E-Cash & Mobile Payments

panelgameSecurity

Dec 3, 2013 (3 years and 8 months ago)

101 views

E-Cash & Mobile Payments
Karen Uttecht
Overview
•E-Cash
–History
–Basic Concept
–Technologies

Features

Features
–Trade-offs
•“Electronic Cash” Systems
–Online Payment Systems
–Peer to Peer Systems
–Smart Cards
–Mobile Payments (in detail)
Historyof E-Cash
•Invented by David Chaumin 1982 in his
paper “Blind Signatures for Untraceable
Payments”

Chaum
filed patents and founded
Chaum
filed patents and founded
DigiCash, Inc.
•Chaum’smismanagement of DigiCash
ultimately lead to Bankruptcy in 1998
•Hundreds of papers improving on
Chaum’sE-Cash have been written
since.
E-Cash: Basic Concept
Bank
1. Send Prepared E-Cash
2. Return Signed
E
-
Cash
4. Check E-Cash Validity
5. Return Verification
Service
Provider
Payer
3
E
-
Cash
3. Give E-Cash
CryptographicTechnology
UsedBy E-Cash Schemes •RSA / Public Key
Cryptography

Elliptic Curve Cryptography

Elliptic Curve Cryptography
•Blind Signatures
•Hash Functions
•Digital Certificates
E-Cash: Security Features •Non-Reproducible
•Can’t be Double Spent

Tamper
-
Proof

Tamper
-
Proof
•Private and Anonymous
•Theft Resilient
•Dispute Resolution
E-Cash: UsabilityFeatures
•Fast
•Easy to Use

Easy to Learn

Easy to Learn
•Available
•Accountable
•Predictable Performance
•Accurate
E-Cash: Trade-Offs and
Challenges
•Double Spending vs. Availability

Double Spending vs. Anonymity
Double Spending vs. Anonymity
•Dispute Resolution vs. Anonymity
•Fair Trading
“Electronic Cash” Systems
•Online Payment Systems
•Peer to Peer Systems

Smart Cards

Smart Cards
•Mobile Payments
Online PaymentSystems
•Users exchange money through their site
•Money stays put (with the site), ownership
changes hands
changes hands
•Online Wallets, Shopping Carts & Checkout
through participating retailers
•Mobile web payments
•Examples: Paypal, WebMoney, Gogopay,
CashU
Peer to Peer Systems
•No Central Authority
•Coins are chains of digital signatures of all
previous owners
Diagram from [12]
Peer to Peer Systems
•Double spending is prevented by announcing all
transactions to the network, majority of nodes
decide which transaction came first
•Timestamps determined using longest proof-of-
work chain
•Examples: BitCoin(Open Source)
Diagram from [12]
Smart CardSystems
•Essentially like a “Smart Card” Visa gift card
•Anonymous –the user does not open an account

Cards are loaded up at kiosks

Cards are loaded up at kiosks
•Many are transit cards retailers have chosen to
accept as payment
•No theft protection
•Examples: FeliCaSystem –Widely Used
–Notably extensively used in Hong Kong, Singapore, Japan,
and Netherlands as E-Cash
Mobile Payments
•Exchanging money using Mobile Devices

Four General Types

Four General Types
–SMS
–Direct Mobile Billing
–Mobile Web Payments
–Near Field Communications
Mobile Payments: SMS
•Payment Request Sent via Text
Message
•Charge is added to Phone Bill

Very clunky

Very clunky
•Unreliable
•No Security –Messages are
plaintext
Mobile Payments:
Direct Mobile Billing
•Essentially Charging Services to your
Phone Bill
Uses a pin code & one
-
time
-

Uses a pin code & one
-
time
-
password
•Prevalent in Asia
•Bypasses banks & credit cards
Mobile Payments:
Mobile Web Payments
•Accessing a payment web service
on your mobile phone
•Example: PaypalMobile:
https://
www.paypal.com/mobile
https://
www.paypal.com/mobile
Mobile Payments:
NearField Communications
•NFC is an extension of ISO/IEC
14443, RFID proximity card
standard

NFC device can communicate with

NFC device can communicate with
existing infrastructure and other
NFC devices
•Range of 7-8 inches
•Low Power Consumption
•Designed for Mobile Devices
NFC Mobile Payments
Pictures From Reference [11]
NFC Mobile Payments
•NFC embedded into mobile phone
•Allows User to Pay with their Phone

E
-
Cash Schemes could be used in conjunction

E
-
Cash Schemes could be used in conjunction
•Mobile to Mobile Payments Possible
•“Offline” Payments Possible
•Predicted: $75 Billion globally in NFC Mobile
Payments by 2013
•59% of US consumers want to make purchases with
their mobile phone
NFC Mobile PaymentSystems
•Pay-Buy-Mobile Initiative
–Working on World Wide Standard for NFC Mobile
Payments

Over 50 Mobile Operators involved

Over 50 Mobile Operators involved
•Payforit–UK
•BlingNation –US –“Smart Sticker”
•China Mobile
•Blaze Mobile (US) –“Sticker Based”
•Many trials worldwide
Questions?
References
•[1] History of DigiCash:
http://jya.com/digicrash.htm
•[2] E-Cash System Architecture, Texas A&M Engineering:
http://rtds.cs.tamu.edu/aaa2.php
•[3] Bitcoin
http://www.bitcoin.org/
•[4] Paypal
www.paypal.org
•[5] WebMoney:
www.wmtransfer.com
•[6] CashU:
www.cashu.com
•[6] Liberty Reserve:
www.libertyreserve.com/en/
•[7] Wikipedia Mobile Payments:
http://en.wikipedia.org/wiki/Mobile_payment
•[8] Wikipedia Near Field Communications:
http://en.wikipedia.org/wiki/Near_Field_Communication
•[9]
http://www.paymentsnews.com/2008/07/nfc-mobile-paym.html
•[10] Architecture and Development of NFC Applications:
http://www.slideshare.net/tdelazzari/architecture-and-development-of-
nfc-applications
References
•[11]
http://www.nfc-
forum.org/resources/presentations/Tagawa_Barcelona_2010.pdf
•[12] Bit Coin
http://www.bitcoin.org/bitcoin.pdf
•[13] Pay-Buy-Mobile Initiative:
http://gsmworld.com/our-
work/mobile_lifestyle/mobile_money/pay_buy_mobile/index.htm#nav-
•[14] Pay-for-it
http://www.payforit.org/

[15]
Bling
Nation
:
http://www.blingnation.com
/

[15]
Bling
Nation
:
http://www.blingnation.com
/
•[16] Near Field Communications World Payments News:
http://www.nearfieldcommunicationsworld.com/category/applications/pa
yments/
•[17] NFC Trials and Rollouts worldwide:
http://www.nearfieldcommunicationsworld.com/list-of-nfc-trials-pilots-
tests-and-commercial-services-around-the-world/
•[18] Blaze Mobile
http://www.blazemobile.com/
References
•[19] Newswire:
http://www.nearfieldcommunicationsworld.com/2009/12/01/32406/59-
of-consumers-want-to-use-their-phone-to-make-purchases-at-the-point-
of-sale/