23-07-2012, 10:09 AM
E-CASH PAYMENT SYSTEM
ecashpaymentsystem.doc (Size: 135.5 KB / Downloads: 34)
INTRODUCTION
With the onset of the Information Age, our nation is becoming increasingly dependent upon network communications. Computer-based technology is significantly impacting our ability to access, store, and distribute information. Among the most important uses of this technology is electronic commerce: performing financial transactions via electronic information exchanged over telecommunications lines. A key requirement for electronic commerce is the development of secure and efficient electronic payment systems. The need for security is highlighted by the rise of the Internet, which promises to be a leading medium for future electronic commerce.
Electronic payment systems come in many forms including digital checks, debit cards, credit cards, and stored value cards. The usual security features for such systems are privacy (protection from eavesdropping), authenticity (provides user identification and message integrity), and no repudiation (prevention of later denying having performed a transaction) .
WHAT IS ELECTRONIC CASH?
We begin by carefully defining "electronic cash." This term is often applied to any electronic payment scheme that superficially resembles cash to the user. In fact, however, electronic cash is a specific kind of electronic payment scheme, defined by certain cryptographic properties. We now focus on these properties.
Electronic Payment
The term electronic commerce refers to any financial transaction involving the electronic transmission of information. The packets of information being transmitted are commonly called electronic tokens. One should not confuse the token, which is a sequence of bits, with the physical media used to store and transmit the information.
We will refer to the storage medium as a card since it commonly takes the form of a wallet-sized card made of plastic or cardboard. (Two obvious examples are credit cards and ATM cards.) However, the "card" could also be, e.g., a computer memory.
A particular kind of electronic commerce is that of electronic payment. An electronic payment protocol is a series of transactions, at the end of which a payment has been made, using a token issued by a third party. The most common example is that of credit cards when an electronic approval process is used. Note that our definition implies that neither payer nor payee issues the token.
E-Cash Security
Security is of extreme importance when dealing with monetary transactions. Faith in the security of the medium of exchange, whether paper or digital, is essential for the economy to function.
There are several aspects to security when dealing with E-cash. The first issue is the security of the transaction. How does one know that the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash. These methods are suseptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point out that the encryption methods used for electronic money are the same as those used to protect nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step ahead of hackers.
E-Cash Regulation
A new medium of exchange presents new challenges to existing laws. Largely, the laws and systems used to regulate paper currency are insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency transactions, but this also removes much of the regulation of the currency in the current system.
A Basic Electronic Cash Protocol
If the payment is to be on-line, we can use Protocol 3 (implemented, of course, to allow for payer anonymity). In the off-line case, however, a new problem arises. If a merchant tries to deposit a previously spent coin, he will be turned down by the Bank, but neither will know who the multiple spender was since she was anonymous. Thus it is necessary for the Bank to be able to identify a multiple spender. This feature, however, should preserve anonymity for law-abiding users.
The solution is for the payment step to require the payer to have, in addition to her electronic coin, some sort of identifying information which she is to share with the payee. This information is split in such a way that any one piece reveals nothing about Alice's identity, but any two pieces are sufficient to fully identify her.
This information is created during the withdrawal step. The withdrawal protocol includes a step in which the Bank verifies that the information is there and corresponds to Alice and to the particular coin being created. (To preserve payer anonymity, the Bank will not actually see the information, only verify that it is there.) Alice carries the information along with the coin until she spends it.
At the payment step, Alice must reveal one piece of this information to Bob. (Thus only Alice can spend the coin, since only she knows the information.) This revealing is done using a challenge-response protocol. In such a protocol, Bob sends Alice a random "challenge" quantity and, in response, Alice returns a piece of identifying information. (The challenge quantity determines which piece she sends.) At the deposit step, the revealed piece is sent to the Bank along with the coin. If all goes as it should, the identifying information will never point to Alice. However, should she spend the coin twice, the Bank will eventually obtain two copies of the same coin, each with a piece of identifying information. Because of the randomness in the challenge-response protocol, these two pieces will be different. Thus the Bank will be able to identify her as the multiple spender. Since only she can dispense identifying information, we know that her coin was not copied and re-spent by someone else.
CONCLUSION
Electronic cash system must have a way to protect against multiple spending. If the system is implemented on-line, then multiple spending can be prevented by maintaining a database of spent coins and checking this list with each payment. If the system is implemented off-line, then there is no way to prevent multiple spending cryptographically, but it can be detected when the coins are deposited. Cryptographic solutions have been proposed that will reveal the identity of the multiple spenders while preserving user anonymity otherwise.
