MICROSOFT.NET BASED NETPAY

MICRO-PAYMENT SYSTEM FOR MOBILE AND

INTERNET USERS

By

Edwin Sachin Singh

A thesis submitted in partial fulfillment of the

requirements for the degree of

Master of Science

Copyright © 2011 by Edwin Sachin Singh

School of Computing, Information and

Mathematical Sciences

Faculty of Science, Technology and Environment

University of the South Pacific

August, 2011

Declaration

I, Edwin Sachin Singh, declare that this thesis is my own work and that, to the best of

my knowledge, it contains no material previously published, or substantially

overlapping with material submitted for the award of any other degree at any

institution, except where due acknowledgements is made in the text.

Signature ……………………..................... Date……10/05/2011…………………

Name……Edwin Sachin Singh………..…………………………………………….

Student ID……S11010969……………………………………………..……………

The research in this thesis was performed under my supervision and to my knowledge

is the sole work of Mr. Edwin Sachin Singh.

Signature……………………………………..Date…….10/05/2011……….………

Name….Dr. Sharlene Xiaoling Dai…………………………………………….……

Designation……Senior Lecturer......………………………………………………..

i

Acknowledgement

I am heartily thankful to my supervisor, Dr. Xiaoling Dai, whose supervision,

encouragement, guidance and support from the initial to the final level enabled me to

successfully complete this thesis. Secondly, I am thankful to my wife and parents for

their motivation and support.

Lastly, I offer my regards and blessings to all of those who supported me in any

aspect during the completion of this write-up.

Edwin Singh

ii

AbstractMicro-payment systems are becoming an important part of M-Commerce world. Due

to the invention of new and cheaper wireless technologies such as mobile phones,

PDAs and other handheld devices, the number of people adapting to wireless

communication are increasing significantly. To make micro-payment accessible by

every individual we describe the prototype architecture of Mobile and Electronic

Commerce (M&E) Netpay systems on the Microsoft.NET platform for interconnect

broker and vendors systems using Web Services. This is an offline, debit based

protocol that provides a secure, flexible, usable and reliable credit service over the

internet ensuring fair participation by all parties. The main features of M&E-NetPay

protocol are interoperability and mobility. We presented an object oriented design and

describe the prototype implementation of M&E-NetPay for ringtone and wallpaper

sites. The architecture of the .NET framework application development is also

described. We have carried out an assessment of most recent CORBA based off-line

micro-payment model using light-weight hashing-based encryption with the .NET

based M&E-Netpay micro-payment system. We reported on the design of our

experiment and results of end user evaluation. We discussed the advantages of our

model compared to the CORBA based micropayment system. We set up the heuristic

evaluation performed by a set of evaluators and presented directions for research

aiming to improve the overall satisfaction and efficiency of our model for mobile and

internet users. The evaluation users were satisfied with the use of .NET based M&E-

Netpay. The recommendations of heuristic evaluators were implemented. Performance

impact and usability evaluation also favored M&E-Netpay system.

iii

Table of ContentsAbstract ................................................................................................................................................ ii List of Publication(s) from the thesis ........................................................................................ viii Chapter 1: Introduction .................................................................................................................... 1

1.1 Motivation ............................................................................................................................... 1

1.2 Our Research .......................................................................................................................... 3

1.3 Thesis Outline ........................................................................................................................ 4

Chapter 2: Background and Prior Work ...................................................................................... 5

2.1 Overview ................................................................................................................................. 5

2.2 Main properties of M&E Micro-payment system ......................................................... 6

2.2.1 Security ............................................................................................................................ 6

2.2.2 Privacy/Anonymity ...................................................................................................... 6

2.2.3 Validation (online/offline) and communication load ........................................... 7

2.2.4 Ease of use ...................................................................................................................... 7

2.2.5 Transferability ................................................................................................................ 7

2.2.6 Scalability ....................................................................................................................... 7

2.2.7 Interoperability .............................................................................................................. 7

2.3 Existing Micro-payment systems ...................................................................................... 8

2.3.1 Online vs. Offline operation ....................................................................................... 8

2.3.2 CORBA vs. Web Service ............................................................................................ 8

2.4 Cryptography Technologies ............................................................................................. 10

2.4.1 Secret key (or symmetric) Cryptography .............................................................. 10

2.4.2 Public-Key (or asymmetric) Cryptography .......................................................... 11

2.4.3 Cryptographic Hash Function .................................................................................. 11

2.5 Micro-payment models in (M&E) commerce ............................................................. 12

2.5.1 MPS ................................................................................................................................ 12

2.5.2 CMP ............................................................................................................................... 15

2.5.3 NetPay ............................................................................................................................ 18

2.5.4 Payment model comparison ..................................................................................... 19

2.6 Other Web Technologies ................................................................................................... 24

2.6.1 .NET Framework Architecture ................................................................................ 24

2.6.2 Web Services................................................................................................................ 25

2.6.3 ASP.NET ...................................................................................................................... 27

2.6.4 Active Server Pages (ASP) ....................................................................................... 27

2.7 Summary ............................................................................................................................... 28

iv

Chapter 3: M&E-NetPay Protocol and System Requirements ............................................ 29

3.1 M&E-NetPay Protocol ....................................................................................................... 30

3.2 Payment System Comparison .......................................................................................... 35

3.3 M&E User Requirements and Use Cases ..................................................................... 38

3.3.1 Use Case Diagram ...................................................................................................... 40

3.3.2 Use Case Descriptions ............................................................................................... 41

3.4 Non-functional Requirements .......................................................................................... 47

3.5 M&E-NetPay OOA Modelling ........................................................................................ 48

3.5.1 Class Modelling ........................................................................................................... 48

3.5.2 Sequence Modelling ................................................................................................... 51

3.6 Summary ............................................................................................................................... 57

Chapter 4: M&E-NetPay Architecture and Design ................................................................ 58

4.1 M&E-NetPay Software Architecture ............................................................................. 58

4.2 M&E-NetPay Software Deployment Architecture ..................................................... 61

4.3 M&E-NetPay Object Oriented Design .......................................................................... 62

4.3.1 Static System Design ................................................................................................. 62

4.3.1.1 M&E-NetPay E-wallet ...................................................................................... 62

4.3.1.2 M&E-NetPay ....................................................................................................... 64

4.3.1.3 Broker OOD class diagram .............................................................................. 65

4.3.1.3.2 Buy E-coin Objects .................................................................................... 68

4.3.1.3.3 Redeem e-coins Objects ........................................................................... 70

4.3.1.4 M&E-Vendor OOD diagram ........................................................................... 71

4.3.1.4.1 Transfer T&I Objects ................................................................................ 71

4.3.1.4.2 Search Wallpaper Objects ........................................................................ 73

4.3.1.4.4 Redeem Spending ....................................................................................... 75

4.3.2 Dynamic System Design ........................................................................................... 77

4.3.2.1 Buy e-coins ........................................................................................................... 78

4.3.2.2 Download File ..................................................................................................... 79

4.3.2.3 Redeem Spending ............................................................................................... 80

4.4 Database Design .................................................................................................................. 81

4.4.1 Broker database ........................................................................................................... 81

4.4.2 Vendor Databases ....................................................................................................... 82

4.4.2.1 Wallpaper Database ....................................................................................... 82

4.5 M&E NetPay Implementation ......................................................................................... 85

4.5.1 Broker ............................................................................................................................ 85

4.5.2 Vendor ........................................................................................................................... 87

v

4.5.3 Customer (M&E User) .............................................................................................. 88

4.6 Implementation and Experience ...................................................................................... 88

4.7 Summary ............................................................................................................................... 89

Chapter 5: Evaluation .................................................................................................................... 90

5.1 Motivation ............................................................................................................................. 90

5.2 Performance Impact Evaluation ...................................................................................... 91

5.2.1 Procedure ...................................................................................................................... 91

5.2.2 Results ............................................................................................................................ 92

5.3 Heuristic Evaluation ........................................................................................................... 94

5.3.1 Design ............................................................................................................................ 95

5.3.2 Results ............................................................................................................................ 96

5.4 Usability Evaluation ........................................................................................................... 98

5.4.1 Design .......................................................................................................................... 100

5.4.2 Results .......................................................................................................................... 101

5.5 Summary ............................................................................................................................. 102

Chapter 6: Conclusion and Future work ................................................................................. 103

6.1 Contributions ...................................................................................................................... 103

6.2 Conclusion .......................................................................................................................... 105

6.3 Future work ......................................................................................................................... 108

Reference ........................................................................................................................................ 110

Appendix A: Heuristic Evaluation ........................................................................................... 117

Appendix B: Usability Testing .................................................................................................. 128

vi

Figures and Tables

FiguresFigure 2-1 Basic client and server components from interface for Web Services

and CORBA

9

Figure 2-2 Multiparty Payment Scheme model for Ad Hoc Network 15

Figure 2-3 Basic Chaotic Micro-payment Protocol 17

Figure 2-4 NetPay Micro-payment Model 19

Figure 2-5 An overview of .NET architecture 25

Figure 3-1 M&E NetPay interactions 33

Figure 3-2 Basic M&E NetPay interactions 41

Figure 3-3 Example Mobile user registration 42

Figure 3-4 Example of mobile user buying e-coins 44

Figure 3-5 Mobile user downloading ring tone from the vendor site 46

Figure 3-6 M&E-NetPay micro-payment system class diagram 49

Figure 3-7 Register and buy E-coins sequence diagram 52

Figure 3-8 Buy ring tone with vendor1 sequence diagram 53

Figure 3-9 Buy wallpaper with vendor2 sequence diagram 55

Figure 3-10 Redeem E-coins with broker sequence diagram 56

Figure 4-1 Basic Software Application Architecture 60

Figure 4-2: Basic M&E-NetPay Deployment Architecture 61

Figure 4-3 M&E-NetPay e-wallet design feature 64

Figure 4-4 Register class diagram 66

Figure 4-5 Buy e-coin class diagram 68

Figure 4-6 Redeem E-coin class diagram 70

Figure 4-7 Transfer Touchstone and Index class diagram 72

Figure 4-8 Search Wallpaper class diagram 73

Figure 4-9 Download Wallpaper class diagram 75

Figure 4-10 Redeem spending e-coins with broker 76

Figure 4-11 Buy e-coin sequence diagram 78

Figure 4-12 Download wallpaper sequence diagram 79

Figure 4-13 Redeem spending sequence diagram 80

vii

Figure 4-14 Broker System database ERD 81

Figure 4-15 Wallpaper system database ERD 83

Figure 4-16: Ringtone system database ERD 84

Figure 4-17: Code for Web Service references on the broker web application 85

Figure 4-18: M&E users purchasing e-coins from broker 86

Figure 4-19: M&E User spending e-coins at the Ringtone site 87

Figure 5-1 Response delay time of downloading wallpaper 93

Figure 5-2 Usability Test Results on Usability features 101

TablesTable 2-1 Comparison of M&E micro-payment models 22

Table 3-1 Comparison of M&E-NetPay with other micro-payment models 35

Table 3-1 Register Use Case 42

Table 3-3 Buy E-coins Use Case 43

Table 3-4 Debit E-coins Use Case 45

Table 3-5 Redeem E-coins Use Case 46

Table 5-1 Results of Downloading Wallpaper 92

Table 5-2 Results of Searching Wallpapers, Buying and Redeeming E-coins 94

Table 5-3 Details of Heuristic Employed 96

Table 5-4 Severity of heuristic evaluation 96

Table 5-5 Summary of Findings 97

Table 5-6 Guidelines of usability evaluation 99

Table B.1 Results for M&E-NetPay micropayment system 135

Table B.2 Results for CORBA-based NetPay micropayment system 146

viii

List of Publication(s) from the thesis1. Singh, E. and Dai, X.: Web Service-based Netpay Micro-payment System for Mobile

and Internet Users, Proceedings of International Conference on Data Engineering and

Internet Technology (DEIT 2011), 15-17 March 2011, Bali, Indonesia, IEEE

Computer Society Publisher.

1

Chapter 1: Introduction

1.1 Motivation

Mobile commerce is the conduct of business and services over portable, wireless

devices. Due to the astronomical growth of Internet users, maturation of Internet

technologies, realization of Internet’s capabilities, the power of electronic commerce,

and the invention of wireless communication technologies and devices, mobile

commerce has rapidly attained the business vanguard. Similar to electronic

commerce, m-commerce application can be Business-to-Business (B2B) and

Business-to-Consumers (B2C) or any other of the classifications available with e-

commerce world. Since mobile devices are always with the customer no matter

where they travel, the ease to purchase goods and services is always at hand. It is a

more convenient way for customers to purchase goods and services. M-commerce

will not only benefit business to raise their revenue but it will also benefit customers

in terms of time and travel cost.

M-commerce will bring a major service gap in developing countries that is critical to

their social and economic development. For customers it is an opportunity to become

engaged in the formal banking sector, enable high volume, low-cost transaction per

item and eliminate risks associated with the use of cash such as theft. Banks will be

able to provide further services to customers and migrate them upwards to use

banking services. Vendors will have greater sales of goods and services without any

extra cost. Micro-finance institutions (i.e. broker) will act on behalf of a bank to

provide services to customers such as managing their money account and facilitating

micro-payments across multiple vendors. Moreover some of the most common

advantages to businesses and customers include:

� Reachability: access on your demand from anywhere.

� Convenience and accessibility: this is no time and space limitations and people

can access applications during their preferred time.

� Security: use of Security Socket Layer (SSL) to provide personal security,

privacy of communications, and data integrity.

� Localization: merging capabilities and sharing costs between vendors wishing to

'push' or promote mutual services and products.

2

� Instant connectivity: access to applications on demand using multiple

technologies and more network option.

� Personalization: use of existing technology to receive what you want, when and

how you want.

There are many m-commerce scenarios in existence and potential roles of using

wireless devices to access the web is enormous. Therefore, m-commerce demands an

appropriate payment method and in order to allow "pay-per-use or service" of such

content [2]. A suitable micro-payment protocol should provide high-volume, low-

cost transaction per item information from vendors. There are several micro-payment

protocols proposed for electronic payment in mobile commerce in recent years [4, 5,

7, 8, 9]. However some of these proposed schemes are not suitable for multiple

vendors because future mobile systems will involve a large number of users, which

will access a variety of information, services and commodities provided by a range

of content providers. The NetPay micro-payment model and architecture been

developed provides an off-line micro-payment model using light-weight hashing-

based encryption using CORBA interfaces as middleware for interconnect broker

and vendor sites [3]. This prototype is extremely suitable for e-commerce

applications. However, in a mobile environment a client (and possibly the server)

keeps moving which requires dealing with changing network addresses and

unreliable connections. For this kind of scenario, CORBA is not well-suited. The

mobility factor creates some additional constraints because of CORBA’s tight

coupling between clients and servers. We have modified the NetPay software

architecture by replacing CORBA middleware with Web Services.

3

Software architecture defines a structured solution that meets all of the technical and

operational requirements, while minimizing common quality attributes such as

performance, security, manageability, reliability and flexibility. Software architecture

involves a series of decisions on a wide range of factors, and these decisions can a

have significant impact on the quality attributes and the overall success of the

application. Therefore it plays an important role in the system development.

1.2 Our Research

To strengthen the existing NetPay micro-payment protocols, we proposed a new

protocol, named M&E-NetPay that is extended from the existing NetPay protocol

[3]. M&E-NetPay is a secure, cheap, widely available, and debit-based protocol.

M&E-NetPay differs from the previous protocols in the following aspects: M&E-

NetPay is developed on the .NET platform which uses Web Service interfaces as the

middleware. Web Services carry greater advantages than CORBA when developing

mobile applications. Secondly, it caters for a larger number of users as it is available

via web browsers as well as via mobile devices.

We have developed software architecture for M&E-NetPay micro-payment system

which uses Web Service interfaces as the middleware for interconnect broker and

vendor sites for mobile and Internet users. Web Services uses SOAP and simple XML

based protocol to allow broker and vendor applications to exchange information. We

implemented M&E-NetPay on .NET platform for deployment with thin-client vendor

interfaces i.e. HTML and WML-based interfaces for customers. M&E-NetPay is fully

distributed multi-tier system which is deployed over multiple servers to allow minimal

downtime and maximal competence. M&E-NetPay architecture also supports servers

running on different platforms and broker and vendor applications being developed

using different programming languages. We describe a prototype implementation of

M&E-NetPay on .NET framework 4.0 using C# language, Active Server Pages

(ASP.NET) and Web Services.

We have carried out three types of evaluations to validate M&E-NetPay system. We

adopt performance impact and heuristic evaluation methods. Performance impact

evaluation is to determine whether adding M&E-NetPay micro-payment to typical

4

vendor web servers would be viable for large transaction loading in M&E environment

while heuristic evaluation examines the M&E-NetPay interface, and judges its

compliance with recognized usability principles (the “heuristics”). The above two

evaluations does not include users working with the product. We conduct a usability

evaluation to determine whether M&E-NetPay is usable as far as target users are

concerned. A usability evaluation focuses users working with the product.

We have analysed the results from these three evaluation approaches to determine if

(1) M&E-NetPay is more usable, scalable and reliable compared to CORBA-based

NetPay; (2) the performance of M&E-NetPay micro-payment would be acceptable by

mobile and internet users; and (3) that any usability issues with M&E-NetPay can be

identified and addressed as part of an iterative design process.

1.3 Thesis Outline

This thesis focuses on the details of micro-payment systems over the internet and

mobile and their implementations. The structure is as follows.

� Chapter 2 presents the requirements for a .NET based M&E-NetPay micro-

payment system in M&E environment. It also presents previously proposed M&E

micro-payment protocols in detail and discussions on their advantages and

disadvantages.

� Chapter 3 introduces a Web Service-based M&E-NetPay micro-payment

protocol. This chapter contains description, and explanation of the protocol with

illustrations. It compares M&E-NetPay approach with several other micro-

payment protocols.

� Chapter 4 describes Web Service-based M&E-NetPay system designs and

implementations which includes the M&E-NetPay broker and M&E-NetPay

vendors.

� Chapter 5 describes the performance impact evaluation, heuristic evaluation and

usability evaluation of M&E-NetPay prototype.

� Chapter 6 presents a general discussion about M&E-NetPay micro-payments

thereby describes the contributions of this research and providing an outline for

future work.

5

Chapter 2: Background and Prior WorkExisting micro-payment systems are popular and most widely used for e-commerce

today. They provide support for heavy weight credit card and digital cash payments

that are suitable for high-volume, low value transactions. These payment schemes are

based on online, time-of-payment authorization and require the use of heavy weight

encryption technologies. However, Micro-payment systems have the potential to

provide high volume and low value pay-as-you-go transactions for a wide variety of

mobile applications [6].

Several micro-payment schemes are proposed for electronic payment in mobile

commerce such as Mobile-Millicent, MPay, Huang’s Protocol, Token-based

Protocol, Payword and Mobile-NetPay Protocol [1, 34]. CORBA-based NetPay

protocol enhances a more flexible micro-payment scheme that will deploy the broker

(a trusted micro-finance company) to ensure payments are not based on assumption

of continuous connectivity and for real time payment transaction. CORBA-based

NetPay uses a single hash chain that provides high efficiency for payment of low-

value and high frequency transaction in mobile commerce [1]. This chapter will

briefly discuss the effectiveness and efficiency of some M&E micro-payment

protocols and outline some cryptographic primitives required for the understanding

of current payment protocols.

2.1 Overview

Based on the server-side e-wallet NetPay protocol, we propose an adaption to M&E-

NetPay protocol that is suitable for mobile and Internet environments. Our M&E-

NetPay protocol uses touchstones that are signed by the broker and an e-coin index

signed by requesting vendors. The signed touchstone is used by a vendor to verify

the electronic currency – paywords, and signed Index is used to prevent double

spending by M&E users and to resolve disputes between customers and vendors.

M&E-NetPay is a secure, cheap, widely available, and debit-based protocol.

With the invention of new wireless technologies and increase number of mobile and

internet users, mobile commerce became evident. Users are able to purchase goods

6

and services via mobile and internet. However, macro-payment method was not

effective and efficient but very costly. It was not suitable to spend large numbers of

small amounts of money [3]. Later, NetPay micro-payment was introduced with

CORBA interfaces as middleware which resulted into different problems such as

mobility, accessibility and interoperability.

2.2 Main properties of M&E Micro-payment system

We will use some key properties of security, privacy/anonymity, validation

(online/offline), ease of use, transferability, scalability and interoperability to assess

the M&E micro-payment system [1]. The following section briefly describes these

properties.

