ZeePedia

E-CASH PAYMENT SYSTEM 2

<< E-CASH PAYMENT SYSTEM 1
SECURE SOCKET LAYER (SSL) >>
img
E-COMMERCE ­ IT430
VU
Lesson 27
E-CASH PAYMENT SYSTEM
How anonymity is ensured in e-cash payment system?
Anonymity in e-cash system means that the identity of the client/buyer is not disclosed. Note that there are
two main stages in this payment mechanism ­ minting stage and deposit stage. At minting stage the serial
no. is signed by the e-cash bank to provide third part of a valid e-cash coin. At this stage the bank knows as
to who amongst its different account holders or clients is requesting for the bank's signatures on the serial
no., but it does not know the serial no. it is signing due to the blinding factor "r". On the other hand, the
reverse is true at the deposit stage (when the coins are sent to e-cash bank for checking validity). Now, bank
knows the serial no. (it had earlier signed blindly at the minting stage) but has no clue about the specific
client who has sent them for payment purposes. The bank may have issued coins to many of its clients. It
would not be known to the bank at the deposit stage that who amongst them has done the shopping and is
making the payment now. Thus, by scheme, the relationship between the client and the serial no. is broken
at the minting and deposit stage to ensure anonymity of the client. This concept may also be illustrated as
follows:
Minting Stage
Serial number (unknown)
Client (known)
Deposit Stage
Serial no. (known)
Client (unknown)
Withdrawing Coins
Many coins of different denominations can be obtained in a single request to the bank.
The request is signed by the client with his private key and contains information about the serial nos. to be
signed. The request is encrypted with a symmetric key and that symmetric key is encrypted with the public
key of the bank, thus creating a secure envelope. The bank signs serial nos. in order to mint coins of
requested denominations and forward them to the client/buyer.
E-cash Purchase
Having received an order the merchant sends a payment request to the client in the following format:
Payreq={currency,amount,timestamp,merchant_bank ID, merchant_accID, order description}
Cyber wallet automatically assembles the correct payment amount and pays.
Making the Payment
Coins used in the payment are encrypted with bank's public key, preventing the merchant to view them.
Payment information is forwarded to the bank with encrypted coins during merchant's deposit. Only hash
of the order description is included in payment information preventing the bank from knowing the order
details.
Proving the Payment
Payer code is a secret generated by the client. A hash of it is included in the payment information so that
client can later prove the payment if need be.
118
img
E-COMMERCE ­ IT430
VU
Hash
Bluesky
MD
Hash function and message digest are
sent to the e-cash bank
Fig. 1
For instance, the client may choose the word "Bluesky" as a code. By applying a hash function on this code,
a message digest is obtained. Hash function and message digest are sent to the bank. In case a dispute arises
and the payer has to prove that he had made the payment, he can forward the word/code "Bluesky" to the
bank and request it to apply the hash function on it (which was earlier sent to the bank). If, on applying the
hash function, the message digest comes to be the same as earlier available with the bank, it means that the
person claiming to be the payer had succeeded in proving his payment, since only he was supposed to know
the word "Bluesky".
Payment Deposit
A deposit request encrypted with bank's public key accompanies the payment information. E-cash bank
maintains a database of spent coins. On receipt it checks whether the coin is valid and whether it has
already been spent or not (to prevent double spending) by referring to its database. If the coins are valid the
bank credits the merchant's account. Thus, if the client has sent valid coins worth $10 for payment to the
merchant, and the merchant already has $90 in his account then an amount of $ 10 would be added in his
account making it $ 100. Later, the merchant can request the e-cash bank to transfer this amount in his
account with the acquirer bank. This can be done through ACH and the merchant can physically withdraw
the money form the acquirer bank.
E-cash bank plays a backbone role in this set up and charges a specified commission for its services from
the client and the merchant depending on its policy.
Lost Coins
In case network fails or computer crashes during payment transaction, coins might be lost. All signed
blinded coins from last 16 withdrawals are sent by the bank to the client. Client uses the blinding factor
known to its wallet to reveal the serial #. It then sends all serial nos. to the bank for its verification whether
or not the coins have already been spent. After checking its database the bank credits the client's account
with the value of unspent coins.
119
img
E-COMMERCE ­ IT430
VU
E-Cash & the Web
Fig. 2 below shows how e-cash payment system can be applied on the web:
E-Cash & the Web
EccashBankk
E ash Ban
6. Accepted
5. Deposit
coins
3. Payment Request (Order)
Meerchant
M rchant
Clileent
C i nt
4. Payment (coins,order)
Softwaare
Softw re
Waalleet
Wl lt
7. Receipt
2. Merchant
8.Send
wallet Starts
goods
1.Select Order
Web
Web
Server
Browser
9.Goods/Acknowledgement
Fig. 2
Client wallet and web browser are installed on the client machine. Web server software and merchant
software are installed on the sever machine. A client selects an order and web server starts the merchant
software/wallet (steps 1 & 2). Payment request is made by the merchant software and the client wallet pays
through e-cash coins (steps 3 & 4). Merchant deposits the coins to e-cash bank for checking validity (step
5). If the coins are valid an acceptance message is made to the merchant following which the receipt of
payment is sent to the client by the merchant (steps 6 & 7). Merchant software intimates the web server to
send goods which acknowledges the fact to the web browser (steps 8 & 9).
120