Eps

Electronic Cash Payment Protocols

and Systems

Electronic Payment Systems

• Efficient and effective payment services accepted by consumers and businesses are essential to e-commerce.

• Requirements:– Convenient for web purchasing– Transportable over the network– Strong enough to thwart electronic interference– Cost-effective for extremely low-value transactions

Electronic Payment Systems• Banking and Financial Payments

– Bank-to-bank transfer (EFT)– Home Banking -- CitiBank, Wells Fargo

• Payment through an Intermediary – Open Market *– First Virtual (FirstVirtual Pin) *

* Both refer to their earlier business models

Electronic Payment Systems• Electronic Currency Payment Systems

– Electronic Cash -- CyberCash, Internetcash.com

– Electronic Checks -- NetCheque

– e-Wallets (Visa)

• Smart Cards– American Express (blue smart card)

– Visa

• Micropayments– echarge

http://www.ecash.net/demo

http://www.rsasecurity.com/

http://www.internetcash.com/

http://usa.visa.com/personal/shopping/ewallets.html

More

• Retailing Payment Systems– Credit Cards -- Visa or MasterCard

– Private Label Credit/Debit Cards

– Charge Cards -- American Express; echarge

• Peer-to-peer payments (between consumers)– PayPal (billpoint)

- Overview of electronic cash system

- Ecash (Digital Cash)

- NetCash

- Modex

- CAFÉ

What is cash payment?- Cash payment is currently most popular form in conventional payment system in the world.- Currently cash payment involves 75% - 95% of all transactions are paid in cash.. - Transactions are paid in a cash form (such as $ bill) from a buyer to a seller.

An electronic cash payment system usually is developed based on an electronic payment protocol which supports a series of payment transactions using electronic tokens or coins issued by a third party.

There are three types of users:- a payer or consumer- a payee, such as a merchant- a financial network with whom both payer and payee have accounts.

Overview of Electronic Cash Payment Protocols and Systems


consumermerchant

merchant’s bank consumer’s bank

The basic attributes of cash payment

- Acceptability: Cash almost universally acceptable as a form of payment, regardless of the transaction amount.

- Guaranteed payment: cash guarantees the payment after the transaction is over. There is no risk of it been rejected or bounced.

- No transaction charges: cash is handled from buyers to sellers with no transaction charges.

- Anonymity: many other forms of payment involve a paper trail linking either or both parties with the transactions. Cash allows transactions take place anonymously.


- Customers: Customers use the digital cash payment systems to make purchases.

- Dealers: Dealers have to bear the costs of payment transactions. - Providers for digital payment systems:

Providers are intermediaries between dealers and financial institutions.They provide services and training.

- Development vendors for digital payment systems:

- Financial institutions: Banking systems or organizations who use electronic payment systems.

- Trust Centers: They control digital signature keys, and help to secure customer confidence in certain payment systems. They are responsible for the integrity of transmitted data and authenticity of contractors.

Actors Involved in Electronic Cash Payment Systems

- Digital money:Payment systems must provide customers and private households with acceptable digital money.

- Security: Ensure the security of transactions and information privacy of users.

- Scalability: A large number of customers and concurrent transactions should be handled in a scalable manner.

- Efficient and effective: Payment systems must support efficient and effective payment processing and accounting services for small payment transactions.

- Simple and lost cost: Payment systems must provide customers with simple and low cost transparent transactions.

Basic Requirements for Electronic Cash Payment Systems

- Anonymous: Usually, customers wish to stay anonymous for all involved transactions..

- Double spending: Digital coins consists of a number of bits. Payment systems must be able to recognize and/or prevent repeated payments with the same digital coin.

- Exchange: Digital money should be convertible into “real” money whenever necessary.

- Store: Digital money must be stored locally on hard disks or other media.

- Value: Digital cash payment systems must provide a large number of digital coins for circulation and perform authentication checking.

Basic Requirements for Electronic Cash Payment Systems

- Saved time: - Reduce transaction process time- Speed up transaction processes

- Reduced costs:- Reduce transaction costs- Reduce cash distribution costs

- Flexibility:- Digital cash can take many forms, including prepaid cards- Digital cash can be converted into different currencies

- Reduce cash distribution risk: - Reduce the regular cash distribution risk

- Error free and efficient:- Reduce transaction errors

Advantages of Electronic Cash Payment Systems

Features of electronic cashes:

- Portable, divisible, recognizable, untraceable, and independent from physical locations.

Important features of electronic cash payment protocols and systems:

- Anonymity: This ensure that no detailed cash transactions for customerare traceable. Even sellers do not know the identity of customers involved in the purchases.

- Liquidity: Digital cash have to be accepted by all concerned economic agents as a payment method.

- Prepaid cards: Buyers can buy prepaid cards that are accepted by special sellers.