2.2.1 Security

Security is the single most important service that banks and mobile commerce

providers offer to their customers [14]. Micro-payment security may consist of:

� Authentication - provides ability to determine the validity of a user’s identity via

password or digital signature. Authentication is used on the basis for

authorization (determine whether the access will be granted or non-repudiation

(proving that a party engaged in a transaction is the correct one using digital

signatures.) [15].

� Fast hashing functions – converts set of characters into shorter fixed-length to

represent the actual value. It is used to index and query items from a database as

shorter hashed keys are faster to find. Hashing functions are one-way operation

hence it should not produce the same hash value from two different inputs.

M&E-NetPay uses hash functions to verify the index from the touchstone and

prevent customers from double spending.

2.2.2 Privacy/Anonymity

Refers to the protection of personal and payment information and it also entails the

protection of the identities of the participating parties (broker, vendors and

customers) in a payment protocol especially with respect to customers or mobile

users. Anonymity is a fundamental requirement for privacy aware systems.

7

2.2.3 Validation (online/offline) and communication load

The payment system should be able to process payment without the need for online

contact with the broker for verifying the payment tokens during transaction. Online

validation requires a broker to validate payment token each time a transaction is

made. Hence the frequency of communication between the broker and user increases

transaction cost and communication load.

2.2.4 Ease of use

It is the ability of M&E users to use the system easily without familiarizing with the

M&E user interfaces or involve in any type of authentication at all times.

2.2.5 Transferability

The e-coins used for payments should be transferable between multiple vendors. This

allows the users to use the same e-coins to make payments across multiple vendors.

2.2.6 Scalability

The load of communication and transaction of any entity must not grow to an

unmanageable size. The load should be distributed among the vendors rather than the

broker. Payment system should be able to cater for the rapidly growing number of

users without showing a negative impact on the performance.

2.2.7 Interoperability

Interoperability is the ability of a system to operate in conjunction with other

supporting protocols, hardware, software, application and data layers. Interoperability

minimizes the complexity of software development by reusing components

(components within the system) and performing inter-component (components

between systems) communication. Interoperable systems are language and platform

independent. (i.e. a client application can be programmed in C# and running on

Windows platform, while the Web Service is programmed in Java and running under

Linux).

8

2.3 Existing Micro-payment systems

Micro-payments are financial transaction that involves very small amount of money.

Still today, micro-payments are not very efficiently used. A wide range of micro-

payment protocols are in the literature review and some of them are on commercial

trial. While some companies have extended their businesses to use micro-payment

systems, there are many companies who still have doubts on existing micro-

payments’ performance, scalability, and security.

Currently, the most efficient micro-payment systems are within MMORPGs

(massively multi-player online role-playing games), and Virtual Life Sims (such as

Second Life). These systems use a means of credits that are usually correspondent to

some amount of real money to buy and sell things in the game [18].

2.3.1 Online vs. Offline operation

Payment systems are classified as either online or offline [19]. In an online payment

system, every transaction needs to be authorized by a bank/broker that issues e-coins

in order to prevent double spending by customers. Hence a bottle neck problem is

introduced. A single point of transaction will cause transaction traffic clogging and

delay in payment. Huang [1], Millicent [20], Micro-iKP [21], Digicash [18] and

NetBill [23] are all online systems which require the broker to check all transactions.

Huang, Millicent and Micro-iKP systems downgrades the scalability of the system

and Digicash and NetBill has worse performance but provide better security.

An offline protocol does not rely on a third party to guard against double spending.

Offline protocols are NetPay [23], Mini-pay [27], Payword and MicroMint [9]. Most

of these are credit based since the purchase is made available to the customer and

he/she is debited with the payment. In a credit based system there is no protection

method to prevent customer from double spending or over spending.

2.3.2 CORBA vs. Web Service

We have developed NetPay-based systems for client-server broker, vendor and

customer networks [3, 26]. The broker application server provides a set of CORBA

9

interfaces vendor application servers communicate with to request touchstones and

redeem e-coins [3]. CORBA enables the client to invoke methods on remote objects at

the server independent of the language the objects have been written in, and their

location. The interaction between client and server is mediated by Object Request

Brokers (ORBs) on both a client and a server sides. Problems with this protocol are

that every node of CORBA in the application environment would need to run the same

ORB product. Now there are cases where CORBA ORBs interoperate from different

vendors. However, the interoperability does not extend into higher-level services such

as security and transaction management. Furthermore, any vendor specific

optimizations would be lost in this situation. In addition this protocol depends on a

closely administered environment thus the probability of two random computers being

able to successfully make Distributed Component Object Model (DCOM) or Internet

Inter-ORB Protocol (IIOP) calls are relatively low [27]. Lastly, CORBA is reasonable

protocol for server-to-server communications. However, it has severe weaknesses for

client-to-server communications, especially when client machines are scattered across

the Internet.

Figure 2-1 Basic client and server components from interface for Web Services

and CORBA

A more improved approach is to replace CORBA middleware with Web Services.

Web Services are an emerging distributed middleware technology that uses SOAP and

10

simple XML based protocol to allow applications to exchange data across the web.

Web Services offers new programming model for building distributed applications

using open internet standards. This new technology maneuvers the openness of

specific internet technologies to address many of the interoperability issues of

CORBA. Most Web Services use Hyper Text Transfer Protocol (HTTP) for

transmitting messages. This is a major advantage for building an Internet-scale

application like M&E-NetPay system, since most of the Internet's proxies and firewalls

will not trouble with HTTP traffic unlike CORBA, which usually has trouble with

firewalls.

Moreover, Web Services are platform-independent and language-independent. A

client program can be programmed in C# and running under Windows, while the Web

Service is programmed in Java and running under Linux.

2.4 Cryptography Technologies

Cryptography is the art of secret writing (encryption), reading secret writing

(decryption) and penetrating the secret key writing of others (cryptanalysis) [28]. The

cryptography codes are used to convert data so that only specific recipient will be able

to read it using a key [29].The unencrypted data is referred to as plaintext. The

encrypted data is ciphertext. Some of the specific security requirements of

cryptography include authentication (process of proving once identity),

privacy/confidentiality (ensuring that no one can read the message except the intended

receiver), integrity (assuring the receiver that the received message has not been

altered in any way from the original) and non-repudiation (mechanism to prove that the

sender really sent this message). We briefly outline some cryptography techniques

required for the understanding of some payment protocols. There are, in general, three

types of cryptographic schemes typically used to accomplish these goals: secret key (or

symmetric) cryptography, public-key (or asymmetric) cryptography, and hash

functions [30].

2.4.1 Secret key (or symmetric) Cryptography

Secret key cryptography uses a single key for encryption and decryption. This single

key must be known to both the sender and the receiver. Secret key cryptography

11

schemes are generally categorized as being either stream ciphers or block ciphers. Data

Encryption Standard (DES) is the most common secret key cryptography algorithm

being used today. DES is a block-cipher employing 56 bit key that operates on 64 bit

blocks. The problem with the use of symmetric cryptography is communication

between two parties in a secure network. In order to solve the above problem public

key cryptography are proposed [30].

2.4.2 Public-Key (or asymmetric) Cryptography

In public key cryptography two distinct keys are used: a public key to perform

encryption and a private key to perform decryption [31]. It is a fundamental and widely

used technology, and enables secure transmission of information on the Internet. This

allows anyone to encrypt a message but only individuals with the corresponding

private key to decrypt messages. Public cryptography also overcomes the distribution

problem because only public keys need to be sent over the insecure network; private

keys are maintained locally. Public-key cryptography employs two keys that are

mathematically related although knowledge of one key does not allow someone to

easily determine the other key. One key is used to encrypt the plaintext and the other

key is used to decrypt the ciphertext. It does not matter which key is applied first but

both the keys are required for the process [30].

In Public-key cryptography the keys are designated as public key and can be presented

any way the owner wants. The other key is designated as private key and is never

known to another party. Suppose A wants to send a message to B. A encrypts some

information using B's public key; B decrypts the ciphertext using his/her private key.

This method could be also used to prove who sent a message; A, for example, could

encrypt some plaintext with his/her private key; when B decrypts using A's public key,

he/she knows that A sent the message and A cannot deny having sent the message. The

most common public-key algorithm in use today is RSA algorithm developed by three

MIT mathematicians Ronald Rivest, Adi Shamir, and Leonard Adleman [30].

2.4.3 Cryptographic Hash Function

Cryptographic hash functions are also called message digest and one- way encryption

which uses no key. Instead, fixed-length hash value is computed based upon the

12

plaintext that makes it impossible for either the contents or length of the plaintext to be

recovered. Hash functions also provide digital fingerprint of a file’s content and

ensures that the file has not been altered by an intruder or virus. Many operating

systems also prefer hash functions to encrypt password [30] Examples of hash

algorithms includes MD4, MD5, RIPEMD-160, SHA-1, SHA-256, SHA-384 and

SHA-512 [33].

The minimum properties that a cryptographic hash function must have are [32]:

� Preimage resistance - given a hash ‘h’ it should be difficult for any message ‘m’

such that h = hash (m). Functions that lack this property are vulnerable to preimage

attack.

� Second preimage resistance - given any input ‘m1’ it should be difficult to find

another input ‘m2’ where m1 not equal to m2 such that hash (m1) = hash (m2).

Functions that lack this property are vulnerable to second preimage attack.

� Collision resistance – it should be difficult to find two different messages’m1’ and

‘m2’ such that hash (m1) = hash (m2)

Hash functions have proved to be better than the public-key and secret-key

cryptography in terms of speed and security. Hence it meets our requirement for

micropayment systems. However, some micro-payment schemes require using public

key cryptography in order to minimize communication costs such as PayWord and

other protocols. Therefore it is important to greatly reduce the number of these

operations. A “payword chain” is generated by using a one way hash function and is

going to be used to represent a set of e-coins in the M&E-NetPay system.

2.5 Micro-payment models in (M&E) commerce

Many micro-payment systems are in existence now. We review the key concept of

some of these micro-payment systems and identify their key strength and weakness.

2.5.1 MPS

MPS (Multiparty Payment Scheme) [67] is a micro-payment for ad hoc network that

enables a node to join an existing ad hoc network and allows it to pay each node that

13

relays packets on its behalf in real-time. MPS is a lightweight payment scheme based

on hash chains which is flexible with route changes without the involvement of third

party (such as a bank or broker) to pay the nodes in new path.

2.5.1.1 MPS protocol should meet the following goals of ad hoc network:

� Off-line verification of payment token – the nodes should not require the bank or

broker to always be on-line to verify payment.

� Flexibility in choosing routes – the node should choose the best optimal path to

its destination and pay all nodes along the path for forwarding packets on its

behalf. The broker or bank should not be contacted for any route changes for

preparing a new payment contract for the nodes in new path.

� Lightweight cryptographic procedures – it helps the in-between nodes to quickly

verify payment packet which speeds the payment process.

� Fraud minimization in the system – it uses post-fact detection to identify frauds

and block them from making any communication with the system.

2.5.1.2 MPS payment for packet forwarding includes the following steps:

� Broker commitment

The user establishes an account with the broker. The broker then sends a smart

card to the user loaded with the public key. Before transmitting packets the user

needs to purchase payment chains from the broker. The user sends the encrypted

length of sub-chain and macropayment details to the broker signed by broker’s

public key. The broker sends the payment chains details to the user singed by its

private key and encrypted with the user’s public key. Smart card is used to

decrypt the commitment however it cannot guarantee multiple payment

protection.

� Charge assembly and Endorsement Distribution

In this process the initiating node have knowledge of total cost involved in packet

forwarding. The source nodes also have full information of routes through the

network. The starting node requests the charge from each node by sending a

charge request message. The intermediate nodes return their charge for packet

14

forwarding after signing it with their private key. The broker signed

endorsements are distributed to the cheapest or most optimum route nodes.

� Making Payment

To pay for multiple nodes along the path multiple hash values are not required.

The correct hash values can be rather attached further up the chain. Together with

the hash values the middle nodes also require the corresponding broker signed

endorsement to redeem the tokens.

� Change in Route- New Path

Topology change of the ad hoc network will result in the change of route in fixed

network or other network. Therefore all nodes in the new path still need to be

paid. MPS is flexible enough to cope up with this situation without the need to

engage the broker. The new set of endorsement is distributed to the nodes in the

new path.

� Redeeming Tokens

At the end of the day the nodes send the payment tokens to the broker which they

collected for packet forwarding. The payment token and broker signed

endorsement are encrypted with the broker’s public key. The broker verifies the

payment tokens and credits the nodes’ account.

15

Figure 2-2 Multiparty Payment Scheme model for Ad Hoc Network

MPS design also supports multiple brokers. Off-line verification has made the protocol

more efficient and scalable. However the system is still in danger of limited amount of

fraud. If the topology of the ad hoc network changes there can be wastage of the broker

endorsement which was distributed for the previous path.

2.5.2 CMP

CMP (Chaotic micro-payment protocol) [68] is a micro-payment protocol which is

built on symmetry encryption techniques and chaotic double hash chain. The

protocol construct two PayWord chains, one for the merchant and one for the users

by using iteration process of Henon-like chaotic system. The chaotic hash function is

used to generate payment chain and the use of symmetric algorithm to encrypt

16

transaction information has strengthened the security and efficiency of CMP. CMP is

an off-line system which includes three stakeholders: users, vendors and broker.

The hash function in CMP was implemented on chaotic phenomenon (way of motion

of non-linear dynamical system). There are three main characters of Chaos

dynamical system: sensitivity of preliminary conditions and parameters,

characteristics owned are not interrupted and pseudo- randomicity. To create big

parameter space for big secret key the chaotic hash function was constructed using

Henon-like chaotic mapping. Chaotic hash function is a one-way hash that is simple

but difficult to deduce inversely. It also maps the different length of messages to a

fixed hash value.

The security analysis of chaotic hash function concludes that the encryption

algorithm is strong and stable to satisfy confusion and diffusion ability. Collision

experiments shows that the chaotic hash algorithm has low collision rate and has a

greater capability of avoiding collision. Chaotic hash algorithm also prevents

birthday attack to occur. Birthday attack is the most possible attack for hash function.

In CMP the buyers and sellers needs to register with the broker before they can do

any trade with other vendors and customers. To register with the broker the buyer

sends his/her personal and credit card information encrypted using his/her private

key. The broker creates the customer’s account and sends back the generated ID and

the sharing secret key of the customer in an encrypted message. In order to pay for

purchase the customer creates two hash chains.

The customer needs to send a register application to the broker if he/she needs to

purchase item(s) from the vendor. The broker generates a random identity of the user

and uses his/her sharing secret key to produce a payment certificate. The user then

sends the payment certificate to the vendor to complete registration process.

17

If the customer wishes to make a purchase then he/she needs to select a random

number r from the chaotic hash function range and sends a message to the vendor

after encrypting it with chaotic hash value H(r). Receiving vendor calculates the

chaotic value using r and decrypts the information to view the payment chain. If the

payment chain exists, the vendor tests the PayWord of chain 2 and sends the

encrypted service to the customer. Upon receiving the service the customer makes

the payment. Figure 2-3 shows basic CMP model.

In order to reckon the PayWords the vendor sends an encrypted reckoning message

to the broker. The broker decrypts the message, checks the payment certificate of

double payment chain. If the payment verification is successful the broker transfers

the service fee to the vendor’s account.

Figure 2-3 Basic Chaotic Micro-payment Protocol

18

2.5.2.1 CMP security consists of:

� Anonymity – the vendor cannot view customers ID information.

� Information confidentiality – the information is kept confidential by using shared

key to encrypt the service information which is delivered to the user

� Avoid fraud exchange – nor the vendors or the users benefit from any kind of

fraudulence.

CMP is primarily designed for low value mobile commerce items. The protocol

has greater security and faster operation efficiency.

2.5.3 NetPay

NetPay [3] is a new micro-payment model in the e-commerce environment. It is an

off-line micro-payment system that uses CORBA interfaces to support

communication between broker and vendor applications. NetPay uses fast hashing

functions to improve performance and security issues.

NetPay involves three parties: customers, vendors and a broker. The customer needs

to register with the broker in order to use the service of the vendors. The customer

uses a single macro-payment to enable the broker to generate e-coins of the amount

requested by him/her. The e-coins are generated using light-weight hashing-based

encryption. The e-coins are not vendor specific (i.e. it can be used across multiple

vendors).

When a user purchases an item from the first vendor V1, V1 debits the user’s e-coins.

Before the transaction is completed V1 verifies the user’s e-coins using the

touchstone from the broker. When the user buys item(s) from another vendor V2, V2

requests the touchstone and e-coin index from the user’s previous vendor V1. If e-

coins are verified the purchased item(s) are downloaded onto the user’s machine. If

the user runs out of e-coins, he/she is directed to the broker’s site to buy more e-

coins. The vendors redeem e-coins for real money value from the broker on daily or

weekly basis. The use of encrypted e-coins with associated index value solves the

problem bottle-necking, prevents customers’ from double spending, disallows

vendors from over-debiting, ensures conflict between vendors as well as protects

third-parties from forging e-coins. In NetPay model the customer’s identity is fully

19

hidden from the vendor. That is the vendor has no information of the user who is

using the vendor system. Figure 2-4 shows basic NetPay model.

Figure 2-4 NetPay Micro-payment Model

NetPay micro-payment supports high-volume, low cost transaction per item without

the interaction of broker on every occasion. CORBA interfaces were used to transfer

touchstone between vendors and redeem spent e-coins from broker. The customers

use thin-client vendor interfaces such as JSP implemented HTML to browse vendor

sites. The vendor applications are built using Java Server Pages and Java Beans to

provide plug-in for vendor micro-payment support components.

2.5.4 Payment model comparison

The three payment models we discussed and evaluated are suitable micro-payment

systems in M&E environment. Some of these payment systems are more effective and

efficient than the other in terms of cost cutting, performance (less time to carry out a

transaction) and scalability.

All of the above systems are offline which reduces the communication load on the

broker and speeds up the payment process hence reducing the cost per transaction.

More over some of these systems are non-vendor specific (i.e. the electronic money

can be transferred and used at multiple vendor sites).

20

There are also many micro-payment payment systems that does not provide sufficient

security in terms of detection and prevention of overspending; double spending,

forgery (artificially creating electronic payments) and fraud (posing as another

person/vendor/broker), ease of use and convenience of payment transaction to

customers [1].

We will slightly improve each of the property to make our M&E-NetPay system more

effective and efficient and to survive in the real world for maximal period of time.

Apart from improving the properties of security, privacy/anonymity, validation

(online/offline) and communication load, ease of use and transferability and scalability

we introduce other properties of interoperability and performance in order to reduce

work load on the broker and support vendor applications built on different

technologies and different platform.

Table 2-1 summarizes a comparison of three micro-payment models using the

following eight evaluation criteria [1, 14, 15]:

� Security: The aim of security in the payment protocols is to prevent any party from

cheating the system. For customers, cheating security is specific to the payment

scheme such as double spending coins and creating false coins i.e. forgery during

payment.

� Privacy/Anonymity: Payer and payee should not reveal identities to any third party

or each other. Only the secure broker can identify the participants in a particular

transaction.

� Validation (online/offline) and communication load:

Ability of the payment system to process payment without the need for online

contact with the broker for verifying the payment tokens during transaction.

Online validation requires the broker to validate payment token each time a

transaction is made

� Ease of use: It is the ability of users to use the system easily without

familiarizing with the user interfaces or involved in any type of authentication at

all times.

21

� Transferability:

1. The recipient of a coin can spend that coin with multiple vendors without

having to contact the issuer.

2. The e-coin chain used for micro-payment should be transferable between

vendors to enable users to use the same electronic coin chain to make small

payment to multiple vendors. The e-coins should be flexible enough to make

multiple purchases and should not be specific for payment to just a single

vendor.

� Scalability: The load of any entity must not grow to an unmanageable size. The

load should be distributed among users rather than the broker.

� Performance: The protocol provides high-volume payment support. There should

be no on-line broker authorization server needed by user during payment

processing.

� Interoperability: Interoperability is the ability of the system to be language and

platform independent.

