24-01-2010, 10:32 PM
[attachment=1472]
E-CASH PAYMENT SYSTEM
INTRODUCTION
With the onset of the Information Age, our nation is becoming
increasingly dependent upon network communications. Computer-based
technology is significantly impacting our ability to access, store, and
distribute information. Among the most important uses of this
technology is electronic commerce: performing financial transactions
via electronic information exchanged over telecommunications lines. A
key requirement for electronic commerce is the development of secure
and efficient electronic payment systems. The need for security is
highlighted by the rise of the Internet, which promises to be a leading
medium for future electronic commerce.
Electronic payment systems come in many forms including digital checks,
debit cards, credit cards, and stored value cards. The usual security
features for such systems are privacy (protection from eavesdropping),
authenticity (provides user identification and message integrity), and
no repudiation (prevention of later denying having performed a
transaction) .
The type of electronic payment system focused on in this paper is
electronic cash. As the name implies, electronic cash is an attempt to
construct an electronic payment system modelled after our paper cash
system. Paper cash has such features as being: portable (easily
carried), recognizable (as legal tender) hence readily acceptable,
transferable (without involvement of the financial network),
untraceable (no record of where money is spent), anonymous (no record
of who spent the money) and has the ability to make "change." The
designers of electronic cash focused on preserving the features of
untraceability and anonymity. Thus, electronic cash is defined to be an
electronic payment system that provides, in addition to the above
security features, the properties of user anonymity and payment
untraceability..
In general, electronic cash schemes achieve these security goals via
digital signatures. They can be considered the digital analog to a
handwritten signature. Digital signatures are based on public key
cryptography. In such a cryptosystem, each user has a secret key and a
public key. The secret key is used to create a digital signature and
the public key is needed to verify the digital signature. To tell who
has signed the information (also called the message), one must be
certain one knows who owns a given public key. This is the problem of
key management, and its solution requires some kind of authentication
infrastructure. In addition, the system must have adequate network and
physical security to safeguard the secrecy of the secret keys.
This report has surveyed the academic literature for cryptographic
techniques for implementing secure electronic cash systems. Several
innovative payment schemes providing user anonymity and payment
untraceability have been found. Although no particular payment system
has been thoroughly analyzed, the cryptography itself appears to be
sound and to deliver the promised anonymity.
These schemes are far less satisfactory, however, from a law
enforcement point of view. In particular, the dangers of money
laundering and counterfeiting are potentially far more serious than
with paper cash. These problems exist in any electronic payment system,
but they are made much worse by the presence of anonymity. Indeed, the
widespread use of electronic cash would increase the vulnerability of
the national financial system to Information Warfare attacks. We
discuss measures to manage these risks; these steps, however, would
have the effect of limiting the users' anonymity.
1. WHAT IS ELECTRONIC CASH?
We begin by carefully defining "electronic cash." This term is often
applied to any electronic payment scheme that superficially resembles
cash to the user. In fact, however, electronic cash is a specific kind
of electronic payment scheme, defined by certain cryptographic
properties. We now focus on these properties.
1.1Electronic Payment
The term electronic commerce refers to any financial transaction
involving the electronic transmission of information. The packets of
information being transmitted are commonly called electronic tokens.
One should not confuse the token, which is a sequence of bits, with the
physical media used to store and transmit the information.
We will refer to the storage medium as a card since it commonly takes
the form of a wallet-sized card made of plastic or cardboard. (Two
obvious examples are credit cards and ATM cards.) However, the "card"
could also be, e.g., a computer memory.
A particular kind of electronic commerce is that of electronic payment.
An electronic payment protocol is a series of transactions, at the end
of which a payment has been made, using a token issued by a third
party. The most common example is that of credit cards when an
electronic approval process is used. Note that our definition implies
that neither payer nor payee issues the token.l
The electronic payment scenario assumes three kinds of players:2
¢ a payer or consumer, whom we will name Alice.
¢ a payee, such as a merchant. We will name the payee Bob.
¢ a financial network with whom both Alice and Bob have accounts.
We will informally refer to the financial network as the Bank.
1.2 Conceptual Framework
There are four major components in an electronic cash system: issuers,
customers, merchants, and regulators. Issuers can be banks, or non-bank
institutions; customers are referred to users who spend E-Cash;
merchants are vendors who receive E-Cash, and regulators are defined as
related government agencies. For an E-Cash transaction to occur, we
need to go through at least three stages:
1. Account Setup: Customers will need to obtain E-Cash accounts through
certain issuers. Merchants who would like to accept E-Cash will also
need to arrange accounts from various E-Cash issuers. Issuers typically
handle accounting for customers and merchants.
2. Purchase: Customers purchase certain goods or services, and give the
merchants tokens which represent equivalent E-Cash. Purchase
information is usually encrypted when transmitting in the networks.
3. Authentication: Merchants will need to contact E-Cash issuers about
the purchase and the amount of E-Cash involved. E-Cash issuers will
then authenticate the transaction and approve the amount E-Cash
involved.
