Title :
The security problems of Rivest and Shamir´s PayWord scheme
Author :
Adachi, Norio ; Aoki, Satoshi ; Komano, Yuichi ; Ohta, Kazuo
Author_Institution :
Waseda Univ., Tokyo, Japan
Abstract :
The PayWord scheme was proposed by Rivest and Shamir for micropayments. This paper points out that it has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer´s credit which the bank has guaranteed by issuing the certificate. In general, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer´s purchases; and Position 2: the bank doesn´t redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank.
Keywords :
bank data processing; computer crime; credit transactions; electronic money; electronic trading; fraud; purchasing; Internet; PC connection; Rivest and Shamir PayWord scheme; bank damage; bank guarantee; certificate issuing; customer credit; customer limit; customer purchase; electronic books; electronic commerce; electronic newspapers; excess purchasing; imaginary customer impersonation; loss sharing; malicious customer; micropayment; payment compensation; payment redemption; security problem; settlement system; shop loss share; Security;
Conference_Titel :
E-Commerce, 2003. CEC 2003. IEEE International Conference on
Print_ISBN :
0-7695-1969-5
DOI :
10.1109/COEC.2003.1210226