22

Table 2-1 Comparison of M&E micro-payment modelsSystem/ Property MPS CMP NetPay

Security Medium (smart card

device cannot grantee

multiple payment

protection )

Very High (uses

chaotic hash function to

encrypt messages and

services provided to the

user)

Very high (prevents

users from over

spending, prevents

vendors from over

charging, prevent

third-party to forge

e-coins

Privacy/ Anonymity High (The nodes have no

information of the user’s

identity)

Very High (The

vendor has no

information of the

user’s identity. All

information services

between vendor and

user are encrypted)

High (The vendor

has no information

of the user’s

identity)

Validation Off-line (Does not involve

any third party or broker to

pay the nodes in new paths

and does not require the

bank or broker to always

be on-line to verify

payment. )

Off-line (Vendors

does not need contact

broker every time in

order to process

transaction)

Off-line (Vendors

does not need

contact broker every

time in order to

process transaction)

Ease of use Medium (it is a

lightweight payment

scheme. However too

many private, public and

sharing secret keys can

slow the transaction time)

Medium (The use of

double hash chains

and private and secret

keys can slower the

transaction time.)

High (Users need to

spend very less time

in order to buy items

from the vendor

sites)

Transferability Low (Payment chains can

only be transferred between

the nodes in the ad hoc

network. On a new network

the user needs to buy

another payment chain from

the new broker)

High(The same hash

chain can be used on

multiple vendor sites)

High (The e-coins

can freely be

transferred across

multiple vendors for

users to make

multiple purchase)

Scalability Low (Change in route does

not require to contact

broker, however the model

can only support the nodes

Medium (CMP also

requires the vendors to

register with the

broker if they wish to

Medium (no

communication with

broker & low

Volume

23

on in ad hoc network) participate in the

M&E commerce and

the use of too many

keys can be costly in

future.)

transactions.

However CORBA’s

tight coupling

between clients and

servers in mobile

environment makes

it less scalable)

Performance Low (the system uses a lot

of private, public and

sharing keys which can

cause delay in response

time)

Medium (CMP also

requires the vendors to

register with the

broker if they wish to

participate in the

M&E commerce and

use of too many keys

slows the whole

process)

Medium (no

communication with

broker & low

Volume

transactions.

However CORBA’s

tight coupling

between clients and

servers in mobile

environment makes

it weak)

Interoperability Low (This model is only

designed for fixed

network)

Low (does not support

multiple platform and

languages as no

appropriate

middleware is

specified)

Medium(supports

only few platforms

and languages)

24

2.6 Other Web Technologies

Other technologies such as web component technologies and internet component

architecture are used in the development of the micro-payment system. These are .NET

Framework Architecture, Web Services, ASP.NET and Active server pages.

2.6.1 .NET Framework Architecture

.NET framework is a software technology that is focused on connecting information,

people, systems and devices seamlessly. .NET framework 4.0 is the latest release by

Microsoft so far. The high level of software integration has been achieved through the

use of XML based Web Services which enables small and enterprise applications

connect to other applications over Internet. .Net is tiered, modular and hierarchal [39].

.NET languages are top tier and the Common Language Runtime (CLR) is the bottom

tier - works closely with Windows operating system. .NET Framework is a managed

environment [39].The CLR is virtual execution system that provides important

services such as memory management, security and also has a Just-in-Time (JIT)

which converts the Intermediate Language (IL) into native code that can be executed

by the physical machine [40]. Each tier is partitioned into modules which serve their

own distinct purpose. The higher tiers requesting information from lower tiers is called

to be hierarchal. The architecture of the .NET framework is illustrated in Figure 2-5.

The main goal of .NET is interoperability (i.e. language and platform independent).

This is achieved through the use of IL which enables platform independence and

facilitates language interoperability. IL is always JIT compiled [41]. Since the final

code compilation takes place at the runtime, the JIT complier will know exactly what

processer type the program will run on. Hence improved performance is achieved. On

the other hand scripting languages such as Jscript have been upgraded to Jscript.NET

to improve performance.

25

Figure 2-5 An overview of .NET architecture

.NET as a new standard will allow software to run anywhere (i.e. any platform that

offers a browser that understands XML or HTML is a potential .NET client), at

anytime (i.e. Since .NET leverages the Internet, .NET applications such as a Web

service are fully accessible at anytime.), on any platform (i.e. .NET is a multi-language

and multi-platform operating environment), and on devices whether large or small (i.e.

Microsoft adopts HTTP, SMTP, SOAP, XML, and many more standards. This means

that any device that supports these standards can actively participate in a .NET

conversation.) [39].

2.6.2 Web Services

Web Services are an emerging distributed middleware technology that uses SOAP and

simple XML based protocol to allow applications to exchange data across Web. Since

they are based on standards such as HTTP and XML-based protocols including

SOAP and WSDL, Web Services are hardware, programming language, and

26

operating system independent [35]. This concludes that applications written in

different programming language and running on different platforms can seamlessly

exchange data over intranets or the Internet using Web Services.

The benefit of Web Services over other types of distributed computing architectures

includes [36]:

� Interoperability – This is the most important benefit of Web Services. Web

Services typically work outside of the private network, offering developers a

non-proprietary route to their solutions. Such services will have longer life span,

offering better return on investment of developed services. Moreover it allows

developers to use programming language of their choice.

� Usability - Web Services allow the business logic of many different systems to be

exposed over the Web, giving applications the freedom to choose their Web

Services. Instead of re-inventing the wheel for each client, you only need to

include additional application-specific business logic on the client-side, hence

providing the developers to use languages and tools of their choice.

� Reusability – Web Services is the closest thing to zero-coding deployment of

services. Hence Web Service components are reused where applicable in other

services. It also makes it easy to deploy legacy code as a Web Service.

� Deployability – Since Web Services are deployed over standard Internet

technologies, it makes it possible to deploy Web Services over the fire walls to

services running over the internet.

Web Service implementations support different client-side application programmer

interfaces. Client code may work by constructing “call” objects that are dispatched to

the server, or may use a higher level interface that hides the communications level

entirely through the use of client-side stub objects with an operational interface that

imitates that of the server [10].

27

2.6.3 ASP.NET

ASP.NET is a powerful platform for developing web applications [42]. It provides a

tremendous amount of flexibility and support for building any kind of web application.

The high level of frameworks such as Web Forms and Web Services are on very top

level of ASP.NET hierarchy. The lower level of ASP.NET describes how to move

requests from the server to the ASP.Net runtime and through the HTTP pipeline over

the internet.

ASP.NET is a request processing engine. It takes the incoming request from the user

and passes it through its internal pipeline to an end point where developers attach

codes to process the request. ASP.NET runtime can be hosted on a Windows server on

the Internet Information Services (IIS) server. IIS is Microsoft's entry to compete in the

Internet server market that is also addressed by Apache, Sun Microsystems, O'Reilly,

and others [56].This is an evidence of the strength of .NET framework in its ability to

build sophisticated and very performance oriented architectures.

2.6.4 Active Server Pages (ASP)

Active Server Pages [43] are Web pages that contain server-side scripts in addition to

the usual mixture of text and Hypertext Markup Language (HTML) tags. The server

side scripts are special commands on the web pages that are processed before the pages

are sent from the Web server to the Web browser. In the case of Active Server Page all

the server side scripts will be run before it is sent the Web browser. An Active Server

Page looks just like a normal HTML page when it is received by the Web browser.

ASP file can contain any combination of HTML, scripting, and calls to components.

ASP technology is built directly into Microsoft web servers, and is thus supported on

all Microsoft web servers: Windows NT Internet Information Server (IIS) 3, 4 5, 6 &

7, Windows NT Workstation and Windows 95 Personal Web servers. ASP runs as a

service on the web server and is optimized for multiple threads and multiple users.

Thus it is fast and easy to implement. ASPX is an extension of ASP version.

28

2.7 Summary

In this chapter we discussed the back ground information and prior knowledge on

micro-payment system. We have evaluated three other micro-payment systems and

compared them using the eight evaluation criteria. There is a growing need for an

effective and efficient micro-payment technology for high-volume, low-value

transactions for products and services. Current micro-payment systems are not

accepted to such scale. There are several micro-payment technologies in existence but

they still suffer problems like scalability, performance and interoperability. In the next

chapter we briefly discuss our M&E-NetPay system and its advantages over other

micropayment systems.

29

Chapter 3: M&E-NetPay Protocol and System

RequirementsThere are many micro-payment protocols in existence that provides low-value, high

volume transactions and many other improved functionalities. However, some of these

functionalities can be improved further with the implementation of our new M&E-

NetPay protocol. The aim of this protocol is to ease communication processes between

M&E users, vendors and a broker. In previous protocols vendor applications were

needed to be implemented on the same platform and language as the broker application

in order for them to interchange information. This limits the vendors to freely choose

their platform and language. Hence it increases the cost of implementation for existing

vendors by a large amount as the server and the software expenses are relatively high.

This also limits existing vendors to sell their online content by using micropayment

systems. However, M&E-NetPay completely solves the above problem. This is

achieved through the adoption .NET framework (version 4.0) with Web Service

interfaces as middleware to provide a new functionality of interoperability.

Interoperability is one of the main goals of our M&E-NetPay.

In this chapter we will briefly discuss the M&E-NetPay protocol and the interaction of

M&E users, vendors and broker. We have used the Object Oriented Analysis (OOA) to

show the conceptual-level of M&E-NetPay and their data and operations [44]. The

OOA specification deals with three parts: system requirements, use case modelling and

OOA modelling. This chapter also provides a comparison between M&E-NetPay with

other existing micro-payment models.

30

3.1 M&E-NetPay Protocol

M&E-NetPay allows desktop/laptop and mobile users to purchase low value, high

volume goods and services online. This system involves three parties. These are M&E

users (U) (purchases goods and services from the vendor), Vendors (V) (offers

information goods and sells them to the M&E users) and Broker (B) (manage accounts

of M&E users and vendors).We assume that the broker is honest and is trusted by both

the M&E users and the vendors. Assuming that vendors and M&E users are not trusted

and there are third-parties that may try to hack into our system, we used hash functions

to make it secure.

Some of the notations used in the implementation of M&E-NetPay are:

IDa – pseudonymous identity of any party A in the trade community issued by the

broker.

PK-a - A's public key.

SK-a - A's digital signature.

{x}SK-a - x signed by A.

{x}PK-a - x is encrypted by A's public key.

{x}SAK- a - x signed by A using A’s asymmetric key.

There are a number of cryptographic and micropayment terminologies used in the

M&E-NetPay. The description of the above terminologies is given as follows.

3.1.1 One-way Hash Function – the one-way hash function MD5 used in the M&E-

NetPay implementation is used to create digital signatures and payword

chains, which in turn identify and authenticate the sender and verifies e-coins.

More details are provided in section 2.4.3.

3.1.2 Payword Chain – A “payword chain” is generated by using a one way hash

function. Suppose we want to generate a payword chain which contains ten

“paywords”. We need to randomly pick a payword seed W11 and then compute

a payword chain by repeatedly hashing

W10 = h(W11), W9 = h(W10), ……W1 = h(W2), W0 = h(W1)

31

where h( ) is a hash function such as MD5 and W0 is called the root for the

chain. .Net Framework 4.0 library contains MD5CryptoServiceProvider class

which computes the MD5 hash value from the input using implementation

provided cryptographic service provider (CSP). The hash size of

MD5CryptoServiceProvider class is 128bits. The Compute Hash methods of the

MD5CryptoServiceProvider class returns the hash value as an array of 16 bytes.

All MD5 implementation produces a 32-character length hexadecimal-formatted

hash. . This means that every payword Wi is stored as a 32 length string in a

database. A payword chain is used to represent a set of e-coins in the M&E-

NetPay system.

3.1.3 E-coin – An “e-coin” is a unique payword element of length 32 characters

such as W1 or W2, …, or W10 generated by MD5CryptoServiceProvider. We

assume that an e-coin is equal to one cent in money value term. However it

could also be some other value.

3.1.4 E-wallet– An “e-wallet” is used to store e-coins and send e-coins to a vendor

when paying for information goods and services, i.e. it stores one or more

payword chains.

3.1.5 Touchstone – A “touchstone” is a root W0 and is used to verify the paywords

W1, W2, …W10 by taking the hash of the paywords in order W1 first [h(W1)=

W0], then W2 [h(h(W1))= W0], and so on. This is used to verify the e-coins are

“valid” i.e. have not been forged.

3.1.6 Index– Every payword chain has an “index” which is used to indicate the

current amount of e-coins already been spent. For example if you have spent

3cs (W1, W2, W3) to buy an information goods from a payword chain of 10cs

(W1 … W10), now the current index value of the payword chain is 3.

M&E-NetPay differs from the previous protocols in the following aspects: M&E-

NetPay is developed on the .NET platform which uses Web Service interfaces as the

middleware. Web Services carry greater advantages over CORBA when developing

32

mobile applications. Moreover, it also caters for a larger number of M&E users

available via web browsers and mobile phones. M&E-NetPay is language and platform

independence. That is it can be implemented on any platform in any language. In

addition M&E-NetPay has greater scalability and performance than CORBA-based

NetPay as CORBA’s tight coupling between clients and servers in mobile environment

makes it weak

M&E-NetPay protocol uses touchstones that are signed by the broker and an e-coin

index signed by requesting M&E users. The signed touchstone is used by a vendor to

verify the electronic currency – paywords, and signed Index is used to prevent double

spending from M&E users and to resolve disputes between M&E users and vendors.

Figure 3-1 shows M&E-NetPay interactions

33

USER

VENDOR 1

BROKER

EWALLET

VENDOR 2

1. Create Account

BANK

2. Send Login details

3. Buy e-coins (macropayment det, no of e-coins)

6. Generate e-coins

5. Credits account

4. Makemacropayment

7.B

uy it

em(s

)

8. Send (IDe, paywords (m cents), T and I)

9.D

ownl

oad

item

(s)

10. Buy item(s)

11.send (price,host and port)

12. send (IDe,paywords,

V1’s host & port)13. Request T and I

14.sends T and I

15. Download item(s)

16. Request redeem e-coins

17. Credits account 18. Credits

account

Figure 3-1 M&E NetPay interactions

The M&E-NetPay system involves four processes as described below.In our case we

implemented two vendor sites (a ringtone and a wallpaper site) and a broker site.

� Register and buy E-coins from Broker – (1) Before the M&E user (U) can purchase

any item from any of the vendors he/she needs to create an account with B and buy

e-coins. U sends a message, which includes an integer n, the number of paywords in

payword chain requests from B. (2) B debits U’s account and creates a payword

chain (W1, W2, W3,…Wn) to send it to U. The payword chain is created by

repeatedly hashing the recent generated payword commencing with hashing the

root, W0 (W1=h(W0), W2=h(W1), W3=h(W2),…,Wn = h(Wn-1)). Root W0 is used to

verify the validity of paywords. Wn+1 is kept by B to prevent U’s from over

spending and forging the payword chain. U only receives IDe(e-coin ID) and

paywords W1, W2,…,Wn that are encrypted by U’s public key from the broker.

34

� M&E User – Vendor Transaction–(3) When U finds a desired ring tone on V1’s

site, his/her e-wallet sends a message containing IDe, paywords (m cents),

Touchstone (T) and Index={IDe,i} SK-C to V1. (4) V1 verifies the paywords. If the

paywords are valid it is saved to V1’s database and the ringtone is downloaded on to

U’s computer or mobile phone. U can perform multiple transactions with one

payword chain until the payword chain is fully spent. If no e-coins are left then U

will be directed to B’s site to buy more e-coins.

� Payword reallocation between Vendors – (5) Now U wishes to download wallpaper

from V2 and sends a purchase request. V2 sends the price, host and port to the e-

wallet. The e-wallet compares the host and port with the previous host and port. If

different, the e-wallet sends a message = {IDe, paywords, V1’s host and port} to V2.

V2 request the current e-coin index and T from V1 (U’s previous vendor) by sending

IDe. V1 sends a signed transmission message containing Index = {IDv1,i}SK-v1and T

to V2 where I is the index of the last payword. V2 verifies the paywords using the

index and T. If paywords are valid the wallpaper is downloaded to U’s computer or

mobile phone. This transaction does not involves B as information is transferred

between V1 and V2 decreasing the communication load on B. Moreover the use of

current Index of paywords prevents the U’s from double spending when purchasing

goods and services online.

� Offline redeem request – At the end of each business day (or other suitable period)

for each payment received the vendors need to send all paywords they received

from the M&E users to B and redeem them for money. The paywords should be

accompanied by the e-coin ID (IDe). The broker verifies each payword from the

vendor by performing hashes on it. If the paywords are valid, the broker deposits the

amount to respective vendors’ accounts, and then sends an acknowledgement

message.

35

3.2 Payment System Comparison

In section 2.5.5, we evaluated the three micro-payment protocols using the evaluation

criteria. We will evaluate and compare the M&E-NetPay protocol with three micro-

payment models that is already being discussed.

Table 3-1a Comparison of M&E-NetPay with other micro-payment modelsSystem/ Property MPS CMP NetPay M&E NetPay

Security Medium (smart

card device

cannot grantee

multiple

payment

protection )

Very High (uses

chaotic hash

function to

encrypt messages

and services

provided to the

user)

Very high

(prevents users

from over

spending,

prevents vendors

from over

charging, prevent

third-party to

forge e-coins

Very High

(prevents

M&E users

from over

spending,

prevents

vendors from

over charging,

prevent third-

party to forge

e-coins

Privacy/ Anonymity High (The nodes

have no

information of

the user’s

identity)

Very High (The

vendor has no

information of

the user’s

identity. All

information

services between

vendor and user

are encrypted)

High (The

vendor has no

information of

the user’s

identity)

High (The

vendor has no

information of

the M&E

user’s identity)

Validation Off-line (Does

not involve any

third party or

broker to pay the

nodes in new

paths and does

not require the

bank or broker to

always be on-

line to verify

payment. )

Off-line

(Vendors does

not need contact

broker every

time in order to

process

transaction)

Off-line

(Vendors does

not need contact

broker every

time in order to

process

transaction)

Off-line

(Vendors does

not need

broker’s

service on

each item

purchased)

36

Table 3-1b Comparison of M&E-NetPay with other micro-payment modelsSystem/

Property

MPS CMP NetPay M&E NetPay

Ease of use Medium (it is a

lightweight payment

scheme. However

too many private,

public and sharing

secret keys can slow

the transaction time)

Medium (The

use of double

hash chains and

private and

secret keys can

slower the

transaction

time.)

High (Users

need to spend

very less time in

order to buy

items from the

vendor sites)

High (Provides

simple interfaces

which are easy to

use. Web Service

uses SOAP and

simple XML

based protocol

that makes

payment process

faster

Transferability Low (Payment

chains can only be

transferred between

the nodes in the ad

hoc network. On a

new network the

user needs to buy

another payment

chain from the new

broker)

High(The same

hash chain can

be used on

multiple vendor

sites)

High (The e-

coins can freely

be transferred

across multiple

vendors for users

to make multiple

purchase)

Very High (The

e-coins can

freely be

transferred

across multiple

vendors for

M&E users to

make multiple

purchase. Web

Service

interfaces

provide extra

simplicity on

transferring e-

coins between

vendors)

37

Table 3-1c Comparison of M&E-NetPay with other micro-payment modelsSystem/

Property

MPS CMP NetPay M&E netPay

Scalability Low (Change

in route does

not require to

contact broker,

however the

model can

only support

the nodes on in

ad hoc

network)

Medium (CMP

also requires the

vendors to register

with the broker if

they wish to

participate in the

M&E commerce

and the use of too

many keys can be

costly in future.)

Medium (no or

less

communication

with broker &

low Volume

transactions.

However

CORBA’s tight

coupling between

clients and

servers in mobile

environment

makes it less

scalable)

High (no or less

communication with

broker and low

volume information

transfer. .NET

applications such as

a Web service are

fully accessible at

anytime on any

platform and can

support any number

of M&E users)

Performance Low (the

system uses a

lot of private,

public and

sharing keys

which can

cause delay in

response time)

Medium (CMP

also requires the

vendors to register

with the broker if

they wish to

participate in the

M&E commerce

and use of too

many keys slows

the whole

process)

Medium (no

communication

with broker &

low Volume

transactions.

However

CORBA’s tight

coupling between

clients and

servers in mobile

environment

makes it weak)

High (no less

communication with

broker and low

volume information

transfer. .NET

applications such as

a Web service are

fully accessible at

anytime on any

platform and can

support any number

of M&E users)

Interoperability Low (This

model is only

designed for

fixed network)

Low (does not

support multiple

platform and

languages as no

appropriate

middleware is

specified)

Medium(support

s only few

platforms and

languages)

Very High (supports

all platforms and

languages)

38

The above evaluation shows that the M&E-NetPay system has greater advantages over

other micro-payment systems. The M&E-NetPay is an offline fully distributed system,

most suitable for micro-payments over the World Wide Web (WWW). M&E-NetPay

has very high security features as it uses one-way hash functions to generate paywords

which prevent M&E users and vendors from over spending and forging paywords

from a payword chain. Since only the broker knows the mapping between the

pseudonyms (IDc) and the true identity of a M&E user, M&E user’s privacy is

protected. In terms of transferability the e-coins can be transferred freely between

vendors’ for multiple purchases. Transferability is an important criterion which

improves anonymity and performance of micropayment systems.

