Abstract
In this paper, we propose a new efficient and secure micro-payment scheme, named e-coupons, which can provide the users the facility of delegating their spending capability to other users or their own devices like Laptop, PDA, Mobile Phone, and such service access points. The scheme has the promise of becoming an enabler for various Internet-based services involving unit-wise payment. It gives flexibility to the users to manage their spending capability across various access points for a particular service without obtaining an authorization for each and every access point from a facilitating bank. This flexibility which is not present in the existing micro-payment schemes is essential for accessing ubiquitous e-services and other Internet-based applications. The facility of delegation introduces a slight overhead in respect of the proof or verification of the delegated authorization and security provided to the payments. The payoff from the facility of delegation takes away the burden of the overhead. The paper discusses the design of the protocol and provides a basic analysis of the performance of the system.
e-coupons is based on PayWord, a single-seed one-way hash chain for unit-wise payment, TESLA for payment security and SPKI/SDSI as underlying PKI framework for its unique delegation feature. The results obtained from the implementation of e-coupons are quite acceptable and show near real-time response. Our scheme uses multi-seed one-way hash chains for unit-wise payment. Furthermore, it allows an ordered transfer of the portions of payment chains to others. Because of this user's spending capability can be used from different service access points to access the subscribed service, concurrently.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ronald Rivest, Adi Shamir. PayWord and MicroMint: Two Simple micropayment schemes. In Security Protocols Workshop, 1996:69–87.
Steve Glassman, Mark Manasse, Martin Abadi, Paul Gauthier, Patrick Sobalvarro. The millicent protocol for inexpensive electronic commerce. In Fourth International World Wide Web Conference, 1995.
Amir Herzberg, Hilik Yochai. MiniPay: Charging per Click on the Web. In Sixth International World Wide Web Conference, 1997.
The NetBill Electronic Commerce Project, 1995. http://www.ini.cmu/NETBILL/home.html.
Ross Anderson, Charalampos Manifavas, Chris Sutherland. NetCard—A practical electronic cash system. Fourth Cambridge Workshop on Security Protocols, 1996.
Gennady Medvinsky, B. Clifford Neuman. NetCash: A design for practical electronic currency on the internet. in Proceedings of the First ACM Conference on Computer and Communications Security, 1993:102–106.
Eran Gabber, Abraham Silberschatz. Agora: A minimal distributed protocol for electronic commerce. In The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Association, 1996:223–232.
Phillip M. Hallam-Baker. Micro payment Transfer Protocol (MPTP) Version 0.1. W3C Working Draft, 1995.
Mihir Bellare, Juan A. Garay, Ralf Hauser, et al. Design, implementation, and deployment of the iKP Secure Electronic Payment System. IEEE Journal of Selected Areas in Communications 18(4), 2000.
Adrian Perrig, Ran Canetti, Tygar JD, Dawn Song. The TESLA broadcast authentication protocol. RSA CryptoBytes 5(Summer); 2002.
Adrian Perrig, Ran Canetti, Dawn Song, Tygar Jd. Efficient and secure source authentication for multicast. in Network and Distributed System Security Symposium, NDSS '01, 2001.
Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, Ronald Rivest. Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security 2001:9(4):285–322.
Carl Ellison. SPKI/SDSI Certificate Documentation, 2002. http://world.std.com/~cme/html/spki.html.
Bruce Schneier. Applied Cryptography, Second Ed. John Wiley and Sons, 1996.
ASN.1: Abstract Syntax Notation One. ITU—International Telecommunication Union.
PGP: Pretty Good Privacy. The PGP International homepage. http://www.pgpi.org.
Warwick Ford, Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice-Hall, 2002.
NIST. Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-1, 1995.
Stanislaw Jarecki, Andrew Odlyzko. An Efficient Micropayment System Based on Probabilistic Polling. LNCS 1997. 1318:173–191.
Adi Shamir. Fast Signature Screening. RSA Laboratories, CryptoBytes, 1995.
Leslie Lamport. Password Authentication with Insecure Communication. Communications of the ACM 1981:24(11):770–772.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work is supported by grants from Ministry of Information and Technology, Government of India.
Vishwas Patil is a PhD student at Dipartimento di Informatica, Università degli Studi di Roma “La Sapienza”, with a fellowship from the Italian MIUR under FIRB program. He was associated with School of Technology and Computer Science at TIFR-Tata Institute of Fundamental Research, Mumbai (India), as a Scientific Officer from 2000–2004. He received his Bachlor of Engineering in Computer Science from NIT-National Institute of Technology, Surat (India), in year 2000. His current research interests include access control and enforcement, trust management, facilitating incomplete contracts, e-commerce technologies, PKIs, information and system security, privacy.
RK Shyamasundar is Professor and Dean, Faculty of Technology and Computer Science at Tata Institute of Fundamental Research, Mumbai, India. He has been on the faculty/staff of IBM TJ Watson Research Center, Pennsylvania state University, Utrecht University, Eindhoven University of Technology, University of Illinois at Urbana Champaigne, Max-Planck Institute of Informatiks etc. He is Fellow of IEEE, Fellow of Indian Academy of Sciences, Fellow Indian National Science Academy, Fellow Indian National Academy of Engineering. He received his PhD in Computer Science from IISc Bangalore and his research interests include modeling and verification of safety-critical reactive and real-time systems, synchronous languages, compiler verification, deductive techniques, logics of programs, formal methods for industrial applications, computer and network security, e-commerce, grid computing, wireless technologies etc.
Rights and permissions
About this article
Cite this article
Patil, V., Shyamasundar, R.K. e-coupons: An Efficient, Secure and Delegable Micro-Payment System. Inf Syst Front 7, 371–389 (2005). https://doi.org/10.1007/s10796-005-4809-1
Issue Date:
DOI: https://doi.org/10.1007/s10796-005-4809-1