|
|
|
|
|
|
Lesson#27
|
E-CASH PAYMENT SYSTEM-1
|
|
|
|
Anonymity in e-cash system means that the identity of the
client/buyer is not disclosed. Note that there are
two main stages in this payment mechanism – minting stage and
deposit stage. At minting stage the serial
no. is signed by the e-cash bank to provide third part of a
valid e-cash coin. At this stage the bank knows as
to who amongst its different account holders or clients is
requesting for the bank’s signatures on the serial
no., but it does not know the serial no. it is signing due to
the blinding factor “r”. On the other hand, the
reverse is true at the deposit stage (when the coins are sent to
e-cash bank for checking validity). Now, bank
knows the serial no. (it had earlier signed blindly at the
minting stage) but has no clue about the specific
client who has sent them for payment purposes. The bank may have
issued coins to many of its clients. It
would not be known to the bank at the deposit stage that who
amongst them has done the shopping and is
making the payment now. Thus, by scheme, the relationship
between the client and the serial no. is broken
at the minting and deposit stage to ensure anonymity of the
client. This concept may also be illustrated as
follows:
Minting Stage
Serial number (unknown) Client (known)
Deposit Stage
Serial no. (known) Client (unknown)
Withdrawing Coins
Many coins of different denominations can be obtained in a
single request to the bank.
The request is signed by the client with his private key and
contains information about the serial nos. to be
signed. The request is encrypted with a symmetric key and that
symmetric key is encrypted with the public
key of the bank, thus creating a secure envelope. The bank signs
serial nos. in order to mint coins of
requested denominations and forward them to the client/buyer.
E-cash Purchase
Having received an order the merchant sends a payment request to
the client in the following format:
Payreq={currency,amount,timestamp,merchant_bank ID,
merchant_accID, order description}
Cyber wallet automatically assembles the correct payment amount
and pays.
Making the Payment
Coins used in the payment are encrypted with bank’s public key,
preventing the merchant to view them.
Payment information is forwarded to the bank with encrypted
coins during merchant’s deposit. Only hash
of the order description is included in payment information
preventing the bank from knowing the order
details.
Proving the Payment
Payer code is a secret generated by the client. A hash of it is
included in the payment information so that
client can later prove the payment if need be.
For instance, the client may choose the word “Bluesky” as a
code. By applying a hash function on this code,
a message digest is obtained. Hash function and message digest
are sent to the bank. In case a dispute arises
and the payer has to prove that he had made the payment, he can
forward the word/code “Bluesky” to the
bank and request it to apply the hash function on it (which was
earlier sent to the bank). If, on applying the
hash function, the message digest comes to be the same as
earlier available with the bank, it means that the
person claiming to be the payer had succeeded in proving his
payment, since only he was supposed to know
the word “Bluesky”.
Payment Deposit
A deposit request encrypted with bank’s public key accompanies
the payment information. E-cash bank
maintains a database of spent coins. On receipt it checks
whether the coin is valid and whether it has
already been spent or not (to prevent double spending) by
referring to its database. If the coins are valid the
bank credits the merchant’s account. Thus, if the client has
sent valid coins worth $10 for payment to the
merchant, and the merchant already has $90 in his account then
an amount of $ 10 would be added in his
account making it $ 100. Later, the merchant can request the
e-cash bank to transfer this amount in his
account with the acquirer bank. This can be done through ACH and
the merchant can physically withdraw
the money form the acquirer bank.
E-cash bank plays a backbone role in this set up and charges a
specified commission for its services from
the client and the merchant depending on its policy.
Lost Coins
In case network fails or computer crashes during payment
transaction, coins might be lost. All signed
blinded coins from last 16 withdrawals are sent by the bank to
the client. Client uses the blinding factor
known to its wallet to reveal the serial #. It then sends all
serial nos. to the bank for its verification whether
or not the coins have already been spent. After checking its
database the bank credits the client’s account
with the value of unspent coins.
Client wallet and web browser are installed on the client
machine. Web server software and merchant
software are installed on the sever machine. A client selects an
order and web server starts the merchant
software/wallet
(steps 1 & 2). Payment request is made
by the merchant software and the client wallet pays
through e-cash coins
(steps 3 & 4). Merchant deposits
the coins to e-cash bank for checking validity
(step
5). If the coins are
valid an acceptance message is made to the merchant following which the receipt
of
payment is sent to the client by the merchant
(steps 6 & 7).
Merchant software intimates the web server to
send goods which acknowledges the fact to the web browser
(steps 8 & 9).
|
|
|
|
|