The M&E-NetPay system has a greater scalability and performance features as it

supports rapidly growing number of M&E users. In comparison with NetPay, it has

lesser ability since CORBA’s tight coupling between clients and servers. In section

2.5.3, the NetPay uses CORBA middleware interfaces to support a couple of

programming languages (e.g. Java and C++) and platforms (e.g. Windows, Linux).

However vendor systems have to be “hard-coded” with CORBA by communicating

with NetPay broker to exchange messages. . The M&E-NetPay is the solution to the

above problem as it can support any language and any platform. Hence it has a very

high rating of interoperability.

3.3 M&E User Requirements and Use Cases

The OOA model is composed of graphical or text-based representations that define

class attributes, relationships, behaviours, and inter-class communication [46]. OOA

begins with use cases (scenario-based description) of how actors (people, machines

and systems) in the problem space intermingle with the product. OOA task includes

basic M&E user requirements, identifying of classes, specifying of class hierarchy,

representing object-to-object relationships and modelling object behaviour.

Requirement analysis is the process of understanding M&E users’ needs and

expectations from a proposed system. There are three types of activities involved in

the requirements phase. These are eliciting requirements – to determine the possible

39

requirements of a client, analysing documents – to determine the clearness of the

requirements and recording requirements.

The M&E-NetPay system involves four parties which are M&E users, vendors, broker

and bank macro-payment system. The M&E user is issued a unique e-coin id and a

payword chain every time he/she buys e-coins from the broker. The e-coins are stored

in the M&E user’s e-wallet.

The M&E user now logs onto the vendor’s site using the e-coin id and password. In

our case two vendor sites are implemented, a ringtone and a wallpaper site. The M&E

user browses through the entire site and selects the desired ringtone or wallpaper.

There is a small cost assigned to each ringtone and wallpaper depending on its demand

and rating. When the M&E user clicks on the download button on the ringtone site, the

ringtone-vendor verifies that the e-coins provided by the M&E user are valid by using

the “touchstone” obtained once only from the broker. If the payment is valid (coin is

verified and sufficient credit remains), the broker debits the M&E user’s account by

the cost of the ringtone (e.g. if the M&E user is downloading a ring tone costing 10c

then the M&E user’s account is debited by 10c) and the ringtone is downloaded onto

the M&E user’s mobile or PC.

After purchasing a particular ringtone, the M&E user may browse for other ringtones.

The M&E user’s e-wallet is saved on the last vendor’s site which he/she visited. When

the M&E user logs on to the next vendor’s site (wallpaper site), the vendor requests the

current e-coin touchstone and index information from the previous vendor (ringtone

site).

The wallpaper-vendor establishes connection to ringtone-vendor via Web Services

interfaces and the M&E user’s e-wallet is transferred from the ringtone-vendor to the

wallpaper-vendor.

When the previous vendor system is “down”, the new vendor contacts the broker to get the

e-coin touchstone and the current index. If the M&E user runs out of e-coins he/she is

directed to the broker’s site to buy more e-coins. At the end of the day all the vendors

get the money values from the broker in return of e-coins.

40

From the above description several stakeholders of the M&E-NetPay system are

identified. Thus we present main use case scenarios of the system. The following

sections illustrate functional and non-functional requirements for the system.

3.3.1 Use Case Diagram

A use case is a set of scenarios that describes an interaction between the M&E user and

a system (e.g. M&E-NetPay system). A use case diagram displays the relationship

among actors (M&E users, vendors, broker and bank) and use cases. The two main

components of a use case diagram are use cases and actors [47].

The primary goal of a use case analysis are: designing a system from the M&E user’s

perspective, communicating system behavior in the M&E user’s terms, and specifying

all externally visible behaviors. In this section we focus on use case modelling to

determine M&E-NetPay micro-payment system’s requirements. Thus we get

functional requirements of M&E-NetPay.

In the M&E-NetPay system the actors are: M&E users, macro-payment system (e.g.

bank), vendors (e.g. ringtone site, wallpaper site) and broker. The broker is

responsible for the registration of M&E users, generation of e-coins and crediting the

vendor’s account and debiting the M&E user’s account via a macro-payment system.

The broker is assumed to be honest and is trusted by both the M&E users and the

vendors.

Figure 3-2 shows basic M&E-NetPay use case view. It shows that the M&E user can

register and purchase e-coins (using macro-payment such as credit card) from the

broker site. The M&E user buys e-coins from the broker which is stored in his/her e-

wallet. When purchasing items the M&E user sends the e-coins from his/her e-wallet

to the vendor, V1. If this is the M&E user’s fist vendor (V1), V1 communicates with the

broker to obtain validating touchstone for the e-coins. V1 verifies the e-coins and

allows the M&E user to download the selected item. At the end of the day, V1 can

redeem e-coins with broker for real money.

41

Figure 3-2 Basic M&E NetPay interactions

Each e-coin encodes a “payword chain” which utilizes a fast hashing function to

provide the next valid coin in the chain each time a coin is spent. When the M&E user

chooses to purchase items from another vendor (V2), V2 obtains touchstone and index

from previous vendor (V1). If V1 is offline then V2 contacts the broker for the

touchstone and the index. If the M&E user runs out of e-coins he/she needs to buy

more from the broker. The transfer of e-coins is done using public key encryption to

make it more secure. An index is used to indicate the amount of e-coins spent so far

which prevents M&E users from double spending and vendors from over debiting. The

M&E-NetPay system prevents the M&E users from revealing its identity to any vendor

or third party. Only the broker can identify the participants in a particular transaction.

3.3.2 Use Case Descriptions

We describe the use cases for M&E user registration, buy e-coins, debit e-coins and

redeem e-coins in this subsection. The tables 3-2 to 3-5 describe the event flow of the

use cases and the screen dumps. Figure 3-3 to 3-5 show the corresponding interfaces of

the use cases.

42

Table 3-2 Register Use Case

User Case Name Register

Description: Used by M&E-users to register with broker

Event Flows:

M&E users logs in to broker’s home page and selects

“Register”. M&E user fills in the registration

information which includes M&E user name,

password, email address, and credit card details to open

an account as shown in Figure 3-3. The M&E user then

clicks on register button. If the credit card information

is not valid, go to step 3.

Broker generates a customer ID and creates an account

for the M&E user.

Invalid credit card information – error message

displayed. Go to 1.

Related Actors/Use Cases: Used by M&E user actor

Special Conditions:

Figure 3-3 Example Mobile user registration

43

Table 3-3 Buy E-coins Use Case

Use Case Name: Buy E-coins

Description: Used by M&E users to buy E-coins with broker system

Event Flows:

1. M&E user logs onto the broker’s site using the customer

id provided as shown in Figure 3-4 (1).

2. The system displays the balance. If the M&E-user wishes

to purchase more e-coin, then he/she clicks on “Buy” and

enters the amount of e-coins in the textbox provided as

shown in Figure 3-4 (2).

3. Broker debits money from the credit card or the bank

account M&E user supplied via a macro-payment

transaction. If the account does not exist, go to 5 else go

to 4. The e-coin balance is shown in Figure 3-4 (3).

4. Broker generates e-coin payword chain which includes e-

coin ID, root, seed, paywords, amount and sends to the

M&E user’s e-wallet.

5. Incorrect credit card information – error message

displayed. Go to 1.

Related Actors/Use Cases: Used by M&E user actor

Special Conditions:

44

Figure 3-4 Example of mobile user buying e-coins

(1)

(2)

(3)

45

Table 3-4 Debit E-coins Use Case

Use Case Name: Debit E-coin

Description: Used by M&E-users to buy ring tones and wallpapers from

vendors.

Event Flows:

M&E-user browsers through the vendor site and select the

desired ring tone or wallpaper. The M&E user clicks on

download button to download it to his/her computer or mobile

as shown in Figure 3-5 (1)

M&E user sends the e-coins from his/her e-wallet and the

vendor system verifies the e-coins by using touchstone. If the

e-coins are invalid or not sufficient e-coins left, go to 4.

If the e-coin verification is successful, the file is downloaded to

the M&E user’s computer or mobile. Figure 3-5 (2) shows the

balance after the purchase has been made.

Send message to M&E user about the status and cancel

download.

Related Actors/Use Cases: Used by M&E user actor

Special Conditions:

46

Figure 3-5 Mobile user downloading ring tone from the vendor site.

Table 3-5 Redeem E-coins Use Case

Use Case Name: Redeem E-coins

Description: Used by vendors to redeem e-coins from broker.

Event Flows:

To redeem e-coin the vendor selects “Redeem”. The M&E-

NetPay application automatically sorts all the payments

received from all M&E-users based on the e-coin ID and

sends them to the broker.

The broker redeems the total e-coins with the money value

and credits the vendor’s account.

Related Actors/Use Cases: Used by vendor actor

Special Conditions:

(1)

(2)

47

3.4 Non-functional Requirements

Non-functional requirements are requirements that specify criteria that can be used to

judge the operation of a system, rather than explicit behaviors [48]. They are the

constraints or quality of service requirements on system operations. In this system,

non-functional requirements include:

3.4.1 Performance Characteristics

� The system response time should be less than 5 seconds. There can be variable

timings for downloading files of different sizes. The system must avoid the

central bottleneck.

� The system should be distributed along multiple servers so that the workload is

shared.

� Any transaction process should include very small number of steps.

� The system should support at least 5,000 M&E users simultaneously.

3.4.2 Quality Issues

� Online access to the broker system is not very critical, but downtime should be

limited to less than an hour.

� The system should indicate this by some sort of visual display in case of delays

or error.

� Power failure needs to be handled by UPS for the broker’s main server machine

and database.

3.4.3 Security and Integrity Issues

� Only broker can generate e-coins and change account data of the M&E users and

vendors.

� The web server should be very secured carefully covering any known and

popular security holes and exploitation points.

� The local unit running the web site is responsible for the security, and should take

care to ensure that it doesn’t become a potential point of entry into the broker

system.

� Backups should be done on a daily basis.

48

3.4.4 Documentation

� The system must contain help documentation for M&E users to overcome any

problems encountered.

3.4.5 M&E User interface

� M&E users should be prevented from making errors using pertinent reasoning of

messages.

� The system should be easy to learn.

� Clear titles, heading and subheading should be on each page

3.5 M&E-NetPay OOA Modelling

OOA is a collection of like-minded requirements modelling and analysis techniques

for software systems proposed in late 80’s. The Basic aim of OOA is to streamline

software development by making objects, classes, methods and like the atomic units

out of which one builds requirements, designs and implementations [49].The static

M&E-NetPay system structure will be described using a class diagram. Sequence

diagrams will be used to describe dynamic behaviors among the objects of M&E-

NetPay system.

3.5.1 Class Modelling

A class model is comprised of one or more class diagrams and the supporting

specifications that describe model elements including classes of the system, their

interrelationships (including inheritance, aggregation, and association), and the

operations and attributes of the classes. Class diagrams are used for variety of

purposes, including both conceptual/domain modeling and detailed design modeling

[50].

The class diagram shows three distinct areas [51]:

� The class name (and stereotype if applied).

� The class attribute area (i.e. internal data elements)

� The behavior – both private and public

Attributes and methods may be marked as [51]:

49

� Private, indicating they are not visible to callers outside the class

� Protected, they are only visible to children of the class

� Public, they are visible to all

Based on the use cases and scenarios discussed in Section 3.3, the OOA-level class

diagram for M&E-NetPay micro-payment system was built, which is shown in Figure

3-6.

Figure 3-6 M&E-NetPay micro-payment system class diagram

50

� Customer: This object encapsulates all the information of M&E user’s personal

and account information. The M&E user needs to register an account with the

broker if they wish to purchase any item. This object includes customer_id, name,

email address, password and credit card details. It also provides a set of business

methods to access the customer information.

� E-wallet: This object stores e-coins’ information which includes ecoin_id,

paywords, amount (the number of e-coins spent by the M&E user), host and host

address and the information access methods.

� Broker: This object sums up all the information of the broker account. Broker

needs to redeem all the e-coins received from vendors in money value and credit

the vendors’ account. This object includes broker_id, name, phone number, e-mail

address, and balance.

� E-coins: This object records bought e-coins information which includes ecoin_id,

root, seed, paywords, amount (the number of e-coins the M&E user bought) and

the information access methods.

� TandI: This object records the touchstone and index information which are used to

verify e-coins by vendors.

� Wallpaper: This object keeps all wallpapers record which include wallpaper_id,

title, category, movie, date posted, price, description and wallpaperURL. It also

specifies a set of business methods to access its information.

� Ringtone: This object keeps all ringtones record which include ringtone_id, title,

category, movie, date posted, price, description and ringtoneURL. It also specifies

a set of business methods to access this information.

� Redeem: This object contains all the information of e-coin payments by M&E

users including redeem_id, ecoin_id, index, price, paywords and chain. It also

provides the functions for adding, finding, and deleting payment information.

51

3.5.2 Sequence Modelling

As class modelling is used for static structure, sequence modelling is used for dynamic,

a structure which focuses in identifying the behavior within the system. Below is a

description of the interaction among the objects of M&E-NetPay with four UML

sequence diagrams.

3.5.2.1 Register and Buy E-coins

The sequence diagram in figure 3-7 shows the M&E user registers with the broker and

buys e-coins using the credit card.

� The M&E user clicks on “Create Account” link on the broker’s site.

� The broker application opens a new page requesting the M&E user to enter account

details.

� The M&E user clicks on the link “Create” and the M&E user’s account is created.

The broker issues the customer id to the M&E user.

� The M&E user clicks on “Buy” button on the broker’s site.

� The broker verifies the credit card details and debits the M&E user’s account.

� The broker system then generates a unique E-coin ID and payword chain and

records the e-coin data.

� The e-wallet is then sent to the broker and the broker displays the balance to the

M&E user.

52

M&E-User Broker E-wallet Ecoin Macro-payment

1. Create Account

2. Enter account Details

3. create

4. Registrationsuccessful

5. Buy E-coins

6. Enter Amount

7. Buy

8. VerifyCreditCard()

9. Card Verified

10. DebitCustomerAccount()

11 generateEcoins()

12. sendEwallet()

13. DisplayBalance()

Figure 3-7 Register and buy E-coins sequence diagram

3.5.2.2 Purchase from first vendor (Ringtone site)

Figure 3-8 shows the sequence diagram for M&E user who wishes to purchase ring

tone from vendor (V1).

� The M&E user searches for the desired ring tone by providing ring tone details.

The vendor system displays the possible list to the user.

� The M&E user selects the desired ring tone and the vendor system checks if there

are sufficient e-coins in the e-wallet.

53

� If there are not enough e-coins then the M&E user is directed to the broker’s site to

buy more e-coins.

� If the e-coins are enough, V1 gets the touchstone and index and verifies the e-coins

� If the e-coins are not verified the transaction is terminated.

� If the e-coins are valid, V1 debits the e-coins and generates a unique redeem ID and

records the redeem data.

� V1 downloads the ring tone file to the M&E user’s computer or mobile.

Figure 3-8 Buy ring tone with vendor (V1) sequence diagram

54

3.5.2.3 Purchase from another vendor (Wallpaper site)

Figure 3-9 shows the sequence diagram for M&E user who wishes to purchase

wallpaper from vendor (V2).

� The M&E user searches for the desired wallpaper file by providing wallpaper

details. The vendor system displays the possible list to the user.

� The M&E user selects the desired wallpaper and the vendor system checks if there

are sufficient e-coins left in the e-wallet.

� If there are not enough e-coins, the M&E user is directed to the broker’s site to buy

more e-coins.

� If V2 has not obtained T and I, V2 gets the touchstone and index from V1 and

verifies the e-coins.

� If V1 is offline V2 requests the broker for T and I.

� If the e-coins are not verified the transaction is terminated.

� If the e-coins are valid, V2 debits the e-coins and generates a unique redeem ID and

records the redeem data.

� V2 downloads the ring tone file to the M&E user’s computer or mobile.

55

Figure 3-9 Buy wallpaper with vendor (V2) sequence diagram

3.5.2.4 Redeem E-coins

Figure 3-10 shows the sequence diagram for vendor actor who wants to redeem e-

coins with the broker.

� Vendor logs in to the system and selects “Redeem”, the system aggregates all

redeem data and sends to broker.

� Broker system gets touchstone of the e-coins from the e-coin object and verifies

the redeem data.

� If all redeem data are valid, the broker system generates and sends updated balance

to the vendor.

56

Figure 3-10 Redeem E-coins with broker sequence diagram

57

3.6 Summary

M&E-NetPay system has greater capabilities than other micro-payment systems. It is

cheap, secure, widely available and debit-based protocol. M&E-NetPay stands out in

scalability, performance, anonymity and interoperability while other micro-payment

systems lack some or most of these. This protocol prevents double-spending and

forging of e-coins by vendors, M&E users and other third parties.

M&E-NetPay is cost effective since it uses one-way hash functions per purchase rather

than public key operations. The major advantage of M&E-NetPay protocol is its

interoperability property. M&E-NetPay is compatible with any language and platform.

We discussed the M&E user requirements of M&E-NetPay to determine its overall

functionality. Use case diagrams and descriptions were used to gather functional

requirements on M&E-NetPay system. To determine the objects and its static

relationship UML class diagrams were used. UML sequence diagrams were used to

show the dynamic interaction of the system. Moreover, non-functional specification

was used to describe various constraints on systems’ operation. We will use the

information collected from the OOA phase to discuss the Object Oriented Design

(OOD) phase in the next chapter.

58

Chapter 4: M&E-NetPay Architecture and

DesignWe describe the software architecture (the machines, programs, etc. that makes up the

system) of our M&E-NetPay system and the appropriate implementation tools,

languages, APIs used during the implementation of our system. We have split our

OOA to determine the Object Oriented Design (OOD) classes that make up our

programs that comprise the architecture we have designed [45]. An OOD process

involves designing the object classes and the relationships between these classes

[52].The design of M&E-NetPay application including broker and vendor systems are

discussed in this chapter. Sequences of operations of M&E-NetPay application

software with examples are also presented.

4.1 M&E-NetPay Software Architecture

We have developed a software architecture for implementing M&E NetPay micro-

payment systems. These systems are thin-client n-tier web & mobile based

applications. The software architecture is entirely designed for Microsoft.NET

applications. The use of Web Services has made our implementation much easier by

enabling inter-connection between remote sites. The M&E-NetPay micropayment

transactions involve three key parties: a Broker Server, a Vendor Server, and a M&E

user browser [3].

The Broker server database holds all registered M&E users’ account information and

transaction history. The e-wallet of a M&E user resides on the broker’s database until

the M&E user logs on to any vendor sites using the given e-coin id. Upon logging in

the e-wallet of the M&E user is transferred to the visiting vendor. The broker server

also helps the vendors verify e-coins when the M&E users try to purchase any item

from their sites. The broker also provides functionalities to vendors to redeem e-coins

spent on their site and request touchstones. These functionalities are provided by the

broker’s “BrokerVendor” Web Service as shown in Figure 4-1. This Web Service is

only available to the vendors for accessing certain information from the broker’s

database.

59

The M&E users can access the broker site using their mobile phones or PCs as long as

they have internet access. The mobile users use the Wireless Markup Language

(WML) based web browser in their mobile phones to access the Broker Mobile

application which has got small interfaces suitable to fit on mobile phone’s screen

whereas the Internet users can access Broker Web application through the web

browser. The M&E user inputs are assigned to the broker data entities on the client

end and are retrieved by the data layers when needed. The mobile and web applications

references the same Web Services hosted on the broker’s application server. The

broker Web Services passes information in a XML-based message to the business

logic layer. The business logic layer implements all the business rules for the

application. The business logic layer passes the information to the data adapter layer -

the broker database and executes the necessary queries. The Data Adapters are used to

exchange data between a data source and a dataset [53]. In our applications, it means

reading data from a database into an entity or entity collection, and then writing altered

data from an entity back to the database. The entire process is shown in Figure 4-1.

