Most self-service payment terminals require network connectivity for processing electronic payments. The necessity to maintain network connectivity increases costs, introduces cybersecurity risks, and significantly limits the number of places where the terminals can be installed. Leading payment service providers have proposed offline payment solutions that rely on algorithmically generated payment tokens. Existing payment token solutions, however, require complex mechanisms for authentication, transaction management, and most importantly, security risk management. In this paper, we present VolgaPay, a blockchain-based system that allows merchants to deploy secure offline payment terminal infrastructure that does not require collection and storage of any sensitive data. We design a novel payment protocol which mitigates security threats for all the participants of VolgaPay, such that the maximum loss from gaining full access to any component by an adversary incurs only a limited scope of harm. We achieve significant enhancements in security, operation efficiency, and cost reduction via a combination of polynomial multi-hash chain micropayment channels and blockchain grafting for off-chain channel state transition. We implement the VolgaPay payment system, and with thorough evaluation and security analysis, we demonstrate that VolgaPay is capable of delivering a fast, secure, and cost-efficient solution for offline payment terminals.
翻译:维护网络连通性的必要性增加了成本,引入了网络安全风险,并大大限制了可以安装终端的地点的数量。主要支付服务提供商提出了依靠算法生成的付款凭证的离线支付解决方案。然而,现有的付款象征性解决方案需要认证、交易管理和最重要的安全风险管理等复杂机制。在本文件中,我们介绍了沃尔加帕(VolgaPay),这是一个使商人能够部署不需要收集和储存任何敏感数据的离线支付终端安全基础设施的链式系统。我们设计了一个新的付款协议,以减轻对VolgaPay所有参与者的安全威胁,这样,从一个敌人全面获取任何部件而带来的最大损失只能造成有限的伤害范围。我们通过将多边多链式微额付款渠道和离链式链式连锁网连接连接到离线州过渡中,大大加强安全、操作效率和降低成本。我们实施了VolgaPay(VolgaPay)支付系统,并进行了彻底的评价和安全分析,我们证明VolgaPay(VolgaPay)能够通过快速、安全、成本和安全的终端支付终端解决方案。