An interaction representing the below transaction is illustrated in the
graph below
2. Classification of e-Cash
E-Cash could be on-line, or off-line. On-Line E-Cash refers to amount
of digital money kept by your E-Cash issuers, which is only accessible
via the network. Off-line E-Cash refers to digital money which you keep
in your electronic wallet or other forms of off-line devices. Another
way to look at E-Cash is to see if it is traceable or not. On-line
credit card payment is considered as a kind of "Identified" E-Cash
since the buyer's identity can be traced. Contrary to Identified E-
Cash, we have "anonymous" E-Cash which hides buyer's identity. These
procedures can be implemented in either of two ways:
2.1 On-line payment means that Bob calls the Bank and verifies the
validity of Alice's token3 before accepting her payment and delivering
his merchandise. (This resembles many of today's credit card
transactions.)
2.2 Off-line payment means that Bob submits Alice's electronic coin for
verification and deposit sometime after the payment transaction is
completed. (This method resembles how we make small purchases today by
personal check.)
Note that with an on-line system, the payment and deposit are not
separate steps. We will refer to on-line cash and off-line cash
schemes, omitting the word "electronic" since there is no danger of
confusion with paper cash.
3. Properties of Electronics Cash
Specifically, e-cash must have the following four properties, monetary
value, interoperability , retrievability & security.
3.1 Monetrary value E-cash must have a monetary value; it must be
backed by either cash (currency), or a back-certified cashiers checqe
when e-cash create by one bank is accepted by others , reconciliation
must occur without any problem. Stated another way e-cash without
proper bank certification carries the risk that when deposited, it
might be return for insufficient funds.
3.2 Interoperable E-cash must be interoperable that is exchangeable as
payment for other e-cash, paper cash, goods or services , lines of
credits, deposit in banking accounts, bank notes , electronic benefits
transfer ,and the like .
3.3 Storable & Retrievable Remote storage and retrievable ( e.g. from a
telephone and communication device) would allow user to exchange e-cash
( e.g. withdraw from and deposit into banking accounts) from home or
office or while traveling .the cash could be storage on a remote
computerâ„¢s memory, in smart cards or in other easily transported
standard or special purpose device. Because it might be easy to create
counterfeit case that is stored in a computer it might be preferable to
store cash on a dedicated device that can not be alerted. This device
should have a suitable interface to facilitate personnel authentication
using password or other means and a display so that the user can view
the cards content .
4. E-Cash Security
Security is of extreme importance when dealing with monetary
transactions. Faith in the security of the medium of exchange, whether
paper or digital, is essential for the economy to function.
There are several aspects to security when dealing with E-cash. The
first issue is the security of the transaction. How does one know that
the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing
bank to verify (quickly) the authenticity of E-cash. These methods are
suseptible to hackers, just as paper currency can be counterfeited.
However, promoters of E-cash point out that the encryption methods used
for electronic money are the same as those used to protect nuclear
weapon systems. The encryption security has to also extend to the
smartcard chips to insure that they are tamper resistant. While it is
feasible that a system wide breach could occur, it is highly unlikely.
Just as the Federal Government keeps a step ahead of the
counterfeiters, cryptography stays a step ahead of hackers.
4.1 Physical security of the E-cash is also a concern. If a hard drive
crashes, or a smartcard is lost, the E-cash is lost. It is just as if
one lost a paper currency filled wallet. The industry is still
developing rules/mechanisms for dealing with such losses, but for the
most part, E-cash is being treated as paper cash in terms of physical
security.
4.2 Signature and Identification. In a public key system, a user
identifies herself by proving that she knows her secret key without
revealing it. This is done by performing some operation using the
secret key which anyone can check or undo using the public key. This is
called identification. If one uses a message as well as one's secret
key, one is performing a digital signature on the message. The digital
signature plays the same role as a handwritten signature: identifying
the author of the message in a way which cannot be repudiated, and
confirming the integrity of the message.
4.3 Secure Hashing A hash function is a map from all possible strings
of bits of any length to a bit string of fixed length. Such functions
are often required to be collision-free: that is, it must be
computationally difficult to find two inputs that hash to the same
value. If a hash function is both one-way and collision-free, it is
said to be a secure hash.
The most common use of secure hash functions is in digital signatures.
Messages might come in any size, but a given public-key algorithm
requires working in a set of fixed size. Thus one hashes the message
and signs the secure hash rather than the message itself. The hash is
required to be one-way to prevent signature forgery, i.e., constructing
a valid-looking signature of a message without using the secret key.
The hash must be collision-free to prevent repudiation, i.e., denying
having signed one message by producing another message with the same
hash.
Note that token forgery is not the same thing as signature forgery.
Forging the Bank's digital signature without knowing its secret key is
one way of committing token forgery, but not the only way. A bank
employee or hacker, for instance, could "borrow" the Bank's secret key
and validly sign a token.
