DILEEP V K

4NM10SCS08
MTECH II
NMAMIT
Electronic Payment Systems
- Introduction to electronic payment systems

- Requirements of electronic payment

- Classification of electronic payment systems
and protocols

- Account-Based Payment and Example

- Electronic Check Payment and Example

- Micro-Payment and Example
Presentation Outline
What is a payment system?

E-commerce application systems must provide payment processing and
transaction service to buyers and sellers.

A payment system, as a part of E-commerce application system, is a such system
which support secured payment processes by providing reliable, secured, and
efficient transaction services between sellers and buyers.

The basic requirements of a payment system:

- Provide secured and confidential transaction processes.
- Conduct authentication and authorization for all involved parties.
- Ensure the integrity of payment instructions for goods and services.
- Availability, cost-effective, efficiency and reliability.
- Global access and international useful
Introduction to Electronic Payment and
Systems
Electronic payment is implemented by a flow of money from the payer via the
issuer and acquirer to the payee.

Advantages:

- Fast transaction processing
- Flexible of use (24 hours available)
- Low cost transactions
- Global accessible to customers and businesses

Disadvantages:

High risks and security challenges due to:

- Unlike paper, digital documents can be copied perfectly and arbitrarily often.
- Digital signatures can be produced by anybody who knows the secret
cryptographic key.
- A buyers name can be associated with every payment.
Introduction to Electronic Payment
Systems
Electronic Payment Models:

Direct-payment systems:--> require an interaction between payer and payee.

- Cash-like payment systems
- A certain amount of money is taken away from the payer
before purchases are made.

Example: Smart card-based electronic purses,
electronic cash, and bank checks

- Check-like payment systems
- pay-now systems (like credit card-based payment systems)
- pay-later systems (like ATM card-based payment systems)

Indirect payment systems:--> the payer or the payee initiates payment without
the other party involved online. (Example, electronic funds transfer)
Introduction to Electronic Payment
Systems
Classification of electronic payment systems:

- Card-based payment systems:

Examples: CyberCash, First Virtual (FV), VISA and MasterCard, CARI

- Electronic checking systems:

Examples: FSTC, NetBill

- Electronic cash payment systems:

Examples: Ecash (DgiCash), NetCash, CyberCoin, Mondex

- Micro-payment systems:

Examples: Millicent, SubScrip, PayWord, MicroMint, IKP micropayment.
Introduction to Electronic Payment
Systems
Classification of Electronic Payment
Protocols
E-Commerce Payment Protocols
Macro-Payment Protocols
Electronic Check Payment Protocols
Micro-Payment Protocols
Digital Cash Payment Protocols
SET
FV
CyberCash
CyberCoin
DigiCash
NetCash
Mondax
Cafe
Millicent
PayWord
NetBill
FSTC
iKP
SEPP
SubScrip
Different types of payment card schemes:

(A) Credit cards, where payments are set against a special-purpose
account associated with some form of installment-based
repayment scheme or a revolving line of credit.
- pay later with limit and interest rate.

(B) Debit cards (paperless checks) are linked to a checking/saving
account.
- pay now with balance checking.

(C)Charge cards: work in a similar way to credit cards in that
payments are set against a special-purpose account.
- payment must be made at the end of billing period
without limit.

(D) Travel and entertainment cards are charge cards whose usage
is linked to airlines, hotels, restaurants, car rental companies, or
particular retail outlets.
Overview of Account-Based Payment
Overview of Credit Card-Based Payment
Card Association
Card Issuers Bank
Card Acquirers Bank
Merchant CardHolder
Payment Model:
Special Features of Account-Based Electronic Payment
- Online Transaction.

- Anonymity: This ensure that no detailed cash transactions for customer
are traceable. Even sellers do not know the identity of
customers involved in the purchases

- Security: High security and low risk due to the use of traditional
banking system and user accounts.

- Standardization: Use of the existing standardized payment model

- Flexibility: consumers can have multiple cards used in different
countries and concurrency

- All transactions can be easily traced by banking system and merchants.
Limitations:

- Dependency: dependent on existing banking systems.

- Transaction cost: high transaction cost compared with other approaches

- Performance: slower performance due to the authentication and
account validation using the existing banking systems

- Privacy: consumer loss of the privacy of their transactions
Special Features of Account-Based Electronic Payment
About CyberCash:

- CyberCash is a secure Internet payment system developed by CyberCash,
Inc., which is located at Reston, VA, USA, and it was found in August 1994 to
provide software and service solutions for secure financial transactions over the
Internet.

