CS 161: E-commerce. Stages in E-commerce purchase. Stages in e-commerce purchase. Credit cards as an enabler. Why is a credit card transaction 50?

Similar documents
Lecture 10: Electronic Cash and Oblivious Transfer

History of Digital Money

History of Digital Money

Consumer oriented Ecommerce:

Game theory (Sections )

IMES DISCUSSION PAPER SERIES

Bitcoin can be used to buy things electronically. In that sense, it s like conventional dollars, Euros, or yen, which are also traded digitally.

Interleaving Cryptography and Mechanism Design: the Case of Online Auctions. Edith Elkind Helger Lipmaa

Perspectives on Financial Cryptography. Ronald L. Rivest MIT Lab for Computer Science (RSA / Security Dynamics) FC /27/97

A CryptoCodex Ltd. Product

Chapter 2. E-Marketplaces: Structures, Mechanisms, Economics, and Impacts

ESSENTIALS OF E-COMMERCE (UNIT-2) PROCESS OF ELECTRONIC TRANSACTIONS AND THE INDIAN PAYMENT MODEL

SUBJECT: Additional Information Related to Requisitions Page 1 of 29 TABLE OF CONTENTS. Overview of the Requisition Structure... 2

Tokenization: The Future of Payments

Introduction to EMV BEYOND PAYMENT

Software Frameworks for Advanced Procurement Auction Markets

OpenBank - banking platform for e-money management based on blockchain technology (version 0.2)

Procedural Guidelines RuPay QR code

Decentralize everything!

Adding timestamps to the secure electronic auction protocol

At a Glance: The Payment Ecosystem. Powering Subscription Success

e-commerce WEEK7 Learning Objectives

Blockchain and Smart Contract Mechanism Design Challenges

Intro to Algorithmic Economics, Fall 2013 Lecture 1

CHAPTER 3 CLASSIFICATION AND REQUIREMENTS OF ELECTRONIC PAYMENT SYSTEM

Security of Smartcard Based Payment Protocol

Micropayments Revisited. Ronald L. Rivest (with Silvio Micali) MIT Laboratory for Computer Science

MODELS OF MOBILE PAYMENTS

Primitive-Based Payment Systems for Flexible Value Transfer in the Personal Router

INTERNET FRAUD SCAMS. Commercial Bank

SEMINOLE COUNTY OFFICE OF MANAGEMENT AND BUDGET PURCHASING DIVISION BLANKET PURCHASE ORDER PROCESS AUDIT. March 31, 1998

Single or multi-sourcing model?

Your School District Procurement Card. Staff Guide Staff Agreement & Board Policy

VALUE OF SHARING DATA

University of Benghazi Faculty of Information Technology. E-Commerce and E-Marketing (IS475) Instructor: Nasser M. AMAITIK (MSc IBSE) Lecture 02

OFF-LINE ELECTRONIC CASH SYSTEMS BASED ON A SECURE COALITION-RESISTANT GROUP BLIND SIGNATURE SCHEME

Ad Hoc PSM Protocols: Secure Computation without Coordination

AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR

TransKrypt Security Server

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 5

Traditional auctions such as the English SOFTWARE FRAMEWORKS FOR ADVANCED PROCUREMENT

EMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team

Digital Cash. Team members: Amit, Hiren, Kevin, Kai Supervisor: Stefano Cattani

9/17/12. Chapter 4 Jeff Bezos. Learning Objectives. Where is the money B2B or B2C? Electronic Commerce. Key Capabilities: Integration

OLXA COIN WHITE PAPER DECENTRALIZED APPLICATIONS AND CROWD-PROJECTS THROUGH THE BLOCKCHAIN TECHNOLOGY.

REDESIGNING BITCOIN S FEE MARKET arxiv:

Block-Chains: Insights and Issues

Sponsored Search Markets

Terms of Trade GENERAL SELLER S OBLIGATIONS. Terms of Trade web-parts.com, 7. March is owned by

Euronet s Dynamic Currency Conversion Solution Increase Your Revenue as an Acquirer with a Value Added Service

The Sealed Bid Auction Experiment:

THE DIGITAL FIRM: ELECTRONIC COMMERCE AND ELECTRONIC BUSINESS

Are Your Virtual Card Payments Really Check Payments in Disguise? MUFG Union Bank, N.A. A member of MUFG, a global financial group

Department of Economics & Public Policy Working Paper Series

E-Business & E-Commerce

Receivables and Secure Payment Processing

This tutorial takes adopts a simple and practical approach to explain the governing principles of e-commerce.

Agent-Based Electronic MarketPlace System Design Document

Solutions to Homework 1

IBM Payments Gateway

Federal Communications Commission ComCom Federal Office of Communications Worked Example - CCA

The Ascending Bid Auction Experiment:

In ACM NetWorker, 2:2, April/May 1998, pp Atomicity in. J. D. Tygar

New Payments Platform. A Technical Overview

MOBILE UNDERWRITING AND TRANSACTION MONITORING. Presented July 26, 2013

Online Payment Services

Target, the third largest retailer in the U.S., suffered a

Game Theory: Spring 2017

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

Requirements Engineering Unit 4: Requirements modeling, specification & prioritization

Bitcoin: A Peer to Peer Electronic Cash System

E-procurement and E-markets. E-business lecture 7

MERCHANDISING TRANSACTIONS: INTRODUCTION TO INVENTORIES AND CLASSIFIED INCOME STATEMENT

Ch.3 Methods of Procurement.

Chapter by Prentice Hall

COMP/MATH 553 Algorithmic Game Theory Lecture 8: Combinatorial Auctions & Spectrum Auctions. Sep 29, Yang Cai

Illinois State Board of Education Nutrition Programs Division Food Distribution Program. Processing Basics

Coinyspace White Paper

Payment Gateway Overview. Get familiar with credit card processing & our platform

Tribhuvan University Institute of Science and Technology 2068(I)

What Do Merchants Need to Be Successful Online?

SAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS

EMV Validation (on-behalf of) Service

E- COMMERCE AND E- PROCUREMENT

Three New Connections Between Complexity Theory and Algorithmic Game Theory. Tim Roughgarden (Stanford)

Electronic accounts payable: increasing compliance, control and security

Network Effects and the Efficiency Defense in Mergers among Two-Sided Platforms

Communication Intelligence in the Mailstream:

Guide to Managing and Optimizing Advertisement Campaigns.

Question Paper Code : J1133

Management Information Systems MANAGING THE DIGITAL FIRM, 12 TH EDITION GLOBAL EDITION

Chapter 2 E-Marketplaces: Structure, Mechanisms, Economics, and Impacts

SUBJECT: Additional Information for Voucher Workflow Page 1 of 22 TABLE OF CONTENTS. Supporting Documentation Required for Vouchers...

batch Payment Return Reversal

Oracle Procurement Cloud Security Reference

PREFACE DOCUMENT INFORMATION References CHANGE HISTORY PURPOSE OF THE DOCUMENT... 3

LINDACOIN WHITEPAPER

Part III: eprocurement

NetSuite Integration for CyberSource. Getting Started Guide

IBM TRIRIGA Version 10 Release 4.0. Procurement Management User Guide

Transcription:

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 1 CS 161: E-commerce Stages in E-commerce purchase October 24, 2005 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 2 Stages in e-commerce purchase Advertising Solicitation Negotiation Purchase Payment Delivery Ordering/support Credit cards as an enabler Standard purchase model reveals credit information Overhead costs can be high for microtransactions Acquiring Bank vs. Bank Payment processors 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 3 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 4 Why is a credit card transaction 50? Overlimit & collections Issuer center administration Cardholder servicing & promotion Payment processing Issuer fraud investigations Cardholder authorizations Account acquisition & credit processing Card issuing Incoming interchange Cardholder billing Information goods Consider the purchase of an information good or service: Library information Search services Software Video clips These transactions may be large value or microtransactions In either case, atomicity is crucial 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 5 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 6

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 7 What Is atomicity? I won t try to give a formal definition 3 types of atomicity: Payment methods: Atomicity Money atomicity All money transfers complete with non-ambiguous results Money is neither destroyed nor created Goods atomicity One receives goods if and only if one pays Example: Cash On Delivery parcels Certified delivery Both buyer and seller can prove the delivered content If you get bogus goods, you can prove it 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 8 First Virtual User pays after receiving goods Money atomicity only Messages sent in clear Uses expensive credit card transactions First Virtual Credit Card Acquirer Encrypted tunnel through the Netscape/SSL model Private Line Credit Card Acquirer sends card # direct to merchant Similar to today s phone order Must trust merchant with card info Weak atomicity High transaction costs 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 9 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 10 Encrypted tunnel through the Third party intermediary model (Cybercash) Protects consumer s card info Use for reaching Cybercash gateway to acquirers Adds to credit card card cost Encrypted tunnels through the Mastercard/Visa SET Protects consumer s card info by cryptography Money-atomicity only Use net to reach acquirer Uses expensive credit card transactions (high commission) Credit Card Acquirer Cybercash Credit Card Acquirer 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 11 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 12

