2.1. Function Payments are made by inserting the card into a card reader in the retail terminal and funds are transferred immediately from the card to the terminal. User can check the balance with the balance reader which is a small device containing a card reader and a small screen. Cardholders will also be able to check their balance on Mondex telephones, ATMs and using the Mondex electronic wallet. The card's memory stores a log of the last ten transactions. [3]
The Mondex electronic wallet is a pocket-sized device with a keyboard and a screen. The wallet enables people to venture out carrying only minimum funds on their card, with a separate store of value held on the wallet, which might be held in the security of their home or in a hotel room. This gives the cardholder a degree of security as, if they lose their card, only the minimum amount of money is lost with it. Transfers between individuals can also be made - by inserting the card into the electronic wallet and moving cash from the first person's card to the recipient's card. [3]
While Mondex was primarily designed as an alternative means of payment to cash in the physical market place, in the future Mondex will also be possible to be used for purchasing goods from the Internet. The Mondex system is well-suited to the 'micro-payments' which make up the majority of transactions on the Internet. Once money is on the Mondex card, it can be spent via the Internet using computers with appropriate Mondex software and a smartcard reading device. Mondex is already conducting internal trials of existing software and it is expected that Mondex will go to public trials in 1997. [3]
The first microchip to be used for Mondex is a specially-tailored security
application using the Hitachi H8/310 smartcard microprocessor, which has
8 KB of memory.
[3]
On these chip cards are loaded the Value Transfer Protocol, which uses
sophisticated cryptography to protect value as it passes from
one Mondex card to another. An important aspect of Mondex is that value
can only move between Mondex cards - and can only be stored on Mondex cards.
Mondex provides consumers with the ability to protect their cash by
'locking' their cards with a personal code - so that Mondex value cannot
be taken from a card. [3]
Since CAFE aims at the market of small everyday payments that is currently
dominated by cash, payments are off-line, and privacy is an important issue.
The project has applied modern cryptographic techniques to produce a secure
but also open and flexible system for consumer payments using
electronic money.
CAFE proposes an open architecture for small and high value payments, post-pay
(like credit-card) or pre-pay (like stored value cards). The protocols could
also be run in multi-functional devices like PDAs
or mobile phones.
Possible future extensions include electronic personal credentials
(like passports, driver's licenses or housekeys) and medical information.
[6]
The wallets have an infrared interface which makes point-and-pay transactions
possible. CAFE has also a loss tolerance feature: If a user loses
an electronic wallet, or the wallet breaks or is stolen, the user can be
given the money back, although it is a prepaid payment system.
The double-spending problem is solved in CAFE so that in every card and
wallet there is a banks trusted part which is called the guardian. It will
notice if the same money are tried to spent twice. No payments are
accepted unless the guardian tells that it is allowed.
[12]
The CAFE system is based on recent research in
public key cryptography.
CAFE uses the combination of a public key and a unique private key.
[5]
It allows the use of a smart card or an electronic
wallet for signature transporting. Electronic money, issued by a bank, can be
tagged with a unique electronic signature per payment, to be compared with the
unique number on printed bank notes. This signature can be downloaded into
the smart card or wallet.
The public key nature of the CAFE protocols makes it also possible to create
an open system. Participants don't have to trust each other and don't have to
negotiate on the division of the risks involved. Once in use, multiple
providers of goods and services, as well as multiple issuers of electronic
money can join the system.
According to CyberCash's announcement CyberCash is the only company with
world-wide export license of 1024-bit RSA encryption algorithm.
[10]
CyberCash transactions move between three separate software programs:
The merchant and consumer softwares are free.
2.2. Security
Mondex security begins with the hardware of the chip in the card,
the software that controls the movement of values between
cards, and a classification system that puts limits on the values and
uses for certain types of cards. The combination of these elements allows
only certain users to communicate or transmit certain information and
value in certain currencies.
3. CAFE
CAFE is an European project, carried out be a consortium of companies active
in electronic payments together with research organisations. It is
supported, also financially, by the European Commission.
CAFE is an acronym of Conditional Access For Europe, and its name reflects the
scope of the project. It is developing an electronic wallet, to be used as
a pan-European device for consumer payments, access to information services
and - if required - identification.
CAFE has been in test use for three years in Brussels.
3.1 Functions
The main hardware is pocket-sized electronic wallets.