- CyberCash uses special wallet software, enable consumers to make secure
purchases using major credit cards from CyberCash-affiliated merchants.

- the CyberCash payment system was launched in April 1995. It had over half a
million copies in circulation.

- CyberCash has other payment systems, such as CyberCoin (electronic cash
system) and PayNow (electronic check system).


Credit Card-Based Electronic Payment System:
CyberCash
Features of CyberCash:

- Use the existing credit card infrastructure for settlement payments.

- Use cryptographic techniques to protect the transaction data during
a purchase.

- Authenticate the identifies of both parties to the transaction.

- Provide online transaction and online authentication.

- Broker the transaction between merchants bank and cardholders
bank.

Credit Card-Based Electronic Payment System:
CyberCash
Credit Card-Based Electronic Payment System:
CyberCash
Web Browser
Customer
Wallet
Web Server
Merchant
Software
CyberCash
Server
Shopping
Purchase
Purchase messages Registration
Card binding
Banking
Network
Internet
CyberCash Payment Model
Credit Card-Based Electronic Payment System:
CyberCash
Payment Steps in a CyberCash Purchase
Consumer
Cybercash
Server (CS)
Merchant
Click PAY
order
form
forward
details
issue
recei
pt
authorize
+ clear
with bank
Credit-card pay
Payment-req
Charge-card-res
auth-capture
charge-action-res
Finish
shopping
Choose
CC, addr
log
transaction
Credit Card-Based Electronic Payment System:
CyberCash
Header Transport Trailer Opaque
CyberCash Messages:
Header: It indicates the start of a CyberCash message.

Transport: It contains the order information in a purchase, transaction ID, date,
and the key ID to the encrypt the opaque part.

Opaque: The encrypted part of a message.

Trailer: the end of a CyberCash message.
6/23/2014 17
Payment Acceptance and Processing
Merchants must set up merchant accounts to
accept payment cards
Law prohibits charging payment card until
merchandise is shipped
Payment card transaction requires:
Merchant to authenticate payment card
Merchant must check with card issuer to ensure
funds are available and to put hold on funds
needed to make current charge
Settlement occurs in a few days when funds travel
through banking system into merchants account
6/23/2014 18
Processing a Payment Card Order
6/23/2014 19
Open and Closed Loop Systems
Closed loop systems
Banks and other financial institutions serve as
brokers between card users and merchants -- no
other institution is involved
American Express and Discover are examples
Open loop systems
Transaction is processed by third party
Visa and MasterCard are examples

6/23/2014 20
Credit Card Processing
SOURCE: PAYMENT
PROCESSING INC.
6/23/2014 21
Secure Electronic Transaction (SET)
Protocol
Jointly designed by MasterCard and Visa with backing of Microsoft,
Netscape, IBM, GTE, SAIC, and others
Designed to provide security for card payments as they travel on the
Internet
Contrasted with Secure Socket Layers (SSL) protocol, SET validates
consumers and merchants in addition to providing secure transmission
SET specification
Uses public key cryptography and digital certificates for validating both
consumers and merchants
Provides privacy, data integrity, user and merchant authentication, and
consumer nonrepudiation


6/23/2014 22
The SET protocol
The SET protocol coordinates the activities of the customer,
merchant, merchants bank, and card issuer. [Source: Stein]
6/23/2014 23
SET Payment Transactions
SET-protected payments work like this:
Consumer makes purchase by sending encrypted
financial information along with digital certificate
Merchants website transfers the information to a
payment card processing center while a
Certification Authority certifies digital certificate
belongs to sender
Payment card-processing center routes
transaction to credit card issuer for approval
Merchant receives approval and credit card is
charged
Merchant ships merchandise and adds
transaction amount for deposit into merchants
account
6/23/2014 24
SET uses a hierarchy of trust
All parties hold certificates signed directly or
indirectly by a certifying authority. [Source: Stein]
6/23/2014 25
SET Protocol
Extremely secure
Fraud reduced since all parties are authenticated
Requires all parties to have certificates
So far has received lukewarm reception
80 percent of SET activities are in Europe and Asian countries
Problems with SET
Not easy to implement
Not as inexpensive as expected
Expensive to integrated with legacy applications
Not tried and tested, and often not needed
Scalability is still in question

Payment Cards
Online Credit Card Transaction
Payment Acceptance and Processing
Open and closed loop systems will accept and process
payment cards.

