1 / 20

Experimenting with Electronic Commerce on the PalmPilot

Experimenting with Electronic Commerce on the PalmPilot. Neil Daswani Dan Boneh daswani@cs.stanford.edu dabo@cs.stanford.edu. Public Key Solutions ‘99 April 12 - 14. Overview. Security Applications on a PDA (advantages / disadvantages?)

matthew-mendoza
Download Presentation

Experimenting with Electronic Commerce on the PalmPilot

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Experimenting with Electronic Commerce on the PalmPilot Neil Daswani Dan Boneh daswani@cs.stanford.edu dabo@cs.stanford.edu Public Key Solutions ‘99April 12 - 14

  2. Overview • Security Applications on a PDA(advantages / disadvantages?) • How about a payment system?(wide-deployment of PDAs?) • Is this feasible with existing PDA technology?

  3. Outline • Trade-offs • E-Commerce on the PalmPilot • PDA-PayWord • Performance • Conclusions

  4. Trade-offs • Vs. SmartCards • no tamper resistance • no cryptographic accelerators • direct line of communication with user • more processing power • more memory

  5. Trade-offs • Vs. Desktops • less memory • less processing power • portable

  6. E-Commerce on the PalmPilot • Security Features (Lack of?) • Cryptographic Primitives • Authentication • Memory Mgmt. & Backups • Prototypical Application

  7. Security Features (Lack of?) • Databases -- No Access Control • non-volatile • creatorID • “secret” attribute (just a suggestion) • Password Entry

  8. Cryptographic Primitives * DES, SHA-1, RSA figures obtained with SSLeay * ECC-DSA figures obtained with Certicom Security Builder Toolkit

  9. E-Commerce on the PalmPilot • Authentication • Pro: direct line of communication with owner • Con: entering passwords • Memory Management & Backups • Encrypted Storage (Instrument Manager) • PalmPilot Databases (deletion, double spending)

  10. E-Commerce on the PalmPilot • Small payments ($5 -> $50) • Target Application: Pony Vending Machine

  11. E-Commerce on the PalmPilot • Where to start? • PayWord (Rivest, Shamir) • Why PayWord? • amortize cost of signatures • coins = hash tokens

  12. PDA-PayWord • PalmPilot implementation of PayWord • Minimize cryptographic operations • Minimize storage requirements

  13. PDA-PayWord Characteristics • Vendor-Specific • Pre-Pay (Debit-Based) • Vendor = Bank • Hash Chain Based

  14. User’s Wallet Bank {Yk, k, d, vid}SECC-DSA(User) Yk Pre-Paid? Yes HCC= {Yk, k, d, exp,vid}SRSA (Bank) Y1 Y0 PDA-PayWord: Withdrawal

  15. PDA-PayWord: Purchase Yk User’s Wallet Yk-i+1 Yk-i Yk-i, i, HCC Yk-i Vendor Y1 Y0

  16. PDA-PayWord: Withdrawal Timings Note: d = 5

  17. PDA-PayWord: Purchase Timings (First time $1.50 buy)

  18. PDA-PayWord Variations • Multiple hash chains / Multiple denominations • Storing “sentinel” values • Multiple Vendors (Introduce Online Broker)

  19. Conclusions / Summary • PDA = portable commerce device w/o tamper resistance • Suitable for small payments • Commerce protocols can be adapted • Example: PDA-PayWord • leverages best of ECC and RSA

  20. Acknowledements • Certicom • Andrew Toy

More Related