ITB Journal-May-2003 - Institute of Technology Blanchardstown

More documents

Recommendations

Info

ITB Journal The voucher package includes the encrypted goods that the voucher will allow the customer to access. The voucher package also includes the merchant and product identities. These are required to uniquely identify the product that the customer is purchasing. Also included is a human readable description of the product so the customer has some indication of the type of the product they are purchasing. The value of the product must also be included so the customer can determine whether the cost of the product is worthwhile. The expiry date is also included for the customer as an indicator of how long the voucher will be valid. The customer may download the voucher and decide not to purchase the goods without any loss. Because the merchant signs the voucher, the customer can be sure that the goods and the voucher contents have been received correctly providing, of course, that the merchant is not cheating. 3.3 Redeeming Vouchers Now that the customer has obtained the encrypted goods and the voucher from the merchant and she has decided to purchase the goods, they must request the key from the bank to release the goods. Again it is assumed that the customer is able to establish a secure connection with the bank. C B : Sig C (MID, PID, Value, E CB (Customer Account details), Counter) B C : E CB (Kp) In step 4 of the protocol the customer sends to the bank, the merchant and product id’s and the value of the product as well as details of their account and a counter value. The merchant and product identity and the value of the goods are obtained from the voucher the customer has received. The counter is a value that must be maintained by the bank and the customer. The purpose of the counter is to uniquely identify this message and prevent an external entity from replaying the message and thus draining of a customer’s account of funds. A timestamp could be used instead of a counter provided that problems associated with synchronization are properly addressed. It is only when the customer signs this message that the voucher is given value. Up till this stage the customer can abort the transaction. If the customer chooses to accumulate vouchers over a period of time, the customer may concatenate multiple sets of merchant identity, product identity and value bit strings and sign them all at once. This will reduce the amount of processing required by the customer. Issue Number 7, May 2003 Page 84
ITB Journal The bank now makes a decision as to whether the transaction should take place. The bank must consider things like the availability of the customer’s funds, and the trustworthiness of both the merchant and the customer and check that the counter value is valid. If the bank decides that the transaction should occur, the bank moves the correct amount of funds from the customers account to the merchant’s account using the details provided by the customer and the merchant during the transaction. At this point the bank may also deduct any transaction, handling or other fees. As the bank already knows the merchant’s key K, the bank uses these additional values to calculate the key Kp. In step 5 of the protocol the bank returns the key Kp to the customer. When the customer obtains the key Kp they are able to decrypt the goods they have received with the voucher and complete the transaction. After the funds transfer has occurred the bank has the option of notifying the merchant that the transaction took place. This notification is only to assist the merchant in updating his inventory and may not be essential for online software goods. When, or if, this notification occurs can be determined by agreement between the bank and merchant. Large value transactions could be batched and sent at the end of each working day. Unfortunately if the merchant chooses not to be notified by the bank he has no indication that a transaction has occurred. 3.4 Disputes If the merchant or the customer is not satisfied that the transaction has been conducted successfully a dispute has occurred. The voucher payment scheme has a process which is able to deal with most disputes. It is assumed that both the customer and the merchant can trust the bank to be fair in all decisions. The voucher dispute resolution protocol consists of the following step: 1. C B : Sig C (Kp, Sig M (E Kp (Goods), MIP, PID, Description, Value, Expiry)) The message consists of the key Kp that the customer received from the bank in step 5 of the payment protocol. The remainder of the message is the merchant signed voucher the customer received in step 3 of the payment protocol. Because the voucher is signed by the merchant, the customer is unable to alter the contents of the voucher without detection. The retransmission of the voucher, including the goods, in the dispute protocol will increase the Issue Number 7, May 2003 Page 85
Page 1 and 2:
ITB Journal Issue Number 7, May 200
Page 3 and 4:
ITB Journal Editorial I am delighte
Page 5 and 6:
ITB Journal The ability to deliver
Page 7 and 8:
ITB Journal • Proprietary LAN-bas
Page 9 and 10:
ITB Journal the client. Message que
Page 11 and 12:
ITB Journal across the different co
Page 13 and 14:
ITB Journal functionality of this m
Page 15 and 16:
ITB Journal Another advantage of th
Page 17 and 18:
ITB Journal The Process And Problem
Page 19 and 20:
ITB Journal Weich (1979) defined
Page 21 and 22:
ITB Journal 2.1.2 Population Ecolog
Page 23 and 24:
ITB Journal 2.3 Early Approaches to
Page 25 and 26:
ITB Journal up creation process is
Page 27 and 28:
ITB Journal 2.6.2 Katz & Gartner Fr
Page 29 and 30:
ITB Journal operate, it emphasizes
Page 31 and 32:
ITB Journal empirical evidence, in
Page 33 and 34: ITB Journal An interesting study ex
Page 35 and 36: ITB Journal Many entrepreneurs, who
Page 37 and 38: ITB Journal than with an establishe
Page 39 and 40: ITB Journal linear step-by step pro
Page 41 and 42: ITB Journal Catalunya, num.8. May-A
Page 43 and 44: ITB Journal The structure of this p
Page 45 and 46: ITB Journal strengths and its abili
Page 47 and 48: ITB Journal The second and third qu
Page 49 and 50: ITB Journal Prior to the survey, th
Page 51 and 52: ITB Journal After the system specif
Page 53 and 54: ITB Journal Modelling Modelling can
Page 55 and 56: ITB Journal • Programming constru
Page 57 and 58: ITB Journal 3. Hardware Description
Page 59 and 60: ITB Journal improvement in the cost
Page 61 and 62: ITB Journal • State-register •
Page 63 and 64: ITB Journal communication between h
Page 65 and 66: ITB Journal methodology that is mai
Page 67 and 68: ITB Journal [24]. Frank Vahid and D
Page 69 and 70: ITB Journal Integration of a Stereo
Page 71 and 72: ITB Journal young children. Video a
Page 73 and 74: ITB Journal 3 Results The mobile un
Page 75 and 76: ITB Journal A Secure Payment Protoc
Page 77 and 78: ITB Journal complex software valued
Page 79 and 80: ITB Journal user, and debits the cu
Page 81 and 82: ITB Journal • Objective 1 is achi
Page 83: ITB Journal K is the key provided b
Page 87 and 88: ITB Journal that the merchant assig
Page 89 and 90: ITB Journal October, 1994. [4] Chau
show all

ITB Journal-May-2003 - Institute of Technology Blanchardstown

Create successful ePaper yourself

Delete template?

Save as template?