A merchant bank or acquiring bank is a bank that does
business with merchants who want to accept payment cards.

Software packaged with your electronic commerce software
can handle payment card processing automatically.

Payment Acceptance and Processing
6/23/2014
30
Using Payments Cards Online
Key participants in processing credit card payments
online include the following:
Acquiring bank
Credit card association
Customer
Issuing bank
Merchant
Payment processing service
Processor
6/23/2014
31
Using Payments Cards Online
Fraudulent Credit Card Transactions
Address Verification System (AVS)
Detects fraud by comparing the address entered on a
Web page with the address information on file with
cardholders issuing bank

6/23/2014
32
Using Payments Cards Online
card verification number (CVN)
Detects fraud by comparing the verification number
printed on the signature strip on the back of the card
with the information on file with the cardholders
issuing bank
6/23/2014
33
Using Payments Cards Online
Fraudulent Credit Card Transactions
Additional tools used to combat fraud include:
Manual review
Fraud screens and decision models
Negative files
Card association payer authentication services




6/23/2014
34
Using Payments Cards Online
virtual credit card
An e-payment system in which a credit card
issuer gives a special transaction number that
can be used online in place of regular credit
card numbers


Stored-Value Cards
A stored-value card can be an elaborate smart card or a simple
plastic card with a magnetic strip that records the currency
balance.

A smart card is better suited for Internet payment transactions
because it has limited processing capability.
6/23/2014 36
Smart Cards
Plastic card containing an embedded
microchip
Available for over 10 years
So far not successful in U.S., but popular in
Europe, Australia, and Japan
Smart cards gradually reappearing in U.S.;
success depends on:
Critical mass of smart cards that support
applications
Compatibility between smart cards, card-reader
devices, and applications
6/23/2014 37
Smart Card Applications
Ticketless travel
Seoul bus system: 4M cards, 1B transactions since 1996
Planned the SF Bay Area system
Authentication, ID
Medical records
Ecash
Store loyalty programs
Personal profiles
Government
Licenses
Mall parking
. . .
6/23/2014 38
Advantages and Disadvantages of Smart
Cards
Advantages:
1. Atomic, debt-free transactions
2. Feasible for very small transactions (information commerce)
3. (Potentially) anonymous
4. Security of physical storage
5. (Potentially) currency-neutral
Disadvantages:
1. Low maximum transaction limit (not suitable for B2B or most B2C)
2. High Infrastructure costs (not suitable for C2C)
3. Single physical point of failure (the card)
4. Not (yet) widely used

6/23/2014 39
Mondex Smart Card
Holds and dispenses electronic cash (Smart-card based, stored-value
card)
Developed by MasterCard International
Requires specific card reader, called Mondex terminal, for merchant
or customer to use card over Internet
Supports micropayments as small as 3c and works both online and
off-line at stores or over the telephone
Secret chip-to-chip transfer protocol
Value is not in strings alone; must be on Mondex card
Loaded through ATM
ATM does not know transfer protocol; connects with
secure device at bank
6/23/2014 40
Mondex Smart Card Processing
6/23/2014 41
Mondex transaction
Here's what happens "behind the scenes" during a Mondex
transaction between a consumer and merchant. Placing the card in a
Mondex terminal starts the transaction process:
1. Information from the customer's chip is validated by the merchant's chip.
Similarly, the merchant's card is validated by the customer's card.
2. The merchant's card requests payment and transmits a "digital signature"
with the request. Both cards check the authenticity of each other's
message. The customer's card checks the digital signature and, if
satisfied, sends acknowledgement, again with a digital signature.
3. Only after the purchase amount has been deducted from the customer's
card is the value added to the merchant's card. The digital signature from
this card is checked by the customer's card and if confirmed, the
transaction is complete.

