The security problems of Rivest and Shamir´s PayWord scheme

Author

Adachi, Norio ; Aoki, Satoshi ; Komano, Yuichi ; Ohta, Kazuo

Author_Institution

Waseda Univ., Tokyo, Japan

fYear

2003

Firstpage

20

Lastpage

23

Abstract

The PayWord scheme was proposed by Rivest and Shamir for micropayments. This paper points out that it has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer´s credit which the bank has guaranteed by issuing the certificate. In general, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer´s purchases; and Position 2: the bank doesn´t redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank.

Keywords

bank data processing; computer crime; credit transactions; electronic money; electronic trading; fraud; purchasing; Internet; PC connection; Rivest and Shamir PayWord scheme; bank damage; bank guarantee; certificate issuing; customer credit; customer limit; customer purchase; electronic books; electronic commerce; electronic newspapers; excess purchasing; imaginary customer impersonation; loss sharing; malicious customer; micropayment; payment compensation; payment redemption; security problem; settlement system; shop loss share; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

E-Commerce, 2003. CEC 2003. IEEE International Conference on

Print_ISBN

0-7695-1969-5

Type

conf

DOI

10.1109/COEC.2003.1210226

Filename

1210226