Rivest and Shamir proposed a PayWord scheme in 1996 that is an efficient
micro-payment scheme using a one-way hash chain. However, Adachi et al. thought that
Rivest and Shamir?s PayWord scheme suffered from a vulnerability to credit abuse attack
and bank falsification attack. Therefore, they proposed an improved version to prevent
these attacks in 2005. Unfortunately, there are still some drawbacks. First, the efficiency
is degraded because the improved version using a public key cryptosystem. Second, it is
vulnerable to an unauthorized settlement attack because it does not satisfy the requirement
of authentication. Third, they change the PayWord scheme from a postpaid to a prepaid
payment method. It is not practical because it is good for the vendor but is not fair to
the customer. In this paper, we propose an authenticated PayWord scheme to eliminate
these drawbacks and enhance the performance. Our scheme does not require a public key
cryptosystem and the customer?s rights can be assured.
Relation:
International Journal of Innovative Computing, Information and Control 5(9):2881-2891