60

Figure 4-1 Basic Software Application Architecture

Similarly, vendor sites also provide interfaces to both mobile and internet users. The

vendor sites allow M&E users to browse through their entire website and purchase any

items they wish to buy. In our case when the M&E user logs in to the Ringtone site,

the Ringtone vendor requests for the e-wallet from the broker. This facility is available

on the “BrokerVendor” Web Service provided by the broker. If the Ringtone vendor

finds that the M&E user’s e-wallet resides on another vendor site, it then requests the

e-wallet from that vendor which contains the e-coin indexes and touchstones. All

vendors have a Web Service named “OutsideVendor” which allows the other vendors

to retrieve their logged in M&E user’s e-wallet. The e-wallet is then stored on the

current vendor’s site. When any item is purchased by the M&E user, his/her e-wallet is

debited (i.e. the e-coins in the e-wallet is decremented).

61

4.2 M&E-NetPay Software Deployment Architecture

After evaluating the OOA specifications (use cases, sequence diagrams and non-

functional specification), we are now in a better position to determine the deployment

architecture of our M&E-NetPay application. Keeping in mind of some general

qualities of performance, security, availability and serviceability we designed the

M&E-NetPay application’s deployment architecture as shown in Figure 4-2.

Figure 4-2 Basic M&E-NetPay Deployment Architecture

The M&E-NetPay is a thin-client n-tier application which is distributed along multiple

servers to share workload. The broker and vendor web/mobile Applications are

deployed on their respective Web servers and likewise their Web Services are

published on their respective Application servers. The broker and vendors have their

own Database servers to store required information. The core advantage of this

approach is that any person logging in the broker or vendor system can only have

access to Web servers. From there onwards the information is transferred through

secure channel in a XML message which can not be intercepted by any third party.

Moreover, the Web Services on Application servers is only available on requests from

mobile/web applications on Web servers. No third party has any possibilities of

62

logging directly or indirectly on to the Application Servers. In addition Application

Servers will not be accessible from outside the network (i.e. via internet).

The above architecture allows M&E-NetPay vendors and the broker to use certain

Web Service interfaces of the other party in order to exchange M&E users’

information. The M&E-NetPay is easily maintainable and serviceable as any changes

will only need part of the application to be configured. For example if the Ringtone

vendor wishes to change the display of its site then only the web/mobile application on

the Ringtone vendor’s Web Server will be re-configured

4.3 M&E-NetPay Object Oriented Design

We present a detailed OO design from the OOA specification discussed in the previous

chapter and the software architecture of M&E-NetPay discussed in section 4.1 and 4.2.

Object-oriented design is concerned with developing an object-oriented model of a

software system to implement the identified requirements [54]. We discuss the static

and dynamic OOD in this section.

4.3.1 Static System Design

OOD draws upon class definitions that are derived from the OOA. An OO design

model encompasses software architecture, user interface description, data management

components, task management and detailed description of each class to be used in the

system [55]. OOD of M&E-NetPay e-wallet, broker and vendors are discussed in the

following sections

4.3.1.1 M&E-NetPay E-wallet

The M&E-NetPay e-wallet is a server-side e-wallet that is created by broker and it

resides on the last vendor the M&E user visited. That is the M&E user’s e-wallet is

transferred across the vendors depending on which vendors the M&E user is buying

items from. When the M&E user makes a purchase from vendor (V1), V1 request the

Touchstone and Index (T&I) from the M&E user’s previous vendor. If V1 is the first

vendor then it has to contact the broker for T&I. The vendors use T&I to verify e-

coins.

63

To achieve our goals we designed the broker and vendors’ application on .NET

Framework and to use Web Service interfaces as the middleware to communicate with

each other to get T&I. In order to get T&I from another vendor, the current vendor

sends a XML based message via Web Services.

The M&E user buys e-coins from broker using Web Service interfaces. The broker

connects to the Bank to debit the M&E user’s account and generates and stores e-coins

in the M&E user’s e-wallet. When the M&E user wants to buy an item, the vendor

server communicates with broker or the previous vendor via Web Services to obtain

T&I to verify e-coins. Figure 4-3 shows the M&E E-wallet design feature.

64

Figure 4-3 M&E-NetPay e-wallet design feature

4.3.1.2 M&E-NetPay

The M&E-NetPay broker system which has a multi-tier web-based architecture built

on top of the .NET framework 4.0 is presented as follows:

� Client tier (HTTP Browser): The browser communicates with the Web server

which runs the ASPX web pages to register M&E users and buy e-coins.

65

� Web tier (Broker Web Server and ASPXs): The broker Web application is

deployed on the Web Server’s Microsoft's Internet Information Server (IIS). M&E

users connect to the web server by typing the broker’s Uniform Resource Locator

(URL) address in the HTTP browser. If the broker is online its homepage is

displayed to the M&E user. When the user makes a request, the ASPXs forward it

to the Application Server (Web Services) and when the Application Server makes a

response, the Web server forwards it over the HTTP browser and the content is

displayed to the M&E user. The IIS is designed to support multiple uses

simultaneously.

� Application Server tier (WEB Services): The broker Application Server host

broker’s Web Service interfaces which is implemented in C Sharp (#) language on

.NET framework 4.0 and uses SOAP and simple XML based protocol to allow

applications to exchange data across the Web. Web Services are also implemented

over the IIS. The Broker Application server is not accessible to anyone via internet

since it is hosted internally. Only some of broker’s Web Services are available to

M&E-vendor Web applications in order to get T&I and redeem e-coins.

� Database Server tier: For data storage we implemented the database on Microsoft

Standard Query Language (MSSQL) 2005. SQL Server 2005 introduces several

high availability solutions to improve the availability of servers and databases.

These solutions mask the effect of hardware or software failure and maintain the

availability of applications so that M&E users perceive a minimum of downtime

[57].

Similarly, the Vendor systems have multi-tier web-based architecture built on top of

the .NET framework 4.0. Vendor systems have the same architecture as broker system

just the functionalities they provide differ.

4.3.1.3 Broker OOD class diagram

The broker system is divided into registration, buying e-coin and redeeming e-coins.

The following are the class diagrams of the above divisions.

66

4.3.1.3.1 Register Objects

Register objects is a four tier architecture which is responsible for registration of new

M&E users with the broker system as shown in Figure 4-4.

Figure 4-4 Register class diagram

Register ASPX – deals with requests from Web/Mobile client. The requests

incorporate receiving M&E user information; sending register/cancel requests to

register C Sharp (#) code behind which forwards the request to the Application Server.

Register User C# – is the C# code behind the ASPX pages. It takes the registration

inputs via ASPX, validates it and forwards the request to the Application server for

further process.

67

RegisterWebChannel – holds the Web Services Interfaces and is only available to

authenticated M&E users. It uses XML-based messages to transfer data. It receives the

registration request from the Web application and calls the business component’s

registerUser method.

RegisterBusinessComponent – defines the register user business rules and calls the

data adapter method.

RegisterDataAdapter – opens the SQL connection and passes the user information to

the query (stored procedure) “prc_registerUser” located in SQL 2005 database server.

The broker SQL server executes the stored procedure and upon successful execution it

returns the user ID via the Register data adapter.

CustomerEntity – holds the account details for the M&E users.

SQLConnection – is used by manager objects to connect to DB.

68

4.3.1.3.2 Buy E-coin Objects

Buy e-coins deals with the registered M&E users purchasing e-coins from broker. The

class diagram is shown in Figure 4-5.

Figure 4-5 Buy e-coin class diagram

BuyEcoins – is an interface which provides functions for M&E users to purchase e-

coins using credit card. The functions include debiting amount from M&E user’s credit

card, generating e-coin, and saving to M&E user’s e-wallet.

69

EcoinWebChannel – It receives the “buyEcoin” XML request with parameter n-

number of e-coins, from the broker Web application and calls the business

component’s “buyEcoin” method.

EcoinDataAdapter – opens the SQL connection and call for execution of “buyEcoin”

query. The generated e-coins and its details are inserted to the M&E user’s e-wallet.

The generated e-coin ID is returned to the application via data adapter.

EcoinData – contains all attributes of an e-coin.

70

4.3.1.3.3 Redeem e-coins Objects

The M&E-vendors communicates with the broker’s Web Service interface to redeem

e-coins as shown in Figure 4-6.

Figure 4-6 Redeem E-coin class diagram

Redeem – this interface provides functions for M&E-vendors to redeem spent e-coins.

The functions include receiving redeem information, verifying spent e-coins, updating

vendor account balances, sending balance to the vendors and storing transaction

history.

71

RedeemWebChannel – The Web server vendor and the broker are at remote locations

to each other but connection is possible via Web Service interfaces.

RedeemDataAdapter – calls the execution of ‘redeemEcoins’ query. This query

validates the spent e-coins, updates the transaction history table and returns the new

account balance.

TransactionHistoryEntity – contains all redeem messages.

EcoinEntity – contains all attributes of an e-coin

4.3.1.4 M&E-Vendor OOD diagram

M&E-vendors allows M&E-users to download files. The following shows the object

class diagram for transfer of T&I, searching of wallpaper file, wallpaper download and

redeem spending.

4.3.1.4.1 Transfer T&I Objects

Transfer T&I provide a Web Service interface with which the M&E-vendors’ server

communicates to get T&I as shown in Figure 4-7.

72

Figure 4-7 Transfer Touchstone and Index class diagram

OutsideVendorChannel – is an interface which provides functions for the other

M&E-vendors to request T&I information including e-coin ID, touchstone, index of

the payword chain and left e-cons. Figure 4-7 shows the current vendor making a

request with the previous vendor to retrieve T&I and e-coins. The functions contain

transferring e-coin ID, touchstone, index and e-coins from one vendor to another

vendor.

73

4.3.1.4.2 Search Wallpaper Objects

Figure 4-8 Search Wallpaper class diagram

Search Wallpaper ASPX – allows the M&E-users to search for desired wallpaper

using the search criteria. Wallpapers can be searched by title, description, category,

movie, and date posted.

WallpaperWebChannel – is a Web Service interface that provides wallpaper search

functionalities to M&E-users.

74

4.3.1.4.3 Download Wallpaper

Wallpaper Vendor allows M&E users to download wallpapers for which they have

paid for. When the M&E user clicks on the “Download” button the Wallpaper

application uses the OtherVendor Web Service interface to request T&I from the M&E

user’s previous vendor. If the previous vendor is down or if the wallpaper vendor is the

first vendor then it connects to broker via “BrokerVendor” Web Service interface to

get T&I.

When the e-coins are verified the WallpaperWebChannel uses Wallpaper Web Service

interface to get the selected wallpaper details. Wallpaper details contain

“wallpaperURL” which specifies the location of that wallpaper. The download

interface uses the wallpaper location to retrieve the wallpaper from the Wallpaper

folder and downloads it onto the M&E user’s computer or mobile. Figure 4-9

illustrates the download wallpaper class objects.

75

Figure 4-9 Download Wallpaper class diagram

4.3.1.4.4 Redeem Spending

The vendor web server connects to the broker Application Server in order to redeem e-

coins to get the money value. The broker provides the “BrokerVendor” Web Service

interface allowing the vendors to send all the redeem details to the broker at the end of

business day. The broker verifies the e-coins and redeems the e-coins in money value

76

and deposits it into the respective vendors’ account. The vendors redeem spending

with broker is illustrated in Figure 4-10

Figure 4-10 Redeem spending e-coins with broker

Redeem C# – vendor request for redeem spending with the broker by connecting to

BrokerVendor Web Service.

BrokerVendorWebChannel – provides “BrokerVendor” Web Service interface to

vendors to request for redeem spending. The spent e-coins are verified by the broker

77

database and the balance is returned to the vendor’s interface via the same Web

Service interface.

4.3.2 Dynamic System Design

In order to document the OOD dynamic system design we used UML diagrams as it

provides a larger number of dynamic models. Dynamic structure of M&E-NetPay

system is described by dynamic models which also demonstrate the interaction

between system object and not the object classes. We refine and present the sequence

diagrams described in section 3.5.2.

78

4.3.2.1 Buy e-coins

Figure 4-11 shows the UML sequence diagram of how the M&E user buys e-coins

from the broker. New and existing M&E users (if they run out of e-coins) enter the

amount and click on buy button. The request is delivered to the broker in a light weight

XML-based message via Web Services. The broker debits the M&E user’s credit card,

generates and stores the e-coins in the database. The M&E user views the updated

balance.

Figure 4-11 Buy e-coin sequence diagram

79

4.3.2.2 Download File

Figure 4-12 shows the UML sequence diagram of how the M&E user buys services

from the vendor. After searching for the desired file (e.g. wallpaper) the M&E user

clicks on “Download” button. The M&E-NetPay system sends the client information

and the e-coins from the E-wallet to the vendor. The vendor receives T&I information

from the M&E user’s previous vendor or from the broker via Web Service interfaces.

If e-coins are valid the current vendor debits the e-coins and downloads the purchased

wallpaper which is downloaded on to the M&E user’s mobile or PC.

Figure 4-12 Download wallpaper sequence diagram

80

4.3.2.3 Redeem Spending

Figure 4-13 illustrates how a vendor redeems spent e-coins with broker. When

redeeming spent e-coins the vendor clicks on redeem button on the vendor site. The

system aggregates all payments and sends it to broker application server where it

verifies spent e-coins and credits the vendor’s account.

Figure 4-13 Redeem spending sequence diagram

81

4.4 Database Design

Database is a system intended to organize, store and retrieve large amount of organized

collection of digital data easily. For the implementation of M&E-NetPay system we

designed three relational databases; one broker database and two vendor databases.

4.4.1 Broker database

The M&E-NetPay broker database consists of four tables. Figure 4-14 shows the

broker database table and their relationships.

� Customer – contains M&E users’ personal and credit card information.

� Ecoin – contains all the information about e-coins generated by broker and the

M&E user associated with it. E-coin fields are “Root”(W0) which is used to

generate the first e-coin, “Seed” (Wn+1) prevents M&E users and vendors from

overspending and forging paywords in a payword chain, “Amount” (n) is the

number of e-coins the M&E user has bought and “Chain” contains n number of

paywords and each payword contains thirty-two characters.

� CardType – contains a set of credit card types that are accepted by the broker to

buy e-coins.

Figure 4-14 Broker System database ERD

82

� VendorHost - it keeps track of all the vendors a M&E user has visited. The e-

wallet of the M&E-user resides on the last vendor the user visited. The M&E user

is authenticated using the e-coin ID.

When the M&E user gets registered with the broker his/her personal and bank

information are stored into the Customer table and when the registered M&E user

buys e-coins, the broker generates the e-coins and saves it into the Ecoin table with

the M&E user assigned to it. One M&E user can do multiple purchase of e-coins.

Every time the M&E user buys e-coins from the broker a new e-coin ID is issued

to him/her.

4.4.2 Vendor Databases

4.4.2.1 Wallpaper Database

The Wallpaper database consist if five tables as shown in Figure 4-15.

� Wallpaper stores wallpaper information. The inofrmation it captures are Title,

Category of wallpaper, movie the wallpaper is taken from, the date it is posted

online, the price of the wallpaper, description if there is any and the location

where the wallpaper is saved.

� Category stores all the possible categories of wallpapers.

� Movie stores all possible list of movie names the wallpaper belongs to.

� TandI contains touchstone and index of an e-coin. When the M&E user

downloads a wallpaper from Wallpaper-vendor, the Wallpaper-vendor stores the

touchstone and index assuming that M&E user will download more wallpaper

instantly after first download. The Wallpaper-vendor gets the touchstone and

index from M&E user’s previous vendor or broker if previous the vendor is

unavailable.

� Redeem contains e-coins for redeem spending with broker.

� BrokerHost contains broker’s host and site name

83

Figure 4-15 Wallpaper system database ERD

Similar to Wallpaper database the Ringtone database contains five tables as shown in

Figure 4-16. The ringtone database tables includes TandI, Redeem, Ringtone, Category

and Movie.

� Ringtone stores all ringtones information. The inofrmation it captures are Title,

Category of ringtones, movie the music is taken from, the date it is uploaded on the

site, the price of the ring-tone, description if there is any and the location where the

ring-tone is saved.

� Category stores all the possible categories of ring-tones.

� Movie stores all possible list of movie names the ringtone music belongs to.

� TandI contains touchstone and index of an e-coin. When the M&E user downloads

a ringtone from the Ringtone vendor, the Ringtone-vendor stores the touchstone and

index assuming that M&E user will download more ring-tones instantly after first

download. The Ringtone-vendor gets the touchstone and index from the M&E-

user’s previous vendor or broker if previous vendor is unavailable.

� Redeem contains e-coins for redeem spending with broker.

84

� BrokerHost contains broker’s host and site name

Figure 4-16: Ringtone system database ERD

85

4.5 M&E NetPay Implementation

We have implemented one broker and two vendor sites. All applications were

developed on .NET platform, framework 4.0. We used Microsoft Visual Studio 2010

ASP.NET and C# programming language for front-end implementations and Microsoft

SQL Server 2005 for our database storage. The broker and vendors provide access to

both mobile and internet users published on the web servers’ IIS. Web service

interfaces are implemented on the application servers’ IIS to provide access to internal

as well as to remote sites. Figure 4-17 shows Web Service references on the broker

site referenced from Broker Web Service on the application server.

<applicationSettings>

<BrokerWebApp.Properties.Settings>

<setting name="BrokerWebApp_Customer_CustomerChannel" serializeAs="String">

<value>http://localhost/BrokerWebService/CustomerChannel.asmx</value></setting>

<setting name="BrokerWebApp_CardType_CardTypeChannel" serializeAs="String">

<value>http://localhost/BrokerWebService/CardTypeChannel.asmx</value></setting>

<setting name="BrokerWebApp_Ecoin_EcoinChannel" serializeAs="String">

<value>http://localhost/BrokerWebService/EcoinChannel.asmx</value></setting>

<setting name="BrokerWebApp_VendorHost_VendorHostChannel" serializeAs="String">

<value>http://localhost/BrokerWebService/VendorHostChannel.asmx</value></setting>

</BrokerWebApp.Properties.Settings>

</applicationSettings>

Figure 4-17: Code for Web Service references on the broker web application.

4.5.1 Broker

The broker manages M&E user and vendor accounts, e-coin creation and spending e-

coin redemption, touchstone supply for e-coin verification, and macro-payment

handling for e-coin purchase by M&E users and payment to vendors for spent e-coins

[3]. Our broker database holds all the M&E users’ and vendors’ information,

application server provides business functions, Web Service interfaces for broker.

Vendor application servers and web server provides Active Server Pages (ASP.NET)

with ASPX extension-implemented on WML interfaces for mobile users and HTML

(Hyper Text Markup Language) interfaces for Internet users.

86

(a) WML interfaces for mobile phone users

(b) HTML interfaces for Internet users

Figure 4-18: M&E users purchasing e-coins from broker

The Web Service interface allows vendors to request for e-coin touchstone and index

information, help vendors to verify e-coins, redeeming of spent e-coins by vendors.

We chose to replace CORBA with Web Service to provide interoperability (i.e.

platform-independent and language-independent). Figure 4-18 shows M&E user

purchasing e-coins from broker. The user registers with the broker to have their

money account created (1). The M&E user needs to login using the provided

(3) (2) (1)

(4)

(4) (3)

(2) (1)

87

customer id and password (2). In order to buy e-coins the M&E user needs to

authorize macro-payment by the broker (3) and the bank debits the M&E user’s

account paying for e-coins (4).

4.5.2 Vendor

Vendor implementation provides M&E users with ASP.NET pages to browse through

their entire site. In our case we implemented Ringtone and Wallpaper sites. There are

also search facilities provided to M&E users to search for desired ringtones or

wallpapers. The search result shows a brief summary of the ringtone or wallpaper with

download cost as shown in Figure 4-19 (1). After downloading an item, the ASP.NET

pages is refreshed to indicate the amount of e-coins left with the current vendor in the

M&E user’s e-wallet (2).

(a) WML interfaces for mobile phone users

(b) HTML interfaces for Internet users

Figure 4-19: M&E User spending e-coins at the Ringtone site.

(1)

(1) (2)

(2)

88

When the M&E user first tries to download an item, the vendor obtains the validating

touchstone and index from the broker through Web Service interface provided by

broker. When going to another vendor the current vendor obtains the valid touchstone

and index from the previous vendor through the Web Service interfaces provided by

other vendors.

4.5.3 Customer (M&E User)

We have provided WML/HTML interfaces for both mobile and Internet users to allow

a wide range of M&E users access broker and vendor sites using standard web

browser. The use of thin-client technology implementation eradicates the need to

install separate browsing software on the client’s site. The M&E users use

WML/HTML based ASP.NET pages to browse through broker and vendor sites. The

e-wallet of the M&E user is hosted on the server side and transferred from vendor to

vendor as the M&E user purchases item(s) from those vendors.

