MICROPAYMENT PROTOCOLSINTRODUCTIONMICROPAYMENTSSlide 4Efficient ProtocolsNETPAYSlide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17NETBILLSlide 19Slide 20Slide 21Slide 22Slide 23PAYCASHPAYCASHSlide 26Slide 27Slide 28Slide 29REFERENCESSlide 31MICROPAYMENT PROTOCOLSINTRODUCTIONOverview of MicroPaymentsProtocols- NetBill- NetPay- PayCashMICROPAYMENTS1. - Fraction of a cent or very small amount that may be charged for online usage of Connection time.2. - Payments of small sums of money, generally smaller than physical currency.MICROPAYMENTSOBJECTIVES:1. Minimize transaction overheads2. To use in place of Credit cards-Security3. Pay-per-view or pay-per-use type of commerce.Efficient ProtocolsAnonymous (Privacy Protection)Tamper-proof recordsIntegrityNon-repudiation, AtomicityAccountabilityMultiple currenciesNETPAY Secure Economical Easily implementable Debit-based protocol for a micropayment system  Derived from Payword protocol Prevents Double spendingNETPAYPROS No involvement of third party in every transaction Minimizes the number of expensive public-key operations Hash function operations are usedNETPAYConsider a trading community :-Untrusted parties Customer (C)  Vendor (V)-Trusted partiesBroker (B). --registers customers and MerchantsNETPAYPROTOCOLBrokerCustomerVendor1M1M1= { IDc, n, IP address of V1 }NETPAYThe Broker does :Debit money from the account of C Creates a payword chain W0, W1, ..., Wn, Wn+1 which satisfy Wi = h(Wi+1).h(.) is a one way hash functionSeed Wn+1 is a secret with the broker.-- Prevents overspending and forging paywordsNETPAYPROTOCOLBrokerCustomerVendor1M1M2 = { W1, W2, ..., Wn } PK-customerM2NETPAYPROTOCOLBrokerCustomerVendor1M1M3 = {IDc, W0} SK-brokerM2M3NETPAYTransaction 2: Customer – VendorCustomerVendor 1M4 = { IDc, P}M4P = {(Wj, j), ( Wj+1, j+1), ..., (Wj+m-1, j+m-1)}payment P is verified by the vendor by hashing the paywords Wi's in the payment P. Ex:W1 is valid if the hash matches (W0)NETPAYTransaction 2: Customer – VendorCustomerVendor 1M4 = { IDc, P}M4If payment P is validThenP will be stored for redemption at a later time with the broker.NETPAYTransaction 2: Customer – VendorCustomerVendor 1M4M5M5 = {IDv1, the receipt of the payment}NETPAYTransaction 3: Vendor-VendorCustomer Vendor 2 Vendor 1M6M6 = {IP address of V1, IDc, P, O}M7M7 = {IDc, IDv2}V1 signs the indexIndex = {IDv1, IDv2, i}SK-v1 M8M8 = {IDc, W0, Index}M9M9 = {IDv2, the receipt of the payment}NETPAYTransaction 4: Vendor – Broker VendorBrokerM10M10 = {IDc, IDv, P}M11M11 = {Statement of the vendor's account}NETBILLSystem for micropaymentsFor information goods on the InternetPLUS POINTProvides an atomic certified delivery method so that a customer pays if and only if she receives her information goods intact.NETBILLTHIRD PARTYNetBill serverCustomer AccountMerchant AccountFinancial institutionFinancial InstitutionE.g: BanksNETBILLNetBill serverCustomerMerchantThree phases:•Price negotiation---Customer Merchant•Goods delivery--- Customer Merchant•Payment---Merchant NetBillNETBILLThe Transaction Protocol1. CM Price request2. MC Price quote -The merchant responds with a price offer.3. CM Goods request-Customer presents evidence of her identity-Requests a price quote on an item.-The customer may also bid for the item.NETBILL4. MC Goods, encrypted with a key K-The merchant provisionally delivers the goods, underencryption, but withholds the key.5. CM Signed Electronic Payment Order-customer constructs, and digitally signs, an electronic payment order (or EPO) and sends it to the merchant.6. MN Endorsed EPO (including K)-Merchant appends the key to the EPO & digitally signs the EPO, forwarding it to the NetBill server.- Proof of Agreed Terms and KeyNETBILL7. NM Signed result (including K)- NetBill Debits & Credits Accounts.- Also proof of Transaction by NetBill8. MC Signed result (including K)PAYCASHDesigned to offer - Strong security - Privacy protection.Based on CHAUM’S ELECTRONIC COINS-- first to demonstrate anonymity in electronic coins.PAYCASHPAYCASH COIN = { X, g-1(f(X)) }- f(.) and g(.) are functions that are easy tocalculate and hard to invert.Only Third Party (TP) can mint a coin- apply g-1(.)For anonymity TP should mint without knowing X or F(X)The user applies a Blinding Fn before Minting the coin.PAYCASHInstead of Serial number X,pair of keys are used- Public Key (P) & Secret key (S).Two Functions: SIGN(S,Z) & VERIFY(P,Sz) VERIFY(P,SIGN(S,Z))= Z.COIN = { P, g-1(f(P)) }.To send a Coin, we send the four tuple:{record, Sign(S,record), P, g-1(f(P)) }PAYCASH{record, Sign(S,record), P, g-1(f(P)) }Check if f(p) = g(g-1(f(P)) )Using P,–VERIFY(P,SIGN(S,record)) = record–This verifies the sender because only he knows the secret Key, SP is stored with the third party after intial payment.PAYCASHMultiple Value Coin:For each P, Third Party keeps track of m(P).COIN : {N, P, g-N(f(P)) }Tuple : {record, Sign(S,record), n, P, g-n(f(P)) }Condition : N k + m(P)/c. e.g 10 >=2 +5/1REFERENCES[1]. Rivest, R., Shamir, A., & Adleman, L. (1978). A method for obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol. 21, 21(2):120-126.[2]. 7 B. Cox, J. D. Tygar, and M. Sirbu. "NetBill Security and Transaction Protocol." In Proceedings of the First USENIX Workshop on Electronic Commerce, pages 77-88, July 1995. [3]. Jon M Peha and Lldar M. Khamitov. PayCash: a secure efficient Internet payment system. ACM International Conference Proceeding Series Proceedings of the 5th international conference on Electronic commerceREFERENCESHyperLinks1.Xiaoling Dai and Bruce W N Lo. Netpay--An efficient protocol for micropayments on the