• Platforms
• Open Cobalt
• RealXtend
• Open Source
• Project Darkstar
• Wonderland
• Open Simulator
• Viewers
• Protocols
• Misc.
• Developers
• Special Reports

• OpenSim (66)
• realXtend (42)
• Maxping (31)
• spanish (20)
• howto (17)
• OSGrid (14)
• 3d web (14)
• Second-Life-alternatives (13)
• espanol (12)
• scripting (10)
• business (10)
• Linux (9)
• avatar (9)
• hypergrid (7)
• reactiongrid (7)
• Second Life (7)
• immersive education (7)
• mrm (7)
• deutsch (7)
• c# (6)
• microsoft (6)
• 3D models (5)
• hosting (5)
• MySQL (5)
• SHASPA (5)
• modrex (5)
• sizing (5)
• OpenSim-on-Linux (5)
• Tutorial (4)
• ...

• Home  ›
• Technology  ›
• Platforms  ›
• Open Simulator  ›
• Secure Transactions in Opensim

Wednesday, April 08, 2009

Securing currency exchange in an open environment

Securing transactions on the Hypergrid

By Adam Frisby

Edited by: Jani Pirkola

The virtual world platform Opensim is getting its first currency system. In the open environment where anyone can setup an Opensim server, the security must be addressed carefully.

As some of you may or may not be aware, earlier in the year someone [see bottom of post] contracted us to develop a secured currency infrastructure for a 'hypergrid-aware' environment. Meaning, something that will work even when you cannot guarantee the simulators (or their operators) themselves are trustworthy. Within this infrastructure we only have two trusted entities - the user, and the "bank" which holds their funds.

The flexibility of this design allows us to setup currency systems that could work on a completely user-supported environment like OSGrid, rather than relying on a "walled garden" ala Second Life(R). It also could be used for multiple grids simultaneously - that is, several independent grids agree to utilize a single "bank", and are then capable of grid to grid user transactions (most likely supported over a hypergrid link).

How does it work?

The basic method of operation is fairly simple - in both cases, the user attempts to make a payment from within the viewer (such as to another avatar, into a vendor, etc). Where the HG version differs is, it then sends the user to a website operated by the "bank" to confirm the action. The user is authenticated against the bank (via a password or other login), and is presented with the transaction details (amount, who to, etc). If the user is happy with the transaction, they approve it - and it continues to process on the server like any other normal transaction. If the user denies the transaction, then it reverses itself as if it had never been requested.

The basic process

If you examine the module we ship by default with OpenSim, the "SampleMoneyModule" - it is fairly straight forward when operating in a grid environment. When you make a payment in the region (1), the simulator can check and process the payment via the money server (2), then finally confirm the transaction with the seller (3). The biggest limitation here is that it requires trust on most parties involved - for instance if the simulator went 'rogue', then it would be possible to just say you made a payment, without your involvement.

This is essential for some types of payments (eg, llGiveMoney), but completely unpractical in an open environment. Eg - it allows for the 'credit card fraud' situation, whereby if the seller knows you exist and your account number, then it is entirely possible to debit from it without your permission. Credit cards are badly designed on this respect - there is no 'confirmation of identity' with the bank required. ( Something there has been some work into fixing.)

By comparison, the DTL currency processor is a lot more complicated - it requires some "handshaking" between the parties before the transaction can proceed. To the user this is transparent mostly, however on the backend there is a more complicated web of data flow, of which there are six major steps.

The first step is the negotiation step - in this step, the user initiates a payment to an object or user (requests a money transfer). The simulator will contact its registered money server and ask for a link that the user can confirm their intent with (1). The user is then given that link via an IM (we've also made it possible to configure so that you can get that link sent to you via email from the moneyserver directly.).

The user should at this point (for anti-"phishing" purposes) check that the link they are given is sent from the money server (we strongly recommend using a recognizable domain with an SSL certificate). This link acts as a verification of intent - the money server will present the user with the details of the transaction, and ask them to login to confirm the transaction (2). Eg, see the picture below:

If the user aborts the transaction, then it simply stops all further processing - only a request for payment was made, and no funds have exchanged hands. However, if the user approves the transaction, then the money server notifies the simulator that the transaction was approved (3), this acts in a similar way to PayPal Instant Payment Notification. At this point, the simulator can execute money() events in scripts, approve an object purchase, or send notifications to buyer (5) or seller (6) that their balance has been updated. The money server also updates the sellers account balance with the new funds (4).

To the end user, the exchange can be shown in the following screenshot (the user webpage is a slightly old version now, also ignore the spelling mistake.)

Disclaimer of liability

The above does not guarantee security - we've made as many steps as possible to make this usable in a public environment, however OpenSim is alpha software, and this code does not provide any kind of guarantee of merchantability or usefulness. If you are planning on starting a virtual bank with "Real Money Trade" allowed, then you need to do a lot more work into fraud prevention and audits of this code before thinking about using it. You use this strictly at your own risk.

Final notes

This is not the final version yet, we still have work to do in that department, however you can access a alpha version on the OpenSimulator forge (Please note, there are no NAnt build files for this project yet - it's on the TODO list, but Linux users will need to generate them if you want to use this, or get a Visual Studio user to compile for you.)

http://forge.opensimulator.org/gf/project/currency/

Credits

This was developed with funds provided by Michael Huntington - credit to him for sponsoring this project.

Development was done by DeepThink's Shanghai development team (Korey Wan, Leon Zhu and Jed Zhu [in our plush SH office shared with SineWave]), planning was done by Korey and Leon, with the master architectural design done by yours truly. We're planning on finishing this project up this week, once we have done so - we will be moving onto a Groups implementation, also sponsored by Michael Huntington.

2 comment(s) for “Secure Transactions in Opensim”

Lost Packet said on Thursday, April 09, 2009 (8:43:56 AM) This is a great article Adam, well done! The closer we get to a secure system for in-world transactions the sooner we will start to see a massive growth in the evolution of open worlds :)

Valer said on Thursday, April 16, 2009 (11:07:19 AM) Adam, technically that might be a good system. But this is based on the old world paradigm where banks rule. If you bring the same paradigm in VWs, the real banks will finally rule VWs too. Are there not enough crises (like the current credit crunch) in real life caused, no the better word is instigated, by banks?! Really free entrepreneurship and creative power of VWs inhabitants will be choked by the old tax authorities and established banks, if you let the same paradigm infiltrate there. Instead, there should be a new money system thought out for VWs where no mediation whatsoever of banks (or other gods - what's in the name) is necessary. Who controls these functions of money, controls the world: 1) access to money, 2) regulating money flows, 3) issuing money. Many people think that their state is in control here, but the state has nothing to bring in here as banks are controlled by central banks (FEDs and alike), which are not being controlled by any state or government - it is being called 'independent position'. The new money paradigm shall be brought into the universe of VWs, namely: 1) no monopolized access to money, 2) no centralized entity regulating money flows, 3) no monopoly on issuing money. The first means that everybody must have right to keep his money in his own pocket and not to be obliged to keep it on bank's mainframe (account) - the authenticity of digital money can very easily be guaranteed by technical means. The second means no monopoly on transferring digital money from A to B – everybody can do that, not only my bank, my ISP provider, my neighbour or myself. The third is more complicated and is a part of a separate discussion if you wish. And can be the next step after the first two are implemented. If we succeed to implement this principles in VWs we will get there really free economy without any discrimination, monopolies and other types of suppression and repression we have in our real world.