6/23/2014 42
Mondex Smart Card
Disadvantages
Card carries real cash in electronic form, creating the possibility of
theft
No deferred payment as with credit cards -cash is dispensed
immediately
Security
Active and dormant security software
Security methods constantly changing
ITSEC E6 level (military)
VTP (Value Transfer Protocol)
Globally unique card numbers
Globally unique transaction numbers
Challenge-response user identification
Digital signatures
MULTOS operating system
firewalls on the chip


Smart Cards
smart card
An electronic card containing an embedded microchip
that enables predefined operations or the addition,
deletion, or manipulation of information on the card

Smart Cards
Types of Smart Cards

contact card
A smart card containing a small gold plate on the face that when
inserted in a smart card reader makes contact and passes data
to and from the embedded microchip

contactless (proximity) card
A smart card with an embedded antenna, by means of which
data and applications are passed to and from a card reader unit
or other device without contact between the card and the card
reader

Smart Cards
smart card reader
Activates and reads the contents of the chip on a
smart card, usually passing the information on to a
host system

smart card operating system
Special system that handles file management,
security, input/output (I/O), and command execution
and provides an application programming interface
(API) for a smart card
Smart Cards
Securing Smart Cards
Smart cards store or provide access to either
valuable assets or to sensitive information
Because of this, they must be secured against theft,
fraud, or misuse
The possibility of hacking into a smart card is
classified as a class 3 attack, which means that the
cost of compromising the card far exceeds the
benefits
E-Cards (cont.)
Optical memory cards
Stores 4MB of data; once written, data cannot be changed or
removed
Ideal for keeping records (medical files)
Require expensive card readers
Categorize smart cards by how they store data
Contact cardinsert in smart card reader
Contactless cardembedded antenna read by another
antenna (mass-transit applications)
E-Cards (cont.)
Smart cards are computer devices and require:
Chip with an operating system to run applications
Programming language to write applications
Multipurpose cards use new operating systems
MultOS
JavaCard
Microsoft windows for smart cards
Figure 14-8
Smart Card Image
Embedded
chip
Source: Visa.
Smart Cards
Applications of Smart Cards
Retail Purchases
e-purse
Smart card application that loads money from a card
holders bank account onto the smart cards chip
Common Electronic Purse Specification (CEPS)
Standards governing the operation and interoperability
of e-purse offerings
Transit Fares
E-Identification
Smart Cards
Applications of Smart Cards
Transit Fares
To eliminate the inconvenience of multiple types of tickets used
in public transportation, most major transit operators in the
United States are implementing smart card fare-ticketing
systems

E-Identification
Because they have the capability to store personal information,
including pictures, biometric identifiers, digital signatures, and
private security keys, smart cards are being used in a variety of
identification, access control, and authentication applications

Electronic Cheques
Leverages the check payments system, a core
competency of the banking industry.
Fits within current business practices
Works like a paper check does but in pure
electronic form, with fewer manual steps.
Can be used by all bank customers who have
checking accounts
Different from Electronic fund transfers
How does echeck work?
Exactly same way as paper
Check writer "writes" the echeck using one of
many types of electronic devices
Gives" the echeck to the payee electronically.
Payee "deposits" echeck, receives credit,
Payee's bank "clears" the echeck to the
paying bank.
Paying bank validates the echeck and
"charges" the check writer's account for the
check.
E-Checking
Electronic checkbook
Counterpart of electronic wallet
To be integrated with the accounting information
system of business buyers and with the payment
server of sellers
To save the electronic invoice and receipt of
payment in the buyers and sellers computers for
future retrieval
Example : SafeCheck
Used mainly in B2B
Figure 14-14
Digital of Signatures in E-Check
Processing
Source: Anderson (1998).
E-Checking (cont.)
Treasury Department expects e-checks to:
Enhance security through use of public key
cryptography
Push a payment to the payee and not pull funds
from general account of the U.S.
Leverage Internet for its strength as ubiquitous
communication vehicle
Increase payment choices for U.S. Treasury payees
E-Checking
Benefits of e-check processing:
It reduces the merchants administrative costs by
providing faster and less paper-intensive collection of
funds
It improves the efficiency of the deposit process for
merchants and financial institutions
It speeds the checkout process for consumers
It provides consumers with more information about
their purchases on their account statements
It reduces the float period and the number of checks
that bounce because of insufficient funds (NSFs)

Exhibit 12.3 Processing E-Checks with
Authorize. Net




Overview of NetBill:

- NetBill is a dependable, secure and economical payment method for
purchasing digital goods and services through the Internet.

- NetBill protocol is developed by Carnegie Mellon University.

- In partnership with Visa International and Mellon Bank, the first trial
of the system was installed in early 1996.

