E-CASH PAYMENT SYSTEM 2

<< E-CASH PAYMENT SYSTEM 1

SECURE SOCKET LAYER (SSL) >>

E-COMMERCE IT430

Lesson 27

E-CASH PAYMENT SYSTEM

How anonymity is ensured in e-cash payment system?

Anonymity in e-cash system means that the identity of the client/buyer is not disclosed. Note that there are

two main stages in this payment mechanism minting stage and deposit stage. At minting stage the serial

no. is signed by the e-cash bank to provide third part of a valid e-cash coin. At this stage the bank knows as

to who amongst its different account holders or clients is requesting for the bank's signatures on the serial

no., but it does not know the serial no. it is signing due to the blinding factor "r". On the other hand, the

reverse is true at the deposit stage (when the coins are sent to e-cash bank for checking validity). Now, bank

knows the serial no. (it had earlier signed blindly at the minting stage) but has no clue about the specific

client who has sent them for payment purposes. The bank may have issued coins to many of its clients. It

would not be known to the bank at the deposit stage that who amongst them has done the shopping and is

making the payment now. Thus, by scheme, the relationship between the client and the serial no. is broken

at the minting and deposit stage to ensure anonymity of the client. This concept may also be illustrated as

follows:

Minting Stage

Serial number (unknown)

Client (known)

Deposit Stage

Serial no. (known)

Client (unknown)

Withdrawing Coins

Many coins of different denominations can be obtained in a single request to the bank.

The request is signed by the client with his private key and contains information about the serial nos. to be

signed. The request is encrypted with a symmetric key and that symmetric key is encrypted with the public

key of the bank, thus creating a secure envelope. The bank signs serial nos. in order to mint coins of

requested denominations and forward them to the client/buyer.

E-cash Purchase

Having received an order the merchant sends a payment request to the client in the following format:

Payreq={currency,amount,timestamp,merchant_bank ID, merchant_accID, order description}

Cyber wallet automatically assembles the correct payment amount and pays.

Making the Payment

Coins used in the payment are encrypted with bank's public key, preventing the merchant to view them.

Payment information is forwarded to the bank with encrypted coins during merchant's deposit. Only hash

of the order description is included in payment information preventing the bank from knowing the order

details.

Proving the Payment

Payer code is a secret generated by the client. A hash of it is included in the payment information so that

client can later prove the payment if need be.

118

E-COMMERCE IT430

Hash

Bluesky

Hash function and message digest are

sent to the e-cash bank

Fig. 1

For instance, the client may choose the word "Bluesky" as a code. By applying a hash function on this code,

a message digest is obtained. Hash function and message digest are sent to the bank. In case a dispute arises

and the payer has to prove that he had made the payment, he can forward the word/code "Bluesky" to the

bank and request it to apply the hash function on it (which was earlier sent to the bank). If, on applying the

hash function, the message digest comes to be the same as earlier available with the bank, it means that the

person claiming to be the payer had succeeded in proving his payment, since only he was supposed to know

the word "Bluesky".

Payment Deposit

A deposit request encrypted with bank's public key accompanies the payment information. E-cash bank

maintains a database of spent coins. On receipt it checks whether the coin is valid and whether it has

already been spent or not (to prevent double spending) by referring to its database. If the coins are valid the

bank credits the merchant's account. Thus, if the client has sent valid coins worth $10 for payment to the

merchant, and the merchant already has $90 in his account then an amount of $ 10 would be added in his

account making it $ 100. Later, the merchant can request the e-cash bank to transfer this amount in his

account with the acquirer bank. This can be done through ACH and the merchant can physically withdraw

the money form the acquirer bank.

E-cash bank plays a backbone role in this set up and charges a specified commission for its services from

the client and the merchant depending on its policy.

Lost Coins

In case network fails or computer crashes during payment transaction, coins might be lost. All signed

blinded coins from last 16 withdrawals are sent by the bank to the client. Client uses the blinding factor

known to its wallet to reveal the serial #. It then sends all serial nos. to the bank for its verification whether

or not the coins have already been spent. After checking its database the bank credits the client's account

with the value of unspent coins.

119

E-COMMERCE IT430

E-Cash & the Web

Fig. 2 below shows how e-cash payment system can be applied on the web:

E-Cash & the Web

EccashBankk

E ash Ban

6. Accepted

5. Deposit

coins

3. Payment Request (Order)

Meerchant

M rchant

Clileent

C i nt

4. Payment (coins,order)

Softwaare

Softw re

Waalleet

Wl lt

7. Receipt

2. Merchant

8.Send

wallet Starts

goods

1.Select Order

Web

Server

Browser

9.Goods/Acknowledgement

Fig. 2

Client wallet and web browser are installed on the client machine. Web server software and merchant

software are installed on the sever machine. A client selects an order and web server starts the merchant

software/wallet (steps 1 & 2). Payment request is made by the merchant software and the client wallet pays

through e-cash coins (steps 3 & 4). Merchant deposits the coins to e-cash bank for checking validity (step

5). If the coins are valid an acceptance message is made to the merchant following which the receipt of

payment is sent to the client by the merchant (steps 6 & 7). Merchant software intimates the web server to

send goods which acknowledges the fact to the web browser (steps 8 & 9).

120

Table of Contents: