Offline Micropayments without Trusted Hardware

We introduce a new micropayment scheme, suitable for certain kinds of transactions, that requires neither online transactions nor trusted hardware for either the payer or payee. Each payer is periodically issued certified credentials that encode the type of transactions and circumstances under which payment can be guaranteed. A risk management strategy, taking into account the payers' history, and other factors, can be used to generate these credentials in a way that limits the aggregated risk of uncollectable or fraudulent transactions to an acceptable level. These credentials can also permit or restrict types of purchases. We show a practical architecture for such a system that uses a Trust Management System to encode the credentials and policies. We describe a prototype implementation of the system in which vending machine purchases are made using consumer PDAs.

[1]  Colin Boyd,et al.  A Payment Scheme Using Vouchers , 1998, Financial Cryptography.

[2]  Sun Meifeng,et al.  KeyNote Trust Management System , 2002 .

[3]  Amir Herzberg,et al.  MiniPay: Charging per Plick on the Web , 1997, Comput. Networks.

[4]  Rafael Hirschfeld Proceedings of the Second International Conference on Financial Cryptography , 1997 .

[5]  Mark S. Manasse,et al.  The Millicent Protocols for Electronic Commerce , 1995, USENIX Workshop on Electronic Commerce.

[6]  Amir Herzberg,et al.  Safeguarding Digital Library Contents: Charging for Online Content , 1998, D Lib Mag..

[7]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[8]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[9]  Ralf Hauser,et al.  Micro-Payments based on iKP , 1996 .

[10]  B. Clifford Neuman,et al.  NetCash: a design for practical electronic currency on the Internet , 1993, CCS '93.

[11]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[12]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  Matthew K. Franklin,et al.  Proceedings of the Third International Conference on Financial Cryptography , 1999 .

[14]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[15]  Jacques Traoré,et al.  An Efficient Fair Off-Line Electronic Cash System with Extensions to Checks and Wallets with Observers , 1998, Financial Cryptography.

[16]  Mihir Bellare,et al.  iKP - A Family of Secure Electronic Payment Protocols , 1995, USENIX Workshop on Electronic Commerce.

[17]  Dan Boneh,et al.  SWAPEROO: A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations , 1998, USENIX Workshop on Electronic Commerce.

[18]  Dan Boneh,et al.  Experimenting with Electronic Commerce on the PalmPilot , 1999, Financial Cryptography.

[19]  Moti Yung,et al.  VarietyCash: A Multi-Purpose Electronic Payment System , 1998, USENIX Workshop on Electronic Commerce.

[20]  Donald E. Eastlake,et al.  CyberCash Credit Card Protocol Version 0.8 , 1996, RFC.

[21]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[22]  Lei Tang A Set of Protocols for Micropayments in Distributed Systems , 1995, USENIX Workshop on Electronic Commerce.

[23]  Michael Stumm,et al.  NetCents: A Lightweight Protocol for Secure Micropayments , 1998, USENIX Workshop on Electronic Commerce.

[24]  B. Clifford Neuman,et al.  Requirements for network payment: the NetCheque perspective , 1995, Digest of Papers. COMPCON'95. Technologies for the Information Superhighway.