micro-payment protocols and systems speaker: jerry gao ph.d. san jose state university email:...
Post on 19-Dec-2015
215 views
TRANSCRIPT
Micro-Payment Protocols and Systems
Speaker: Jerry Gao Ph.D.
San Jose State Universityemail: [email protected]
URL: http://www.engr.sjsu.edu/gaojerry
Sept., 2000
Topic: Micro-Payment Protocols and Systems
- Overview of Micro-payment protocols and systems
- Millicent Protocol
- SubScrip Protocol
- PayWord
- MicroMint
- Comparison of micro-payment protocols
Jerry Gao Ph.D. 5/20000
Presentation Outline
All Rights Reserved
Jerry Gao Ph.D. 5/2000
Classification of payment processing:
- Macro payments Macro payments refer to large payment deal 10 - Small payments
- Micro payments With micro-payments, efficiency and speed are dominant factors.
and security issues can be
Overview of Online Payment Protocols and Systems
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
- Objectives: ---> Micro-payment situations:
Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where:- Low-value transactions involved less than the value of smallest coin.- Non-tangible and network-deliverable merchandiseexamples: archived magazines, journals, CD, software,…
- Special requirements:
- Fast and low cost payment transactions.- Very small amount of value- Reduced the number of involved parties- High scalable
The issues of other payment systems: - Account-based systems have high transaction costs.
- Transaction speed in electronic checking systems is slow.- Electronic money systems involve more parties, have low transaction speed, and cause poor scalability.
Micro-Payment Protocols
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
- Objectives: ---> Micro-payment situations:
Although micro-payment systems share the similar requirements of other payment systems, they focus on special markets, where:- Low-value transactions involved less than the value of smallest coin.- Non-tangible and network-deliverable merchandiseexamples: archived magazines, journals, CD, software,…
- Special requirements:
- Fast and low cost payment transactions.- Very small amount of value- Reduced the number of involved parties- High scalable
The issues of other payment systems: - Account-based systems have high transaction costs.
- Transaction speed in electronic checking systems is slow.- Electronic money systems involve more parties, have low transaction speed, and cause poor scalability.
Micro-Payment Protocols
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-payment Protocols:
- Millicent, developed by Digital Equipment Corp. in 1995.- SubScrip, developed at the University of Newcastle, Australia.- PayWord, developed by Ron Rivest (MIT) and Adi Shamir.- MicroMint, developed by Ron Rivest and Adi Shamir.- iKP micropayment protocol
Micro-payment systems do not available in conventional commerce.They open many new areas of business.
Examples:- Millicent payment system- Micro Payment Transfer Protocol (MPTP) based on PayWord.
Micro-Payment Protocols and Systems
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Topic: Micro-Payment Protocols and Systems
- Important features of Micro-payment protocols and systems:
- Simplified verification- Simple security mechanisms- Very low cost transactions- Very fast speed- Simplified architecture
- Major factors on transaction costs:
- Payment methods- Complexity of security mechanisms- The number of involved parties- Transaction model (on-line/off-line)
Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Overview of Millicent:
Millicent payment protocol is designed for low-amount transactions over the Internet.It is developed by Digital
- Support low-cost, secured transactions (less than one cent)- Use non-expensive symmetric crytographic algorithms- Use scrip as digital cash for customers to make purchases from vendors- Provide decentralized validation of electronic cash at the vendor’s server- Provide no additional communications, off-line processing.
Business market: electronic publishing, software and game industries. Performance: 14,000 pieces of Scrip can be produced per second.
8,000 payments can be validated per second, with change Scrip being produced.
A public trial of the Millicent system was scheduled for the summer of 1997.
Micro-Payment Protocol: Millicent
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
MilliCent model:
MilliCent protocols use a form of electronic currency called Scrip to connect three involved parties:
- vendors, customers, and brokers.
Scrip is vendor specific.
A Millicent broker:--> medicate between vendors and customers to simplify the tasks they perform.--> aggregate micro-payments--> sell vendor Scrip to customers--> handle the real money in the Millicent system.--> maintain customer accounts and vendors (subScripion services)--> buy and produce large chunks of vendor Scrips (for licensed vendors)
Vendors: --> are merchants selling low-value services or information to customers
Customers: --> buy broker Scrip with real money from selected brokers.--> use the vendor Scrips to make purchases.
