Building a consumer scalable anonymity payment protocol for InternetpurchasesHua Wang Jinli CaoDepartment of Maths & ComputingUniversity of Southern QueenslandToowoomba QLD 4350 Australia(wang, cao)@usq.edu.auYahiko KambayashiDepartment of Social InformaticsKyoto UniversityKyoto, [email protected] paper proposes a secure, scalable anonymity andpractical payment protocol for Internet purchases. The pro-tocol uses electronic cash for payment transactions. In thisnew protocol, from the viewpoint of banks, consumers canimprove anonymity if they are worried about disclosure oftheir identities. An agent provides a higher anonymous cer-tificate and improves the security of the consumers. Theagent will certify re-encrypted data after verifying the va-lidity of the content from consumers, but with no private in-formation of the consumers required. With this new method,each consumer can get the required anonymity level, de-pending on the available time, computation and cost.We also analyse how to prevent a consumer from spend-ing a coin more than once and how to use the proposed pro-tocol for Internet purchases. After comparing with anotherscheme and discussing the properties of the new paymentprotocol, the new method will be proved that it is more ef-ficient and can prevent from eavesdropping, tampering and“perfect crime” effectively. It is promising for electronictrades through the Internet.Keywords: Electronic-cash, Anonymity, Traceability,Hash function.1 IntroductionRecent advances in the Internet and WWW have enabledrapid development in e-commerce. More and more busi-nesses begin to develop or adopt e-commerce systems tosupport their selling/business activities. While this bringsconvenience for both consumers and vendors, many con-sumers have concerns about security and their private infor-mation when purchasing over the Internet, especially withelectronic payment or e-cash payment. Consumers oftenprefer to have some degree of anonymity when shoppingover the Internet.There are a number of proposals for electronic cash sys-tems. All of them lack flexibility in anonymity. DavidChaum [5] first proposed an on-line payment system thatwill guarantee receiving valid coins. This system providessome levels of anonymity against a collaboration of shopsand banks. However, users have no flexible anonymity andbanks have to keep a very big database for users and coins.Another on-line CyberCoin (http://www.cybercash.com)approach allows clients to make payments by signing fundtransfer requests to merchants. The merchants submit thesigned requests to the bank for authorization of the pay-ments. The CyberCoin protocol, however, is not fullyanonymous since it allows the issuing bank to track everypurchase. Furthermore, the scalability of the CyberCoinprotocol is questionable since it relies on the availability of asingle on-line bank. NetBill [9] extends the above paymentmechanism by supporting goods atomicity and certified de-livery. The drawbacks of NetBill protocol are the additionof extra messages and the significant increase in the amountof encryption used. The most sophisticated protocol is theSET protocol [13], which was designed to facilitate creditcard transactions over the Internet. SET security comes ata considerable computation and communication cost. SET,unlike other simpler on-line protocols, does not offer fullanonymity, non-repudiation or certified delivery.Proceedings of the 12th Int’l Wrkshp on Research Issues in Data Engineering: Engineering e-Commerce/ e-Business Systems (RIDE’02) 1066-1395/02 $17.00 © 2002 IEEESystems mentioned above are on-line payment systems.They need sophisticated cryptographic functions for eachcoin, and require additional computational resources for thebank to validate the purchases. Forcing the bank to be on-line at payment is a very strict requirement. On-line pay-ment systems protect the merchant and the bank againstcustomer fraud, since every payment needs to be approvedby the customer’s bank. This will increase the computa-tion cost, proportional to the size of the database of spentcoins. If a large number of people start using the system,the size of this database could become very large and un-manageable. Keeping a database of every coin ever spentin the system is not a scalable solution. Digicash [6] plansto use multiple banks each minting and managing their owncurrency with inter-bank clearing to handle the problems ofscalability. It seems likely that the host bank machine hasan internal scalable structure so that it can be set up notonly for a 10,000 user bank, but also for a 1,000,000 userbank. Under the circumstances, the task of maintaining andquerying a database of spent coins is probably beyond to-day’s state-of-the-art database systems.In an off-line protocol, the merchant verifies the paymentusing cryptographic techniques, and commits the paymentto the payment authority later in an off-line batch process.Off-line payment systems were designed to lower the costof transactions due to the delay in verifying batch processes.Off-line payment systems, however, suffer from the poten-tial of double spending, whereby the electronic currencymight be duplicated and spent repeatedly.The first off-line anonymous electronic cash was intro-duced by Chaum, Fiat and Naor [8]. The security of theirscheme relied on some restricted assumptions such as re-quiring a function which is similar to random oracle andmaps from the second argument onto a special range. Thereis also no formal proof attempted. Although hardly practi-cal, their system demonstrated how off-line e-cash can beconstructed and laid the foundation for more secure and ef-ficient schemes. In 1995, Chan, Frankel and Tsiounis [4]presented a provable secure off-line e-cash scheme that re-lied only on the security of RSA [17]. This scheme ex-tended the work of Franklin and Yung [12] who aimed toachieve provable security without the use of general compu-tation protocols. The anonymity of consumers is based onthe security of RSA and it cannot be changed dynamicallyafter the system is established. NetCents [16] proposed alightweight, flexible and secure protocol for micropaymentsof electronic commerce over the Internet. This protocol isdesigned only to support purchases ranging in value from afraction of a penny and up.In 2000, David Pointcheval [15] presented a paymentscheme in which the consumer’s identity can be found anytime by a certification
View Full Document
Unlocking...