4.6 Implementation and Experience

We have used Active Server Pages (ASPx) to implement the M&E-NetPay

micropayment system. In order to connect remote systems we used Web Services

interfaces. All communications between Presentation and Business Components are

achieved via Web Services whether it is within the system or between the systems.

Web Services uses SOAP and XML-based messages to achieve a fast, secure and

cheap communication amongst systems.

To make the M&E-NetPay system more effective and efficient we split the system into

three components: the presentation logic which determines how the information is

presented to the M&E users; business components which controls the relationship

between inputs and determines business rules; data adapter layer which connects to the

database, executes relevant queries and returns the results back to the upper layers. We

used HTML with ASP controls for the design of web pages and C# programming

language was used to implement the back end of the application.

We have used Web Services as the middleware for our M&E-NetPay system. Web

Services interfaces was implemented on .NET framework 4.0 which enables small and

89

enterprise applications to connect to other applications over Internet. Web Services

also has greater advantages over OMG’s CORBA middleware. Web Services on .NET

framework is widely available in the area of object oriented and distributed systems.

Moreover, it adds in a new functionality of interoperability which supports

independence of development platform and programming languages to be used. It

allows vendors and broker to use their choice of programming language and operating

system platform for the implementation of their system. Therefore, a vendor

implemented using C# programming language and running on Windows operating

system can easily communicate with a vendor implemented using C++ programming

language and running on UNIX operating system.

4.7 Summary

In this chapter we presented the software architecture of our M&E-NetPay system.

Software architecture provides a high-level structure of the M&E-NetPay system and

also addresses the complexity of our system. OOD was used to describe the design

level of the M&E-NetPay system. The class diagrams and sequence diagrams

describes static and dynamic behaviours of the M&E-Neypay system. Entity

Relationship Diagram (ERD) shows related tables and the fields of broker and vendor

databases. We describe each table and its attributes in detail. The implementation and

user interaction with examples are presented to support the design of M&E-NetPay. In

the next chapter we will evaluate the M&E-NetPay system to determine the efficiency

and effectiveness of the system.

90

Chapter 5: EvaluationIn this chapter we describe the three types of evaluation methods which are used to

assess the usability of M&E-NetPay system and to assess our system with comparison

with other payment systems. The first two are performance impact and heuristic

evaluation which does not include users working with the product [58]. The third

method is usability evaluation which focuses on users working with the product. This

method also includes direct questions to users while they are performing the task.

5.1 Motivation

After implementing M&E-Netpay system we now want to gauge its simplicity

compared with other payment systems. We choose to compare M&E-Netpay system

with a CORBA-based NetPay system [1, 3, 59]. CORBA-based NetPay is a debit-

based mobile micro-payment system which uses one-way hash function to generate a

payword chain. NetPay uses CORBA interfaces as middleware to provide

communication amongst vendors and broker. We also implemented the NetPay

application for comparison.

To assess the characteristics of M&E-NetPay system we compare it with CORBA-

based NetPay system. We engage M&E users to use the M&E-Netpay system and

provide feedback on its usability. We want to evaluate the M&E-NetPay system from

several perspectives to get a better understanding of M&E user’s needs. We also want

to evaluate the advantages and disadvantages of users’ feedback while using M&E-

NetPay system. There are many micro-payment systems in existence in M&E

environment however many of them suffered from dependency of online brokers,

scalability, performance and interoperability problems. The new M&E-NetPay model

guarantees high-volume, low value, cheap e-coin encryption via one-way hashing,

offline micro-payment (does not involve broker in every transaction), prevents

customers from double spending, protects forging and fraud by users, vendors and

outsiders, prevents anonymous payment and is platform and language independence.

These properties have been achieved via one-way hashing mechanism embedded in

broker system and use of simple XML based Web Services with .NET framework 4.0

on both vendor and broker systems.

91

The performance impact evaluation of M&E-NetPay was used to determine the

usability of such system in M&E environment. Heuristic evaluation was carried out to

assess the user interface based on a set of usability principles [60]. Usability

evaluation was carried out to obtain quantitative data about test participants'

performance when they perform the tasks during usability test and via answering direct

questions [11]. In the following sections we report the result of:

� Performance evaluation to verify whether M&E-NetPay would be acceptable in

M&E environment.

� Heuristic evaluation is used to validate whether M&E-Netpay meets the

requirements for a micro-payment system for purchasing items via M&E

environment.

� Usability evaluation to determine whether M&E-NetPay is usable as far as target

users are concerned.

5.2 Performance Impact Evaluation

Performance is an important quality attribute of software systems. Performance

failures results in damaged customer relations, lost productivity for users, lost revenue,

cost overruns due to tuning or redesign, and missed market windows [61]. We assess

the performance of M&E-NetPay system against the CORBA-based NetPay system in

regards to user response time.

5.2.1 Procedure

We carried out a test for client response time with ten tests. The main aim of this

evaluation is to test how long it takes to download a wallpaper from the time the

customer clicks on the download link till the time the file is downloaded. The users

downloaded the same file from both M&E-NetPay and CORBA-based NetPay system.

The response time of searching for wallpaper, buying of e-coins and redeeming e-coins

was also noted. Our prototypes were deployed over multiple machines connected via

high speed LAN.

92

5.2.2 Results

We present the result of downloading of wallpaper with both the systems. M&E-

Netpay and CORBA-based NetPay system are shown in Table 5-1. The response time

delay is the time taken for a wallpaper to be downloaded. All ten clients downloaded

the same wallpaper having size of 38.4KB.

Table 5-1 Results of Downloading Wallpaper

Test

Response delay time with

M&E-NetPay (ms)

Response delay time with

CORBA-based NetPay

(ms)

1 2149 24102 2390 25093 1734 22944 3065 23545 2012 24326 1976 20917 2190 22568 1734 21689 1637 200510 1815 2344

Average 2070 2286

93

Figure 5-1 Response delay time of downloading wallpaper

The above result shows that the response delay time of downloading a wallpaper is

slightly higher with CORBA-based NetPay. When the client downloads wallpaper

using M&E-NetPay system it takes an average of 2070 milliseconds. For CORBA-

based NetPay system it takes an average of 2286 milliseconds to download the same

wallpaper. There was a difference of 216 milliseconds and this was due to CORBA’s

weaknesses with client-to-server communications. Moreover .Net framework

architecture 4.0 with Web Services in M&E-NetPay has improved client-to-server

communications. Hence it provides a fast, secure and cheap communications amongst

vendor and broker systems.

0

500

1000

1500

2000

2500

3000

3500

1 2 3 4 5 6 7 8 9 10

Res

pons

e Ti

me

(ms)

Number of Tests

Response Delay Time of Downloading Wallpaper

Response delay time with M&E-NetPay (ms)

Response delay time with CORBA-based NetPay (ms)

94

Table 5-2 Results of Searching Wallpapers, Buying and Redeeming E-coins

Average response delay time

with M&E-NetPay (ms)

Average response delay time

CORBA-based NetPay (ms)

Search wallpapers 1501 1703

Buy E-coins 895 920

Redeem E-coins 1990 2110

The results in Table 5-2 shows that the searching of wallpaper via M&E-NetPay is 202

milliseconds faster than searching of wallpaper via CORBA based NetPay. Since

M&E-NetPay is deployed over multiple servers to share workload and is built on a

more stable, secure and simple architecture, the response delay time is lesser than

CORBA-based NetPay system. Buying of e-coins and redeem e-coins are also faster

with M&E-NetPay.

5.3 Heuristic Evaluation

Heuristic evaluation technique is the most widely used inspection method. This

method is for finding usability issues in a user interface by having a small number of

evaluators (usually one to five) examine the interface and judge its compliance with

usability principles (heuristics) [58]. The results from observations represent the

evaluator's opinion about what needs to be improved in a user interface [58]. Heuristic

reviews are cheap and less time consuming. The results will also bring good ideas for

improving the user interface.

Usability problems found are normally restricted to aspects of the interface which are

reasonably easy to demonstrate: use of colours, lay-out and information structuring,

consistency of the terminology, consistency of the interaction mechanisms. It is

generally agreed that problems found by inspection methods and by performance

measures overlap to some degree, although both approaches will find problems not

found by the other.

Each individual evaluator inspects the interface alone and only after the evaluations

have been completed the evaluators are allowed to communicate and have their

findings aggregated. This procedure is important in order to ensure independent and

95

unbiased evaluation from each evaluator. This method will provide recommendations

for design improvements. As this method relies on experts, the output will naturally

emphasize interface functionality and design rather than the properties of the

interaction between an actual user and the product.

The method provides proper planning of experts to be established in good time for the

evaluation. While running the evaluation the experts should be aware of any relevant

contextual information relating to the intended user groups, tasks and usage of the

product. At the end of evaluation the experts provide a report containing a list of

identified problems which may be prioritized with regard to severity and/or safety.

5.3.1 Design

We chose 5 evaluators to examine the M&E-NetPay interface and judge its compliance

with usability principles (“the heuristic”). Each individual evaluator inspected the

interface alone.

To aid the evaluators in discovering usability problems, a list of heuristics was

provided to them which could be used to generate ideas while evaluating the system as

shown in Table 5-3 [69] .

96

Table 5-3 Details of Heuristic Employed

Number Heuristic

1 Visibility

2 Functionality

3 User Control and Freedom

4 Consistency

5 Help Recover From Errors

6 Error Prevention

7 Memorability

8 Flexibility

9 Aesthetic

10 Help and documentation

We provided a system checklist (see Appendix A) based on the heuristics to the

evaluators to use as a guide. The evaluators were required to use the severity rating

shown in Table 5-4 [69] to determine the seriousness of each problem. The evaluators

were asked to identify the heuristic problems and provide recommendation based on

the severity rating.

Table 5-4 Severity of heuristic evaluation

Rank Interpretation

1 Cosmetic problem only

2 Minor usability problem

3 Major usability problem

4 Catastrophic

5.3.2 Results

The five evaluators evaluated the M&E-NetPay system with the set of heuristics. Two

of the evaluators were IT specialist, one of evaluators was an Accountant and the other

two were new graduates. The results of the heuristic evaluation are shown in Table B-1

(see Appendix A).

97

Severity rating has four levels of problem from which one and two are minor and are

not important to fix. Problem levels of three and four are given high priority and are

vital to fix. After the evaluation we identified three major problems and all these has a

severity rating of three. The discussion of each problem with recommendation is

shown in Table 5-5.

Table 5-5 Summary of FindingsNumber Problem Recommendation Severity

Ranking

Heuristic

Number

1 No error message is

displayed for invalid entries

Appropriate error message

should be displayed for

invalid entries

3 5

2 Exit button not provided to

exit application from any

screen.

Exit button should be

implemented on every screen

3 2, 3

3 No help topics provided Implement help topics as

users may not be aware of the

function of menu or

command button.

3 10

We implemented all the recommendations discussed above.

98

5.4 Usability Evaluation

Usability evaluation involves testing of usability of a user interface by having a group

of individuals performing tasks specific to a system under gentle guidance from a

facilitator.It is important to realize that usability is not a single, one-dimensional

property of a user interface. Usability is a combination of factors including [66]:

� Ease of learning - How fast can a user who has never seen the user interface

before can learn it sufficiently well to accomplish basic tasks?

� Efficiency of use - Once an experienced user has learned to use the system, how

fast can he or she accomplish the tasks?

� Memorability - If a user has used the system before, can he or she remember

enough to use it effectively the next time or does the user have to start over again

learning everything?

� Error frequency and severity - How often do users make errors while using the

system, how serious are these errors, and how do users recover from these errors?

� Subjective satisfaction - How much does the user like using the system?

There are eight guidelines of usability evaluation as shown below in Table 5-6 [65].

99

Table 5-6 Guidelines of usability evaluation

Guidelines

1. Choosing your subjects:

The results will only be as good as the people you test.

2. Before the usability testing:

Each participant must be put at ease.

Provide clear instructions on how to get to the usability testing location

3. Beginning the usability testing:

Before diving into key tasks, get the user familiar with the environment. Tell them the

website's name and URL, and ask them for initial feedback on what they would

expect from the site or what they would like the site to be.

4. Choosing tasks:

Set tasks that are essential to the new site's success, such as:

Buying products

5. How to word tasks:

People tend to perform more naturally if you provide them with scenarios rather than

instructions

6. Presenting tasks:

Only give participants one task at a time. More than this may intimidate them, or alter

their approach to the test.

7. How to behave during the usability testing:

It's essential that you remember that it's the website that is being tested, not you or the

subject. Any feedback you get is valuable - make sure the participant knows this. If

they cannot do something, make sure they know it's not their fault.

8. After the usability testing:

You should gather as much information as possible. Asking for overall impressions of

the site will allow you to judge whether expectations have been met, and whether the

participant's view of the client or site has changed during the process.

100

5.4.1 Design

We evaluated the participants’ user satisfaction, buying e-coins, downloading

wallpapers and general preference for the two systems – a CORBA-based NetPay

system and M&E-NetPay system. M&E-NetPay is deployed over three servers:

� Web Server hosts the presentation layer

� Application Server hosts Web Services, business logic components and data

adapter layer

� Database Server hosts the relational database

The CORBA-based NetPay system is deployed over two servers:

� Web Server host JSP pages and CORBA middleware

� Database Server hosts the relational database

We recruited 14 participants to carry out a set of task using our two prototypes.

Participants were an equal mixture of non- IT specialists, graduate students and college

students who volunteered to perform the usability evaluation for our M&E-NetPay and

CORBA-based NetPay systems. Participants filled a pre-test questionnaire (see

Appendix B) before they commence with the test. They were asked to fill the post test

questionnaire (see Appendix B) after they finished with the task given to them. The

participants ranked the systems in order of preference.

Participants were asked to complete the following task on M&E-NetPay and CORBA-

based NetPay system.

� Create account with broker

� Search for wallpaper on wallpaper vendor site

� Download wallpaper from wallpaper vendor

� Download ringtone from ringtone vendor

� If e-coins run out, user must buy more e-coins from broker

� Redeem e-coins with broker

Participants carried out all the tasks listed in the task list for both the systems and then

they filled the post-test questionnaire that contained a subject rating assigned to each

question.

101

5.4.2 Results

The Post-test questionnaire contains a scale rating ranged from 1 to 5 where 1 is “least

favorable” and 5 is “most favorable”. The post-test questionnaire also contained open

questions for users to provide feedbacks. We analyzed the post-test questionnaire

outcomes and presented the results as shown in Figure 5-2.

Figure 5-2 Usability Test Results on Usability features

The result in figure 5-2 shows that all the usability features significantly favors the

M&E-NetPay system. M&E-Pay system is easy to learn because it has user friendly

interfaces and provides clear instructions to accomplish any task. M&E-NetPay also

has a high efficiency rating. Participants mentioned that the speed of downloading file

(i.e. wallpaper, ringtone) is quite fast with M&E-NetPay and with a few clicks they

were able to download the file. They also commented that appropriate error messages

prevented them from going out of track. The overall average rating of M&E-NetPay

and CORBA-based NetPay system is 4.5 and 3.8 respectively. The above result is

greatly achieved by employing new and emerging distributed middleware technology

(i.e. Web Services). Therefore participants prefer M&E-NetPay system more that

CORBA-based NetPay system.

In the feedback of open questionnaires, participants noted that since M&E-NetPay is

available via both mobile and web they will be able to access the system from

anywhere at any time with barely any downtime.

102

5.5 Summary

We used three kinds of evaluation methods to assess the usability of M&E-NetPay

system. These were performance impact, heuristic evaluation and usability evaluation.

We compared the performance and usability of CORBA-based NetPay and M&E-

Netpay system. Even though heuristic evaluation provided a few errors, it was

successfully implemented. The overall result illustrates that most participants preferred

M&E-NetPay system. Participants and evaluators were very much satisfied with

M&E-NetPay system endorsing the system for wide use.

103

Chapter 6: Conclusion and Future workThis chapter provides the summary of the work done in this thesis and also suggests

some possible research in this area for future work.

6.1 Contributions

Many micro-payment systems are in existence now but most still suffer problems

pertaining to security, scalability, performance and interoperability. Some of the

micro-payments systems reviewed in this thesis are MPS [67], CMP [68] and NetPay

[3]. This thesis contributes to some major research in the area of micro-payment.

Firstly, we evaluated three micro-payment systems and compared them using the eight

evaluation criteria to identify the problems that still exist with these micro-payments.

These three micropayment systems are then compared and contrasted with M&E-

NetPay system to determine its effectiveness in the M&E environment. We used OOA

to determine the overall functionality and dynamic interaction of M&E-Netpay system.

M&E-NetPay is an improved version of CORBA-based NetPay micropayment system.

Secondly, the software architecture of M&E-NetPay system is presented and the

OOD is used to describe the design level of the system. The software architecture is

designed with Web Services sitting on top of .Net framework 4.0. M&E-NetPay

system has a thin-client n-tier architecture and supports both mobile and web

applications. M&E-NetPay uses server-side e-wallet which resides on the broker’s

database until the M&E user logs on to any vendor site. The e-wallet is stored on the

last vendor the M&E user visited. M&E-NetPay is distributed along Web, Application

and Database servers to share workload.

Thirdly, we implemented the prototype of a broker and two vendors. The broker

database holds all the M&E users’ and vendors’ information. Application server

provides business functions. Web service provides interfaces for broker and vendor

application servers and web server provides Active Server Pages (ASP.NET) with

ASPX extension-implemented on WML interfaces for mobile users and HTML (Hyper

Text Markup Language) interfaces for Internet users. Vendors provide M&E users

104

with ASP.NET pages to browse through their entire site. WML/HTML interfaces are

provided for both mobile and Internet users to allow a wide range of M&E users to

access broker and vendor sites using standard web browser. Web Services interfaces

are used to provide communications between the broker and vendors for requesting

touchstone and index, connecting to broker, browsing and downloading file and

redeeming e-coins. The vendor database holds information for file, e-coins, touchstone

and index and redeem.

Lastly, we evaluated the M&E-NetPay system using three evaluation methods which

includes performance impact evaluation, heuristic evaluation and usability evaluation.

Performance impact evaluation assessed the efficiency and effectiveness of M&E-

NetPay with CORBA-based NetPay in regards to user response time. Users favored

M&E-NetPay as it recorded a lower response time.

Heuristic evaluation identified the usability issues in the M&E-NetPay user interfaces

using a set of heuristics by five evaluators. Each individual evaluator inspects the

interface alone and provides opinion about what needs to be improved in a user

interface. Usability evaluation was carried to obtain quantitative data about testing

participants' performance and to determine whether M&E-NetPay is usable as far as

target users were concerned. Users used the prototype to assess their impressions of the

approach when purchasing a wallpaper/ringtone using M&E-NetPay system versus

CORBA-based NetPay system. Users gave preference to M&E-NetPay system over

CORBA-based NetPay system.

105

6.2 Conclusion

In this thesis we analysed some existing micro-payment systems and examined its

advantages and disadvantages in the M&E environment. We propose new protocol

M&E-NetPay which is suitable for micropayments on M&E environment. This

protocol provides interfaces for both mobile and Internet users to purchase goods and

services online. M&E-NetPay aims to ease the communication processes between

M&E users, vendors and broker. It is cheap, secure, effective and efficient protocol

and provides low value, high volume transactions since it uses one-way hash functions

to generate paywords rather than using private and public key operations.

M&E-NetPay protocol is based on CORBA-based NetPay protocol [3]. We developed

M&E-NetPay protocol on .NET platform and replaced CORBA middleware with Web

Services since Web Services carry greater advantages over CORBA when developing

mobile applications. M&E-NetPay protocol is an offline distributed system that does

not involve broker when purchasing services from the vendors. Broker is responsible

for generating payword chains for M&E users who wants to buy e-coins. During

transactions the current vendor contacts the broker only if the previous vendor of the

M&E user is offline. This protocol prevents double spending and forging of e-coins by

vendors, M&E users the other third parties. Moreover the anonymity of the M&E user

is fully protected from vendors therefore vendors have no idea who their customers

are. In MPS protocol [67] smart card device cannot guarantee multiple payment

protection.

In terms of transferability the e-coins can be transferred freely between vendors’ for

multiple purchases in M&E-NetPay. Web Service interfaces provide extra simplicity

on transferring e-coins between vendors. Transferability is an important criterion

which improves anonymity and performance of micropayment systems. MPS protocol

has low transferability since payment chains in MPS protocol can only be transferred

between the nodes on the ad hoc network. On a new network the user needs to buy

another payment chain from the new broker.

The main features of M&E-NetPay protocol are mobility and interoperability. The

mobility factor helps M&E-NetPay support both web and mobile users.

