In this paper, we propose a new efficient and secure micro-payment scheme, named e-coupons, which can provide the users the facility of delegating their spending capability to other users or their own devices like Laptop, PDA, Mobile Phone, and such service access points. The scheme has the promise of becoming an enabler for various Internet-based services involving unit-wise payment. It gives flexibility to the users to manage their spending capability across various access points for a particular service without obtaining an authorization for each and every access point from a facilitating bank. This flexibility which is not present in the existing micro-payment schemes is essential for accessing ubiquitous e-services and other Internet-based applications. The facility of delegation introduces a slight overhead in respect of the proof or verification of the delegated authorization and security provided to the payments. The payoff from the facility of delegation takes away the burden of the overhead. The paper discusses the design of the protocol and provides a basic analysis of the performance of the system.
e-coupons is based on PayWord, a single-seed one-way hash chain for unit-wise payment, TESLA for payment security and SPKI/SDSI as underlying PKI framework for its unique delegation feature. The results obtained from the implementation of ecoupons are quite acceptable and show near real-time response. Our scheme uses multi-seed one-way hash chains for unit-wise payment. Furthermore, it allows an ordered transfer of the portions of payment chains to others. Because of this user’s spending capability can be used from different service access points to access the subscribed service, concurrently.
E-Commerce covers a broad spectrum of transactions varying from macro-transactions to microtransactions. In macro-transactions, while the value of each transaction is very high, the challenge lies in providing a higher grade of authentication, payment security, and non-repudiation of transactions. In case of micro-transactions, while the need is to cater to a large volume of transactions of low intrinsic financial value, the challenge is to keep the cost of each transaction to a minimum on an average.
Micro-transactions include Internet-enabled services like streaming multi-media, accessing computational power from grids, loadable softwares, software plug-ins/APIs, VoIP calls, e-Library, news, and various such non-tangible goods which can be delivered through Internet (of them, news is free, for example). Subscribers access such services through different service access points and would not always like to reveal the set of their access points. The service providers have not succeeded in charging their services by following the available means. Hence, they provide the services to the users free of cost or employ mechanisms other than amicro-payment system. The service providers recover the cost from the advertisers or bulk subscriptions using authentication based on host IP addresses and/or browser cookies etc. A direct micro-payment mechanism would be of great complement and facilitate small vendors. Further, it would provide incentives for sporadic users who do not want a full-time subscription to some paid service. Unlike macro-payments, the monetary value of every micro-payment is extremely low and the risk involved is acceptable. While the macropayments emphasizes on security, non-repudiation and atomicity of the transaction, micro-payment systems aim at efficient, low-cost, secure setup. The users are ready to accept micro-payment systems with reasonable risk factors associated with it. In this paper, we are concerned with the design and development of a micro-transaction system that charges the user directly complying with requirements such as security, low-cost per transaction, and delegation facility.
There are several e-payment schemes proposed in the literature: PayWord and MicroMint, (Rivest and Shamir, 1996); MilliCent, (Glassman et al., 1995); MiniPay, (Herzberg and Yochai, 1997); NetBill, (The NetBill Electronic Commerce Project, 1995); NetCard, (Anderson et al., 1996); NetCash, (Medvinsky and Neuman, 1993); Agora, (Gabber and Silberschatz, 1996); MPTP, (Hallam-Baker, 1995); iKP, (Bellare et al., 2000) based micro-payment, etc. These schemes can be broadly differentiated into on-line and off-line categories based on the type of payment validation used. In off-line methods, risk naturally arises as immediate validation is not performed. NetBill, NetCash, MiniPay, MilliCent use on-line or semi-online type of payment validation, which is costly in general. NetBill is designed for buying information goods via Internet with emphasis on security and atomicity of transactions. A central trusted server is involved in every transaction. Micro-economy and scalability are questionable because of the extensive network traffic required during the transaction and the interaction with the central NetBill server. NetCash is another on-line scheme that offers a framework for a secure and partially anonymous real time digital payment system. The basic NetCash structure consists of independent, distributed currency servers providing a link between anonymous electronic currency and non anonymous services. Currency server provides customer services, like double spending detection, coin exchange to allow untraceability, purchases of coins with cheques and redemption of coins for cheques. MiniPay features a low cost, negligible delay, natural user interface, scalable design, support for multiple currencies, and high security—including non-repudiation, overspending prevention, and protection against denial of service. MiniPay architecture involves four to six parties in its setup. It uses public-keys to authenticate parties and it is based on peer to peer relationships, where public-keys are exchanged and authenticated using existing relationships between the peers. MilliCent is a proprietary voucher based digital microcommerce system. The system uses merchant specific vouchers, called scrip, a form of token that is only valid with a particular merchant for a limited period of time. MilliCent transactions are not anonymous and mostly off-line. PayWord is an off-line, extremely efficient, credit-based micro-payment scheme. It is a tripartite scheme involving a bank, the vendors and users. The bank gives credit facility to the users and assures the vendors for redemption of payments made by the registered users. The other micro-payment schemes; micro-iKP, NetCard, MPTP are largely based on PayWord proposal. We have excluded from our discussion the other micro-payment schemes (like Mondex, CAFE) that rely on special hardware like smartcard.
The above micro-payment schemes have been designed with the intention to make secure and/or efficient payments for non-tangible goods on pay-perview/pay-per-click/pay-as-you-go basis. The schemes either rely more heavily on asymmetric key applications or they are more burdensome for the bank in terms of minting coins and on-line verification. Furthermore, most of these proposals are not scalable due to their centralized design. The present day applications demand much more than what these schemes provide. Nowadays, the users employ software robots to make purchases on their behalf. The users expect their subscribed services to be accessible from different access points (plausibly simultaneously). We present two typical micro-payment scenarios that cannot be satisfactorily handled by the existing schemes discussed above.
Scenario 1 A consortium of academic institutions has subscribed itself to various electronic publication services. The consortium management is willing to lure other non-member institutions for these subscriptions on an ad-hoc or permanent basis. For this purpose, it is necessary for the consortium administrator to have features like partial delegation of authority to other institution or individual while maintaining the efficiency and security of the system.
Scenario 2 A user has a multi-threaded application and the threads make use of different external APIs/plug-ins (Application Program Interfaces), based on the subscriptions of the user. A monolithic payment instrument will hinder the execution of threads in parallel.
One of the principal reason is that the existing micropayment schemes do not allow a user to delegate his authority totally or in part to third parties. There are many such scenarios where the growth of e-commerce has stagnated due to unavailability of an efficient and secure micro-payment scheme that provides delegation facility to users over their spending capability. In this paper, we shall address the design and implementation of a micro-payment system satisfying these requirements: security, low-cost per transaction, efficiency, and a provision to delegate the spending capability. Our design uses features from PayWord (Rivest and Shamir, 1996), TESLA (Perrig et al., 2002; Perrig et al., 2001), and SPKI/SDSI (Clarke et al., 2001). In other words, we have extended the PayWord framework (Rivest and Shamir, 1996) to handle delegation of users’ spending capability through SPKI/SDSI and handling security through TESLA.