minor edits
This commit is contained in:
Christian Grothoff
parent
481f9ff554
commit
b4f3dbc568
@ -272,7 +272,7 @@ credentials to the merchant. Many different authentication and
|
||||
authorization schemes are in use in various combinations. Secure
|
||||
systems typically combine multiple forms of authentication including
|
||||
secret information, such as personal identification numbers (PINs),
|
||||
transaction numbers (TANs)~\cite{kolbil2016tan} or credit card
|
||||
transaction numbers (TANs)~\cite{kobil2016tan} or credit card
|
||||
verification (CCV) codes, and physical security devices such cards
|
||||
with an EMV chip~\cite{emv}, TAN generators, or the customer's mobile
|
||||
phone~\cite{mtan}. A typical modern Web payment process involves:
|
||||
@ -569,16 +569,16 @@ auditor.
|
||||
|
||||
\begin{figure}[b!]%[36]{R}{0.5\linewidth}
|
||||
\subfloat[Bank login. (Simplified for demonstration.)]{
|
||||
\includegraphics[width=0.45\linewidth]{figs/bank0a.png}
|
||||
\includegraphics[width=0.4\linewidth]{figs/bank0a.png}
|
||||
\label{subfig:login}} \hfill
|
||||
\subfloat[Specify amount to withdraw. (Integrated bank support.)]{
|
||||
\includegraphics[width=0.45\linewidth]{figs/bank1a.png}
|
||||
\includegraphics[width=0.4\linewidth]{figs/bank1a.png}
|
||||
\label{subfig:withdraw}} \\
|
||||
\subfloat[Select exchange provider. (Generated by wallet.)]{
|
||||
\includegraphics[width=0.45\linewidth]{figs/bank2a.png}
|
||||
\includegraphics[width=0.4\linewidth]{figs/bank2a.png}
|
||||
\label{subfig:exchange}} \hfill
|
||||
\subfloat[Confirm transaction with a PIN. (Generated by bank.)]{
|
||||
\includegraphics[width=0.45\linewidth]{figs/bank3a.png}
|
||||
\includegraphics[width=0.4\linewidth]{figs/bank3a.png}
|
||||
\label{subfig:pin}}
|
||||
\caption{Required steps in a Taler withdrawal process.}
|
||||
\label{fig:withdrawal}
|
||||
@ -848,16 +848,13 @@ provided by the merchant (Figure~\ref{subfig:fulfillment}).
|
||||
The Taler wallet operates from a securely isolated {\em background}
|
||||
context on the client side. The user interface that displays the
|
||||
contract and allows the user to confirm the payment is displayed by
|
||||
this background context. If the user accepts, the resulting signed
|
||||
coins are transferred from the client to the merchant's server.
|
||||
|
||||
By running in the background context, the wallet can perform the
|
||||
cryptographic operations protected from the main process of the Web
|
||||
site. In particular, this architecture is secure against a merchant
|
||||
that generates a page that looks like the wallet's payment page
|
||||
(Figure~\ref{subfig:payment}), as such a page would still not have
|
||||
access to the private keys of the coins that are exclusive to the
|
||||
background context.
|
||||
this background context. By running in the background context, the
|
||||
wallet can perform the cryptographic operations protected from the
|
||||
main process of the Web site. In particular, this architecture is
|
||||
secure against a merchant that generates a page that looks like the
|
||||
wallet's payment page (Figure~\ref{subfig:payment}), as such a page
|
||||
would still not have access to the private keys of the coins that are
|
||||
exclusive to the background context.
|
||||
|
||||
%The current Taler specification is written to accommodate for
|
||||
%the rather restrictive set of APIs that WebExtension, a
|
||||
@ -992,8 +989,8 @@ While our design requires a few extra roundtrips,
|
||||
it has the following key advantages:
|
||||
\begin{itemize}
|
||||
\item It works in the confines of the WebExtensions API.