Token forgery can be prevented in an electronic cash system as long as the cryptography is sound and securely implemented, the secret keys used to sign coins are not compromised, and integrity is maintained on the public keys. However, if there is a security flaw or a key compromise, the anonymity of electronic cash will delay detection of the problem. Even after the existence of a compromise is detected, the Bank will not be able to distinguish its own valid coins from forged ones.
ecashpaymentsystem.doc (Size: 135.5 KB / Downloads: 34)
INTRODUCTION
With the onset of the Information Age, our nation is becoming increasingly dependent upon network communications. Computer-based technology is significantly impacting our ability to access, store, and distribute information. Among the most important uses of this technology is electronic commerce: performing financial transactions via electronic information exchanged over telecommunications lines. A key requirement for electronic commerce is the development of secure and efficient electronic payment systems. The need for security is highlighted by the rise of the Internet, which promises to be a leading medium for future electronic commerce.
Electronic payment systems come in many forms including digital checks, debit cards, credit cards, and stored value cards. The usual security features for such systems are privacy (protection from eavesdropping), authenticity (provides user identification and message integrity), and no repudiation (prevention of later denying having performed a transaction) .
WHAT IS ELECTRONIC CASH?
We begin by carefully defining "electronic cash." This term is often applied to any electronic payment scheme that superficially resembles cash to the user. In fact, however, electronic cash is a specific kind of electronic payment scheme, defined by certain cryptographic properties. We now focus on these properties.
Electronic Payment
The term electronic commerce refers to any financial transaction involving the electronic transmission of information. The packets of information being transmitted are commonly called electronic tokens. One should not confuse the token, which is a sequence of bits, with the physical media used to store and transmit the information.
We will refer to the storage medium as a card since it commonly takes the form of a wallet-sized card made of plastic or cardboard. (Two obvious examples are credit cards and ATM cards.) However, the "card" could also be, e.g., a computer memory.
A particular kind of electronic commerce is that of electronic payment. An electronic payment protocol is a series of transactions, at the end of which a payment has been made, using a token issued by a third party. The most common example is that of credit cards when an electronic approval process is used. Note that our definition implies that neither payer nor payee issues the token.
E-Cash Security
Security is of extreme importance when dealing with monetary transactions. Faith in the security of the medium of exchange, whether paper or digital, is essential for the economy to function.
There are several aspects to security when dealing with E-cash. The first issue is the security of the transaction. How does one know that the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash. These methods are suseptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point out that the encryption methods used for electronic money are the same as those used to protect nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step ahead of hackers.
E-Cash Regulation
A new medium of exchange presents new challenges to existing laws. Largely, the laws and systems used to regulate paper currency are insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency transactions, but this also removes much of the regulation of the currency in the current system.
A Basic Electronic Cash Protocol
If the payment is to be on-line, we can use Protocol 3 (implemented, of course, to allow for payer anonymity). In the off-line case, however, a new problem arises. If a merchant tries to deposit a previously spent coin, he will be turned down by the Bank, but neither will know who the multiple spender was since she was anonymous. Thus it is necessary for the Bank to be able to identify a multiple spender. This feature, however, should preserve anonymity for law-abiding users.
The solution is for the payment step to require the payer to have, in addition to her electronic coin, some sort of identifying information which she is to share with the payee. This information is split in such a way that any one piece reveals nothing about Alice's identity, but any two pieces are sufficient to fully identify her.
This information is created during the withdrawal step. The withdrawal protocol includes a step in which the Bank verifies that the information is there and corresponds to Alice and to the particular coin being created. (To preserve payer anonymity, the Bank will not actually see the information, only verify that it is there.) Alice carries the information along with the coin until she spends it.
At the payment step, Alice must reveal one piece of this information to Bob. (Thus only Alice can spend the coin, since only she knows the information.) This revealing is done using a challenge-response protocol. In such a protocol, Bob sends Alice a random "challenge" quantity and, in response, Alice returns a piece of identifying information. (The challenge quantity determines which piece she sends.) At the deposit step, the revealed piece is sent to the Bank along with the coin. If all goes as it should, the identifying information will never point to Alice. However, should she spend the coin twice, the Bank will eventually obtain two copies of the same coin, each with a piece of identifying information. Because of the randomness in the challenge-response protocol, these two pieces will be different. Thus the Bank will be able to identify her as the multiple spender. Since only she can dispense identifying information, we know that her coin was not copied and re-spent by someone else.
CONCLUSION
Electronic cash system must have a way to protect against multiple spending. If the system is implemented on-line, then multiple spending can be prevented by maintaining a database of spent coins and checking this list with each payment. If the system is implemented off-line, then there is no way to prevent multiple spending cryptographically, but it can be detected when the coins are deposited. Cryptographic solutions have been proposed that will reveal the identity of the multiple spenders while preserving user anonymity otherwise.
Token forgery can be prevented in an electronic cash system as long as the cryptography is sound and securely implemented, the secret keys used to sign coins are not compromised, and integrity is maintained on the public keys. However, if there is a security flaw or a key compromise, the anonymity of electronic cash will delay detection of the problem. Even after the existence of a compromise is detected, the Bank will not be able to distinguish its own valid coins from forged ones.