Several versions have
been designed, some simple with just two buttons, some with larger LCD screens
and more buttons. The advantage with buttons are that PINs can be entered
directly, so that fake-terminal attacks are prevented.
[6]
3.2 Security
An important aspect of CAFE is security of all parties concerned, with the
least possible requirements that they are forced to trust other parties
(so-called multi-party security). This means that all security requirements
of a party are guaranteed without forcing this party to trust other parties.
4. CyberCash and CyberCoin
The CyberCash company is focused on providing Secure Financial Transactions
Services over the Internet, including credit card transactions, electronic
checks and micro transactions. CyberCash has made Internet credit card
transactions since April 1995.
CyberCash's Credit Card and Electronic Coin service are nowdays active.
Currently CyberCash is only available in US dollars and at online merchants
who have a US bank account.
CyberCash's electronic check services will offer peer-to-peer
transactions and will be available in 1997.
[10]
CyberCash Wallet
CyberCash Wallet is a software program
that offers consumers several ways of paying online. Users can choose to
transfer money into the Wallet from an existing bank account or from their
major credit cards. The Wallet is secure as the funds do not leave the bank
until payment is rendered.
If the computer or a hard disk which cantains the Wallet crashes the
money will be transferred back to the consumers bank account.
[10]
There is a limit to the amount of cash a consumer can put in his wallet. Consumer can load up to $80 over one month.
The CyberCash, the Checkfree, and Compuserve Wallets are the same and are completely compatible. Each company has added a few of its own features, but the wallets can be used with any CyberCash, Checkfree, and Compuserve merchants. [10]
The illustration below shows the six steps that occur when consumer decides to purchase goods from the merchants online server with CyberCash credit card payment system or with CyberCoin.
From Step 1 to Step 6 takes approximately 15-20 seconds. [10]
-
1) Consumer has shopped the merchant's site and decided what to
purchase.
2) Consumer chooses the credit card or the CyberCoin from his wallet and clicks OK to forward the order and encrypted payment information to the merchant.
3) Merchant receives the packet, strips off the order and forwards the encrypted payment information digitally signed and encrypted with his private key to the CyberCash server. The merchant cannot see the consumer's credit card information.
4) CyberCash server receives the packet, takes the transaction behind its firewall and off the Internet, unwraps data within a hardware based crypto box , reformats the transaction and forwards it to the merchant's bank over dedicated lines.
5) The merchant's bank forwards the authorization request to the issuing bank. The approval or denial code then is sent back to CyberCash.
6) CyberCash then returns the approval or denial code to the merchant who then passes it on to the consumer.
CyberCoin
In October 1996 CyberCash Inc. introduced a service which is called CyberCoin - a secure micropayment service for purchasing goods online.CyberCoin enables Internet consumers to purchase low-priced items, ranging in price from $0.25 to $10.00. CyberCoin service is available now for merchants, consumers, and several banks. However, CyberCoin is not a peer-to-peer solution between individual consumers on the Internet.
In CyberCoin transaction, the financial information is encrypted and digitally signed, but the message itseld is not. CyberCoin uses RSA encryption technology. [10]
In October 1996 CyberCash made a technology and marketing agreements with Netscape. Netscape plans to bundle CyberCoin with future versions of its LivePayment server software, and will also integrate the technology with future versions of Navigator. [8]
5. Other Types of bitmoney
5.1. DigiCash smart cards
DigiCash has developed many smart card masks, which we here are having a view
of two of the DigiCash's latest project: SAKE and Blue.
SAKE
The SAKE card is a proven technology Secure Application KErnel for cards of the Motorola 6805 smart card family. The SAKE card is a set of routines on which secured applications are built.The application is programmed into the Sake card itself and doesn't have to operate from the card reader alone, so there is a better grip on the functionality and security aspects. [11]
The application software (or part of it) can be added to the mask of Sake. There is also an ability to add, change or delete parts of an application (or whole applications) after production, even in the field. These modifications are signed using RSA allowing the modifications to happen off-line and securely. However the 512-bit RSA keys that are used are not very adequate today.
Features of SAKE[11]:
- Compression of application software, which leaves more memory
to the database of the application.
- DES and RSA verification functions
- High speed DES encryption routines taking at maximum 10 ms per encryption, depending on the precomputation of the key.
- RSA verification speed app. 0.25 s (512 bit numbers)