106

Interoperability feature minimizes the complexity of software development by reusing

components (components within the system) and performing inter-component

(components between systems) communication and is language & platform

independent (i.e. a client program can be programmed in C# and running on Windows

platform, while the Web Services is programmed in Java and running under Linux).

Therefore M&E-NetPay system has a greater scalability and performance features as it

can support rapidly growing number of M&E users. CORBA-based NetPay has low or

no mobility feature since CORBA’s tight coupling between clients and servers can

only support static networks and has medium interoperability since it can only support

few platform and programming languages.

We choose a thin-client n-tier mobile & web based software architecture for M&E-

NetPay system. This will allow a large number of users to access M&E-NetPay

system. Web Services are used with .NET framework 4.0 to support inter-connection

between remote sites. Mobile users use the WML based web browser to access vendor

and broker sites which has got small interfaces suitable to fit on mobile phone’s screen

whereas Internet users use HTML based web browser on their PCs to access vendor

and broker sites. M&E-NetPay application’s deployment architecture is designed

keeping in mind some general qualities of performance, security, availability and

serviceability. M&E-NetPay is distributed along multiple servers to share workload.

We host mobile & web applications on the Web Servers, Web Services on the

Application Servers and SQL Databases on the Database Servers. Web Services on

Application servers is only available on requests from mobile and web applications on

Web servers. Only authenticated users within the network will be able to log on to the

Application Servers.

We implemented server-side e-wallet for M&E-NetPay system using Web Services on

.NET framework 4.0. Mobile and web applications are published on the Web Server’s

IIS whereas Web Service Interfaces are published on the Application Server’s IIS.

Server-side e-wallet allows M&E users with mobility and accessibility anywhere

features. In the server-side e-wallet of M&E-NetPay system, the touchstone and index

(T&I) of the M&E users are passed from the broker to each vendor the M&E user

visits. The M&E user’s e-wallet resides on the last vendor he/she has visited. Web

Services enables the M&E user’s current vendor to communicate with his/her previous

107

vendor to get T&I to verify e-coins. The vendor communicates with the broker for T&I

only if that vendor is the M&E user’s first vendor or if the previous vendor of the

M&E user is off-line. Broker is responsible for generating, verifying and redeeming of

e-coins.

We have provided WML/HTML based ASP.NET interfaces for both mobile and

Internet users to allow a wide range of M&E users to access broker and vendor sites

using standard web browser. A well designed search feature is available for M&E

users to search for items online. Help features are also provided to M&E users who

find difficulties in using M&E-NetPay system.

M&E-NetPay system is assessed using three types of evaluation methods. We

compared our M&E-NetPay system with the CORBA-based NetPay system.

Performance impact evaluation was carried out to determine the transparency of M&E-

NetPay over CORBA-based NetPay system. Heuristic evaluation was to examine the

interface and judge its compliance with usability principles. Usability evaluation tests

the usability of M&E-NetPay and CORBA-based NetPay user interfaces by having a

group of individuals performing tasks specific on the system.

Performance impact evaluation compared the downloading of wallpaper with M&E-

NetPay versus CORBA-based NetPay. The result showed that the response delay time

of downloading wallpaper is slightly higher with CORBA-based NetPay. M&E-

NetPay took an average of 2070 milliseconds whereas CORBA-based NetPay took an

average of 2286 milliseconds to download the same wallpaper. There was a difference

of 216 milliseconds that was due to CORBA’s weaknesses with client-to-server

communications and the use of .Net framework architecture 4.0 with Web Services in

M&E-NetPay has improved client-to-server communications

In heuristic evaluation, each evaluator inspected the interface alone and provided

comments on improving the user interface. Problem levels of three and four were

given high priority and were vital for fixation. All recommendations with severity

rating of three and above were implemented.

108

Usability evaluation provided a good method of assessing and understanding users’

perception of using M&E-NetPay systems. Usability evaluation helped evaluate

advantages and disadvantages users saw while using M&E-NetPay system. Usability is

multiple dimension property of a user interface. We tested the usability of M&E-

NetPay and CORBA-based NetPay using a combination of usability factors which

includes: ease of learning, efficiency of use, memorability, error frequency and

severity, and subjective satisfaction. The result showed that usability features

significantly favored M&E-NetPay system. The overall average rating of M&E-

NetPay was 4.5 and CORBA-based NetPay system was 3.8. This result is achieved by

employing new and emerging distributed middleware technology (i.e. Web Services).

Participants also noted that using mobile phone to access M&E-NetPay was quite

helpful as they are be able to access it from anywhere. Hence participants prefer M&E-

NetPay system more than CORBA-based NetPay system.

6.3 Future work

M&E-NetPay micropayment system suffers from limitations with communication

and technology (i.e. Web Services). A limitation with communication occurs when

V2 requests for T&I and e-coins from V1 and V1 is off-line. When V1 is not available

during the time of request there is a breakdown of communication. In order to allow

minimum or no downtime V2 connects to a broker to request T&I and e-coins. This

means that the broker sometimes is online with vendors to deal with the downtime.

Even though there are constrains with communication, this will preserve and

improve the security aspects of M&E-NetPay system. Issues with Web Services are

that it lacks versatility; it only allows some very basic form of service innovation.

There are a lot of Web Services specifications emerging that will help Web Services

become more and more versatile in future.

This thesis completely described the protocol, architecture, design and implementation

of M&E-NetPay system. M&E-NetPay system has got better and improved

functionalities than other micro-payment systems. M&E-NetPay is superior to other

micropayment systems in many ways such as it is cheap, secure, effective and efficient

micro-payment protocol and provides low-value, high volume transactions. The main

109

features of M&E-NetPay system are mobility and interoperability. However, there are

still some research areas that need to be completed in the future.

We still need to test the performance of our M&E NetPay system with other micro-

payment systems from several other perceptive and provide architecture to support

multiple brokers. We hope to explore further advantage of Web Services and provide a

generalization of our architecture for a wider range of M&E-commerce components.

We will also need to venture into future works for existing web sites and temporary

vendors such as:

� Create some Web Services components in M&E broker which could be used to

inject the NetPay components/services to support any existing ASP.NET-based

web site or other websites such as PHP and JSP without further programming on

it.

� There is currently no way for some vendors who only want to use M&E-NetPay

facilities temporarily. A portal infrastructure could be designed using Web

Services that will allow a NetPay-enabled vendor to act as a purchasing portal to

non-M&E-NetPay supporting vendors by redirecting page accesses to these

vendors and charging the customers e-coins in the process.

110

Reference[1] Dai, X. and Ayoade, O.: “Comparing and Contrasting Micro-payment Models for

Mobile Commerce Systems”, International Review on Computers and Software

(I.RE.CO.S), 2007. Publisher: Praise Worthy Prize S.r.l.

[2] Dai, X. and D, Baran.: “ NetPay: A Prototype of Account-based Payment M-COM

System in M-Commerce”, International Review on Computers and Software

(I.RE.CO.S.), 2007.

[3]Dai, X. and Grundy, J.: “Architecture of a Micro-Payment System for Thin-Client

Web Applications”, In Proceedings of the 2002 International Conference on Internet

Computing, Las Vegas, CSREA Press, June 24-27, 444-450.

[4] Furche, A. and Wrightson, G.: “SubScrip – An efficient protocol for pay-per-view

payments on the Internet”, The 5th Annual International Conference on Computer

Communications and Networks, USA, 1996.

[5] Herzberg, A. and Yochai, H.: "Mini-pay: Charging per Click on the Web", 1996,

http://www.ibm.net.il/ibm_il/int-lab/mpay

[6] Microsoft Corporation, 2011, Chapter1: What is Software Architecture,

http://msdn.microsoft.com/en-us/library/ee658098.aspx

[7] Hwang, M. and Lin, I. and Li, L.: “A simple micro-payment scheme”, Journal of

Systems & Software, vol.55, no.3, Jan. 2001, Elsevier, pp.221-9.

[8] Manasse M.: "The Millicent Protocols for Electronic Commerce", First USENIX

Workshop on Electronic Commerce, New York, 1995.

[9] Rivest, R. and Shamir, A., "PayWord and MicroMint: Two Simple Micropayment

Schemes", Proceedings of 1996 International Workshop on Security Protocols, Lecture

Notes in Computer Science v. 1189, page 69-87. Springer, 1997.

111

[10] Gray, N.: Comparison of Web Services, Java-RMI, and CORBA service

implementations,

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.69.2475&rep=rep1&type=p

df

[11] Performance Measurement,

http://www.usabilityhome.com/FramedLi.htm?PerfMeas.htm

[12] C# and .NET Architecture,

http://media.wiley.com/product_data/excerpt/89/07645439/0764543989.pdf

[13] Schwiderski-Grosche, S., Knospe, H.: “Secure M-Commerce”, pp 3,

http://www.it.iitb.ac.in/~annanda/papers-280905/Secure%20m-

commerce%20ECEJ.pdf

[14] Mallon, D.: Sybase, “mCommerce Security White Paper Key Security

Techniques”, mCommerce Security White Paper Version 1.1, March, 2010.

[15] Wells, D.: Authentication, April 24, 1996,

http://www.objs.com/survey/authent.htm

[16] Tsiounis, Y.: Anonymity in Electronic Commerce, GTE Laboratories, Inc.

http://www.ccs.neu.edu/home/yiannis/papers/LCN.ppt

[17] Dai, X. and Ayoade, O. andGrundy J., “Off-line Micro-payment Protocol for

Multiple Vendors in Mobile Commerce”, The 7th International Conference on Parallel

and Distributed Computing, Applications and Technologies (PDCAT'06), 4-7

December 2006, Published by IEEE Computer Society.

[18] Kuarar, S.: Micro-payments: A Gateway to Future Income?, 2009,

http://www.selimkurar.com/blog/?p=15

[19] Schmidt, C. and Muller, R.: A Framework for Micropayment Evaluation, 1997.

http://edoc.hu-berlin.de/series/sfb-373-papers/1998-66/PDF/66.pdf

112

[20] Manasse, M.: The Millicent Protocols for Electronic Commerce, First USENIX

Workshop on Electronic Commerce, New York, 1995.

[21] Hauser, R. and Steiner, M. and Waidner, M.: “Micro-payments based on ikp”, In

proceedings of 14th Worldwide Congress on Computer and Communications Security

Protection. Paris-La Defense, France: C.N.I.T, 1996, pp 67-82.

[22] DigiCash website. http://digicash.com

[23] Sirbu, M. and Tygar, J.: “NetBill: An Internet Commerce System Optimized for

Network-Delivered Services”, In IEEE Personal Communications, 2, August 4, 1995,

pp. 34-39.

[24] Dai, X. and Lo, B.: NetPay – An Efficient Protocol for Micropayments on the

WWW, Fifth Australian World Wide Web Conference, Australia (1999).

[25] Herzberg, A. and Yochai, H.: Mini-pay: Charging per Click on the Web, 1996,

http://geckil.com/~harvest/www6/Technical/Paper099/Paper99.html

[26] Dai, X. and Grundy J.: Customer Perception of a Thin-client Micro-payment

System Issues and Experiences, Journal of End User Computing, 15(4), pp 62-77,

(2003).

[27] Gisolfi, D.: Web services architect, Part 3: Is Web services the reincarnation of

CORBA?, July 1, 2001,

http://www.ibm.com/developerworks/webservices/library/ws-arc3/

[28] Boukhonine, S.: Cryptography: A security Tool of the Information Age,

http://www.bauer.uh.edu/uhisrc/FTB/Cryptography/FTBCryptography.pdf

[29] Microsoft Corporation, Chapter1: Cryptography, April 19, 2011,

http://msdn.microsoft.com/en-us/library/aa380255(v=vs.85).aspx

113

[30] Kessler, G.: An Overview of Cryptography, February 21, 2011

http://www.garykessler.net/library/crypto.html

[31] Ross, K.:Cryptography - Types of Cryptography, September 25, 2010,

http://ezinearticles.com/?expert=Kate_R_Ross

[32]Wikipedia, Cryptographic hash function, February 13, 2011,

http://en.wikipedia.org/wiki/Cryptographic_hash_function

[33] Friedl, S.: An Illustrated Guide to Cryptographic Hashes,May 9, 2009,

http://unixwiz.net/techtips/iguide-crypto-hashes.html

[34] Yuwathiticharoenwong, U., Permpoontanalarp, Y.: “An Agent-based Approach

to Micropayment System”,

http://www.thaiscience.info/Article%20for%20ThaiScience/Article/6/Ts-6%20agent-

based%20approach%20to%20micropayment%20system.pdfd

[35] Altova, 2006, Web services: Benefits, challenges, and a unique, visual

development solution, Beverly, MA, USA.

[36] Dai, X. and Grundy, J.: NetPay: An off-line, decentralized micro-payment system

for thin-client applications. Electronic Commerce Research and Applications, vol.6,

no.1, Spring 2007, pp. 91-101. Publisher: Elsevier, Netherlands.

[37] Pedersen, T.: Electronic payments of small amounts, Proceedings of 1996

International Workshop on Security Protocols. Berlin, Germany, Springer Verlag,

LNCS No. 1189, 1997, pp 59 - 68.

[38] Park, D. and Boyd, C. and Dawson, E.: Micro-payments for wireless

communications, 3rd International Conference On Information Security and

Cryptology, Lecture Notes in Computer Science 2015, Springer, 2001, pp 192—205

114

[39] CodeGuru, The .NET Architecture, Published by Wiley Publishing, September

21, 2004,

http://www.codeguru.com/csharp/sample_chapter/article.php/c8245__1/The-NET-

Architecture.htm

[40] Microsoft Corporation, 2011, Application Architecture for .NET: Designing

Applications and Services. http://msdn.microsoft.com/en-us/library/ee817664.aspx

[41] C# and .NET Architecture,

http://media.wiley.com/product_data/excerpt/89/07645439/0764543989.pdf

[42] Strehl, R.: , A low-level Look at the ASP.NET Architecture, August 4, 2008,

http://www.west-wind.com/presentations/howaspnetworks/howaspnetworks.asp

[43] Active Server Pages: What are Active Server Pages?,

http://www.asptutorial.info/learn/Introduction.html

[44] Grundy. J.: 2000, Requirements Engineering & OOA Tutorial.

[45] Grundy, J.: 2000, Software Architecture & Object-oriented Design Tutorial.

[46] Chapter 21 Object-Oriented Analysis,

http://bhaumiknagar.com/Documents/Chapter%2021%20Object-

Oriented%20Analysis.pdf

[47] Use Case Diagrams,

http://atlas.kennesaw.edu/~dbraun/csis4650/A&D/UML_tutorial/use_case.htm

[48]Non functional Requirements:

http://www.csee.umbc.edu/courses/undergraduate/345/spring04/mitchell/nfr.html

[49] Mylopoulos, J.: 2004, V. Object-Oriented Modeling,

http://www.cs.toronto.edu/~jm/2507S/Notes04/OOA.pdf

115

[50] Ambler, S.: 2003-2010, Agile Modeling, “UML 2 Class Diagrams”,

http://www.agilemodeling.com/artifacts/classDiagram.htm

[51] Sparx Systems, 2004, UML Tutorial, “The Logical (Class) Model”,

http://www.sparxsystems.com/downloads/whitepapers/The_Logical_Model.pdf

[52] Mishra, R., Lohani, B., An Object-Oriented Software Development Approach to

Design Simulator Forairborne Altimetric Lider.

[53]Microsoft Corporation, 2010, Introduction to Data Adapters,

http://msdn.microsoft.com/en-us/library/acb32th4(VS.71).aspx

[54] Ian Sommerville, 2000, 12. Object-oriented Designx

[55] Pressman, Roger, S.: Software Engineering: A Practitioner’s Approach, 5th

Edition, McGraw-Hill, 2001.

[56] TechTarget, 2011, IIS (Internet Information Server),

http://searchwindowsserver.techtarget.com/definition/IIS

[57] Exforsys Inc, SQL Server 2005 - Introduction to Data Availability, June 1, 2006,

http://www.exforsys.com/tutorials/sql-server-2005/sql-server-data-availability.html

[58] Usability.gov, Usability Methods,

http://www.usability.gov/methods/index.html

[59] Dai, X. and Grundy, J. and Lo, B.: “Comparing and contrasting micro-payment

models for E-commerce systems”, International Conferences of Info-tech and Info-net

(ICII), China, 2001.

[60] Nielsen, J.: Heuristic evaluation. In Nielsen, J., and Mack, R.L. (Eds.), “Usability

Inspection Methods”, John Wiley & Sons, New York, 1994.

[61] Williams, L., Smith, C., “Performance Evaluation of Software Architectures”,

Performance Engineering Services and Software Engineering Research, 2007.

116

[62] Nielsen J., How to Conduct a Heuristic Evaluation,

http://www.useit.com/papers/heuristic/heuristic_evaluation.html

[63] Usability.gov, 2006, Heuristic evaluation,

http://www.usabilitynet.org/tools/expertheuristic.htm

[64] Nielsen J.: “Reliability of severity estimates for usability problems found by

heuristic evaluation”, CHI '92 Posters and short talks of the 1992 SIGCHI conference

on Human factors in computing systems, New York, 1992.

[65] 8 Guidelines for Usability Testing, April, 2006,

http://www.webcredible.co.uk/user-friendly-resources/web-usability/usability-

testing.shtml

[66] Usability.gov, Usability Basics,

http://www.usability.gov/basics/index.html

[67] Tewari, H. and O’Mahony, D.: “Multiparty Micropayment for Ad Hoc Network”,

Wireless Communications and Networking, 2003. WCNC 2003. 2003 IEEE, vol.3,

New Orleans, LA, pp 2033-2044.

[68] Ziang, N. and LIU, X. and Zhao, J. and Yang, D.: “A Mobile Micropayment

Protocol Based on Chaos”, 2009 Eighth International Conference on Mobile

Business, pp 284-289.

[69] Pilla, P.: Heuristic Evaluation Report, “Heuristic Evaluation of HOMIE”,

November 29, 2009,

http://www.ccs.neu.edu/home/prasu14/hci/i8/HomieReport.pdf

117

Appendix A: Heuristic Evaluation Heuristic evaluation technique is the most widely used inspection method. This

method is for finding usability issues in a user interface by having a small number of

evaluators (usually one to five) examine the interface and judge its compliance with

usability principles (heuristics).

A.1 A System ChecklistA.1.1 Visibility

The system should always keep user informed about what is going on, through

appropriate feedback within reasonable time.

# Review Checklist Yes No N/A Comments

1.1 Does every display begin with a title or header that describes screen contents? O O O

1.2 Is there a consistent icon design scheme and stylistic treatment across the system? O O O

1.3 Do menu instructions, prompts, and error messages appear in the same place(s) on each menu? O O O

1.4 In multipage data entry screens, is each page labelled to show its relation to others? O O O

1.5 If overtype and insert mode are both available, is there a visible indication of which one the user is in? O O O

1.6 If pop-up windows are used to display error messages, do they allow the user to see the field in error? O O O

1.7 Is there some form of system feedback for every operator action? O O O

1.8 After the user completes an action (or group of actions), does the feedback indicate that the next group of actions can be started? O O O

1.9 Is there visual feedback in menus or dialog boxes about which choices are selectable? O O O

1.10 Is there visual feedback in menus or dialog boxes about which choice the cursor is on now? O O O

1.11 If multiple options can be selected in a menu or dialog box, is there visual feedback about which options are already selected? O O O

1.12 Is there visual feedback when objects are selected or moved? O O O

1.13 Is the current status of an icon clearly indicated? O O O

118

1.14 Does the system provide visibility: that is, by looking, can the user tell the state of the system and the alternatives for action? O O O

1.15 Do GUI menus make obvious which item has been selected? O O O

1.16 Do GUI menus make obvious whether de-selection is possible? O O O

A.1.2 FunctionalityThe system should provide basic functionalities with minimum effort

# Review Checklist Yes No N/A Comments

2.1 Is the number of actions or selections reasonable to complete one main task (e.g. download wallpaper)? O O O

2.2Does the sequence of completing a main task require less or no repetitive scrolling, repetitive selection, and accuracy of selection for completing one main task?

O O O

2.3 Does the interface provide adequate back button functionality to return to a previous screen? O O O

2.4 Is functionality shallow nested requiring a few step selection processes for following links? O O O

2.5 Are there sufficient shortcuts for navigating the activity, function, or action? O O O

A.1.3 User Control and Freedom

Users should be free to select and sequence tasks (when appropriate), rather than

having the system to do this for them. Users often choose system functions by mistake

and will need a clearly marked "emergency exit" to leave the unwanted state without

having to go through an extended dialogue. Users should make their own decisions

(with clear information) regarding the costs of exiting current work. The system should

support undo and redo.

