1 / 10

A New Efficient Micropayment Scheme Against Overspanding

A New Efficient Micropayment Scheme Against Overspanding. Outline. Introduction PayWord Scheme New Scheme Example Performance Analysis Comments. Introduction. Types On-line system Protect customers from Double Spending & Overspending Ex. Millicent. Off-line system More efficient

gotzon
Download Presentation

A New Efficient Micropayment Scheme Against Overspanding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A New Efficient Micropayment Scheme Against Overspanding

  2. Outline • Introduction • PayWord Scheme • New Scheme • Example • Performance Analysis • Comments

  3. Introduction • Types • On-line system • Protect customers from Double Spending & Overspending • Ex. Millicent. • Off-line system • More efficient • Ex. PayWord • Adachi et al.(2003) • Customer certificate abuse attack => Cannot prevent double spending & Overspending • New scheme • Based on probabilistic polling • Loss shared by bank and merchant

  4. Adachi et al. scheme • Title: The Security Problems of Rivest and Shamir's PayWord Scheme • Authors: Adachi, N., Aoki, S., Komano, Y. and Ohta, K. • Source: IEEE International Conference on E-Commerce, 2003(CEC 2003), 24-27 June 2003, Pages: 20 – 23 • When a customer exceeds his credit • Bank take full charge • Bank and shop share the damage • Attacks: • Customer certificate abuse attack • Use the same cetificate at another shop and exceed the credit • Bank falsification attack • Bank damage the shops

  5. PayWord Scheme Bank(B) Customer(C) Store(S) 1.Request E: Expired dateInfo: Information 2.CC={IB,IC,AddrC,PKC,E,Info}SKB 3.Verify CC 4. Random wnw0=hn(wn) wi-1=h(wi) 5.M={IS,CC,w0,D,n}SKC 6.Verify M,CC 7.Order, (i,wi) 8. hi(wi)?=w0 9.Goods/Service 10. (i,wi),M 11.Verify M,CC 12.Update DB ※ Payword n: {w0,w1, w2, …, wn}

  6. New Scheme(1/3) Stage Customer(C) Bank(B) MC =10: Credit limitXC =0: Counter of polling messageLC ={.}: Merchants records Bank Initialization PC={MC ,XC ,LC}={10,0,{.}} Registration CertC={IDB,IDC,AC,PKC,Expiry,Add}SKB Withdraw Order Request fC=K/MC=5/10 =0.2 Random wnw0=Hn(wn)wi-1=H(wi) CertC={IDB,IDC,AC,PKC,Expiry,fC}SKB K=2: Expect # of polling (eg.2-10)T=5: Threshold value for suspecting (eg.5-30)

  7. New Scheme(2/3) VC=4: Dollar value of the payment Stage Bank(B) Customer(C) Merchant(M) Commit={IDM,CertC,w0,VC,Expiry,Add}SKC Payment VC×fC >1 Halt VerifyLC← M Commit VC×fC≦1 Acknowledgement IF XC<T=5 Otherwise Accept Broadcast to LC Halt (i,wi) w0=hi(wi) IDC,VC XC=XC+1 Based on p=VC×fC=VC×K/MC=4×0.2≦1 Acknowledgement IF XC<T Otherwise Accept Broadcast to LC Halt Goods/Service

  8. New Scheme(3/3) Stage Bank(B) Customer(C) Merchant(M) (i,wi),Commit Deposit Compute ZCper day IF ZC>MCTHEN Freeze C’s account Loss shared by B and Mall LC: MC×XM/XC ZC: Total value of the payments of C on a day XM: The number of M report

  9. Performance Analysis • Security • No Forgery & Invalid spending => RSA cryptography & H() • Overspending => Probabilistic polling • Fairness • Bank shares loss with merchant • More fair than PayWord • Efficiency • Modest increase communication overhead • Computational cost almost the same as PayWord • Restricted Anonymity • IDC is not the real identity => M cannot determine

  10. Comments • 結合 On-line & Off-line system的優點 • 利用機率來進行 on-line check • Performance問題 • Polling • Broadcast to LC • Bank 須紀錄LC(Store List)

More Related