- Electronic payment processing: all transactions are processed electronically.

Special Features of Electronic Payment Protocols

Three types of transactions:

- Withdrawal: the payer transfers some of money from the bank account to his or her payment card.

- Payment: the payer transfers the money from the card to the payee.

- Deposit: the payee transfers the money received to the bank account. Two types of implementations:

- On-line payment: --> the merchant calls the bank and verifies the validity of consumer’s token or electronic coin before accepting the payment and delivering the merchandise.

- Off-line payment: --> the merchant submits consumer’s payment for verification and deposit sometime after the payment transaction is completed.

Transactions Types in Electronic Cash Payment Systems

What is Ecash?

Ecash was developed to allow fully anonymous secure electronic cash to be used on the Internet to support online trading between buyers and sellers.

Overview of Ecash:

- Ecash is a payment protocol for anonymous digital money on the Internet.

- It is developed by DigiCash Co, of Amsterdam, The Netherlands.

- It is currently implemented and offered by Mark Twain Bank, St. Louis since 1995.

- DeutscheBank Ag, Frankfurt (Main) offers Ecash as a pilot project to its customers since October 1997.

Electronic Cash Payment Protocol: ECash

Ecash model:

Three participants are involved in Ecash payment model: clients, merchants and banks.

-- Client wallet software: - clients have Ecash wallet software (cyberwllet) on their computers.

- they can use Ecoins in their wallet to make purchases from merchants.- withdraw coins from their accounts in a Ecash bank.

- store and manage client’s coins, track all transactions.

-- Merchant software:- accept and process payments- interact with Ecash bank to perform validation and authentication- sell items and generate receipts.

-- Banks: clients and merchants have accounts at an Ecash bank.- manage and maintain accounts of clients and merchants

Electronic Cash Payment Protocol: Ecash

Electronic Cash Payment Process with Ecash

1 2

3

4 6

5

1. Customer sends coin with encoded serial number to the financial institution.

2. Financial institution sendscoin back signed.

3. Customer decodes serial numberand uses the coin for payment.

4. Dealer sends coin to his financialinstitution.

5.Check and clearing.

6. Dealer gets confirmation andis credited.

Financial Institution of the dealer

Financial Institution of the customer

Customer Dealer

Internet

Electronic Cash Payment Protocol: Ecash

ClientWallet

Ecash Bank

Merchant SoftwareGoods/Receipts

Ecash Payment Model:

Pay coins

Check for validation of the coins

New coins, statements

Withdraw/ Deposit coins Validates the

coins/ Deposits

validate the coins issue new coins user account DB for used coins

sell goods accept coins make refunds

store the coins make payments accept payments withdraw/request new coins


Ecash Bank Merchant Software Client Wallet

6. Accepted

5. Deposit coins

3. Payment Request (order)

4. Payment (coins, order)

7. Receipt

Web Browser Web Server

8. Send goods2. Merchant wallet starts

1. select goods

9. Goods/ack.


Ecash BankMerchant Software Client Wallet

2. Ecash tokens

1. invoice

(a) blinded tokens

(b) signed blinded tokens

5. Goods delivery

3. Ecash tokens

4. Double spending check


Ecash Bank User 2 (payee) User 1 (payer)

2. Payment deposit

3. New coins (withdrawal response message)

1. Payment


- Ecash Coins:- Ecash coins are pieces of data that can be copied.- The value of Ecash coins cannot be included with the serial number in the fields of the coin.

- Use a different signature key for each coin denomination.

Example: $1 Coin = Serial#, keyversion, {Serial#} SK Bank’s $1 Key

- Security mechanisms:- using RSA public-key cryptography.- ‘blind signature’ is the foundation of Ecash privacy feature. - Every user in the system has their own public/private key pair.

- Double-spending prevention:- To ensure that a serial number is not spent twice, the minting bank must record every coin that is deposited back to that bank.

A) be signed, with any denominational signature, by the bank.B) Have an expiry date associated with it that is later than the present date.C) Not appear in the DB of spent coins.

Scrip Message Structure


Vendor Value Scrip-id customer-id expiration-date info certificate

What is NetCash?

- Netcash is an online electronic cash system, for open networks.- It was developed at Information Sciences Institute of the University of Southern California.

Overview of NetCash:

- Users can make and accept payments using NetCash.

- Both asymmetric and symmetric cryptography are used to provide the network security of the system to limit fraud.

- The system use multiple currency servers that mint and issue electronic coins to the users of the system, accepting electronic checks in payment for them.

Electronic Cash Payment Protocol: NetCash

NetCash model:

Three participants are involved in NetCash payment model: tbuyers (or clients), merchants, and currency servers.

Four services are provided:

- Verifying coins, to prevent double spending.- Issuing coins in return for payment by electronic check.- Buying back coins, giving an electronic check in return.- Exchanging valid coins for new ones with some anonymity.