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 13 5 4 3 Bank 2 1 Digicash 1 asks bank for anonymous digicash 2 Bank sends anonymous digicash bits to consumer 3 sends digicash to merchant in payment 4 checks that digicash has not been double spent 5 Bank verifies that digicash is valid Problems No atomicity Anonymity restricted in US Interrupt transaction: ambiguous state Detecting double spending is expensive NetBill goals Real service Highly atomic transactions Micro-transactions Full security and privacy 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 14 NetBill features Focus on info goods/services (journal articles) Microtransaction (10 purchase: 1 overhead) Variable pricing Fully integrated access control DES/RSA/DSA combo for best performance Electronic statements & account creation Certified delivery: proof of purchase/content NetBill model An electronic credit card to enable network based commerce Provides billing services on behalf of network attached merchants. Network Bank NetBill 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 15 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 16 NetBill protocol NetBill protocol - low level [1] [2] [3] [4] [5] [8] [7] [6] NetBill (All messages are encrypted with shared key S) 1 Buyer requests price 2 Seller makes offer 3 Buyer accepts offer 4 Goods delivered encrypted with K 5 Buyer signs EPO (electronic purchase order) <price,crypto-checksum,timeout> 6 Seller countersigns EPO, and signs K 7 NetBill checks account, timeout; stores K & crypto-checksum; transfers price money; sends signed receipt including K 8 K received; goods decrypted 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 17 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 18

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 19 NetBill protocol - low level NetBill protocol - low level Purchase Request 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 20 Why atomic? Money atomicity Accounts are held at a single server, and are modified with local atomic (ACID) transactions Goods atomicity Customer receives decryption key for goods only if she pays If customer pays, decryption key available from multiple sources (merchant and NetBill server) Key can be delivered by alternative network (such as telephone) if necessary Certified delivery If customer receives junk or bogus goods, can prove the contents to a judge Crypto checksum of goods (signed by both customer and merchant) are stored at NetBill server Signed copy of decryption key stored by all parties! Role of Anonymity in EC 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 21 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 22 A puzzle Suppose Berkeley grads want to find their average salary But, of course, no participant wants to reveal his/her salary How can we compute the average without giving away information about any participant s salary? Later, I will give several solutions to this puzzle Why study anonymity? Privacy concerns individual corporate national Technology for collecting private statistics Understand theoretical limits, countermeasures Understanding semi-anonymity Allows government search in exceptional circumstances Insights e-commerce distributed protocols cryptography survivability 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 23 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 24

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 25 Anonymous computation There is extensive work on anonymous and secret communication (cryptography) But what if we want to compute a function of the secure values? In puzzle, we want to add encrypted values Examples: Compute census statistics on usage or population Make an anonymous purchase and then be able to prove that goods were delivered correctly Anonymously auction goods without revealing any bids (except the winning bid) or bidders Is anonymous computation feasible? Good news: In theory: any computation can be anonymized Bad news: In general, constructions are complicated Most constructions multiply number of messages by a factor of at least 1000 (and often, much higher, like 10 20 ) Usually, simple IP location tracing (traffic analysis) reveals identity of parties Computation requires complex crypto operations. Running times for simple anonymous computations are usually measured in days or years. So researchers have relied on partial solutions Mixes, pseudonyms, escrow 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 26 Mixes Pseudonymous identity Use intermediate forwarding agents Examples: onion routing, crowds, anonymizer.com, etc. Idea simultaneously thought of by several researchers Problems: intermediary knows all subject to traffic analysis and statistical analysis can not link old messages to new messages (Anonymized) (Anonymized) source source Recipient Recipient Identity traceable Intermediate forwarding agent Identity untraceable Establish a consistent, but disguised identity Example: mail forwarders Can disguise basic facts about identity, but may be traceable from patterns of use Once identity is revealed, then all previous uses are traceable 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 27 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 28 Escrow Use pseudonym, but store real identity where law enforcement can find it. Refinement: split identity into multiple parts Store them in different locations Depends on procedural mechanisms (e.g. search warrants) for privacy Has drawbacks of pseudonym Government approach to cryptography Anonymizers Unsatisfactory solutions to puzzle Mix approach: Everyone sends salary anonymously to third parties who publish Escrow approach: Everyone sends salary to trusted escrow agent Alice Bob Carl Doe Alice Bob Carl Doe Trusted referee publish publish publish publish publish 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 29 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 30