Major goals of NetBill:

- Support high transaction volumes at low cost
- Provide authentication, privacy, and security for transactions

- Provide account management and administration for consumers and
merchants
Electronic Check Payment System: NetBill
Electronic Check Payment Process: NetBill
NetBill
Server
Customer Merchant
Bank
Network
Electronic Check Payment System: NetBill
1. Consumers application send a price quote request to the merchants application
through a checkbook library.
2. Merchants application sends back the price quote the consumers application.
3. Consumer accepts the price quote, and then sends a purchase request through the
Checkbook library.
4. Merchants application sends to the consumers Checkbook encrypted in a one-time
key.
5.Consumer sends a electronic payment order (EPO) to merchants application.
6. The merchants application sends the endorsed EPO to the NetBill server.
7. NetBill server verifies that the consumer and merchant signatures are valid. Then,
return the merchant a digitally signed receipt with a decryption key.
8. The merchants application forward the NetBill servers receipt to the Check book.
NetBill
Server
Customer Merchant 1
2
3
4
8
6
7 5
Electronic Check Payment System: NetBill
NetBill Archecture: (Source: NetBill 1994
Prototype)
Consumer
Application

Checkbook
Merchant
Application

Till
User Admin.
Server
Transaction
Server
Security
Server
System Admin.
Server
Payment &
Collection Server
DB
Electronic Check Payment System: NetBill
Major features of NetBill:

- Certified delivery: delivering encrypted information goods and then
charging against the consumers NetBill account. Then, decryption
key registration are used at both the merchants application and the
NetBill server.

- Scalability: the bottleneck in the NetBill model is the NetBill Server
which supports many different merchants.

- Support for flexible pricing: by including the steps of offer and
acceptance. The merchant can calculate a customized quote for
individual consumer.

- Protection of consumer accounts against unscrupulous merchants in
a conventional credit card transaction.
Electronic Check Payment System: NetBill
Security Mechanisms of NetBill:

- Create a NetBill account for each consumer by using a unique user
ID and the RSA public key.

- the key pair is certified by NetBill and is used for signatures and
authentication in the system.

-These signatures are used to check the elements of NetBill
transactions (the price quote, the acceptance, etc) really came from
the right parties.

- NetBill uses symmetric cryptogrphy method for message
authentication and encryption and decryption.
- Objectives: ---> Micro-payment situations:

Although micro-payment systems share the similar requirements of other
payment systems, they focus on special markets, where:
- Low-value transactions involved less than the value of smallest coin.
- Non-tangible and network-deliverable merchandise
examples: archived magazines, journals, CD, software,

- Special requirements:

- Fast and low cost payment transactions.
- Very small amount of value
- Reduced the number of involved parties
- High scalable

The issues of other payment systems:
- Account-based systems have high transaction costs.
- Transaction speed in electronic checking systems is slow.
- Electronic money systems involve more parties, have low transaction
speed, and cause poor scalability.
Micro-Payment Systems
- Objectives: ---> Micro-payment situations:

Although micro-payment systems share the similar requirements of other
payment systems, they focus on special markets, where:
- Low-value transactions involved less than the value of smallest coin.
- Non-tangible and network-deliverable merchandise
examples: archived magazines, journals, CD, software,

- Special requirements:

- Fast and low cost payment transactions.
- Very small amount of value
- Reduced the number of involved parties
- High scalable

The issues of other payment systems:
- Account-based systems have high transaction costs.
- Transaction speed in electronic checking systems is slow.
- Electronic money systems involve more parties, have low transaction
speed, and cause poor scalability.
Micro-Payment Protocols
Micro-payment Protocols:

- Millicent, developed by Digital Equipment Corp. in 1995.
- SubScrip, developed at the University of Newcastle,
Australia.
- PayWord, developed by Ron Rivest (MIT) and Adi Shamir.
- MicroMint, developed by Ron Rivest and Adi Shamir.
- iKP micropayment protocol

Micro-payment systems do not available in conventional commerce.
They open many new areas of business.

Examples:
- Millicent payment system
- Micro Payment Transfer Protocol (MPTP) based on
PayWord.
Micro-Payment Protocols and Systems
- Important features of Micro-payment protocols and
systems:

- Simplified verification
- Simple security mechanisms
- Very low cost transactions
- Very fast speed
- Simplified architecture

- Major factors on transaction costs:

- Payment methods
- Complexity of security mechanisms
- The number of involved parties
- Transaction model (on-line/off-line)
Micro-Payment Systems
Overview of Millicent:

Millicent payment protocol is designed for low-amount transactions over the
Internet.
It is developed by Digital

- Support low-cost, secured transactions (less than one cent)
- Use non-expensive symmetric crytographic algorithms
- Use scrip as digital cash for customers to make purchases from vendors
- Provide decentralized validation of electronic cash at the vendors server
- Provide no additional communications, off-line processing.