119

# Review Checklist Yes No N/A Comments

3.1 If setting up windows is a low-frequency task, is it particularly easy to remember? O O O

3.2 In systems that use overlapping windows, is it easy for users to rearrange windows on the screen? O O O

3.3 In systems that use overlapping windows, is it easy for users to switch between windows? O O O

3.4 When a user's task is complete, does the system wait for a signal from the user before processing? O O O

3.5 Can users type-ahead in a system with many nested menus? O O O

3.6 Are users prompted to confirm commands that have drastic, destructive consequences? O O O

3.7 Is there an "undo" function at the level of a single action, a data entry, and a complete group of actions? O O O

3.8 Can users cancel out of operations in progress? O O O

3.9 Are character edits allowed in commands? O O O

3.10 Can users reduce data entry time by copying and modifying existing data? O O O

3.11 Are character edits allowed in data entry fields? O O O

3.12 If menu lists are long (more than seven items), can users select an item either by moving the cursor or by typing a mnemonic code? O O O

3.13 If the system uses a pointing device, do users have the option of either clicking on menu items or using a keyboard shortcut? O O O

3.14 Are menus broad (many items on a menu) rather than deep (many menu levels)? O O O

3.15 If the system has multiple menu levels, is there a mechanism that allows users to go back to previous menus? O O O

3.16 If users can go back to a previous menu, can they change their earlier menu choice? O O O

3.17 Can users move forward and backward between fields or dialog box options? O O O

3.18 If the system has multipage data entry screens, can users move backward and forward among all the pages in the set? O O O

3.19 If the system uses a question and answer interface, can users go back to previous questions or skip forward to later questions? O O O

3.20 Do function keys that can cause serious consequences have an undo feature? O O O

120

3.21 Can users easily reverse their actions? O O O

3.22 If the system allows users to reverse their actions, is there a retracing mechanism to allow for multiple undos? O O O

3.23 Can users set their own system, session, file, and screen defaults? O O O

A.1.4 Consistency

Users should not have to wonder whether different words, situations, or actions mean

the same thing. Follow platform conventions.

# Review Checklist Yes No N/A Comments

4.1 Have industry or company formatting standards been followed consistently in all screens within a system? O O O

4.2 Has a heavy use of all uppercase letters on a screen been avoided? O O O

4.3 Do abbreviations not include punctuation? O O O

4.4 Are integers right-justified and real numbers decimal-aligned? O O O

4.5 Are icons labelled? O O O

4.6 Are there no more than twelve to twenty icon types? O O O

4.7 Are there salient visual cues to identify the active window? O O O

4.8 Does each window have a title? O O O

4.9 Are vertical and horizontal scrolling possible in each window? O O O

4.10 Does the menu structure match the task structure? O O O

4.11Have industry or company standards been established for menu design, and are they applied consistently on all menu screens in the system?

O O O

4.12 Are menu choice lists presented vertically? O O O

4.13 If "exit" is a menu choice, does it always appear at the bottom of the list? O O O

4.14 Are menu titles either centered or left-justified? O O O

4.15 Are menu items left-justified, with the item number or mnemonic preceding the name? O O O

4.16 Do embedded field-level prompts appear to the right of the field label? O O O

4.17 Do on-line instructions appear in a consistent location across O O O

121

screens?

4.18 Are field labels and fields distinguished typographically? O O O

4.19 Are field labels consistent from one data entry screen to another? O O O

4.20 Are fields and labels left-justified for alpha lists and right-justified for numeric lists? O O O

A.1.5 Help Users Recover from Errors

Error messages should be expressed in plain language (NO CODES).

# Review Checklist Yes No N/A Comments

5.1 Is sound used to signal an error? O O O

5.2 Are prompts stated constructively, without overt or implied criticism of the user? O O O

5.3 Do prompts imply that the user is in control? O O O

5.4 Are prompts brief and unambiguous? O O O

5.5 Are error messages worded so that the system, not the user, takes the blame? O O O

5.6 If humorous error messages are used, are they appropriate and inoffensive to the user population? O O O

5.7 Are error messages grammatically correct? O O O

5.8 Do error messages avoid the use of exclamation points? O O O

5.9 Do error messages avoid the use of violent or hostile words? O O O

5.10 Do error messages avoid an anthropomorphic tone? O O O

5.11 Do all error messages in the system use consistent grammatical style, form, terminology, and abbreviations? O O O

5.12 Do messages place users in control of the system? O O O

5.13 Does the command language use normal action-object syntax? O O O

5.14 Does the command language avoid arbitrary, non-English use of punctuation, except for symbols that users already know? O O O

5.15 If an error is detected in a data entry field, does the system place the cursor in that field or highlight the error? O O O

5.16 Do error messages inform the user of the error's severity? O O O

5.17 Do error messages suggest the cause of the problem? O O O

122

5.18 Do error messages provide appropriate semantic information? O O O

5.19 Do error messages provide appropriate syntactic information? O O O

5.20 Do error messages indicate what action the user needs to take to correct the error? O O O

5.21 If the system supports both novice and expert users, are multiple levels of error-message detail available? O O O

A.1.6 Error Prevention

Even better than good error messages is a careful design which prevents a problem

from occurring in the first place.

# Review Checklist Yes No N/A Comments

6.1 If the database includes groups of data, can users enter more than one group on a single screen? O O O

6.2 Have dots or underscores been used to indicate field length? O O O

6.3 Is the menu choice name on a higher-level menu used as the menu title of the lower-level menu? O O O

6.4 Are menu choices logical, distinctive, and mutually exclusive? O O O

6.5 Are data inputs case-blind whenever possible? O O O

6.6 If the system displays multiple windows, is navigation between windows simple and visible? O O O

6.7 Are the function keys that can cause the most serious consequences in hard-to-reach positions? O O O

6.8Are the function keys that can cause the most serious consequences located far away from low-consequence and high-use keys?

O O O

6.9 Has the use of qualifier keys been minimized? O O O

6.10 If the system uses qualifier keys, are they used consistently throughout the system? O O O

6.11 Does the system prevent users from making errors whenever possible? O O O

6.12 Does the system warn users if they are about to make a potentially serious error? O O O

6.13 Does the system intelligently interpret variations in user commands? O O O

6.14 Do data entry screens and dialog boxes indicate the number of character spaces available in a field? O O O

123

6.15 Do fields in data entry screens and dialog boxes contain default values when appropriate? O O O

A.1.7 Memorability

Make objects, actions, and options visible. The user should not have to remember

information from one part of the dialogue to another. Instructions for use of the system

should be visible or easily retrievable whenever appropriate.

# Review Checklist Yes No N/A Comments

7.1 Are borders used to identify meaningful groups? O O O

7.2 Does the data display start in the upper-left corner of the screen? O O O

7.3 Are multiword field labels placed horizontally (not stacked vertically)? O O O

7.4 Are all data a user needs on display at each step in a transaction sequence? O O O

7.5 Are prompts, cues, and messages placed where the eye is likely to be looking on the screen? O O O

7.6 Have prompts been formatted using white space, justification, and visual cues for easy scanning? O O O

7.7 Do text areas have "breathing space" around them? O O O

7.8 Is there an obvious visual distinction made between "choose one" menu and "choose many" menus? O O O

7.9 Have spatial relationships between soft function keys (on-screen cues) and keyboard function keys been preserved? O O O

7.10 Does the system gray out or delete labels of currently inactive soft function keys? O O O

7.11 Is white space used to create symmetry and lead the eye in the appropriate direction? O O O

7.12 Have items been grouped into logical zones, and have headings been used to distinguish between zones? O O O

7.13 Have zones been separated by spaces, lines, color, letters, bold titles, rules lines, or shaded areas? O O O

7.14 Are field labels close to fields, but separated by at least one space? O O O

7.15 Are long columnar fields broken up into groups of five, separated by a blank line? O O O

7.16 Are optional data entry fields clearly marked? O O O

124

7.17 Are symbols used to break long input strings into "chunks"? O O O

7.18 Is reverse video or color highlighting used to get the user's attention? O O O

7.19 Is reverse video used to indicate that an item has been selected? O O O

7.20 Are size, boldface, underlining, color, shading, or typography used to show relative quantity or importance of different screen items? O O O

7.21 Are borders used to identify meaningful groups? O O O

7.22 Has the same color been used to group related elements? O O O

7.23 Is color coding consistent throughout the system? O O O

7.24 Is color used in conjunction with some other redundant cue? O O O

7.25 Is there good color and brightness contrast between image and background colors? O O O

7.26 Is the first word of each menu choice the most important? O O O

A.1.8 Flexibility

Accelerators-unseen by the novice user-may often speed up the interaction for the

expert user such that the system can cater to both inexperienced and experienced users.

Allow users to tailor frequent actions. Provide alternative means of access and

operation for users who differ from the "average" user (e.g., physical or cognitive

ability, culture, language, etc.)

# Review Checklist Yes No N/A Comments

8.1 If the system supports both novice and expert users, are multiple levels of error message detail available? O O O

8.2 Does the system allow novices to use a keyword grammar and experts to use a positional grammar? O O O

8.3 Can users define their own synonyms for commands? O O O

8.4Does the system allow novice users to enter the simplest, most common form of each command, and allow expert users to add parameters?

O O O

8.5 Do expert users have the option of entering multiple commands in a single string? O O O

8.6 Does the system provide function keys for high-frequency commands? O O O

8.7 For data entry screens with many fields or in which source O O O

125

documents may be incomplete, can users save a partially filled screen?

8.8 Does the system automatically enter leading zeros? O O O

8.9 If menu lists are short (seven items or fewer), can users select an item by moving the cursor? O O O

8.10 If the system uses a type-ahead strategy, do the menu items have mnemonic codes? O O O

8.11 If the system uses a pointing device, do users have the option of either clicking on fields or using a keyboard shortcut? O O O

8.12 Does the system offer "find next" and "find previous" shortcuts for database searches? O O O

8.13 On data entry screens, do users have the option of either clicking directly on a field or using a keyboard shortcut? O O O

8.14 On menus, do users have the option of either clicking directly on a menu item or using a keyboard shortcut? O O O

8.15 In dialog boxes, do users have the option of either clicking directly on a dialog box option or using a keyboard shortcut? O O O

8.16 Can expert users bypass nested dialog boxes with either type-ahead, user-defined macros, or keyboard shortcuts? O O O

A.1.9 Aesthetic

Dialogues should not contain information which is irrelevant or rarely needed. Every

extra unit of information in a dialogue competes with the relevant units of information

and diminishes their relative visibility.

# Review Checklist Yes No N/A Comments

9.1 Is only (and all) information essential to decision making displayed on the screen? O O O

9.2 Are all icons in a set visually and conceptually distinct? O O O

9.3 Have large objects, bold lines, and simple areas been used to distinguish icons? O O O

9.4 Does each icon stand out from its background? O O O

9.5If the system uses a standard GUI interface where menu sequence has already been specified, do menus adhere to the specification whenever possible?

O O O

9.6 Are meaningful groups of items separated by white space? O O O

9.7 Does each data entry screen have a short, simple, clear, distinctive O O O

126

title?

9.8 Are field labels brief, familiar, and descriptive? O O O

9.9 Are prompts expressed in the affirmative, and do they use the active voice? O O O

9.10 Is each lower-level menu choice associated with only one higher level menu? O O O

9.11 Are menu titles brief, yet long enough to communicate? O O O

9.12 Are there pop-up or pull-down menus within data entry fields that have many, but well-defined, entry options? O O O

A.1.10 Help and documentation

Even though it is better if the system can be used without documentation, it may be

necessary to provide help and documentation. Any such information should be easy to

search, focused on the user’s task, list concrete steps to be carried out, and not be too

large.

# Review Checklist Yes No N/A Comments

10.1 If users are working from hard copy, are the parts of the hard copy that go on-line marked? O O O

10.2 Are on-line instructions visually distinct? O O O

10.3 Do the instructions follow the sequence of user actions? O O O

10.4 If menu choices are ambiguous, does the system provide additional explanatory information when an item is selected? O O O

10.5 Are data entry screens and dialog boxes supported by navigation and completion instructions? O O O

10.6 If menu items are ambiguous, does the system provide additional explanatory information when an item is selected? O O O

10.7 Are there memory aids for commands, either through on-line quick reference or prompting? O O O

10.8 Is the help function visible; for example, a key labelled HELP or a special menu? O O O

10.9Is the help system interface (navigation, presentation, and conversation) consistent with the navigation, presentation, and conversation interfaces of the application it supports?

O O O

10.10 Navigation: Is information easy to find? O O O

10.11 Presentation: Is the visual layout well designed? O O O

127

10.12 Conversation: Is the information accurate, complete, and understandable? O O O

Evaluator: __________________________ Date: __________________________

Occupation: _________________________________________________________

A.2 Problem Summary

# Problem Heuristic

Number

No of

Evaluators

Severity

Ranking

1 No Sharp colour contrast between product

information and its background.

1 2 2

2 No error message is displayed for invalid entries. 5 3 3

3 Multiple options cannot be selected in a menu or

dialog box.

2, 8 1 2

4 Insufficient keyboard shortcuts for navigating

the activity, function, or action.

2 2 2

5 Exit button not provided to exit application from

any screen.

2, 3 3 3

6 Not all integers and decimals right-justified. 4 2 1

7 The price associated with the product doesn’t

show the currency.

4 4 2

8 No sound used to signal an error. 5 2 1

9 No help topics provided. 10 2 3

10 Borders not used to identify meaningful groups. 1,7 2 2

11 Titles are not provided on every page. 1,4 3 2

12 On the login screen the cursor is not active in

customer id field.

4 2 2

128

Appendix B: Usability TestingThe purpose of this questionnaire is to develop sufficient information to assist us in

evaluating our M&E-NetPay system so that we will be in a position to provide further

judgment on usability of M&E-NetPay System.

The information that you provide will be kept confidential and will not be used for any

other purpose.

B.1 QuestionnairePersonal Information

Age:_______________________Gender:_________________________________

Designation:__________________________________________________________

Education Level: Primary/Secondary/Tertiary

B.1.1 Pre-Test Questionnaire

1. Have you ever used mobile/Internet to download files from the web? Yes No

2. How often do you download files from the web?

Daily Weekly Monthly Occasionally

3. Have you spent money on downloading files from the web?

If yes, approximately what is the minimum amount you spent on a file?

Yes No

If yes:______________________________________________________________

129

4. Did you find any difficulties while purchasing files from the web via internet or

mobile phone?

Yes No

If yes, please specify.

_________________________________________________________________

_________________________________________________________________

5. Do you prefer mobile device or Internet for downloading files from the web?

Mobile Internet (ie. Desktop/Laptop)

B.1.2 Post-Test Questionnaire

1. Please use the scale rating from 1-5 to rate how easy or difficult it is to perform the

following task with M&E-NetPay and CORBA-based NetPay systems.

User Task M&E- NetPay System CORBA-based NetPay

System

Very Difficult …Very Easy Very Difficult …Very

Easy

Register with broker 1 2 3 4 5 1 2 3 4 5

Buy E-coins with broker 1 2 3 4 5 1 2 3 4 5

Search for wallpaper on the

wallpaper site1 2 3 4 5 1 2 3 4 5

Download wallpaper 1 2 3 4 5 1 2 3 4 5

Search for ringtone on the Ringtone

site1 2 3 4 5 1 2 3 4 5

Download ringtone 1 2 3 4 5 1 2 3 4 5

Redeem e-coins with broker 1 2 3 4 5 1 2 3 4 5

130

2. Please use the scale rating from 1-5 to rate how favourable or unfavorable are the

following usability features with M&E-NetPay and CORBA-based NetPay systems.

Usability FeaturesM&E- NetPay System CORBA-based NetPay System

Unfavorable …. Favorable Unfavorable …… Favorable

Easy to learn 1 2 3 4 5 1 2 3 4 5

Efficient to use 1 2 3 4 5 1 2 3 4 5

Easy to remember 1 2 3 4 5 1 2 3 4 5

Low error frequency 1 2 3 4 5 1 2 3 4 5

Overall satisfied 1 2 3 4 5 1 2 3 4 5

3. How fast it is to search a particular file using M&E-NetPay system?

Very fast Fast Moderate Slow Very slow

4. How fast it is to search a particular file using CORBA-based NetPay system?

Very fast Fast Moderate Slow Very slow

5. Are you satisfied with the speed of downloading file using M&E-NetPay system?

Satisfied Unsatisfied

6. Do you prefer to access the M&E-NetPay system using mobile phones?

Yes No

7. How do you rate the overall M&E-NetPay system?

Excellent �Very good Satisfactory Poor

131

B.1.3 Comparison Questionnaire

1. Which system do you prefer most for wide use?

M&E-NetPay CORBA-based NetPay

2. Which system has a more fast and efficient search feature?

M&E-NetPay CORBA-based NetPay

3. Which system do you prefer to use for downloading files from the web?

M&E-NetPay CORBA-based NetPay

4. Which system provided the most feature?

M&E-NetPay CORBA-based NetPay

5. Do you have any comments about the systems?

_____________________________________________________________________

_____________________________________________________________________

_____________________________________________________________________

132

B.2 User TasksThe user tasks are designed to compare similar features of M&E-NetPay system with

CORBA-based NetPay system. The set of tasks used to compare the functionalities of

the two systems includes:

� Register with broker

� Buy e-coins with broker

� Search for wallpaper/ringtone

� Download wallpaper/ringtone

B.2.1 Register with brokerB.2.1.1. Type the given URL on the web browser: http://pc3548/broker

B.2.1.2. New users click on the “Register Now” link button.

B.2.1.3. Customer registration page will open-up.

B.2.1.4. Type in your personal information and click on “Register”.

B.2.1.5. If typed information is valid you will get a registration successful message

with your customer id.

B.2.1.6. If typed information in invalid you will get a error message. Then go to 4.

Figure A.1: User registers with broker

133

B.2.2 Buy e-coins with brokerB.2.2.1. If you are not on the Login page click on “Login” button.

B.2.2.2. Enter your login details to login.

B.2.2.3. Go to “Buy E-coins” page to buy the amount of e-coins you want.

B.2.2.4. You will get an E-coin id which you will use to purchase items from vendor

sites.

Figure A.2: User buying e-coins with broker

134

B.2.3 Search for wallpaper/ringtoneB.2.3.1. Log onto the Wallpaper site.

Wallpaper URL: http://pc3548/wallpaper

Ringtone URL: : http://pc3548/ringtone

B.2.3.2. Search for a wallpaper from the Wallpaper by using your preferred search

criteria.

B.2.3.3. The searched wallpaper will be displayed on the screen.

B.2.3.4. Follow steps 2.3.1 to 2.3.3 to search for a ringtone.

B.2.4 Download wallpaper/ringtone� To download the wallpaper/ringtone you need to make sure that you are logged

onto the Wallpaper/Ringtone vendor site.

� Click on the download button. The file will be downloaded onto your computer

and the new balance will be displayed.

Figure B.3: Downloading of ringtone from Ringtone site

135

B.3 Usability Features Summary We summarize the participants’ results for M&E-NetPay and CORBA-based NetPay

system based on the five usability features.

Table B.1 Results for M&E-NetPay micropayment system

Participant Ease of Learning

Efficiency of use

Memoribility Error frequency and

severity

Subjective satisfaction

1 5 4 5 5 4

2 4 5 3 5 4

3 5 4 5 5 4

4 4 5 5 5 5

5 4 5 4 4 4

6 5 4 5 5 5

7 5 5 4 5 5

8 5 3 4 4 4

9 5 5 5 5 5

10 5 5 4 4 4

11 5 4 5 5 5

12 4 4 3 4 4

13 5 5 4 5 5

14 5 5 4 5 5

AVERAGE 4.7 4.5 4.3 4.7 4.5

Overall Average: 4.5

136

Table B.2 Results for CORBA-based NetPay micropayment systemParticipant Ease of

LearningEfficiency

of useMemoribility Error

frequency and severity

Subjective satisfaction

1 3 4 3 4 4

2 4 4 3 4 4

3 3 4 4 4 4

4 4 4 3 4 4

5 3 5 4 4 4

6 5 4 3 4 4

7 3 5 3 3 3

8 4 3 3 4 4

9 5 3 4 2 3

10 5 4 3 4 4

11 3 4 5 3 3

12 3 4 4 4 4

13 3 3 4 4 4

14 5 5 4 4 5

AVERAGE 3.8 4.0 3.6 3.7 3.9

Overall Average: 3.8