5. E-Cash and Monetary Freedom
5.1 Prologue
Much has been published recently about the awesome promises of
electronic commerce and trade on the Internet if only a reliable,
secure mechanism for value exchange could be developed. This paper
describes the differences between mere encrypted credit card schemes
and true digital cash, which present a revolutionary opportunity to
transform payments. The nine key elements of electronic, digital cash
are outlined and a tenth element is proposed which would embody digital
cash with a non-political unit of value.
It is this final element of true e-cash which represents monetary
freedom - the freedom to establish and trade negotiable instruments.
For the first time ever, each individual has the power to create a new
value standard with an immediate worldwide audience.
5.2 Why monetary freedom is important
If all that e-cash permits is the ability to trade and store dollars,
francs, and other governmental units of account, then we have not come
very far. Even the major card associations, such as Visa and
MasterCard, are limited to clearing settling governmental units of
account. For in an age of inflation and government ineptness, the value
of what is being transacted and saved can be seriously devalued. Who
wants a hard drive full of worthless "cash"? True, this can happen in a
privately-managed digital cash system, but at least then it is
determined by the market and individuals have choices between multiple
providers.
5.3 Key elements of a private e-cash system
This section compares and contrasts true e-cash to paper cash as we
know it today. Each of the following key elements will be defined and
explored within the bounds of electronic commerce:
¢ Secure
¢ Anonymous
¢ Portable (physical independence)
¢ Infinite duration (until destroyed)
¢ Two-way (unrestricted)
¢ Off-line capable
¢ Divisible (fungible)
¢ Wide acceptability (trust)
¢ User-friendly (simple)
¢ Unit-of-value freedom
5.4 Achieving the non-political unit of value
The transition to a privately-operated e-cash system will require a
period of brand-name recognition and long-term trust. Some firms may at
first have an advantage over lesser-known name-brands, but that will
soon be overcome if the early leaders fall victim to monetary
instability. It may be that the smaller firms can devise a unit of
value that will enjoy wide acceptance and stability (or appreciation).
5.5 Epilogue
True e-cash as an enabling mechanism for electronic commerce depends
upon the marriage of economics and cryptography. Independent academic
advancement in either discipline alone will not facilitate what is
needed for electronic commerce to flourish. There must be a synergy
between the field of economics which emphasizes that the market will
dictate the best monetary unit of value and cryptography which enhances
individual privacy and security to the point of choosing between
several monetary providers. It is money, the lifeblood of an economy
that ultimately symbolizes what commercial structure we operate within.
6. E-Cash Regulation
A new medium of exchange presents new challenges to existing laws.
Largely, the laws and systems used to regulate paper currency are
insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency
issuers. In addition, consumer liability from bank cards will also have
to be addressed (currently $50 for credit cards). E-cash removes the
intermediary from currency transactions, but this also removes much of
the regulation of the currency in the current system.
Tax questions immediately arise as to how to prevent tax evasion at the
income or consumption level. If cash-like transactions become easier
and less costly, monitoring this potential underground economy may be
extremely difficult, if not impossible, for the IRS.
The more daunting legal problem is controlling a potential explosion of
private currencies. Large institutions that are handling many
transactions may issue electronic money in their own currency. The
currency would not be backed by the full faith of the United States,
but by the full faith of the institution. This is not a problem with
paper currency, but until the legal system catches up with the digital
world, it may present a problem with e-cash.
7. Electronic Cash under Current Banking Law
7.1 Introduction
The current federal banking system originated during the Civil War with
the enactment of the National Bank Act of 1864 and the creation of a
true national currency.
[1] Since the enactment of that first major federal banking
legislation, an elaborate, complex and overlapping web of statutes and
regulations has developed governing banking institutions and the
"business of banking" in the United States.
[3] The rapidly developing electronic cash technologies raise numerous
questions of first impression as to whether these technologies fall
within existing banking regulation, and if so, how.
[4]There are also questions as to how the technologies mesh with the
existing payments system.
[5] Indeed, certain of the new technologies raise the possibility of a
new payments system that could operate outside the existing system.
Even if it could not, there are numerous legal questions as to what law
governs their operation and as to the applicability of existing banking
law to these technologies.
This article identifies and briefly addresses some of the key issues,
which include, among others, bank regulatory, consumer protection,
financial privacy and risk allocation issues as well as matters of
monetary policy.
Because the legal conclusions as to the applicability of banking
statutes to any particular electronic cash arrangement may depend in
large part upon the specific facts presented by that arrangement, this
article of necessity provides only general responses to the complex
legal issues involved in this area.
7.2 Existing and Proposed Retail Payment Systems
There are a number of conventional mediums of payment in the
traditional retail system. They include, for example: coins and
currency; checks; money orders; travelers' checks; bankers'
acceptances; letters of credit; and credit cards. There also are
several electronic fund transfer ("EFT") systems in wide use today,
including:
Automated Teller Machines ("ATMs"): automated devices used to accept
deposits, disburse cash drawn against a customer's deminf account or
pre-approved loan account or credit card, transfer funds between
accounts, pay bills and obtain account balance information.
