Professional Documents
Culture Documents
Outline
The ‘Net Effect’ on Payment/E-Payment
Impact on Developed Countries
Starting point for Developing Nations
New Opportunities
Conventional Payment
Mechanisms in United States
Approx 80% of payments in Cash
Transaction reconciliation
– Cash or check
Electronic Payment Systems
– Digital currency
• Non-intermediated transactions
• Anonymity
• Ecommerce benefits
– Privacy preserving
– Minimizes transactions costs
– Micropayments
– Security issues with digital currency
• Authenticity (non-counterfeiting)
• Double spending
• Non-refutability
Electronic Payment Systems
• Each person publishes his or her public key, keeping the secret key
secret.
• Let D be the set of permissible messages
– Example: All finite length bit strings or strings of integers
• The public key is required to define a one-to-one mapping from the
set D to itself (without this requirements, decryption of the message is
ambiguous).
– Given a message M from Alice to Bob, Alice would encrypt this using
Bob’s public key to generate the so-called cyphertext C=PB(M). Note
that C is thus a permutation of the set D.
• The public and secret keys are inverses of each other
– M=SB(PB(M))
– M=SA(PA(M))
• The encryption is secure as long as the functions defined by the
public key are one-way functions
Encryption
The RSA public key cryptosystem
– Finite groups
• Finite set of elements (integers)
• Operation that maps the set to itself (addition, multiplication)
• Example: Modular (clock) arithmetic
– Subgroups
• Any subset of a given group closed under the group operation
– Z2 (i.e. even integers) is a subgroup (under addition) of Z
1 x mod 12
2 x mod 12
Encryption
3 x mod 12
4 x mod 12
Encryption
5 x mod 12
6 x mod 12
Encryption
7 x mod 12
8 x mod 12
Encryption
9 x mod 12
10 x mod 12
Encryption
11 x mod 12
Encryption
A key result: Lagrange’s Theorem
– If S’ is a subgroup of S, then the number of elements of S’ divides
the number of elements of S.
– Examples:
Z 2 Z12 , Z 2 6 Z12 12
Z 3 Z12 , Z 3 4 Z12 12
Z 4 Z12 , Z 4 3 Z12 12
Z 5 Z12 , Z 5 12 Z12 12
Encryption
Solving modular equations
– RSA uses modular groups to transform messages (or blocks of
numbers representing components of messages) to encrypted form.
– Ability to compute the inverse of a modular transformation allows
decryption.
– Suppose x is a message, and our cyphertext is y=ax mod n for
some numbers a and n. To recover x from y, then, we need to be
able to find a number b such that x=by mod n.
– When such a number exists, it is called the mod n inverse of a.
– A key result: For any n>1, if a and n are relatively prime, then
the equation ax=b mod n has a unique solution modulo n.
Encryption
In the RSA system, the actual encryption is done using
exponentiation.
A key result:
de 1 mod p 1 q 1
– Publish the pair P=(e,n) as the public key
– Keep secret the pair S=(d,n) as the secret key
Encryption
– For this specification of the RSA system, the message domain is Zn
– Encryption of a message M in Zn is done by defining
–
C P ( M ) M e
mod n
Decrypting the message is done by computing
S C C d mod n
Encryption
– Let us verify that the RSA scheme does in fact define an invertible
mapping of the message.
For any M Z n
P S M S P M M ed mod n.
Since d and e are modular inverses of each other
ed 1 k p 1 q 1
for some integer k . Hence,
M ed mod n MM k ( p 1)( q1) mod n
MM ( p 1) M k ( q 1) mod n
M M
( q 1) k
mod n M
(the last steps follow by applying Fermat' s theorem.)
Encryption
– Note that the security of the encryption system rests on the fact
that to compute the modular inverse of e, you need to know the
number (p-1)(q-1), which requires knowledge of the factors p and
q.
– Getting the factors p and q, in turn, requires being able to factor
the large number n=pq. This is a computationally difficult
problem.
– Some examples:
http://econ.gsia.cmu.edu/spear/rsa3.asp
Encryption
Applications
– Direct message encryption
– Digital Signatures
• Use secret key to encrypt signature: S(Name)
• Appended signature to message and send to recipient
• Recipient decrypts signature using public key: P(S(Name)=Name
– Encrypted message and signature
• Create digital signature as above, appended to message, encrypt
message using recipients public key
• Recipient uses own secret key to decrypt message, then uses senders
public key to decrypt signature, thus verifying sender
Policy Issues
Privacy and verification
Transaction costs and micro-payments
Monetary effects
– Domestic money supply control and economic policy levers
– International currency exchanges and exchange rate stability
Market organization effects
– Development of new financial intermediaries
Effects on government
– Seniorage
– Legal issues
E-payment systems
To transfer money over the Internet
Methods of traditional payment
– Check, credit card, or cash
Methods of electronic payment
– Electronic cash, software wallets, smart cards,
and credit/debit cards
– Scrip is digital cash minted by third-party
organizations
Why?
