NetCard — A practical electronic-cash system
Our recursive hashing technique greatly reduces the computational complexity in applications where a series of low value payments are made to the same merchant. We have shown how it can be used in simple payment schemes based on both the smartcard and the online processing models of electronic commerce, and can also provide some novel and valuable features, such as a security recovery facility that does not depend on either the legacy systems or the SET protocols. It is an open problem whether hashing techniques can be combined with the more complex anonymous cash schemes.
In December 1995, we learned that three other groups had independently developed micropayment systems that are rather similar to our second protocol. These are the ‘Tick Payments’ of Torben Pedersen of the CAFE project, the ‘PayWords’ of Ron Rivest and Adi Shamir [RS], and a scheme from the iKP team at IBM Zürich [HSW].
From the scientific point of view, one of the more interesting lessons learned from implementing our first protocol and developing the others from it has been that local and global trust interact in interesting and often unexpected ways. The details of this will be the subject of a future paper; the high order bit appears to be that the global trust has to go somewhere. In a payment system, the global mechanism to prevent double spending can be a centralised system of online authorisation, authorisation using end-to-end authentication, tamper resistant objects or (more realistically) some combination of these. Moving the primary locus of trust, even slightly, can have profound effects; and very small design changes can greatly improve the system's resilience and robustness.
KeywordsCredit Card Global Trust Springer LNCS Secure Electronic Transaction Credit Card Transaction
Unable to display preview. Download preview PDF.
- 1.“UEPS — A Second Generation Electronic Wallet”, RJ Anderson, in Computer Security — ESORICS 92, Springer LNCS v 648 pp 411–418Google Scholar
- 2.RJ Anderson, “Why Cryptosystems Fail”, in Communications of the ACM v 37 no 11 (November 1994) pp 32–40Google Scholar
- 3.“Cryptographic Credit Control in Pre-payment Metering Systems”, RJ Anderson, SJ Bezuidenhout, Proceedings, 1995 IEEE Symposium on Security and Privacy pp 15–23Google Scholar
- 4.“Programming Satan's Computer”, RJ Anderson and RM Needham, in Springer Lecture Notes in Computer Science volume 1000 Google Scholar
- 5.“Fast Server-Aided RSA Signatures Secure Against Active Attacks”, P Béguin, JJ Quisquater, Advances in Cryptology — CRYPTO 95, Springer LNCS 963 pp 57–69Google Scholar
- 6.“Card Fraud: Banking's Boom Sector”, in Banking Automation Bulletin for Europe (Mar 92) pp 1–5Google Scholar
- 7.S Blythe, B Fraboni, S Lall, H Ahmed, U de Riu, “Layout Reconstruction of Complex Silicon Chips”, in IEEE J. of Solid-State Circuits v 28 no 2 (Feb 93) pp 138–145Google Scholar
- 8.“Achieving Electronic Privacy”, D Chaum, Scientific American (August 92) pp 96–101Google Scholar
- 9.“The ESPRIT Project CAFE — High Security Digital Payment Systems”, JP Boly, A Bosselaers, R Cramer, R Michelsen, S Mjølsnes, F Muller, T Pedersen, B Pfitzmann, P de Rooij, B Schoenmakers, M Schunter, L Vallée, M Waidner, in Computer Security — ESORICS 94, Springer Lecture Notes on Computer Science volume 875 pp 217–230Google Scholar
- 10.“Micro-Payments based on iKP”, R Hauser, M Steiner, M Waidner, preprint, IBM Zürich, January 16th 1996Google Scholar
- 11.“Electronic Payments of Small Amounts”, TP Pedersen, Aarhus University Technical Report DAIMI PB-495, August 1995Google Scholar
- 12.“PayWord and MicroMint-Two Simple Micropayment Schemes”, RL Rivest, A Shamir, preprint, MIT, January 26, 1996Google Scholar
- 13.Secure Electronic Transactions, VISA and MasterCard 1996Google Scholar
- 14.VISA Security Module Operations Manual, VISA, 1986Google Scholar
- 15.“Electro-optic sampling of high-speed devices and integrated circuits”, JM Wiesenfeld, IBM Journal of Research and Development v 34 no 2/3 (Mar/May 90) pp 141–161Google Scholar