advanced cryptographic protocols lecture 12 supakorn kungpisdan [email protected] nete46301
TRANSCRIPT
Outlines
• Payment Protocols• Account-based Payment Protocols• Token-based Payment Protocols
NETE4630 2
• Primitive transactions– Payment– Value Subtraction– Value Claim
Apr 18, 2023 3
Value claimValue claimValue Value
subtractionsubtraction
PaymentPayment
ClientClient MerchantMerchant
Payment GatewayPayment Gateway
IssuerIssuer AcquirerAcquirer
Electronic Payment Model
E-Payment Model (cont.)
Payment, Value substraction
Value subtraction, Value claim
Value claim, Value subtraction
Payment, Value substraction
Payment Gateway (PG)
Apr 18, 2023 5 SNC, Monash University
Account-based Account-based Payment SystemsPayment Systems
Electronic Payment SystemsElectronic Payment Systems
Token-based Token-based Payment SystemsPayment Systems
Credit card, Electronic Checks Micropayment, Electronic Cash
Types of Payment Systems
Apr 18, 2023 6 SNC, Monash University
Types of Payment Systems (cont.)• Account-based payment systems
– Represented by the transfer between accounts– Credit-card, debit-card, or electronic check– PayPal, Amex’s PayFlow, SET, iKP, NetChex– Requires payment authorization from banks in every
transaction– Suitable for high-value transactions
• Token-based payment systems– Represented by electronic money– Micropayment, electronic coins, or electronic cash– CyberCash, PayWord, Millicent– No payment authorization required in every transaction– Suitable for low-value transactions
Outlines
• Payment Protocols• Account-based Payment Protocols• Token-based Payment Protocols
NETE4630 7
NETE4630 8
Outlines
• Payment Protocols• Account-based Payment Protocols• Token-based Payment Protocols
NETE4630 9
Micropayment
• Represented by electronic money• Lightweight compared to credit-card
payment in terms of cryptographic operations
• No payment authorization required in every transaction
• Suitable for Low-value payment transactions e.g. from 1 cents to 2 dollars
• Prepaid and Postpaid micropayment
2. PayWord Certificate
1 Certificaterequest
4. Certificate verification, first payment
5. Repeated payment
3. Generate coins
6. Redeem coins
7. Billing
ClientClient
BankBank
MerchantMerchant
PayWord
PayWord (cont.)• Postpaid micropayment protocol based on
public-key operations. • Three parties are involved in the system:
client, merchant, and bank.• The bank issues the client a PayWord
certificate containing an authorized amount CL
NETE4630 12
PayWord (cont.)
1. Client generates a set of coins {c0, ..., cn}, where n = CL, which is specific to the merchant.
2. The set of coins is generated as follows:ci= h(ci+1), where i = 1, ..., n
3. In the first payment, the client sends the merchant a commitment:
commitment = {certificate, c0}
NETE4630 13
PayWord (cont.)
4. In each payment, the client sends the coin ci to the merchant.
5. The merchant can infer the value of the coin i by applying a number of hash operations to ci as follows: c0 = hi(ci).
6. At the end of the month, the merchant sends the highest value of ci together with the commitment (containing c0) to the bank.
NETE4630 14
PayFair
Prepaid coupon
1 22
33
4
55
6
Request amount
Money Deduct
Coupon verification
Coupon verification
ClientClient
MerchantMerchant
BankBank
Verification response
PaymentPayment
Apr 18, 2023 16 SNC, Monash University
PayFair• A prepaid micropayment protocol which deploys
symmetric-key operations and hash functions.
• The bank returns the message containing a payment token {N, RN}SK, RN = random number, N = serial number
• The client generates a set of coins wi, i = 0, …, n
wi = h(wi+1)
PayFair (cont.)
• For each payment,
NETE4630 17
Limitations of PayWord & PayFairPayWord, • High Computation at the client due to asymmetric
cryptographic operation• Payment information (price of goods) is revealed to other
parties.
PayFair,• The prepaid coupon is merchant-specific when used.• The client has to contact the bank for issuing a new prepaid
coupon every time she runs out of credits.• The bank is able to impersonate as any client to make a
payment to a merchant.• The client cannot refund un-used coins and coupons.
Kungpisdan’s Approach
• Lightweight protocol• Provide a general-purposed prepaid card: able to
make payments to many merchant.• Extend validity period of a prepaid coupon• Enhance the ability to identify the originator of
the message (to prevent impersonation).• All private information must be kept secret.• Offer the ability to refund and cancel prepaid card
Setup Protocol
2. Bank coupon
1 bank coupon request
Deductmoney
ClientClient
BankBank
3. Create coins
Merchant coupon for M1
Remaining bank coupon
MerchantM1
Bank coupon
Payment Initialization Protocol
4. Coupon verification
6. Updated bank coupon
ClientClient
Merchant
BankBank
5. M1’s coupon
Merchant coupon for M1M1
Remaining bank coupon
Deposit to M1’s account
Payment Protocol
6
Client
Merchant
BankBank
PaymentMerchant coupon for M1
M1
Extra Credit Request Protocol
10. Updated bank coupon
8. Authorization request
Merchant
Bank
9. Approval
7. Extra credit request M1
ClientClient
Remaining bank coupon
Remaining bank coupon
Requested value
Coupon Cancellation Protocol
12. Cancellation response
11. Bank coupon cancellation request
Merchant
Bank
M1
Client
Remaining bank coupon
Deposit to the client’s account
Coin Return Protocol
16. Updated bank coupon
14. Authorization request
Merchant
Bank
15. Approval
13. Coin return request M1
ClientClient
Remaining M1’s coupon
Requested value
Remaining bank coupon
Deduct From M1’s account
Extension to Postpaid Micropayment
2. Bank coupon
1 Certificaterequest
4. Bank coupon verification, first payment
5. Repeated payment
3. Generate coins
6. Redeem coins
7. Billing
Client
Bank
Merchant
Question?
NextGroup discussion
NETE4630 27
Group Discussion• Work in a group of 6 students• Design an Internet bill payment protocol
based on any cryptographic operations– Symmetric encryption, Public-key encryption,
Hash functions and MACs
• Must have the following process:– Client and merchant (biller) registration– The client can add a merchant– The client can make a payment to the merchant
• Give a demo by the end of the class
NETE4630 28