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 31 Fissionable data Idea: 1 fission data into different parts each part is random, but combination is not random 2 perform operations on parts 3 recombine data Mathematics is based on theory of finite fields Anonymous addition & multiplication are fast My examples focus on addition (easy to show) Fissionable solution to puzzle Fix a modulo n Each person S (T, U, ) picks k-1 random values S 1, S 2, S k-1 Each person S picks a S k such that S 1 + S 2 + + S k-1 + S k = [Salary of S] (mod n) Each person S sends value S i to referee I (communications should be over a secure channel) Referee i sums S i +T i +U i +... The referees publish their results and we take sum 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 32 Fissionable solution to puzzle Alice Bob Carl Hierarchical approaches Because referees combine information locally, we can build hierarchies of referees A 1 A 2 A 3 A 1 B 1 C 1 B 1 B 2 B 3 A 2 B 2 C 2 C 1 C 2 C 3 A 3 B 3 C 3 This means that results can be combined at a communication point (such as an router in the Active Network approach.) Referee 1 Referee 2 Referee 3 Σ 1 Σ 2 Σ 3 All sums taken modulo n Final sum 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 33 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 34 Other forms We can also pick a random polynomial of degree q modulo p f(x) = x q + a q-1 x q-1 +... + a 1 x + a 0 (mod p) (a i are chosen randomly) Secret is f(0) = a 0 Shares are f(1), f(2),... Note: q shares determine f(0) (Lagrangian interporlation) We can add and multiply values Fault-tolerant: we can use more than q shares for redundancy Super-fast! 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 35 Auction types Auctions Allocate scarce resources Proposed to ration bandwidth Three types of auctions English auction (price goes up) advantages: encourages honest bids disadvantages: slow not private Sealed bid auction advantages: constant time disadvantages: does not encourage honest bids, auctioneer knows all Dutch auction (price goes down) advantages: protects privacy disadvantages: slow does not encourage honest bids 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 36

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 37 Vickrey auction Vickrey gave a way to combine best features of English auctions and sealed-bid auction Anonymous auctions Goal: combine best features of all three protocols Second-price auction Highest bidder wins Price is the value of the second highest bid Example: Alice is highest bidder for $100; Bob is second highest bidder for $80; Alice wins the bid, but pays only $80 Should run in a single round Should reveal only second highest bid Highest bidder can claim prize for second highest price No other information is revealed 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 38 Anonymous bids Each of n auctioneers gets a temporary ID Bid is bit vector of potential bids Non-zero entry represents bid $5 $10 $15 $20 $25 $30 $35 $40 $45 $50 $55 $60 $65 $70 $75 $80 657 123 34 1 555 89 932 212 453 323 206 214 159 0 0 0 This bidder is willing to bid up to $65 We fission each element in the bid vector to protect individual bidders Looking for the 2nd highest bid Each bid vector is fissioned We partition bidders log 2 n ways based on binary values of temporary IDs low bit value 000/010/100/110 vs 001/011/101/111 2nd bit value 000/001/100/101 vs 010/011/110/111 3rd bit value 000/001/010/011 vs 100/101/110/111 For each partition (element-by-element ops) We anonymously add the vectors in blue and green partitions We anonymously multiply blue sum with green sum We sum over all partitions The final vector has a non-zero entry exactly when at least 2 people bid that price 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 39 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 40 Anonymous auction The result is a bid vector; the highest non-zero entry is the second-highest bid All other entries are random, giving no information By using a technique called dynamic programming, we can dramatically reduce the number of operations Anonymous auctions Goal: combine best features of all three protocols Should run in a single round Should reveal only winning bid No other information is revealed Example: In recent radio spectrum auctions, bidders signaled information by their bid A bid of 2 million dollars and 37 cents = we want to bid unopposed on lot 37 Communications linear in the number of bids (as any auction must be!) 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 41 2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 42

2005 by J. D. Tygar, cs.161.org, 24 Oct 2005 43

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback