Introduction

The payment system has four kinds of actors: banks, intermediaries, users, and clients. Here are informal definitions:

Cryptography

The system uses only SSL/TLS. Information exchange between actors is encrypted to prevent theft of codes and private information. Certificates are checked to prevent man-in-the-middle attacks and impersonation. SSL/TLS is an international standard, widely deployed, and periodically updated to maintain security as new technology emerges.

An important feature of the payment system is that it uses only common cryptography tools. This makes the payment system easier to deploy than those based on elaborate cryptosystems. SSL/TLS is available on all server platforms and programming environments. Thus, cryptography poses no barrier to adoption.

Uses Existing Software

Consumers need not install any special software to use the system. They can make purchases on websites, as they do now with credit cards. Banks provide web based client software, accessible through a web browser. This software is very similar to Internet Banking websites, with the addition of payment system functions: being able to pay anybody and accept a payment from anybody.

Using the HttpProtocolExtension for consumer purchases is faster and safer than using a credit card style payment page. However, it requires the user to install a plugin into her web browser. The plugin adds support for the HTTP 402 Payment Required error message.

attachment:Drawing1.png

Introduction

I propose a payment system modeled after debit cards. It is an online system with optional cryptography. The system should work with existing web browsers and shopping carts. It also fits with people's mental models of credit cards. This is my second draft. Let's start out with two user examples. In the first example, a person purchases an MP3 audio file from a website. In the second example, a person pays an Internet friend for trouble-shooting his computer.

Joe buys an MP3

Meet our hypothetical user, named Joe. Joe is an average guy. He's not computer savvy, but he knows his way around the Internet. He loves his iPod MP3 player.

Joe hears that his favorite band, "The Meddlers", has released a new single. He goes to the band's website, www.themeddlers.com. He clicks on a link for the new single, called "Nosey Business." The page has a pixelated video of the band performing the song. There is a section labeled "Get the MP3." It says, "Download Nosey Business.mp3 right now for $2.99! Enter your payment information below and click Download." There is a box to choose payment type: VISA, Mastercard, AmEx, Paypal, i402. Joe pulls out his wallet and picks a 7-11 i402 card. He thinks there is about $9.50 still on it.

Joe clicks on the box and selects i402. Three boxes appear: Bank, Code, and PIN. He clicks in the Bank box and types 7-11.com. He looks at the back of his i402 card. There are lots of codes listed there. Each code is 14 digits long, made of capital letters and numbers. The codes have dollar amounts listed next to them. At the top are ten codes with $1 next to them. Then there are a few $2 and some $5. At the bottom are two $10 and a $25. Some of the codes are crossed out with a pen - he already used those codes to buy stuff. Joe finds the first $5 code that isn't crossed out. He types it into the Code box on the website. Then he enters a number into the PIN box. It's the last 4 digits of his grandmother's phone number.

Joe clicks the Download button. One second later, his web browser starts downloading "Nosey Business.mp3". The download takes about 20 seconds. The web browser announces that the download has finished. Joe clicks to open the file. iTunes appears and starts playing the song. It sounds great! Joe looks down and remembers his wallet and i402 card. He grabs a pen and crosses off the $5 code that he just used. As he puts the card back in his wallet, he subtracts $3 from $9.50... "there should be about $6.50 left ... This song is so cool!"

Joe hires an Internet PC Repairman

Joe's computer has a problem: every time he turns it on, an annoying window appears saying "The application cannot start. Missing symbols in FXCP81.DLL." This message started showing up after he uninstalled a program from his computer. Joe uses MSN Messenger to chat with friends. One of his friends introduced him to a guy named Nicholas. Nicholas is a highschool student who knows a lot about computers.

Joe signs onto MSN Messenger and sees that Nicholas is online. He starts a chat conversation with Nicholas:

Nicholas controls Joe's computer and removes the cause of the annoying message.

Joe restarts his computer and signs back into MSN Messenger.

Joe gets the 7-11 i402 card from his wallet and turns it over. All of the $5 codes are crossed out. Joe thinks, "Well, I can just give him a $10 code. He's not going to overcharge me. I know his friend. Anyway, there's only $6.50 on the card." Joe chooses a $10 code and types it to Nicholas.

Joe crosses out the $10 code that he just gave to Nicholas. He mentally subtracts $5 from $6.50... "So there's only $1.50 left on this card. It's a pain to add money with my credit card. I've still got plenty of cash. I'll just buy another $20 card next time I walk past 7-11."

TODO:

LeonhardIntro (last edited 2007-05-01 16:02:42 by MisterN)