¢ Debit Cards: cards used for purchases which automatically
provide immediate payment to the merchant through a point-of-sale
("POS") system by debiting the customer's deposit account.
¢ POS Systems: systems that provide computerized methods of
verifying checks and credit availabilities, and debiting or crediting
customer accounts.
The new "electronic cash" technologies that are the subject of this
article include a wide variety of approaches in which monetary "value"
is stored in the form of electronic signals either on a plastic card
("Stored Value Card Systems") or on a computer drive or disk ("E-Cash
Systems"). As is discussed below, some of these approaches require a
network infrastructure and third party payment servers to process
transactions; others allow the direct exchange of "value" between
remote transacting parties without requiring on-line third-party
payment servers.
These developing electronic cash systems differ from EFT systems in
various respects. A key difference is that in electronic cash systems
the monetary value has been transferred to the consumer's stored value
card or computer or other device before the customer uses it, whereas
in EFT systems the value is not transferred toa device controlled by
the customer. Rather, the EFT system is itself the mechanism to
transfer value between the customer's deposit account and the
merchant's or other third party's deposit account.
a. Customer establishes account with issuer ("Virtual Bank") by
depositing funds with Issuer.
b. Issuer holds funds from customer for future draw by recipient of
value from customer.
c. When customer wants to make purchase over the Internet, customer
sends encrypted electronic e-mail message to Virtual Bank requesting
funding. Message contains unique digital "signature."
d. Virtual Bank debits customer's account and sends customer digital
cash via phone lines to customer's computer.
¢ Digital cash system may create audit trail of transactions or
may be anonymous, depending upon the particular system.
¢ In anonymous system, Virtual Bank adds private signature that
only it can create. Computer users can decode public version of
signature using key (provided by Virtual Bank) to verify that digital
cash was issued by Virtual Bank.
e. Customer transmits digital cash to vendor, who can verify its
authenticity and have it credited to vendor's account with Virtual
Bank, or who can e-mail it to another person or bank account.
f. In all likelihood, Virtual Bank will charge customer and/or vendor a
transaction fee or service charge for use of system (although anonymous
systems raise different issues in this regard from accountable
systems).
7.3 DIGITAL CASH SYSTEMS
1. Types and Examples of E-Cash Transactions
Electronic cash used over computer networks (usually without involving
a plastic card), variously called "digital cash," "electronic cash,"
"e-cash," "cybercurrency," or "cybercash," among other phrases, may
have various characteristics. For example, it may require on-line
third-party payment servers to process transactions, or it may be
designed so that value can be exchanged directly between remote
transacting parties (e.g., purchaser and vendor) without the
involvement of on-line or off-line third-party payment servers. Digital
cash systems are under development in Europe and the U.S. and include:
Digital Cash an Amsterdam based firm that makes stored value cards for
electronic transactions, is running trials of on-line currency in
Holland. In proposed full-blown arrangement, customers would use local
currency to buy equivalent amount of digital cash from a bank. Bank's
computer would instruct special software on user's own PC to issue that
amount of money. Instructions would be coded strings of numbers
included in e-mail messages. Users would spend their electronic cash by
sending these strings to sellers. String is untraceable (bank can say
only if the number is valid, not to whom it was issued), so this
framework would offer anonymity.
First Virtual Holdings, a California company that has built a credit-
card payment system that relies on a private e-mail network to
circumvent Internet security problems, began operating on the Internet
in the fall of 1994. Both buyer and seller must have accounts with
First Virtual Holdings. When buyer wishes to purchase an item over the
Internet, buyer gives seller buyer's account number. Seller ships
product. Seller e-mails lists of purchases to First Virtual.
First Virtual e-mails buyers to confirm transactions. It is reported
that once buyer confirms, First Virtual charges buyer's conventional
credit card and money is transferred to seller's account. If buyer does
not confirm, First Virtual withholds settlement.
2. Potential Steps in Digital Cash Transactions
While there are many possible approaches to structuring digital cash
transactions, one approach might unfold as follows:
8. Cash Management Services
Flagship Bank provides cash management services to help your business
make the most of every dollar. With a broad range of services and
information systems, we can help you identify potential earnings,
increase savings, and streamline record keeping. Here is a sample of
what is available:
¢ E-Banking for Business - real-time access to your accounts
¢ Sweep accounts - automatically transfer cash to interest bearing
accounts
¢ Lockbox Service - quick way to convert receivables to cash
¢ Account Reconciliation - manage your checking accounts more
efficiently
¢ Wire Transfer Services - quick and secure method to send and receive
funds
¢ Electronic Funds Transfer - economical way to send and receive funds
for next day availability
Rely on your Account Manager to recommend the most appropriate package
of cash management services to fit your particular business needs.
9. A Simplified Electronic Cash Protocol
We now present a simplified electronic cash system, without the
anonymity features.
9.1 PROTOCOL 1: On-line electronic payment.
Withdrawal:
Alice sends a withdrawal request to the Bank.
Bank prepares an electronic coin and digitally signs it.
Bank sends coin to Alice and debits her account.
