Electronic payment systems come in many forms including digital checks, debit cards, credit cards, and stored value cards. The usual security features for such systems are privacy (protection from eavesdropping), authenticity (provides user identification and message integrity), and no repudiation (prevention of later denying having performed a transaction) .
The type of electronic payment system focused on in this paper is electronic cash . As the name implies, electronic cash is an attempt to construct an electronic payment system modelled after our paper cash system. Paper cash has such features as being: portable (easily carried), recognizable (as legal tender) hence readily acceptable, transferable (without involvement of the financial network), untraceable (no record of where money is spent), anonymous (no record of who spent the money) and has the ability to make "change." The designers of electronic cash focused on preserving the features of untraceability and anonymity. Thus, electronic cash is defined to be an electronic payment system that provides, in addition to the above security features, the properties of user anonymity and payment untraceability
The term electronic commerce refers to any financial transaction involving the electronic transmission of information. The packets of information being transmitted are commonly called electronic tokens . One should not confuse the token, which is a sequence of bits, with the physical media used to store and transmit the information.
We will refer to the storage medium as a card since it commonly takes the form of a wallet-sized card made of plastic or cardboard. (Two obvious examples are credit cards and ATM cards.) However, the "card" could also be, e.g., a computer memory.
A particular kind of electronic commerce is that of electronic payment . An electronic payment protocol is a series of transactions, at the end of which a payment has been made, using a token issued by a third party. The most common example is that of credit cards when an electronic approval process is used. Note that our definition implies that neither payer nor payee issues the token.
There are four major components in an electronic cash system: issuers, customers, merchants, and regulators. Issuers can be banks, or non-bank institutions; customers are referred to users who spend E-Cash; merchants are vendors who receive E-Cash, and regulators are defined as related government agencies. For an E-Cash transaction to occur, we need to go through at least three stages:
1. Account Setup: Customers will need to obtain E-Cash accounts through certain issuers. Merchants who would like to accept E-Cash will also need to arrange accounts from various E-Cash issuers. Issuers typically handle accounting for customers and merchants.
2. Purchase: Customers purchase certain goods or services, and give the merchants tokens which represent equivalent E-Cash. Purchase information is usually encrypted when transmitting in the networks.
3. Authentication: Merchants will need to contact E-Cash issuers about the purchase and the amount of E-Cash involved. E-Cash issuers will then authenticate the transaction and approve the amount E-Cash involved
Classification of e-Cash
E-Cash could be on-line, or off-line. On-Line E-Cash refers to amount of digital money kept by your E-Cash issuers, which is only accessible via the network. Off-line E-Cash refers to digital money which you keep in your electronic wallet or other forms of off-line devices. Another way to look at E-Cash is to see if it is traceable or not. On-line credit card payment is considered as a kind of "Identified" E-Cash since the buyer's identity can be traced. Contrary to Identified E-Cash, we have "anonymous" E-Cash which hides buyer's identity. These procedures can be implemented in either of two ways:
Before accepting her payment and delivering his merchandise. (This resembles many of today's credit card transactions.)
2.2 Off-line payment means that Bob submits Alice's electronic coin for verification and deposit sometime after the payment transaction is completed. (This method resembles how we make small purchases today by personal check.)
Note that with an on-line system, the payment and deposit are not separate steps. We will refer to on-line cash and off-line cash schemes, omitting the word "electronic" since there is no danger of confusion with paper cash.
3. Properties of Electronics Cash
Specifically, e-cash must have the following four properties, monetary value, interoperability , retrievability & security.
3.1 Monetrary value
E-cash must have a monetary value; it must be backed by either cash (currency), or a back-certified cashiers checqe when e-cash create by one bank is accepted by others , reconciliation must occur without any problem. Stated another way e-cash without proper bank certification carries the risk that when deposited, it might be return for insufficient funds.
E-cash must be interoperable that is exchangeable as payment for other e-cash, paper cash, goods or services , lines of credits, deposit in banking accounts, bank notes , electronic benefits transfer ,and the like .
3.3 Storable & Retrievable
Remote storage and retrievable ( e.g. from a telephone and communication device) would allow user to exchange e-cash ( e.g. withdraw from and deposit into banking accounts) from home or office or while traveling .the cash could be storage on a remote computer’s memory, in smart cards or in other easily transported standard or special purpose device. Because it might be easy to create counterfeit case that is stored in a computer it might be preferable to store cash on a dedicated device that can not be alerted. This device should have a suitable interface to facilitate personnel authentication using password or other means and a display so that the user can view the cards content .
4. E-Cash Security
Security is of extreme importance when dealing with monetary transactions. Faith in the security of the medium of exchange, whether paper or digital, is essential for the economy to function.
There are several aspects to security when dealing with E-cash. The first issue is the security of the transaction. How does one know that the E-cash is valid?
Encryption and special serial numbers are suppose to allow the issuing bank to verify (quickly) the authenticity of E-cash. These methods are suseptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point out that the encryption methods used for electronic money are the same as those used to protect nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a step ahead of hackers.
4.1 Physical security of the E-cash is also a concern.
If a hard drive crashes, or a smartcard is lost, the E-cash is lost. It is just as if one lost a paper currency filled wallet. The industry is still developing rules/mechanisms for dealing with such losses, but for the most part, E-cash is being treated as paper cash in terms of physical security.
4.2 Signature and Identification.
In a public key system, a user identifies herself by proving that she knows her secret key without revealing it. This is done by performing some operation using the secret key which anyone can check or undo using the public key. This is called identification. If one uses a message as well as one's secret key, one is performing a digital signature on the message. The digital signature plays the same role as a handwritten signature: identifying the author of the message in a way which cannot be repudiated, and confirming the integrity of the message.
4.3 Secure Hashing
A hash function is a map from all possible strings of bits of any length to a bit string of fixed length. Such functions are often required to be collision-free: that is, it must be computationally difficult to find two inputs that hash to the same value. If a hash function is both one-way and collision-free, it is said to be a secure hash.
The most common use of secure hash functions is in digital signatures. Messages might come in any size, but a given public-key algorithm requires working in a set of fixed size. Thus one hashes the message and signs the secure hash rather than the message itself. The hash is required to be one-way to prevent signature forgery, i.e., constructing a valid-looking signature of a message without using the secret key. The hash must be collision-free to prevent repudiation, i.e., denying having signed one message by producing another message with the same hash.
A new medium of exchange presents new challenges to existing laws. Largely, the laws and systems used to regulate paper currency are insufficient to govern digital money.
The legal challenges of E-cash entail concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency transactions, but this also removes much of the regulation of the currency in the current system.
Tax questions immediately arise as to how to prevent tax evasion at the income or consumption level. If cash-like transactions become easier and less costly, monitoring this potential underground economy may be extremely difficult, if not impossible, for the IRS.
The more daunting legal problem is controlling a potential explosion of private currencies. Large institutions that are handling many transactions may issue electronic money in their own currency. The currency would not be backed by the full faith of the United States, but by the full faith of the institution. This is not a problem with paper currency, but until the legal system catches up with the digital world, it may present a problem with e-cash
Note that token forgery is not the same thing as signature forgery. Forging the Bank's digital signature without knowing its secret key is one way of committing token forgery, but not the only way. A bank employee or hacker, for instance, could "borrow" the Bank's secret key and validly sign a token