1 Introduction We present two simple micropayment schemes, "PayWord " and "MicroMint, " for making small purchases over the Internet. We were inspired to work on this problem by DEC's "Millicent " scheme[10]. Surveys of some electronic payment schemes can be found in HallamBaker [6], Schneier[16], and Wayner[18]. Our main goal is to minimize the number of public-key operations required per payment, using hash operations instead whenever possible. As a rough guide, hash functions are about 100 times faster than RSA signature verification, and about 10,000 times faster than RSA signature generation: on a typical workstation, one can sign two messages per second, verify 200 signatures per second, and compute 20,000 hash function values per second.

We propose a micro-payment scheme for multi-hop cellular networks that encourages collaboration in packet forwarding by letting users benefit from relaying others' packets. At the same time as proposing mechanisms for detecting and rewarding collaboration, we introduce appropriate mechanisms for detecting and punishing various forms of abuse. We show that the resulting scheme -- which is exceptionally lightweight -- makes collaboration rational and cheating undesirable.

We present new micropayment schemes that are more efficient and user friendly than previous ones.

In this work, we aim to reduce the computational costs of using public-key digital signatures in securing routing protocols. Two protocols (COSP and IOSP) using one-time digital signatures are introduced to provide the functionality of public-key digital signatures. Our protocols are intended to be used in place of public-key digital signatures for signing all kinds of message exchanges among routers. We obtained more than ten-fold increase in speed compared with public-key signatures. Our protocols overcome the shortcomings identified in previous works, such as timing constraints, limited applications and high storage and computational costs for volatile environments [12].

We introduce a new micropayment scheme, suitable for certain kinds of transactions, that requires neither online transactions nor trusted hardware for either the payer or payee. Each payer is periodically issued certified credentials that encode the type of transactions and circumstances under which payment can be guaranteed. A risk management strategy, taking into account the payers' history, and other factors, can be used to generate these credentials in a way that limits the aggregated risk of uncollectable or fraudulent transactions to an acceptable level. These credentials can also permit or restrict types of purchases. We show a practical architecture for such a system that uses a Trust Management System to encode the credentials and policies. We describe a prototype implementation of the system in which vending machine purchases are made using consumer PDAs.

. This paper describes our experience with implementing an electronic payment system for the PalmPilot. Although Palm OS lacks support for many desired security features, we are able to build a system suitable for small payments. We discuss the advantages and disadvantages of using a PDA to make secure payments as opposed to using a smartcard or a desktop PC. In addition, we describe the engineering of PDA-PayWord, our implementation of a commerce protocol that takes advantage of both elliptic curve and RSA public key cryptography to support payments efficiently on PDAs with limited processing capability. Keywords: electronic commerce, personal digital assistants, PalmPilot, digital wallet, electronic payment systems. 1 Introduction The explosive growth of the market for Personal Digital Assistants (pda's) has led to a wealth of new applications for them. In this paper, we experiment with electronic commerce for pda's. Our motivation is clear: since consumers are already carrying dig...

Abstract — This paper discusses the design, implementation and deployment of a secure and practical payment system for electronic commerce on the Internet. The system is basedontheiKP family of protocols – i =1, 2, 3 – developed at IBM Research. The protocols implement credit cardbased transactions between buyers and merchants while the existing financial network is used for payment clearing and authorization. The protocols are extensible and can be readily applied to other account-based payment models, such as debit cards. They are based on careful and minimal use of public-key cryptography and can be implemented in either software or hardware. Individual protocols differ in both complexity and degree of security. In addition to being both a pre-cursor and a direct ancestor of the well-known SET standard, iKP-based payment systems have been in continuous operation on the Internet since mid-1996. This longevity – as well as the security and relative simplicity of the underlying mechanisms – make the iKP experience unique. For this reason, this paper also reports on, and addresses, a number of practical issues arising in the course of implementation and real-world deployment of a secure payment system.

Non-repudiation is one of the most important security services. In this paper we present a novel nonrepudiation technique, called Server-Supported Signatures, S³. It is based on one-way hash functions and traditional digital signatures. One of its highlights is that for ordinary users the use of asymmetric cryptography is limited to signature verification. S³ is efficient in terms of computational, communication and storage costs. It also offers a degree of security comparable to that of existing techniques based on asymmetric cryptography.

Abstract We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inherent in many browsers through downloadable ''applets.'' We guarantee access to a web server for a large number of previously unknown users, without requiring pre-existing trust relationships between users and the system, by using reverse Graphic Turing Tests. Furthermore, our system makes it easy for service providers to charge users, providing incentives to a commercial offering of the service. Users can dynamically decide whether to use the WebSOS overlay, based on the prevailing network conditions. Our prototype requires no modifications to either servers or browsers, and makes use of Graphical Turing Tests, web proxies, and client authentication using the SSL/TLS protocol, all readily supported by modern browsers. We then extend this system with a credential-based micropayment scheme that combines access control and payment authorization in one operation. Turing tests ensure that malicious code, such as a worm, cannot abuse a userÕs micropayment wallet. We use the WebSOS prototype to conduct a performance evaluation over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency using both a chord-based approach and our shortcut extension. Our evaluation shows the latency increase by a factor of 7 and 2 respectively, confirming our simulation results.

Existing software proposals for electronic payments can be divided into "on-line" schemes that require participation of a trusted party (the bank) in every transaction and are secure against overspending, and the "off-line" schemes that do not require a third party and guarantee only that overspending is detected when vendors submit their transaction records to the bank (usually at the end of the day). We propose a new hybrid scheme that combines the advantages of both of the above traditional design strategies. It allows for control of overspending at a cost of only a modest increase in communication compared to the off-line schemes. Our protocol is based on probabilistic polling. During each transaction, with some small probability, the vendor forwards information about this transaction to the bank. This enables the bank to maintain an accurate approximation of a customer's spending. The frequency of polling messages is related to the monetary value of transactions and the amount of ...