Scribd
Upload
149 views17 pages

Micro Tectnology

The document discusses micropayment systems and the GeldKarte electronic purse system. GeldKarte uses smart cards that contain balances representing money values. Cards are loaded through terminals and payments are made by deducting amounts from the card balance. Merchants later upload transactions to receive credit to their accounts.

Uploaded by

Honey Roy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
149 views17 pages

Micro Tectnology

The document discusses micropayment systems and the GeldKarte electronic purse system. GeldKarte uses smart cards that contain balances representing money values. Cards are loaded through terminals and payments are made by deducting amounts from the card balance. Merchants later upload transactions to receive credit to their accounts.

Uploaded by

Honey Roy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

eCommerce Technology 20-763

Lecture 9 Micropayments I

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

Micropayments
Replacement of cash Cheaper (cash very expensive to handle) Electronic moves faster Easier to count, audit, verify Small transactions Beverages Phone calls Tolls, transportation, parking Copying Internet content Lotteries, gambling
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

Micropayments
Transactions have low value, e.g. less than $1.00 Must process the transaction at low cost Technological savings: Dont verify every transaction Use symmetric encryption Float-preserving methods Prepayment Grouping
Aggregate purchases (to amortize fixed costs) Provide float to processor Partial anonymity (individual purchases disguised)

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

Micropayments
Prepaid cards Issued by non-banks Represent call on future service Not money since usable only with one seller Electronic purse Issued by bank Holds representation of real money In form of a card (for face-to-face or Internet use) In virtual form (computer file for Internet use) The two forms are converging, e.g. wireless

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

Electronic Purse Issues


Loading (charging) the purse with money Making a payment (removing money from the card) Clearance (getting money into the sellers account)

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte
Smart card system Issued by Zentraler Kreditausschu (Germany) Card contains counters representing money value
Max balance 400 DEM = $188

Card is loaded through a loading terminal


Debits customers bank account

Spending at merchant terminal or on Internet


Amount deducted from card, added to merchant terminal (card) No real-time authorization

End-of-day: merchant uploads transactions Money credited to merchant account Bank fee: 0.3%, minimum $0.01
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

Loading GeldKarte
LOADING TERMINAL (ATM)
2. AUTHORIZATION REQUEST 1. LOAD REQUEST + PIN

8. VALUE TRANSFER

5. AUTHORIZATION

7. SAM EXCHANGE

SAM LOADING MANAGER


9. OFFLINE FILE TRANSFER 3. AUTHORIZATION REQUEST

SAM ISSUING BANK


SAM = SECURITY APPLICATION MODULE

4. AUTHORIZATION

6. UPDATE ACCOUNTS

AUTHORIZATION SERVER

ACCOUNT DATABASE
SOURCE: SHERIF

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Payment
Customer inserts GeldKarte in slot (at merchant terminal or PCMCIA card) Merchant authenticates customer card OFFLINE Customer authenticates merchant card (NO THIRD PARTY) Transfer purchase amount Generate electronic receipts (Later) Merchant presents receipt to issuing bank to obtain credit to merchant account No purse-to-purse transactions
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Card Authentication


Merchant SAM generates a random number RAND (to prevent replay attack), sends to customer card with request for customer card ID (CID) Card sends CID, a generated sequence number SNo, RAND, and H(CID) encrypted with a symmetric secret key SKC (known to card, not customer) No public-key encryption Merchant computes SKC from CID and his own secret key SKM (known to card, not merchant) Merchant can now validate integrity of the card message by computing H(CID)
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Value Exchange


Customer sends StartPayment message Merchant sends MID, merchants transaction number TNo, SNo, a MAC encrypted with SKC, CID and the value M to be transferred, all encrypted with SKC Customer can decrypt this message with SKC and validate merchant Customer checks CID, M and SNo (prevent replay) Customer card verifies at least M remaining, subtracts M, increments SNo, records payment data, generates proof of payment: { M, MID, SNo, TNo, ANo, MAC }, send to merchant card

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Value Exchange, cont.


Merchant verifies payment:
compute actual payment amount M' from the proof of payment, compare with M verify MID and TNo increment TNo, increase balance by M notify merchant of success record transaction data with different secret key KZD

Merchant requests payment from bank (later)


sends encrypted proofs of payment to bank TNo prevents more than one credit per transaction

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Clearance
Uses a shadow account (Brsenverechnungskonto) to track the contents of the card
When card is loaded, shadow account is credited When money is spent, shadow account is debited online transactions immediately offline transactions later

If card is lost or damaged, money can be replaced Problem: every transaction is recorded, no anonymity Solution: Weisse Karte. Bought for cash, not connected to any bank account

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Security
DES (customer), triple DES (merchant) (cipher block chaining or cipher feedback mode) 128-bit hashes Each card has unique ID, unique symmetric key, PIN stored in secret zone and in bank Unique transaction numbers New SECCOS, Secure Card Operating System, allows PKI and digital signatures

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

GeldKarte Internet Payment

Caroline Trusted Wallet Device

GeldKarte Reader USB or Infrared Connection to PC

Wireless potential
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

Other Electronic Purses

QIANFLEX (CHINA)

AUSTRIAN QUICK

PRISMERA

PEOPLES BANK OF CHINA ePURSE

CYBERFLEX JAVA CARD

DANMNT

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

Readers

CASHMOUSE

20-763 ELECTRONIC PAYMENT SYSTEMS

FALL 2002

COPYRIGHT 2002 MICHAEL I. SHAMOS

Q&A
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT 2002 MICHAEL I. SHAMOS

You might also like