same vendor


9/22

9

Millicent

Scrip

Properties:

Represents a prepaid value

Represents any denomination of currency

The security is based on the assumption

Vendor-specific

Can be spent only once Can be spent only by its owner

Cannot be tampered with or its value changed

Computationally expensive to counterfeit scrip

Make no use of public key cryptography

Cannot provide full anonymity

Millicent

Scrip

Structure:


10/22

10

Millicent

Scrip Certification Generation

Millicent

Validating scrip at the time of purchase


11/22

11

Millicent

To prevent double spending - vendorchecks the ID# has not already beenspent

Maintains bit vectors corresponding to the issued serial number (ID#s) tokeep track of spent scrip

Vendordiscards the fully spent or expired vector keep valid scrip ID# -speed up transactions

Computation costs: Recalculate certificate one hash function

Prevent double spending one local ID# database lookup

Making purchase across network one network connection

Different levels ofefficiency, security and privacy sending scrip over anetwork

Millicent

Three main Millicent protocols:

1. Scrip in the clear

2. Encrypted network connection

3. Request signatures

1. Scrip in the clear

Sending and receiving the purchase content and change in the clear

No network security interception might be occurred


12/22

12

Millicent


Purchase using encrypted network connection

Millicent


Generating a customer_secret


13/22

13

Millicent


Buying vendor scrip

Millicent


Generating a request signature


14/22

14

Millicent


Purchase using a request signature

Millicent


Vendor verifies the request signature


15/22

15

Millicent

Characteristics of the Three Millicent Protocols

Millicent

Application

1. Paying for information content

2. Database searching

3. Access to a service

4. Authentication to distributed services

5. Metering usage

6. Usage-based charges

7. Discount coupons

8. Preventing subscription sharing


16/22

16

Millicent

Drawbacks

1. Both broker and vendor must be trusted to issue the correct change noway to prove that change scrip is owned

2. The user cannot independently verify the validity of a piece of scrip sincethe user cannot regenerate the scrip certificate

PayWord

Credit-based micropayment scheme

Reduce the number ofpublic-key operation uses hash functions and

symmetric key cryptography faster

Uses chains of hash value to represent user credit

Each hash value (PayWord) can be sent to a merchant as payment

PayWord chain vendor-specific user digitally signs a commitment tohonor payment for that chain

Brokers maintain account for users and vendors not necessary for both avendor and user to have an account at the same broker

Need some assurance that users will honor their PayWord payment sincePayWord is a credit-based scheme


17/22

17

PayWord

PayWord certificate authorizes a user to generate PayWord chainsguarantees that a specific broker will redeem them

Broker and vendors do not need PayWord certificates

Users obtain a certificate when they initially setup an account with a broker

Certificate have to be renewed every month limits fraud and ensuring thatusers who have overdrawn account will not be issued with a new certificate

PayWord

Obtaining a PayWord user certificate


18/22

18

PayWord

Since identified certificates with a user identifier and address are used noanonymity is provided

Broker might maintain blacklists of certificates that have been revoked ifsecret key was lost or stolen avoid others to generate PayWord chainsunder their name

Vendor has responsible to obtain any revoked certificate list from a broker

PayWord

PayWord Chains

Represent user credit at a specific vendor

Is a chain of hash value

Each PayWord (hash value) in the chain has the same value (1 cent)


19/22

19

PayWord

Generating a PayWord chain

PayWord

PayWord Chains

Vendor and broker need to know to whom the spent PayWords belong usersaccount can be charged

The user is authenticated by signing a commitment authorize the broker toredeem allows the vendor to be confident that he will be paid

A commitment to a PayWord chain has the form:

Comm = {V, CU, W0, E, ICOMM} SKU


20/22

20

PayWord

Paying a vendor with PayWords

PayWord

Verifying the first PayWord


21/22

21

PayWord

Verifying further payments

PayWord

Reclaiming PayWords with a broker


22/22

PayWord

Hash functions are computationally cheap

Broker could perform certificate generation and PayWord redemption offline efficiency

Payment verification requires only one hash computation vendor need onlystore the highest payment hash received

PayWord is most efficient forrepeated micropayments to a specific vendor

Minimizes communication costs

broker does not have to be contacted for a new vendor payment

need not change and return the unused vendor-specific scrip to the broker (unlikeMillicent system)

Provides more opportunity for user fraud if a users secret key iscompromised

Documents

Micro Payment System (1)