Micro-Payment Protocol: MilliCent
Topic: Micro-Payment Protocols and Systems
3
1. Customer sends broker-scripts.
2. Customer gets dealer-script.
3. Customer send dealer-scripts.
Broker
Customer Dealer
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
12
Internet
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Customer
Broker
Vendor
Broker sell vendor Scrip Brokers buy/produce large chunks of “vendor Scrip” for licensed vendors
Customer make purchases with vendor Scrips
Vendor sell low-value information and services
Millicent Trust Model:
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Customer Broker Vendor
1. Credit card # (macro-payment protocol)
Transaction Sequence
2. $5.00 Broker scrip(Millicent protocol)
1. $0.19 Vendor scrp + request
2. $0.15 Vendor scrip change + article (cost $0.04)
Uses current
change
Start of week
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Customer Broker Vendor
1.0 Broker scrip
Transaction Sequence
2. $0.20 Vendor scrip $4.80 Broker scrip
3. $0.20 Vendor scrp + request
4. $0.19 Vendor scrip change + purchased ino/service
Purchasing from a vendor
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Customer
Broker
Vendor
Broker sell vendor Scrip Brokers buy/produce large chunks of “vendor Scrip” for licensed vendors
Customer make purchases with vendor Scrips
Vendor sell low-value information and services
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
About Scrip: ---> a piece of data used to represent microcurrency within the Millicent systems.
Scrip has the following properties:- Scrip is vendor specific, thus has value at one specific vendor only.- Scrip can be spent only once by its owner.- Scrip can be represented any denomination of currency.- Scrip represents a prepaid value.- Scrip make no use of public-key cryptography.- Scrip cannot provide full anonymity. It can be traced and recorded.
Scrip like cash has a defined value and can be used to purchase merchandise.
Major differences between Scrip and cash:- Scrip can only spent once, and cash can be spent many times.- Scrip is vendor specific, and cash is not.- Scrip can only spent by the customer who obtained it from the broker.- Scrip has an expiration date and a digital signature.
Micro-Payment Protocol: MilliCent
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Scrip Message Structure
Micro-Payment Protocol: MilliCent
Vendor Value Scrip-id customer-id expiration-date info certificate
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Millicent Security Checking: ---> Provide three different security levels.
All transactions should be protected, and fraud must be detectable and traceable.
-----------------------------------------------------------------------------------------------Millicent Protocol Efficiency Ranking Secure Private
Scrip in the clear 1 No No
Encrypted connection 3 Yes Yes
Request signatures 2 Yes No________________________________________________________________
.
Micro-Payment Protocol: MilliCent
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Authentication and signature: Millicent protocol uses one-way has functions- such as 128-bit MD5 and HMAC-MD5.
- The message is sent in clear, but is protected by the customer_secret in hash function.
- Upon receiving the request, the vendor calculates the hash function using a pre-selected message digest function.
- The vendor returns, upon receiving this information, the customer can compute the message digest to ensure authenticity.
- Signature: a request signature is generated based on the customer_secret by hashing
Encryption: No encryption, but maintains a level of security that prevents Scrip being stolen.
Micro-Payment Protocol: MilliCent
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Scrip Customer secret Request
Request Signature
Hash eg. MD5
Generating a request signature
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Micro-Payment Protocol: MilliCent
Customer Secret Scrip Request Signature
Request Signature
Compare
Vendor verifies the request signature
Request
Hash
Customer Vendor
1. Scrip, Request, Request signature
2. Change, Reply, Reply signature
Purchase using a request signature
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Scrip certificate generation
Micro-Payment Protocol: MilliCent
Vendor Value Scrip-id customer-id expiration-date info
Master Scrip secret 5
Master Scrip secret 6
Master Scrip secret 7
Master Scrip secret 6
To customer
Vendor secret keys
“certificate” Hash eg. MD5
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Vendor secret keys
Micro-Payment Protocol: MilliCent
Vendor Value Scrip-id customer-id expiration-date info
certificate
Master Scrip secret 5
Master Scrip secret 6
Master Scrip secret 7
certificate
Master Scrip secret 6
Fromcustomer compare
Scrip validation
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Overview of Millicent:
Millicent payment protocol is designed for low-amount transactions over the Internet.It is developed by Digital
- Support low-cost, secured transactions (less than one cent)- Use non-expensive symmetric crytographic algorithms- Use scrip as digital cash for customers to make purchases from vendors- Provide decentralized validation of electronic cash at the vendor’s server- Provide no additional communications, off-line processing.
Business market: electronic publishing, software and game industries. Performance: 14,000 pieces of Scrip can be produced per second.
8,000 payments can be validated per second, with change Scrip being produced.
A public trial of the Millicent system was scheduled for the summer of 1997.
Micro-Payment Protocol: Millicent
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Comparisons of Micro-Payment Protocol
Topic: Micro-Payment Protocols and Systems
Jerry Gao Ph.D. 5/2000
Analysis of Micro-Payment Protocol
Topic: Micro-Payment Protocols and Systems