– Anonymity with Authentication
Checkfree
– Allows payment with online electronic checks
Clickshare
– Designed for magazine and newspaper
publishers
– Miscast as a micropayment only system; only
one of its features
– Purchases are billed to a user’s ISP, who in turn
bill the customer
CyberCash
– Combines features from cash and checks
– Offers credit card, micropayment, and check payment services
– Connects merchants directly with credit card processors to provide
authorizations for transactions in real time
• No delays in processing prevent insufficient e-cash to pay for the
transaction
CyberCoins
– Stored in CyberCash wallet, a software storage mechanism located on
customer’s computer
– Used to make purchases between .25c and $10
– PayNow -- payments made directly from checking accounts
1 Jupiter Communications
2/16/00 EMTM 553 63
ECML - Wallet/Merchant Standard
Creating a standard approach for the exchange of information will enhance the
ability for digital wallets to be used at all merchant sites and therefore
facilitate the growth of e-commerce
ECML is a universal, open standard for digital wallets and online merchants
that facilitates the seamless exchange of payment and order information to
support online purchase transactions
– Uniform field names only to start; will evolve over time
The ECML Alliance today:
– America Online, American Express, Brodia (formerly Transactor Networks),
Compaq, CyberCash, Discover, Financial Services Technology Consortium
(FSTC), IBM, MasterCard, Microsoft, Novell, SETCo, Sun Microsystems,
Trintech, and Visa
ECML is designed to be security protocol independent, support global
implementations, and support any payment instrument
ECML does not change the “look and feel” of a merchant’s site
Ecom_ShipTo_Postal_Name_Prefix 4 Ecom_ReceiptTo_Postal_Name_Prefix 4
Ecom_ShipTo_Postal_Name_First 15 Ecom_ReceiptTo_Postal_Name_First 15
Ecom_ShipTo_Postal_Name_Middle 15 Ecom_ReceiptTo_Postal_Name_Middle 15
Ecom_ShipTo_Postal_Name_Last 15 Ecom_ReceiptTo_Postal_Name_Last 15
Ecom_ShipTo_Postal_Name_Suffix 4 Ecom_ReceiptTo_Postal_Name_Suffix 4
Ecom_ShipTo_Postal_Street_Line1 20 Ecom_ReceiptTo_Postal_Street_Line1 20
Ecom_ShipTo_Postal_Street_Line2 20 Ecom_ReceiptTo_Postal_Street_Line2 20
Ecom_ShipTo_Postal_Street_Line3 20 Ecom_ReceiptTo_Postal_Street_Line3 20
Ecom_ShipTo_Postal_City 22 Ecom_ReceiptTo_Postal_City 22
Ecom_ShipTo_Postal_StateProv 2 Ecom_ReceiptTo_Postal_StateProv 2
Ecom_ShipTo_Postal_PostalCode 14 Ecom_ReceiptTo_Postal_PostalCode 14
Ecom_ShipTo_Postal_CountryCode 2 Ecom_ReceiptTo_Postal_CountryCode 2
Ecom_ShipTo_Telecom_Phone_Number 10 Ecom_ReceiptTo_Telecom_Phone_Number 10
Ecom_ShipTo_Online_Email 40 Ecom_ReceiptTo_Online_Email 40
Ecom_BillTo_Postal_Name_Prefix 4 Ecom_Payment_Card_Name 30
Ecom_BillTo_Postal_Name_First 15 Ecom_Payment_Card_Type 4
Ecom_BillTo_Postal_Name_Middle 15 Ecom_Payment_Card_Number 19
Ecom_BillTo_Postal_Name_Last 15 Ecom_Payment_Card_Verification 4
Ecom_BillTo_Postal_Name_Suffix 4 Ecom_Payment_Card_ExpDate_Day 2
Ecom_BillTo_Postal_Street_Line1 20 Ecom_Payment_Card_ExpDate_Month 2
Ecom_BillTo_Postal_Street_Line2 20 Ecom_Payment_Card_ExpDate_Year 4
Ecom_BillTo_Postal_Street_Line3 20 Ecom_Payment_Card_Protocol 20
Ecom_BillTo_Postal_City 22
Ecom_BillTo_Postal_StateProv 2 Ecom_ConsumerOrderID 20
Ecom_BillTo_Postal_PostalCode 14
Ecom_BillTo_Postal_CountryCode 2 Ecom_SchemaVersion 30
Ecom_BillTo_Telecom_Phone_Number 10
Ecom_BillTo_Online_Email 40 Ecom_TransactionComplete -
– beyond.com – Nordstrom.com
– Dell Computer – Omaha Steaks
– fashionmall.com – Reel.com
– healthshop.com – 1-800-Batteries
• To support the current version of ECML, a merchant will need to make a one-
time change to incorporate the uniform field names into the check-out pages
of its web site, and make changes to CGI/ASP scripts
• Organizations interested in participating in the ECML Alliance should contact
coordinator@ecml.org with their indication of interest
– Embedded microprocessor
• (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM
• Equivalent power to IBM XT PC, cost $7.00-15.00
• 32-bit processors now available
Merchant bank
– Also called acquiring bank
– Does business with merchants that want to
accept payment cards
– Merchant receives account where they deposit
card sales totals
– Value of sales slips is credited to merchant’s
account
SOURCE: PAYMENT
PROCESSING INC.
Internetsecure
– Provides secure credit card payment services
– Supports payments with Visa and MasterCard
– Provides risk management and fraud detection,
and ensures all proper security for credit card
transactions is maintained
– Ensures all transactions are properly credited to
merchant’s account
merchant
customer
3. Send token after adding
merchant’s identity