Business market: electronic publishing, software and game industries.

Performance: 14,000 pieces of Scrip can be produced per second.
8,000 payments can be validated per second, with change Scrip being
produced.

A public trial of the Millicent system was scheduled for the summer of 1997.
Micro-Payment Protocol: Millicent
MilliCent model:

MilliCent protocols use a form of electronic currency called Scrip to connect three
involved parties:
- vendors, customers, and brokers.

Scrip is vendor specific.

A Millicent broker:
--> medicate between vendors and customers to simplify the tasks they perform.
--> aggregate micro-payments
--> sell vendor Scrip to customers
--> handle the real money in the Millicent system.
--> maintain customer accounts and vendors (subScription services)
--> buy and produce large chunks of vendor Scrips (for licensed vendors)

Vendors: --> are merchants selling low-value services or information to customers

Customers: --> buy broker Scrip with real money from selected brokers.
--> use the vendor Scrips to make purchases.
Micro-Payment Protocol: MilliCent
3
1. Customer sends broker-
scripts.

2. Customer gets dealer-
script.

3. Customer send dealer-
scripts.
Broker
Customer
Dealer
Micro-Payment Protocol: MilliCent
1
2
Internet
Electronic Cash
Electronic cash is a general term that describes the
attempts of several companies to create a value storage
and exchange system that operates online in much the
same way that government-issued currency operates in
the physical world.

Concerns about electronic payment methods include:
Privacy
Security
Independence
Portability
Convenience
How Electronic Cash Works
To establish electronic cash, a consumer goes in person
to open an account with a bank.

The consumer uses a digital certificate to access the bank
through the Internet to make a purchase.

Consumers can spend their electronic cash at sites that
accept electronic cash for payment.

The electronic cash must be protected from both theft and
alteration.
Providing Security for Electronic Cash
To prevent double spending, the main security feature is the
threat of prosecution.

A complicated two-part lock provides anonymous security that
also signals when someone is attempting to double spend
cash.

One way to trace electronic cash is to attach a serial number to
each electronic cash transaction.
Providing Security for Electronic Cash
6/23/2014
Electronic Cash -- Idea 1
Bank issues character strings containing:
denomination
serial number
bank ID + encryption of the above
First person to return string to bank gets the money
PROBLEMS:
Cant use offline. Must verify money not yet spent.
Not anonymous. Bank can record serial number.
Sophisticated transaction processing system required
with locking to prevent double spending.



6/23/2014
eCash (Formerly DigiCash)
Withdrawal
(Minting):
Spending:
Personal
Transfer:
ALICE BUYS DIGITAL
COINS FROM A BANK
ALICE SEND UNSIGNED
BLINDED COINS TO THE BANK
BANK SIGNS COINS, SENDS THEM BACK. ALICE UNBLINDS THEM
ALICE PAYS BOB BOB VERIFIES COINS
NOT SPENT
ALICE TRANSFERS COINS TO CINDY
CINDY VERIFIES COINS
NOT SPENT
BOB DEPOSITS
CINDY GETS COINS BACK
WALLET
SOFTWARE
6/23/2014
Minting eCash
Alice requests coins from the bank where she has an
account
Alice sends the bank
{ { blinded coins, denominations }Sig
Alice
}PK
Bank

Bank knows they came from Alice and have not been
altered (digital signature)
The message is secret (only Bank can decode it)
Bank knows Alices account number
Bank deducts the total amount from Alices account
6/23/2014
Minting eCash, cont.
Bank now must produce signed coins for Alice
Each of Alices blinded coins has a serial#
Banks public key for $5 coins is (e5, m5) (exponent
and modulus). Private key is d5.
Alice selects blinding factor r
Alice blinds serial# by multiplying by r
e5
(mod m5)
(serial# r
e5
) (mod m5)
Banks signs the coin with its private d5 key:
(serial# r
e5
)
d5
(mod m5) = (serial#)
d5
r (mod m5)
Alice divides out the blinding factor r. Whats left is
(serial#)
d5
(mod m5) = { serial# } SK
Bank5

