Figure 1: The simplified NetBill protocol.
The consumer C starts the protocol (Figure 1) by sending
the merchant M a goods request, to which M responds with the goods encrypted
with a one-time key K. At step 3, C sends M an electronic payment order
(EPO) signed with C's private key. This EPO constitutes a fund transfer
authorization, and sending it to M marks C's commit point. M checks the
validity of this EPO, endorses it, appends K to it, and sends it to the bank
B. This is the point where M commits to the transaction. Including K with
the endorsed EPO is central to ensuring goods atomicity. At step 5, B sends
to M a receipt of the fund transfer (which includes K). Then M forwards
this message to C. In case M does not forward the message (either because of
failure, bad management, or attempted fraud), C can go to the bank for a copy
of this message, and hence obtain K
.
