1 swaperoo neil daswani, dan boneh, hector garcia-molina, steven ketchpel, andreas paepcke stanford...
Post on 21-Dec-2015
223 views
TRANSCRIPT
1
SWAPEROO
Neil Daswani, Dan Boneh, Hector Garcia-Molina, Steven Ketchpel, Andreas Paepcke Stanford University
A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations
2
Goals
Desirable wallet properties / features
Define wallet interaction model
Define Clean APIs for wallet and its components
Build Prototype
3
Wallet Features
Extensible: support multiple existing and newly developed instruments and protocols
Non-Web-Centric: can be implemented in non-web environments; extensibility across devices
Symmetric: common services across commerce applications; extensibility across commerce applications
Client-Driven: user initiates all operations, including wallet invocation
4
An Example
Session Initiation Dilbert -> Amazon.com
Instrument Class Negotiation Dilbert: MasterCard,
PonyCash, CyberCoin Amazon.Com: MasterCard,
VISA, CyberCoin ==> MasterCard, CyberCoin
5
An Example
Protocol Negotiation for MasterCard Dilbert: SET (2KP) Amazon.Com: SET (2KP), SET (3KP),
or Unencrypted ==> SET (2KP)
Protocol Selection: SET (2KP)Available Operations: PAY, CREDIT
6
An Example
Instrument Instance Selection: Dilbert’s Citibank MasterCard
Transaction Execution SET (2KP) PAY
Close Session
7
SWAPEROO Architecture
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UserInterface
ClientAPI
UserInterfaceAPI
Instrument Instances
Protocols
8
Function Descriptions
Instrument Manager: encryption of instruments
Protocol Manager: protocol invocation
Communication Manager: low-level, synchronous messaging
User Profile Manager: stores access control information
Wallet Controller: coordinates wallet operations & enforces access control
9
Symmetric Vendors/Banks
Customer Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
VendorController
UI
Instrument Manager
Protocol Manager
Communication Manager
BankController
UI
Vendor Wallet Bank Wallet
Account Profile Manager
10
Wallet Interaction Model
Open SessionInstrument Class
NegotiationProtocol NegotiationProtocol SelectionInstrument SelectionTransaction ExecutionClose Session
Open Session
Instrument ClassNegotiation
ProtocolNegotiation
ProtocolSelection
InstrumentSelection
CloseSession
TransactionExecution
11
Wallet Interaction Model
Open SessionInstrument Class Instrument Class
NegotiationNegotiationProtocol NegotiationProtocol SelectionInstrument SelectionTransaction ExecutionClose Session
Open Session
Instrument ClassNegotiation
ProtocolNegotiation
ProtocolSelection
InstrumentSelection
CloseSession
TransactionExecution
12
Instrument Class Negotiation
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UI Customer Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
VendorController
UI
User Wallet Vendor Wallet
13
Wallet Interaction Model
Open SessionInstrument Class NegotiationProtocol NegotiationProtocol SelectionInstrument SelectionTransaction ExecutionTransaction ExecutionClose Session
Open Session
Instrument ClassNegotiation
ProtocolNegotiation
ProtocolSelection
InstrumentSelection
CloseSession
TransactionExecution
14
Transaction Execution
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UI Customer Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
VendorController
UI
User Wallet Vendor Wallet
15
Transaction Execution
subscribe(EXECUTE_TRANSACTION)
VendorApplication
SETProtocol
checkPrivileges (inv, Citibank Mastercard, PAY)
OK
WalletController
Vendor Wallet
executeTransaction(inv,Citibank Mastercard,PAY)
UserApplication
WalletController
User ProfileManager
SETProtocol
doOperation(PAY,Citibank Mastercard,PAY)
EXECUTE TRANSACTION SETProtocol2KP PAY
doOperation(PAY,Citibank Mastercard,PAY)
OK
notify (EXECUTE_TRANSACTION)
End-User Wallet
16
Transaction Execution
17
Trade-offs / Issues
Where to put what functionality?
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UserInterface
ClientAPI
UserInterfaceAPI
Instrument Instances
Protocols
18
Trade-offs / Issues
User Interaction number of steps vs.
likelihood of an error
Open Session
Instrument ClassNegotiation
ProtocolNegotiation
ProtocolSelection
InstrumentSelection
CloseSession
TransactionExecution
19
Trade-offs / Issues
Security vs. Customization i.e., User Interface & UI API
User Profile Manager
Instrument Manager
Protocol Manager
Communication Manager
WalletController
UserInterface
ClientAPI
UserInterfaceAPI
Instrument Instances
Protocols
20
Implementation &Future Work
Implementation C++ (PalmOS) Java (Windows) PonyCash
Future Work Populate the wallet Experiment with other devices/environments
(i.e. smart cards, mobile phones, web, etc.) Abstract Data Manager
21
Summary / Contributions
Desirable wallet properties: extensibile, symmetric, non-web-centric, client-driven
Defined wallet interaction model
Clean APIs for wallet and its components
Prototype Implementation in Java & C++(available at http://www-db.stanford.edu/~daswani/wallets/)