Micro Payment System Safety, And Cost Analysis

With the development of Internet and information technology, intangible goods such as information products becomes more and more important in people' daily consumption. Owning to the characteristics of intangible goods, we need a new kind of payment model, which is called Micropayment. The characteristics of Micropayment are different from Macropayment: value of each payment is small; requirement of safety is less; cost of transaction is low; transaction speed is high. Nicholas Negroponte, head of the MIT Media Laboratory, proclaimed in 1998, "You're going to see within the next year an extraordinary movement on the Web of systems for Micropayment." Jupiter forecasts that Micropayment market will grow to $31 billion in 2009. There must be certain securities in a good Micropayment system. It is also obliged to keep extremely low operation expenses. An ideal Micropayment model should find an equalization point between security and efficiency: make it have a security that can be met, at the same time, the expenses are low. This text sets about analyzing a Micropayment system from the security and efficiency mainly, attempting to look for the best equalization point of the two. And it has enumerated Millicent, MicroMint and PayPal to illustrate. The encryption technology is the base for safe Micropayment. Common encryption technology mainly includes symmetrical encryptions, public-key encryptions and hash functions at present. In symmetrical or one-key encryption, the message can be encrypted and decrypted using the same key. It can be divided into two sorts as stream cipher mode and block cipher mode by encrypting mode. The most commonly used symmetric encryption algorithms are almost based on block cipher mode. The greatest advantage of symmetrical encryption is fast speed of encryption or decryption, which is suitable for a mass of data. But the key is relatively difficult to manage, which will influence the security and efficiency. In public-key or two-key encryption, a key pair is used for encryption and decryption. One key that can be distributed to anyone is called PUK. Another is called PRK, which is kept secret by users. Those two keys are different. Encryption algorithm (E) and decryption algorithm (D) are usually shared. Computational speed of public-key encryption is relatively much slower. The amount of calculation of the algorithm is very great, which exercise restraint in its application in Micropayment. But it has fundamentally solved the problem of key management in symmetrical encryption. And public-key encryption supports digital signatures and authentication; the two functions can meet the need of security in Micropayment. Hash functions are also called message digest. Input a message of variable size, you will get a hash code of fixed size as output. The code has nothing to do with the message and is generally 128 or 160 bits. Hash code is the function value of all bits of the message, and has the ability to correct mistakes. That is to say if any bit or some bits change, the hash code will change. The advantage of hash functions is that it can calculate at very high speed. And this is just what is needed in Micropayment. Hash functions are of one-way, weak collision-free and strong collision-free quality .The encrypted message is unable to be reduced. Seldom does hash collision take place either. If combined with other encryption technology, they can realize the security in Micropayment excellently. Those are why hash functions are most widely used in Micropayment. Micropayment systems are used for the purchase of low value goods, so it must guarantee low cost of each transaction. A Micropayment system should be able to make vendors not lose marginal profit becauseof the high cost of transaction. The cost of a Micropayment system includes mainly fixed technical costs, storage costs, computational costs, communication costs, administrative costs, publishing costs and so on. We can take a lot of corresponding measures to reduce the costs in these respects. For example: account maintenance...