Payment/Deposit:
Alice gives Bob the coin.
Bob contacts Bank and sends coin.
Bank verifies the Bank's digital signature.
Bank verifies that coin has not already been spent.
Bank consults its withdrawal records to confirm Alice's
withdrawal. (optional)
Bank enters coin in spent-coin database.
Bank credits Bob's account and informs Bob.
Bob gives Alice the merchandise.
One should keep in mind that the term "Bank" refers to the financial
system that issues and clears the coins. For example, the Bank might be
a credit card company, or the overall banking system. In the latter
case, Alice and Bob might have separate banks. If that is so, then the
"deposit" procedure is a little more complicated: Bob's bank contacts
Alice's bank, "cashes in" the coin, and puts the money in Bob's
account.
9.2 PROTOCOL 2: Off-line electronic payment.
Withdrawal:
Alice sends a withdrawal request to the Bank.
Bank prepares an electronic coin and digitally signs it.
Bank sends coin to Alice and debits her account.
Payment:
Alice gives Bob the coin.
Bob verifies the Bank's digital signature. (optional)
Bob gives Alice the merchandise.
Deposit:
Bob sends coin to the Bank.
Bank verifies the Bank's digital signature.
Bank verifies that coin has not already been spent.
Bank consults its withdrawal records to confirm Alice's
withdrawal. (optional)
Bank enters coin in spent-coin database.
Bank credits Bob's account.
The above protocols use digital signatures to achieve authenticity. The
authenticity features could have been achieved in other ways, but we
need to use digital signatures to allow for the anonymity mechanisms we
are about to add.
9.3 Untraceable Electronic Payments
In this section, we modify the above protocols to include payment
untraceability. For this, it is necessary that the Bank not be able to
link a specific withdrawal with a specific deposit. This is
accomplished using a special kind of digital signature called a blind
signature.
We will give examples of blind signatures in 3.2, but for now we give
only a high-level description. In the withdrawal step, the user changes
the message to be signed using a random quantity. This step is called
"blinding" the coin, and the random quantity is called the blinding
factor. The Bank signs this random-looking text, and the user removes
the blinding factor. The user now has a legitimate electronic coin
signed by the Bank. The Bank will see this coin when it is submitted
for deposit, but will not know who withdrew it since the random
blinding factors are unknown to the Bank. (Obviously, it will no longer
be possible to do the checking of the withdrawal records that was an
optional step in the first two protocols.)
Note that the Bank does not know what it is signing in the withdrawal
step. This introduces the possibility that the Bank might be signing
something other than what it is intending to sign. To prevent this, we
specify that a Bank's digital signature by a given secret key is valid
only as authorizing a withdrawal of a fixed amount. For example, the
Bank could have one key for a $10 withdrawal, another for a $50
withdrawal, and so on.7
In order to achieve either anonymity feature, it is of course
necessary that the pool of electronic coins be a large one.
one could also broaden the concept of "blind signature" to include
interactive protocols where both parties contribute random elements to
the message to be signed.
9.4 PROTOCOL 3: Untraceable On-line electronic payment.
Withdrawal:
Alice creates an electronic coin and blinds it.
Alice sends the blinded coin to the Bank with a withdrawal
request.
Bank digitally signs the blinded coin.
Bank sends the signed blinded coin to Alice and debits her
account.
Alice unblinds the signed coin.
Payment/Deposit:
Alice gives Bob the coin.
Bob contacts Bank and sends coin.
Bank verifies the Bank's digital signature.
Bank verifies that coin has not already been spent.
Bank enters coin in spent-coin database.
Bank credits Bob's account and informs Bob.
Bob gives Alice the merchandise.
9.5 PROTOCOL 4: Untraceable Off-line electronic payment.
Withdrawal:
Alice creates an electronic coin and blinds it.
Alice sends the blinded coin to the Bank with a withdrawal
request.
Bank digitally signs the blinded coin.
Bank sends the signed blinded coin to Alice and debits her
account.
Alice unblinds the signed coin.
Payment:
Alice gives Bob the coin.
Bob verifies the Bank's digital signature. (optional)
Bob gives Alice the merchandise.
Deposit:
Bob sends coin to the Bank.
Bank verifies the Bank's digital signature.
Bank verifies that coin has not already been spent.
Bank enters coin in spent-coin database.
Bank credits Bob's account.
9.6 A Basic Electronic Cash Protocol
If the payment is to be on-line, we can use Protocol 3 (implemented, of
course, to allow for payer anonymity). In the off-line case, however, a
new problem arises. If a merchant tries to deposit a previously spent
coin, he will be turned down by the Bank, but neither will know who the
multiple spender was since she was anonymous. Thus it is necessary for
the Bank to be able to identify a multiple spender. This feature,
however, should preserve anonymity for law-abiding users.
The solution is for the payment step to require the payer to have, in
addition to her electronic coin, some sort of identifying information
which she is to share with the payee. This information is split in such
a way that any one piece reveals nothing about Alice's identity, but
any two pieces are sufficient to fully identify her.