|
||||
\item It supports restoring session state for bookedmarked
|
||||
web resources when session state is cleared in the user agent.
|
||||
\item It supports restoring session state for bookmarked
|
||||
Web resources even after the session state is lost by the user agent.
|
||||
\item Sending deep links to fullfilment or offer pages to
|
||||
other users has the expected behavior
|
||||
of asking the other user to pay for the resource.
|
||||
@ -1005,7 +1002,7 @@ it has the following key advantages:
|
||||
the fulfillment page begins with processing an accepted contract. It is thus
|
||||
possible for these pages to be managed by separate parties. The
|
||||
control of the fulfillment page over the transmission of the payment
|
||||
information minimizes the need for exceptions to handle cross-origin
|
||||
data minimizes the need for exceptions to handle cross-origin
|
||||
resource sharing~\cite{rfc6454,cors}.
|
||||
\item The architecture supports security-conscious users that may have
|
||||
disabled JavaScript, as it is not necessary to execute JavaScript
|
||||
@ -1040,7 +1037,7 @@ obtaining change is automatic and handled by the wallet, i.e., if the
|
||||
user has a single coin worth \EUR{5} and wants to spend \EUR{2}, the
|
||||
wallet may request three \EUR{1} coins in change. Critically, the
|
||||
change giving process is completely hidden from the user.
|
||||
In fact, the graphical user
|
||||
In fact, our graphical user
|
||||
interface does not offer a way to inspect the denominations of the
|
||||
various coins in the wallet, it only shows the total amount available
|
||||
in each denomination. Expanding the views to show details may show
|
||||
@ -1130,17 +1127,16 @@ This dramatically simplifies setting up a shop to the point that the
|
||||
respective software only needs to be provided with the merchant's wire
|
||||
transfer routing information to become operational.
|
||||
|
||||
Figure~\ref{listing:presence} shows how easy it is for a Web site to
|
||||
detect the presence of a Taler wallet. The payment process requires a
|
||||
The payment process requires a
|
||||
few cryptographic operations on the side of the merchant, such as
|
||||
signing a contract and verifying the customer's and the exchange's
|
||||
signatures. The merchant also needs to store transaction data, in
|
||||
particular so that the store can match sales with incoming wire
|
||||
transfers from the exchange. Taler simplifies this for merchants by
|
||||
transfers from the exchange. We simplify this for merchants by
|
||||
providing a generic payment processing {\em backend} for the Web
|
||||
shops.
|
||||
|
||||
\begin{figure*}[t!]
|
||||
\begin{figure*}[b!]
|
||||
\begin{center}
|
||||
\begin{tikzpicture}[
|
||||
font=\sffamily,
|
||||
@ -1199,7 +1195,7 @@ passes it to the wallet (sample code for this is shown in
|
||||
Figure~\ref{listing:contract}).
|
||||
|
||||
Instead of adding any cryptographic logic to the merchant frontend,
|
||||
the generic Taler merchant backend allows the implementor to delegate
|
||||
the Taler merchant backend allows the implementor to delegate
|
||||
coin handling to the payment backend, which validates the coins,
|
||||
deposits them at the exchange, and finally validates and persists the
|
||||
receipt from the exchange. The merchant backend then communicates the
|
||||
@ -1208,7 +1204,7 @@ for executing the business logic to fulfill the order. As a result of
|
||||
this setup (Figure~\ref{fig:frobearch}), the cryptographic details
|
||||
of the Taler protocol do not have to be re-implemented by each
|
||||
merchant. Instead, existing Web shops implemented in a multitude of
|
||||
programming languages can straightforwardly add support for Taler by:
|
||||
programming languages can add support for Taler by:
|
||||
{\bf (0)} detecting in the browser that Taler is available; {\bf (1)}
|
||||
upon request, generating a contract in JSON based on the shopping
|
||||
cart; {\bf (2)} allowing the backend to sign the contract before
|
||||
|
||||
Loading…
Reference in New Issue
Block a user