Just as if bank signed serial#. But Bank doesnt know serial#.

e5 d5 = 1 (mod m5)
6/23/2014
Spending eCash
Alice orders goods from Bob
Bobs server requests coins from Alices wallet:
payreq = { currency, amount, timestamp,
merchant_bankID, merchant_accID, description }
Alice approves the request. Her wallet sends:
payment = { payment_info, {coins,
H(payment_info)}PK
merchant_bank
}

payment_info = { Alices_bank_ID, amount, currency,
ncoins, timestamp, merchant_ID, H(description),
H(payer_code) }
6/23/2014
Depositing eCash
Bob receives the payment message, forwards it to
the bank for deposit by sending
deposit = { { payment }Sig
Bob
}PK
Bank

Bank decrypts the message using SK
Bank
.
Bank examines payment info to obtain serial# and
verify that the coin has not been spent
Bank credits Bobs account and sends Bob a deposit
receipt:
deposit_ack = { deposit_data, amount }Sig
Bank



6/23/2014
Proving an eCash Payment
Alice generates payer-code before paying Bob
A hash of the payer_code is included in payment_info
Bob cannot tamper with H(payer_code) since
payment_info is encrypted with the banks public key
The merchants bank records H(payer_code) along
with the deposit
If Bob denies being paid, Alice can reveal her
payer_code to the bank
Otherwise, Alice is anonymous; Bob is not.
6/23/2014
Lost eCash
Ecash can be lost. Disk crashes, passwords
forgotten, numbers written on paper are lost.
Alice sends a message to the bank that coins have
been lost
Banks re-sends Alice her last n batches of blinded
coins (n = 16)
If Alice still has the blinding factor, she can unblind
Alice deposits all the coins bank in the bank. (The
ones that were spent will be rejected.)
Alice now withdraws new coins
eCash demo
6/23/2014 84
E-cash Concept
Merchant
Consumer
Bank
1
2
3
4
5
1. Consumer buys e-cash from Bank
2. Bank sends e-cash bits to consumer (after
charging that amount plus fee)
3. Consumer sends e-cash to merchant
4. Merchant checks with Bank that e-cash
is valid (check for forgery or fraud)
5. Bank verifies that e-cash is valid
6. Parties complete transaction: e.g., merchant
present e-cash to issuing back for deposit
once goods or services are delivered

Consumer still has (invalid) e-cash

6/23/2014 85
Electronic Cash Security
Complex cryptographic algorithms prevent double
spending
Anonymity is preserved unless double spending is
attempted
Serial numbers can allow tracing to prevent
money laundering
Does not prevent double spending, since the merchant
or consumer could be at fault
Anonymous payments
1. Withdraw money:
cyrpographically encoded
tokens
2. Transform so merchant can check validity

but identity hidden
3. Send token after adding
merchants identity
4. Check validity and send goods
5. Deposit token at bank.
If double spent reveal
identity and notify police
customer
merchant
Problems with the protocol
Not money atomic: if crash after 3, money lost
if money actually sent to merchant: returning to bank will
alert police
if money not sent: not sending will lead to loss
High cost of cryptographic transformations: not
suitable for micropayments
Examples: Digicash
6/23/2014 88
Electronic Cash
Primary advantage is with purchase of items
less than $10
Credit card transaction fees make small
purchases unprofitable
Micropayments
Payments for items costing less than $1




6/23/2014 89
Past and Present E-cash Systems
CyberCash
Combines features from cash and checks
Offers credit card, micropayment, and check payment services
Connects merchants directly with credit card processors to provide
authorizations for transactions in real time
No delays in processing prevent insufficient e-cash to pay for
the transaction
CyberCoins
Stored in CyberCash wallet, a software storage mechanism located
on customers computer
Used to make purchases between .25c and $10
PayNow -- payments made directly from checking accounts

6/23/2014 90
Past and Present E-cash Systems
DigiCash
Trailblazer in e-cash
Allowed customers to purchase goods and services using
anonymous electronic cash
Recently entered Chapter 11 reorganization
Coin.Net
Electronic tokens stored on a customers computer is used to make
purchases
Works by installing special plug-in to a customers web browser
Merchants do not need special software to accept eCoins.
eCoin server prevents double-spending and traces transactions,
but consumer is anonymous to merchant

Advantages of Electronic Cash
Electronic cash transactions are more efficient and less costly
than other methods.

