110 likes | 121 Views
This study explores the trade-offs of electronic commerce on the PalmPilot, comparing it to smart cards and desktops. It examines cryptographic primitives and presents a PDA-PayWord implementation for small payments.
E N D
Experimenting with Electronic Commerce on the PalmPilot Neil Daswani, Dan Boneh, Stanford University
Trade-offs • Vs. SmartCards • no tamper resistance • no cryptographic accelerators • direct line of communication with user • more processing power • more memory
Trade-offs • Vs. Desktops • less memory • less processing power • portable
Cryptographic Primitives * DES, SHA-1, RSA figures obtained with SSLeay * ECC-DSA figures obtained with Certicom Security Builder Toolkit
E-Commerce on a PDA • Small payments ($5 -> $50) • Target Application: Pony Vending Machine • Pre-pay • Vendor-specific • Where to start? • PayWord (Rivest, Shamir)
PDA-PayWord • PalmPilot implementation of PayWord • Minimize cryptographic operations • Minimize storage requirements
User’s Wallet Bank {Yk, k, d, vid}SECC-DSA(User) Yk Pre-Paid? Yes HCC= {Yk, k, d, exp,vid}SRSA (Bank) Y1 Y0 PDA-PayWord: Withdrawal
PDA-PayWord: Purchase Yk User’s Wallet Yk-i+1 Yk-i Yk-i, i, HCC Yk-i Vendor Y1 Y0
PDA-PayWord: Withdrawal Timings Note: d = 5
PDA-PayWord: Purchase Timings (First time $1.50 buy)
Conclusions / Summary • PDA = portable commerce device w/o tamper resistance • Suitable for small payments • Commerce protocols can be adapted • Example: PDA-PayWord • leverages best of ECC and RSA Acknowledgements: Andrew Toy & Certicom