NetCheque is proposed to provide the electronic check infrastructure required to bring monetary value into and out of the NetCash system.

- Clients can buy and sell NetCash coins in exchange for electronic checks.- NetCash servers can use electronic checks to settle debts between themselves,


Electronic Cash Payment Process with NetCash

1

2

3

4

1. Customer gets coin by payment (e.g. by credit card, check)

2. Customer sends coins encodedin an asymmetric way to the dealer.

3. Dealer presents coins and getsnew coins or is credited. Dealer sendsconfirmation to the customer.

4.Clearing by financial institution.

Financial Institution of the dealer (currency server)

Financial Institution of the customer (customer server)

Customer Dealer

Internet


CurrencyServer 1

Clearing Infrastructure (NetCheque)

Currency Server 2

Electronic checks

NetCash Payment System:

E-coins

Buyer MerchantReceipt

E-coins

Verify coins (double spending prevention)

Purchase coins


CurrencyServer 1

Currency Server 2

5. Verify coins

Buyer Merchant7. Receipt

3. CS1’s certificate

4. Validate coins2. New coins1. E-Check 6. New coins/E-Check

Making a purchase with NetCash


A NetCash coin has the following form:

- CS_name: - name of the minting currency server.

- CS addr: - network address of the minting currency server.

- Expiry: - the date on which the coin becomes invalid..

- Serial #: - a unique identifier of the coin to the minting currency server.

- Value: - the amount of the coin is worth Each coin is encrypted with currency server’s secret key (SKcs), which becomes a digital signature to show that the coin is authentic.

What is Mondex?

- Mondex is a payment scheme that was initially funded by a major banking organization called National Westminster (NateWest) in U.K. in 1990.

In June 1996, Mondex International became a separate company to promote technology around the world.

Overview of Mondex:

- Mondex uses electronic smart cards that is loaded with money from an account.It is an integrated circuit card (ICC). It plays as an “electronic purse”.- No online verification is needed. - Security: --> Two levels of security are provided in Mondex:

- the chip used on Mondex cards has in-built risk management system.- a PIN number is used by Merchants to lock the Value Transfer Terminal so that only authorized personnel can remove value from the Mondex merchant’s terminal, or allow refunds.- the system will close down the card when unusual card behaviors (like transfer of huge funds) occur.

Electronic Cash Payment System: Mondex

- Mondex involves six different entities:

- Franchisees: grant the right and obligations to manage and promote and exploit Mondex in their geographic territory.

- Originators: issue, control, and redeem electronic cash denominated in a currency.

- Manufacturers: produce the hardware to process Mondex Card.

- Members are licensed by Franchisees to issue Mondex Cards to consumers and merchants.

- Merchants: enter into an agreement with Members to enable them to accept Mondex electronic cash as payment for goods and services.

- CardHolders: consumers with Mondex card from Members, and use the card to pay the goods and services from the merchant



Bank Accounting System

Mondex Card

Mondex IFD

ATM

Value Control &Management System

Value Box

consumer


Bank Accounting System

Mondex Card

Mondex IFD

Value Transfer Terminal

Value Control &Management System

Value Box

consumer

retailer

- Overview of CAFÉ Project:

- CAFÉ(Conditional Access for Europe) was a project funded under the Europe Community’s ESPRIT program.

- It began in 1992, and lasted for three years. The major outcome of this project wasthe development of an advanced electronic cash payment system.

- The payment system used CAFÉ protocol, which use a hybrid payment scheme that based on the concepts of electronic cash and electronic check.

- CAFÉ’s goals:- Multiparty security- Offline payments- Detection of double spending- Untraceable payments

Electronic Cash Payment System: CAFE

CAFÉ’s Architecture:


payer payee

issuer bank acquirer’s bank

payment

withdrawal deposit

Clearing center

- CAFÉ devices:

- There are various tamper resistant electronic devices available in the CAFÉ system,which are used to store money, perform cryptographic operations, and make moneyto the merchants.

- CAFÉ’s devices:

(a) Smart card or Alpha system: It is an electronic credit card with an embedded microprocessor.It can store coins and transaction information, and perform securityand cryptographic operations.

(b) Wallet: --> it consists of two parts:- Observer - protects the bank’s interests- Purse with a keyboard and a display. It protects user’s interests, and allowsusers to enter PIN number and communicate with outside world.



Wallet, ATM POS-Terminal

1 2 3 ok

4 5 6 stop

7 8 9 -->

* 0 # <--

Chipcard

Crypto IC

Battery

Infrared Communication A Full CAFÉ Wallet

CAFÉ security:

CAFÉ use two types of security mechanisms to project the system:

- use of “tamper-resistant devices” to store cryptographic keys and to perform allcryptographic transactions.