This information is created during the withdrawal step. The withdrawal
protocol includes a step in which the Bank verifies that the
information is there and corresponds to Alice and to the particular
coin being created. (To preserve payer anonymity, the Bank will not
actually see the information, only verify that it is there.) Alice
carries the information along with the coin until she spends it.
At the payment step, Alice must reveal one piece of this information to
Bob. (Thus only Alice can spend the coin, since only she knows the
information.) This revealing is done using a challenge-response
protocol. In such a protocol, Bob sends Alice a random "challenge"
quantity and, in response, Alice returns a piece of identifying
information. (The challenge quantity determines which piece she sends.)
At the deposit step, the revealed piece is sent to the Bank along with
the coin. If all goes as it should, the identifying information will
never point to Alice. However, should she spend the coin twice, the
Bank will eventually obtain two copies of the same coin, each with a
piece of identifying information. Because of the randomness in the
challenge-response protocol, these two pieces will be different. Thus
the Bank will be able to identify her as the multiple spender. Since
only she can dispense identifying information, we know that her coin
was not copied and re-spent by someone else.
9.7 PROTOCOL 5: Off-line cash.
Withdrawal:
Alice creates an electronic coin, including identifying
information.
Alice blinds the coin.
Alice sends the blinded coin to the Bank with a withdrawal
request.
Bank verifies that the identifying information is present.
Bank digitally signs the blinded coin.
Bank sends the signed blinded coin to Alice and debits her
account.
Alice unblinds the signed coin.
Payment:
Alice gives Bob the coin.
Bob verifies the Bank's digital signature.
Bob sends Alice a challenge.
Alice sends Bob a response (revealing one piece of identifying
info).
Bob verifies the response.
Bob gives Alice the merchandise.
Deposit:
Bob sends coin, challenge, and response to the Bank.
Bank verifies the Bank's digital signature.
Bank verifies that coin has not already been spent.
Bank enters coin, challenge, and response in spent-coin database.
Bank credits Bob's account.
Note that, in this protocol, Bob must verify the Bank's signature
before giving Alice the merchandise. In this way, Bob can be sure that
either he will be paid or he will learn Alice's identity as a multiple
spender.
9.8 PROPOSED OFF-LINE IMPLEMENTATIONS
Having described electronic cash in a high-level way, we now wish to
describe the specific implementations that have been proposed in the
literature. Such implementations are for the off-line case; the on-line
protocols are just simplifications of them. The first step is to
discuss the various implementations of the public-key cryptographic
tools we have described earlier.
9.9 Including Identifying Information
We must first be more specific about how to include (and access when
necessary) the identifying information meant to catch multiple
spenders. There are two ways of doing it: the cut-and-choose method and
zero-knowledge proofs.
Cut and Choose. When Alice wishes to make a withdrawal, she first
constructs and blinds a message consisting of K pairs of numbers, where
K is large enough that an event with probability 2-K will never happen
in practice. These numbers have the property that one can identify
Alice given both pieces of a pair, but unmatched pieces are useless.
She then obtains signature of this blinded message from the Bank. (This
is done in such a way that the Bank can check that the K pairs of
numbers are present and have the required properties, despite the
blinding.)
When Alice spends her coins with Bob, his challenge to her is a string
of K random bits. For each bit, Alice sends the appropriate piece of
the corresponding pair. For example, if the bit string starts 0110. .
., then Alice sends the first piece of the first pair, the second piece
of the second pair, the second piece of the third pair, the first piece
of the fourth pair, etc. When Bob deposits the coin at the Bank, he
sends on these K pieces.
If Alice re-spends her coin, she is challenged a second time. Since
each challenge is a random bit string, the new challenge is bound to
disagree with the old one in at least one bit. Thus Alice will have to
reveal the other piece of the corresponding pair. When the Bank
receives the coin a second time, it takes the two pieces and combines
them to reveal Alice's identity.
Although conceptually simple, this scheme is not very efficient, since
each coin must be accompanied by 2K large numbers.
10. The trouble with E-cash
Recently, I browsed a "cybermall" selling smoked Vermont hams and
sailboats on the World Wide Web. The smoked ham looked particularly
tasty: thick slices surrounded by a bed of parsley. Below beckoned a
button marked "order"; I decided to take a brave step into electronic
commerce, took a deep breath, and clicked. Up came the order form ...
sort of. "The Internet is the world wide network that carries your
order form to us," I read, "while it is massive, fast, and convenient,
it is not, unfortunately secure. If you were to include credit card
information in your order form, it might be read by someone else before
it arrives here." The proposed solution? Pick up the phone and order
the old-fashioned way--with your voice.
The electronic agora is open, but few are shopping. Many think that's
about to change, thanks to the arrival of electronic money, or e-cash.
