4. Proposed Payment Protocol
4.4. Payment Protocol
Our proposed protocol includes four parties: the customer C, the merchant M, the payment gateway P, and the on-line trusted third party T. It is composed of three sub-protocols: exchange sub-protocol and resolve sub-protocol.
Exchange Sub-protocol
A customer browses an Internet e-commerce website, and reviews the products.
Once he/she find the products he/she would like to buy, the customer clicks the
“check out” button to initiate the exchange sub-protocol. All messages of the exchange sub-protocol are shown in the Figure 3. The exchange sub-protocol includes four steps.
21
Step 1 includes four messages. In step 1, the customer C and the merchant M exchange some secrets used in following steps through the TTP T, and T give the identity of the transaction TID to C and M.
Message 1: contains major things: (1) a TID request, TIDReq, (2) the Merchant ID, IDM, (3) the identity of the product he wants to buy, PI, (4) the master key shared by C and M, KCM, and (5) C’s public keys of Merkle hash trees he want to share with M, MHCM-INIT.
a is a random number used to generate the session key between C and T. In
following steps, b and c are same as a.MHCT-NEW is the new public keys to replace old public keys that have been used to sign this message to T by C. MHAB-NEWs in the following messages are the same, so we don’t illustrate them.
Message 2:
After T receives Message 1, he checks the lightweight signature first. If the signature is correct, T stores IDC, IDM, PI, KCM, and MHCM-INIT for resolving the dispute in the future, and sends TID, KCM, and MHCM-INIT to M.
Message 3:
MC
-INIT)
K,(TID,b,MH -INIT) (TID,b,MH
When the merchant receives Message 2 from T, it verifies the signature of T.
22
Subsequently, M sends its public keys of Merkle hash trees to TTP T and endorses it if M agrees to trade.
Message 4: be used to verify that the merchant is the authority to sell the product and it really has the product. h(m) will be used to ensure the integrity of the encrypted product, m, later. Subsequently, T sends r,
[k
r,K
1]
, h(m), and MHMC-INIT to C.After Step 1 is completed, the customer starts to trade with the merchant. In Step 2, the customer sends its order for goods, and check that the merchant is the authority of the product. The merchant sends its bank account and signs the order of the customer if it accepts the order.
Message 5:
Because C doesn’t have the key,
K , he doesn’t derive the product key, k. The
1customer utilizes KCM and b to compute the session key, SKCM. SKCM is used to encrypt messages between C and M. If C wants to buy the product indeed, he sends TID, r, and the purchase order (PO). C also uses lightweight signature scheme to sign h(PO), representing the agreement on the order. The purchase
23
order, PO, includes the follow information:
(1) the identity of the product, PI (2) the amount
(3) the price
(4) the time stamp and the nonce (5) other order information Message 6: purchase order is to its satisfaction─that is, the merchant agrees to all its contents, including the amount and the price. In addition, the merchant also verify the lightweight signature. If not, the merchant informs the customer of the rejection.
Otherwise, the merchant endorses the purchase order as its agreement by signing h(PO). Then, the merchant generates the key pair (K2,K21), where K2=<e, N2>
is compatible key with K1 and N2 is relatively prime to r, and computes the product key (
K
1K
2). Subsequently, the merchant calculates[k
r,K
1K
2]
. If an evil man would like to impersonate the merchant, he doesn’t succeed because he doesn’t know the key,K and all primes, that construct N1. The same, if the
124
After the customer and the merchant make an agreement, the customer is about to pay for the product. In Step 3, the customer sends the contract (the merchant’s signature for h(PO) and the customer’s lightweight signature for h(PO)), and the merchant’s bank account to the payment gateway. The payment gateway requests the customer’s bank to deduct the money from the customer’s account or to credit the money, and transfer money to the merchant’s account.
Message 7: transaction. Otherwise, he delivers the purchase order, two parties’ signatures for the purchase order and the merchant’s account to the payment gateway, P.
Message 8: signatures for the purchase order are consistent, the payment gateway begins to communicate with two parties’ banks. If two parties’ banks both approve the transaction, the payment gateway acknowledges the customer that the transaction is approved. If the contract is inconsistent, or any bank rejects the transaction, the payment gateway is about to answer the customer that the transaction fails as well as the reason.
The customer asks the merchant of the purchase key if he has completed the payment with the payment gateway. In Step 4, the customer sends the payment receipt
25
to the merchant, and then the merchant delivers the product key.
Message 9:
1
: M
C
CM KP
SK
,(TID,Ack, h(PO)) (TID,Ack)
The customer checks the lightweight signature once he receives the acknowledgement from the payment gateway. Subsequently, the customer sends the payment receipt signed by P, 1
KP
(PO))
(TID,Ack,h
. Simultaneously, the customer starts a timer, and waits for the product key to arrive from the merchant.If the timer expires before the product key arrives from the merchant, the customer is about to execute the resolve sub-protocol.
Message 10:
SKCM
(k)
: CM
After the merchant obtains the payment receipt from the customer, it first verifies the signed receipt by P. If the receipt is correct, the merchant conveys the product key, k, to the customer. The customer is about to decrypt m by k. If the merchant gives a wrong key or denies sending k to the customer intentionally, the resolve sub-protocol is initiated by the customer. Otherwise, the payment protocol is finished.
Resolve Sub-protocol
The resolve sub-protocol is executed if any party misbehaves or if there is a communication failure. The sub-protocol is to resolve disputes automatically without manual interventions. The merchant gets the payment receipt before sending the product key, so it has an advantage in the exchange sub-protocol. Therefore, the resolve sub-protocol is initiated only by the customer if the timer is expired or if the
26
If the merchant cheats the customer by giving a fake key or rejects to send the product key when receiving the payment receipt, the customer starts the resolve sub-protocol by delivering Message S1 to the TTP. The Message S1 contains all evidences: merchant’s agreement of the purchase order,
1 send his agreement on the purchase order because the payment receipt interprets that as the payment gateway check two parties’ agreements.
Message S2 & S3: receipt or receives the wrong receipt from C.
P M
27