The distance that an electronic transaction must travel does not
affect cost.

The fixed cost of hardware to handle electronic cash is nearly
zero.

Electronic cash does not require that one party have any
special authorization.
Disadvantages of Electronic Cash
Electronic cash provides no audit trail.

Because true electronic cash is not traceable, money
laundering is a problem.

Electronic cash is susceptible to forgery.

So far, electronic cash is a commercial flop.
Electronic Wallets
An electronic wallet serves a function similar to a physical
wallet; it
holds credit cards, electronic cash, owner identification,
and owner contact information
provides owner contact information at an electronic
commerce sites checkout counter

Some electronic wallets contain an address book.
Electronic Wallets (cont.)
Electronic wallets make shopping more efficient.

Electronic wallets fall into two categories based on where they
are stored:
Server-side electronic wallet
Client-side electronic wallet
Electronic Wallets (cont.)
Electronic wallets store shipping and billing information,
including a consumers first and last names, street address,
city, state, country, and zip or postal code.

Electronic wallets automatically enter required information into
checkout forms.
6/23/2014 96
An Electronic Checkout Counter Form
6/23/2014 97
Electronic Wallets
Agile Wallet
Developed by CyberCash
Allows customers to enter credit card and identifying information
once, stored on a central server
Information pops up in supported merchants payment pages,
allowing one-click payment
Does not support smart cards or CyberCash, but company expects
to soon
eWallet
Developed by Launchpad Technologies
Free wallet software that stores credit card and personal
information on users computer, not on a central server; info is
dragged into payment form from eWallet
Information is encrypted and password protected
Works with Netscape and Internet Explorer


6/23/2014 98
Electronic Wallets
Microsoft Wallet
Comes pre-installed in Internet Explorer 4.0, but not in
Netscape
All information is encrypted and password protected
Microsoft Wallet Merchant directory shows merchants
setup to accept Microsoft Wallet
6/23/2014 99
Entering Information Into Microsoft Wallet
6/23/2014 100
W3C Proposed Standard for Electronic
Wallets
World Wide Web Consortium (W3C) is attempting to create an
extensible and interoperable method of embedding
micropayment information on a web page
Extensible systems allow improvement of the system without
eliminating previous work
Merchants must accept several payment options to insure the
widest possible Internet audience
Merchants must embed in their Web page payment information
specific to each payment system
This redundancy spurred W3C to develop common standards for
Web page markup for all payment systems
Must move quickly to prevent current methods from becoming
entrenched
6/23/2014 101
The ECML Standard
Electronic Commerce Modeling Language
(ECML) proposed standards for electronic wallets
Companies forming the consortium are America
Online, IBM, Microsoft, Visa, and MasterCard
Ultimate goal is for all commerce sites to accept ECML
Unclear how this standard will incorporate privacy
standards W3C set forth
Electronic Commerce Modeling Language (ECML)
Wallet/Merchant Standards Initiative, July 1999

6/23/2014 102
ECML - Wallet/Merchant Standard
Creating a standard approach for the exchange of information will
enhance the ability for digital wallets to be used at all merchant sites
and therefore facilitate the growth of e-commerce
ECML is a universal, open standard for digital wallets and online
merchants that facilitates the seamless exchange of payment and order
information to support online purchase transactions
Uniform field names only to start; will evolve over time
The ECML Alliance today:
America Online, American Express, Brodia (formerly Transactor Networks),
Compaq, CyberCash, Discover, Financial Services Technology Consortium
(FSTC), IBM, MasterCard, Microsoft, Novell, SETCo, Sun Microsystems,
Trintech, and Visa
ECML is designed to be security protocol independent, support global
implementations, and support any payment instrument
ECML does not change the look and feel of a merchants site
Microsoft .NET Passport
Microsoft Passport Wallet comes preinstalled in Internet
Explorer 4.0 and higher versions.

All the personal data you enter into your Microsoft Passport,
including; your name, address, and credit card information, are
encrypted and password-protected.

Passport consists of four integrated services: Passport single
sign-in service, Passport Wallet Service, Kids Passport service,
and public profiles.
The W3C Proposed Standard
The W3C Electronic Commerce Interest
Group (ECIG) developed a set of standards called the the
Common Markup for Micropayment Per-Fee-Links.

This standard identifies existing system micropayment types of
online connections, stored-value systems, and combined
online-offline systems.
6/23/2014 105
Q&A
Thank You.