The Internet, still growing at 10% a month, passed a magic point
sometime last year, call it the moment when the Net stopped being just
a network and became a "market"--a market of 20 million people without
a medium of exchange. Over this vacuum looms a format war, except
what's at stake here is not CD- ROMs or VCRs, it is the nature of money
There's a rush underway to establish the protocols that will define
what electronic money, or e-cash, is. The players range from the big--
Visa, Microsoft, Citibank--to the obscureâ€Digital Cash, CyberCash, and
First Virtual Holdings, to name a few.
The process, for now, resembles the free-for-all that surrounded the
U.S. banking industry in the 19th century, until the creation of the
Federal Reserve. Before the Fed, banks circulated their own private
currency and bank checks weren't as widely accepted, since you couldn't
trust the solvency of the issuer. The same pattern is being repeated in
the digital marketplace; government agencies like the Federal Reserve,
Department of the Treasury, and the Office of Technology Assessment
have no official opinion on how e- cash should be implemented. Without
clear ground rules, uncertainty will undermine e-cash's usefulness.
What's at stake here? At worst, we'll be left with an inflexible
currency that's costly to use, easy for marketers' to trace, and hard
to trade between individuals; at best, we'll get the digital equivalent
of a dollar bill--the benefit of cash without the cost of paper.
Cash or Credit? That's the central question. Early pioneers, like First
Virtual Holdings, which launched a service to handle financial
transactions over the Internet last October, basically act as referees
authenticating Marketing Computers, April, 1995 credit-card
transactions. The process overcomes gaps in Internet security, but it
comes at a price. Transactions between individuals cannot take place.
And the cost of each transaction is high, as commissions go to both the
credit-card agency and First Virtual. Critically, it offers no way to
buy things without using credit.
A slightly more advanced option does allow individuals to trade things
directly using digital "tokens" that correspond to real money. Last
May, a company named Software Agents created a "NetBank" that offers
"NetCash" as a means of exchange. Send the NetBank a check by fax, and
once it clears, your NetBank account is credited with the equivalent
sum. For instance, as $ 10 deposit might look like this: NetCash US$
10.00 E123456-H789012W. This string of digits can be passed onto a
merchant, or anyone else. Once the transaction is cleared by NetBank,
that account shows a deposit. These tokens can be passed around at no
charge. NetBank charges a 2% commission at the end, when you convert
NetCash into cash and withdraw it.
Both First Virtual Holdings and Software Agents rely on Internet e-mail
to process transactions, and neither is seamless the way handling real
money is. A lot of other concerns loom as well --you have to trust
these institutions not to resell your transaction history, and,
considering that Kevin Mitnick, the hacker arrested in February, stole
20,000 credit card numbers stored on the Internet, Marketing Computers,
April, 1995 the security behind these "banks" can't be trusted, no
matter how well- intentioned.
A deeper solution, one which can travel over public networks in such a
way that hackers listening could never spend the e-cash, exists, and
one person controls the patents that can make it possible. A company
based in the Netherlands, named DigiCash, holds patents that resolve
most security concerns around e-cash using cryptographic techniques
belonging to them. DigiCash's founder, David Chaum, worked on a form of
cryptography which allows information to be encrypted using a
combination of digital "signatures" and a process of authentication
called a "blind signature."
Simply put, this allows for the creation of unique serial numbers that
can be verified by the bank issuing the currency, without revealing the
identity of the money-holder. And each "bill" can only be spent once,
putting would-be counterfeiters out of business.
But two hurdles block the distribution of these algorithms; Chaum has
yet to widely license them, and, because this e-cash is so similar to
cash, it is unclear governments will permit its use. For now, DigiCash
is limiting trials to select vendors on the Internet, including the
Encyclopedia Britannica. Marketing Computers, April, 1995 Vested
Interests The worst case scenario is one where no standard for e-cash
exists. Instead, digital walls keep the flow of money in separate
pools. Crossing over from one to the other would then resemble today's
foreign- exchange markets--an expensive process hobbled by commissions,
dominated by institutions, and mostly off-limits to individuals. This
makes little sense in cyberspace. Nations maintain their own currencies
to protect national interests. Cyberspace is not a nation, and does not
require this kind of compromise. The same e-cash could go from New York
to Tokyo with minor transaction costs. However, governments have a good
reason to oppose this: A universal digital dollar would undermine the
monetary conventions of the "real" world by unifying currencies in
cyberspace, creating a means to avoid paying conversion fees on
international transactions. This tender would be hard to tax, since it
crosses borders so easily.
What we need now is a universal protocol for electronic money,
something similar to the way TCP/IP acts as a universal language for
communication over networks. No one should own this protocol, charge
for its use, or limit its availability. To do otherwise would put an
unprecedented burden on security, anonymity, and our confidence in this
fledgling digital marketplace.
11. E-cash will be a major leap for the Indian consumer
In the beginning, there was barter. Then came currency, cheques, credit
cards. And now we have E-cash, a new concept launched by Escorts
Finance which, if it succeeds, will mark a important step towards
electronic commerce and digital cash. Jayant Dang, Managing Director of
Escorts Finance, spoke to Tanmaya Kumar Nanda about how E-cash operates
and the company's plans for the future.
*How exactly does E-cash work?
