With extra TX script magic this can be done even more efficiently, so that sending a new payment merely requires a hash computation, rather than an ECDSA sig. (This is a huge difference: a CPU can do about 5M Hash/sec [remember, single hash, not double like mining], but only maybe 500 ECDSA sigs/second).
The scheme is Rivest-Shamir Paywords[1].
The paywords scheme is basically a really efficient way of doing what I suggest above, with hashes instead of signatures.
Say I want to do this scheme with you for $100, and I want to transfer to you in increments of $0.01.
I pick a random message X_0 and hash it 10,000 times, generating X_10000. (i.e., hash X_0 to get X_1, then hash X_1 to get X_2, etc).
I send you the following signed promise:
"If you know a string that hashes to X_10000 after K iterations, you may collect $0.01 * K from me".
Now to pay you I send you X_9999, X_9998, etc. You need only keep track of the last one, and you can check that X_k indeed hashes to X_k+1.
This doesn't fit quite as nicely into bitcoin unfortunately because it needs TX that can have variable output depending on the script.
You would need to be able to write a script saying something like:
"This tx is spendable with a signature from party B, plus a value Y. If Y hashes K times to X_10000, then the output is K * something to output B, and rest to output A".
To get an idea of how powerful this is, with this kind of scheme you could include a payment on
every packet going over the internet, or all kinds of
extreme micro-payments.
[1]
http://people.csail.mit.edu/rivest/RivestShamir-mpay.ps