CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... ·...
Transcript of CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... ·...
![Page 1: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/1.jpg)
CSE331 Fall 2004 1
CIS / TCOM 551Networks and Computer Security
Lecture 24
![Page 2: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/2.jpg)
CSE331 Fall 2004 2
Electronic Commerce
• Credit Card Transactions– Physical world requires a signature– Credit card companies charge merchant per transaction
(usually $0.25)– Not good for small payments
• Digital Cash– Anonymity– Untraceability– Unforgeability
• Micropayments
![Page 3: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/3.jpg)
CSE331 Fall 2004 3
Protocols
• EDI security: ANSI X12.58 or S/MIME.• Secure Electronic Transaction (SET).
– Visa and MasterCard.• CyberCash.
– Intermediary between Web-based merchants andcredit card banks.
• CheckFree.– Electronic checks.
• First Virtual.– Credit card payments via email.
![Page 4: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/4.jpg)
CSE331 Fall 2004 4
What is a “micropayment”?
• A payment small enough thatprocessing it is relatively costly.– Note: processing one credit-card payment costs
about 25¢• A payment in the range 0.1¢ to $10.• Processing cost is the key issue for
micropayment schemes.– There are other issues common to all payment
schemes
(Slides adapted from talks given by Ron Rivest.)
![Page 5: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/5.jpg)
CSE331 Fall 2004 5
The need for small payments• “Pay-per-click” purchases on Web:
– Streaming music and video– Information services
• Mobile commerce– Geographically based info services– Gaming– Small “real world” purchases
• Infrastructure accounting:– Paying for bandwidth
![Page 6: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/6.jpg)
CSE331 Fall 2004 6
Generic Payment Framework
Consumer Alice Merchant Bob
Authori-zation Deposit(s)
Merchant PSP
Consumer PSP
Settlement
Payment(s)
Billing
Payment System Providers
![Page 7: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/7.jpg)
CSE331 Fall 2004 7
Aggregation
• To reduce cost, micropayments must beaggregated into fewer macropayments.
• Possible levels of aggregation:– None: Every payment deposited with PSP– Merchant-level: A consumer’s payments are
aggregated by merchant– MicroPSP: Monopoly service that disintermediates
existing payment services; doesn’t scale well– Universal: Payments aggregated across all users and
merchants, even those supported by differentcooperating PSPs
![Page 8: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/8.jpg)
CSE331 Fall 2004 8
Merchant-Level Aggregation
Alice
Bill
Only works sometimes!
![Page 9: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/9.jpg)
CSE331 Fall 2004 9
MicroPSP Aggregation
Alice
MicroPSPBill
Doesn’t scale up!
![Page 10: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/10.jpg)
CSE331 Fall 2004 10
Universal Aggregation
• Universal aggregation dramatically reducesprocessing cost, independent of spendingpatterns.
• Also called many/many/many aggregation:Aggregates payments from– Many consumers– Many merchants– Many PSP’sin any combination. No need to aggregate sales per
consumer.
![Page 11: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/11.jpg)
CSE331 Fall 2004 11
Universal Aggregation Idea
• Would merchant prefer: (a) twenty 50 cent payments, or (b) $0 for 19 payments, and $10 for one? No difference to merchant, on average
![Page 12: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/12.jpg)
CSE331 Fall 2004 12
Universal Aggregation Idea
• Would merchant prefer: (a) twenty 50 cent payments, or (b) $0 for 19 payments, and $10 for one? No difference to merchant, on average.
What if processing costs 20 cents per payment? (a) nets only 30 cents per payment (b) nets 49 cents net per payment!Merchant strongly prefers (b) !
![Page 13: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/13.jpg)
CSE331 Fall 2004 13
Electronic Lottery Tickets
• “Electronic Lottery Tickets as Micropayments”– Rivest ’97
• Payments are probabilistic• First schemes to provide
global aggregation:payments aggregated acrossall user/merchant pairs.
![Page 14: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/14.jpg)
CSE331 Fall 2004 14
“Lottery Tickets” Explained• Merchant gives user hash value y = h(x)• User writes Merchant check: “This check is
worth $10 if three low-order digits ofh-1(y) are 756.” (Signed by user, withcertificate from PSP.)
• Merchant “wins” $10 with probability 1/1000.Expected value ofpayment is 1 cent.
• Bank (PSP) sees only 1 out ofevery 1000 payments.
• Merchant provides x as evidencefor the Bank’s billing.
![Page 15: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/15.jpg)
CSE331 Fall 2004 15
Peppercoin’s Universal Aggregation
19 / 20
LogAlice
50 cents
($8.50 cumulative)
www.peppercoin.com
![Page 16: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/16.jpg)
CSE331 Fall 2004 16
Peppercoin’s Universal Aggregation
19 / 20
LogCharles
50 cents
($12.79 cumulative)
![Page 17: CIS / TCOM 551 Networks and Computer Security - cis.upenn.edustevez/cis551/2006/web/... · certificate from PSP.) •Merchant “wins” $10 with probability 1/1000. Expected value](https://reader034.fdocuments.net/reader034/viewer/2022042915/5f52080cf128fe6f196e8178/html5/thumbnails/17.jpg)
CSE331 Fall 2004 17
Peppercoin’s Universal Aggregation
Efficient always and scalable:!! 20 transactions for the cost of 1 !!
Alice
1 / 20
$10
$10
Bill $11 (exactly covercumulative amount shespent at all merchants)
50 cents
($11.00 cumulative)