Well, it's really very simple. Basically, it's an ordinary card, made
by Shlumberger, but with a very smart mind. Instead of a magnetic
strip, you have an actual microchip containing all the data about that
particular account is built into the card. All you have to do is
operate the card with a unique Personal Identification Number (PIN)
that gives you credit facilities as well as full security against
misuse as long as you keep it to yourself. The customer has to pay an
annual sum for the use of the card.
* How does that make it any different from any of the other credit
cards that have flooded the market?
In the first place, E-cash is not a credit card. Here, all that you
have to do is deposit any amount of money with either the company or
with any of the outlets that have E-cash facilities. In return, you get
the card which can then be used to make any purchase that you want. And
the company will be installing Verifone terminals at its own cost at
stores across Delhi, to begin with. The difference is that E-cash is
essentially your own cash that you are using, unlike a credit card
where the bank is lending you the money at a given interest rate. With
E-cash, there's no interest because it's your money to being with.
Also, transaction is much faster -- all it takes is about 45 seconds
for the whole operation. The customer will not be paid an interest on
the amount deposited with us because we are not a savings bank. But
there will be bonuses given for large amounts deposited with us.
* The same concept exists in the West, but it hasn't really taken off.
What makes you think it'll work in India?
In the West, they also have something called debit cards, where the
payment is taken straight from your bank account. That won't work in
India, where most transactions are in cash because banking procedures
are often so cumbersome. Besides, a number of people don't even have
bank accounts. Also, in the West, credit and debit cards work better
because of better online connectivity, so cash cards are low-value
affairs.
Besides, E-cash cards will also double as ATM cards. That way, you can
even withdraw on your card if your want to. So what we're doing is
exploiting Western technology and Indian behavioural patterns to create
a niche segment. Basically, it's a major leap into the future. But it's
also going to be a big challenge to make it succeed.
* How long do you think it'll take to popularise this card?
Initially, we're starting with Nanz-Archana stores in Delhi. Then,
we're expanding to South Delhi and other areas. But that's because
we're based here. Eventually, we're looking at all six metros, and then
the entire country. And once we have a uniform operating standard for
such terminals, we could even go global.
So, what we have on our hands is a long-gestation idea. For at least
two-three years, we'll only be building our customer base. At the end
of that, I'd like to break even.
* What are the other consumer finance sectors that Escorts Finance is
looking at?
As of now, our core remains automobile finance and construction
equipment. But we've also gone into consumer durables in a small way.
What we are waiting for is a Consumer Credit Reference that will be
complete in about six months. The CCR will be a database of the all the
defaulters on payment provided by all major banks, credit card
companies and financial institutions. It'll be a co-operative effort by
everybody involved, and all of them will be able to access the
database.
* Now that you're into plastic money, do you also intend to go into the
credit card segment?
Not now, no. My first priority is to make E-cash a success story. And
that'll take at least two to three years. It requires a great deal of
investment and involvement. Credit cards can come later. But when we
do, they'll be compatible with the E-cash machines for better service.
12. CONCLUSION
Electronic cash system must have a way to protect against multiple
spending. If the system is implemented on-line, then multiple spending
can be prevented by maintaining a database of spent coins and checking
this list with each payment. If the system is implemented off-line,
then there is no way to prevent multiple spending cryptographically,
but it can be detected when the coins are deposited. Cryptographic
solutions have been proposed that will reveal the identity of the
multiple spenders while preserving user anonymity otherwise.
Token forgery can be prevented in an electronic cash system as long as
the cryptography is sound and securely implemented, the secret keys
used to sign coins are not compromised, and integrity is maintained on
the public keys. However, if there is a security flaw or a key
compromise, the anonymity of electronic cash will delay detection of
the problem. Even after the existence of a compromise is detected, the
Bank will not be able to distinguish its own valid coins from forged
ones.
The untraceability property of electronic cash creates problems in
detecting money laundering and tax evasion because there is no way to
link the payer and payee. However, this is not a solution to the token
forgery problem because there may be no way to know which deposits are
suspect. In that case, identifying forged coins would require turning
over all of the Bank's deposit records to the trusted entity to have
the withdrawal numbers decrypted.
Allowing transfers magnifies the problems of detecting counterfeit
coins, money laundering, and tax evasion. Coins can be made divisible
without losing any security or anonymity features, but at the expense
of additional memory requirements and transaction time. In conclusion,
the potential risks in electronic commerce are magnified when anonymity
is present. Anonymity creates the potential for large sums of
counterfeit money to go undetected by preventing identification of
forged coins. It is necessary to weigh the need for anonymity with
these concerns. It may well be concluded that these problems are best
avoided by using a secure electronic payment system that provides
privacy, but not anonymity.
CONTENTS
¢ INTRODUCTION
¢ REAL THING: WI-FI
¢ WI-FI TECHNOLOGY STANDARDS
¢ WI-FI AT THE ENTERPRISE
¢ SECURITY ISSUES
¢ WHERE IS IT HEADED
¢ CONCLUSION
¢ REFRENCE