- use a cryptographic fallback mechanism that allows the financial institutionsto detect double spending of electronic currency.

CAFE’s fallback mechanism --> “offline digital coins”:

-offline digital coin encoded the identity of the payer into the coin number:There are two parts in the coin number- PART I + PART II

- When the coin is used only once in a payment transaction, PART I will be revealed. - Whenever the coin is used more than once, both Part I and II will be revealed tofind the payer.


E-Wallets• E-wallets

– Keep track of your billing and shipping information so that it can be entered with one click at participating sites

– Store e-checks, e-cash and credit-card information

• Credit-card companies offer a variety of e-wallets – Visa e-wallets – MBNA e-wallet allows one-click shopping at member sites

• A group of e-wallet vendors have standardized technology with Electronic Commerce Modeling Language (ECML)

http://www.entrypoint.com/

Digital Currency• Digital cash

– Stored electronically, used to make online electronic payments

– Similar to traditional bank accounts– Used with other payment technologies (digital wallets) – Alleviates some security fears online credit-card

transactions– Allows those with no credit cards to shop online– Merchants accepting digital-cash payments avoid credit-

card transaction fees

Smart Cards• Smart card

– Card with computer chip embedded on its face, holds more information than ordinary credit card with magnetic strip

– Contact smart cards• To read information on smart cards and update information, contact smart cards

need to be placed in a smart card reader

– Contactless smart cards • Have both a coiled antenna and a computer chip inside, enabling the cards to

transmit information

– Can require the user to have a password, giving the smart card a security advantage over credit cards• Information can be designated as "read only" or as "no access" • Possibility of personal identity theft

Smart Cards

• Magnetic stripe– 140 bytes, cost $0.20-0.75

• Memory cards– 1-4 KB memory, no processor, cost $1.00-2.50

• Optical memory cards– 4 megabytes read-only (CD-like), cost $7.00-12.00

• Microprocessor cards– Embedded microprocessor

• (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM• Equivalent power to IBM XT PC, cost $7.00-15.00• 32-bit processors now available

Smart Cards• Plastic card containing an embedded microchip • Available for over 10 years• So far not successful in U.S., but popular in Europe,

Australia, and Japan• Unsuccessful in U.S. partly because few card readers

available• Smart cards gradually reappearing in U.S.; success

depends on:– Critical mass of smart cards that support applications– Compatibility between smart cards, card-reader devices, and

applications

Smart Card Applications• Ticketless travel

– Seoul bus system: 4M cards, 1B transactions since 1996– Planned the SF Bay Area system

• Authentication, ID

• Medical records

• Ecash

• Store loyalty programs

• Personal profiles

• Government– Licenses

• Mall parking

. . .

Advantages and Disadvantages of Smart Cards

• Advantages:1. Atomic, debt-free transactions

2. Feasible for very small transactions (information commerce)

3. (Potentially) anonymous

4. Security of physical storage

5. (Potentially) currency-neutral

• Disadvantages:1. Low maximum transaction limit (not suitable for B2B or most B2C)

2. High Infrastructure costs (not suitable for C2C)

3. Single physical point of failure (the card)

4. Not (yet) widely used

Mondex Smart Card

• Holds and dispenses electronic cash (Smart-card based, stored-value card)

• Developed by MasterCard International• Requires specific card reader, called Mondex terminal, for

merchant or customer to use card over Internet• Supports micropayments as small as 3c and works both online

and off-line at stores or over the telephone• Secret chip-to-chip transfer protocol• Value is not in strings alone; must be on Mondex card• Loaded through ATM

– ATM does not know transfer protocol; connects with secure device at bank

Mondex Smart Card Processing

Mondex transaction

• Here's what happens "behind the scenes" during a Mondex transaction between a consumer and merchant. Placing the card in a Mondex terminal starts the transaction process: 1. Information from the customer's chip is validated by the merchant's

chip. Similarly, the merchant's card is validated by the customer's card.

2. The merchant's card requests payment and transmits a "digital signature" with the request. Both cards check the authenticity of each other's message. The customer's card checks the digital signature and, if satisfied, sends acknowledgement, again with a digital signature.

3. Only after the purchase amount has been deducted from the customer's card is the value added to the merchant's card. The digital signature from this card is checked by the customer's card and if confirmed, the transaction is complete.

Mondex Smart Card• Disadvantages

– Card carries real cash in electronic form, creating the possibility of theft

– No deferred payment as with credit cards -cash is dispensed immediately

• Security– Active and dormant security software

• Security methods constantly changing• ITSEC E6 level (military)

– VTP (Value Transfer Protocol)• Globally unique card numbers• Globally unique transaction numbers• Challenge-response user identification• Digital signatures

– MULTOS operating system• firewalls on the chip

Documents

Eps