This preview shows page 1. Sign up to view the full content.
Unformatted text preview: system provides a secure debit card suitable for regions where poor telephone service make on-line verification impossible. Both customers and merchants have cards; customers can use their cards to transfer money to merchants. Merchants can then take their cards to a telephone and deposit the money in their bank account; customers can take their cards to a telephone and have money moved onto their card. There is no intention to provide anonymity, only to prevent fraud. Here is the communications protocol between customer Alice and merchant Bob. (Actually, Alice and Bob just plug their cards into a machine and wait for it to complete the transaction.) When Alice first gets her card, she is given a key pair, K1 and K2; the bank calculates them from her name and some secret function. Only the merchant cards have the secrets necessary to work out these customer keys. (1) Alice sends Bob her name, A, his name, B, and a random number, RA, encrypted using DES: first with K2 and then with K1. She also sends her name in the clear. A, EK1(EK2(A, B, RA)) (2) Bob calculates K1 and K2 from Alice’s name. He decrypts the message, confirms that A and B are correct, then encrypts Alice’s unencrypted second message with K2. EK2(A, B, RA) Bob does not send this message to Alice; 56 bits of the ciphertext become K3. Bob then sends Alice his name, her name, and another random number, RB, encrypted using DES: first with K3 and then with K1. EK1(EK3(B, A, RB)) (3) Alice computes K3 in the same manner Bob did. She decrypts Bob’s message, confirms that B and A are correct, then encrypts Bob’s unencrypted message with K3. EK3(B, A, RB) Alice does not send this message to Bob; 56 bits of the ciphertext become K4. Alice then sends Bob her name, his name, and the digital check, C. This check contains the names of the sender and recipient, a date, a check number, an amount, and two MACs, all encrypted using DES: first with K4 and then with K1. One of the MACs can be verified by Alice’s bank, and the other can only be verified by the clearing center. Alice debits her account by the correct amount. EK1(EK4...
View Full Document
- Fall '10