Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Electronic Payment Systems and Security

    Încărcat de

    simbu50
    13 vizualizări21 pagini
    management informatino system ppt on system software

    Titlu original

    Chap08 Scs

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PPT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    management informatino system ppt on system software

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    13 vizualizări21 pagini

    Electronic Payment Systems and Security

    Încărcat de

    simbu50
    management informatino system ppt on system software

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 21

    Chapter 8 Electronic Payment Systems and Security

    1 1

    KEY FEATURES OF B2B PAYMENT SYSTEMS


    2

    SSL Vs. SET p 274

    A part of SSL (Secure Socket Layer) is available on customers browsers it is basically an encryption mechanism for order taking, queries and other applications it does not protect against all security hazards it is mature, simple and widely used But does not include a digital wallet SET ( Secure Electronic Transaction) is a very comprehensive security protocol (with digital wallet) it provides for privacy, authenticity, integrity, and nonrepudiation it is used very infrequently due to its complexity and the need for a special card reader by the user it may be abandoned if it is not simplified/improved
    3

    How SET transactions work

    Most Common Payment Systems, Based on Dollar Amount -

    Electronic Payments and Protocols p 275

    SET Protocol for Credit Card Payments


    Electronic Cash and Micropayments:
    bank, hence cumbersome and expensive e-CASH is

    analogous to paper money or coins: each payment must be reported to

    Electronic Funds Transfer on the Internet:


    Payment gateways would add a safety feature

    Stored Value Cards: prepaid card, e.g. Cybercash

    Electronic Check Systems:


    need individual cheque authoriztion

    encryption, digital signature,

    digital certificates, all similar to SET; e-chequebook instead of DW; does not
    6

    EXAMPLES OF DIGITAL CASH-

    X
    7

    Security Schemes in E- Payment p 278

    Authentication: A way to verify the buyers identity before payments are made Integrity: Ensuring that information will not be accidentally or maliciously altered or destroyed, usually during transmission Encryption: A process of making messages indecipherable except by those who have an authorized decryption key Non-repudiation: Merchants need protection against the customers unjustifiable denial of placed orders, and customers need protection against the merchants unjustifiable denial of past payment Digital envelope: (p 281) a technique which uses symmetric encryption for documents, but public key encryption to cover the symmetric key.
    8

    Secret Key Cryptography (symmetric) p 279 Keysender (= Keyreceiver) Keyreceiver


    Scrambled Message Original Message

    Original Message

    Scrambled

    Internet

    Message Sender Encryption

    Receiver Decryption

    Public Key Cryptography (RSA) p 279 Public Keyreceiver Private Keyreceiver Internet
    Scrambled Message Original Message

    Message

    Original Message

    Scrambled Message

    Sender Private Keysender Digital Original Signature Message Sender


    Scrambled Message

    Receiver
    Public Keysender

    Internet

    Scrambled Message

    Original Message

    Receiver
    10

    Digital Signature p 279

    Analogous to handwritten signature: Note the difference between cases 1 and 2 below

    1. Sender encrypts a message with her private key 2. A digital signature is attached by a sender to a message encrypted with the receivers public key

    Any receiver with senders public key can read it The receiver is the only one that can read the message and at the same time he is assured that the message was indeed sent by the sender 11

    Digital Certificates p 280

    A digital certificate Includes owners name, his/her public keys, the appropriate algorithm, certificate type (merchant, cardholder, payment gateway), CAs name and signature. One public key is for secret exchange as receiver and the other is for digital signature as sender Issued by a trusted certificate authority (CA)

    12

    Certificate Authority - e.g. VeriSign p 280

    Public or private, comes in levels (hierarchy) A trusted third party Issuer of digital certificates Verifies that a public key indeed belongs to a certain individual

    RCA : Root Certificate Authority (yet undecided) BCA : Brand Certificate Authority (e.g. Verisign) GCA : Geo-political Certificate Authority (national level) CCA : Cardholder Certificate Authority MCA : Merchant Certificate Authority PCA : Payment Gateway Certificate Authority

    Hierarchy of Certificate Authorities


    Certificate authority needs to be verified by a government or well trusted entity ( e.g., post office)
    13

    SET Vs. SSL p 285


    Secure Electronic Transaction (SET) Secure Socket Layer (SSL)
    Complex SET is tailored to credit card payment to merchants, and includes a digital wallet (see p 286, for interoperability tests and confirmation)
    SET protocol hides the customers credit card information from merchants, and also hides the order information to banks, to protect privacy. This scheme is called dual signature.

    Simple
    SSL is a protocol for generalpurpose secure message exchanges (encryption).

    SSL protocol may use a certificate, but there is no payment gateway. So, the merchants need to receive both the ordering information and credit card information see Fig 8.8, p 286.
    14

    ELECTRONIC (DIGITAL) WALLETS

    Client-based digital wallets are software applications that consumers install on their computer, and that offer consumer convenience by automatically filling out forms at online stores
    Electronic Commerce Modeling Language (ECML) is a standard of digital wallets

    15

    FUNCTIONALITY OF DIGITAL
    WALLETS - X
    16

    EFT AND DEBIT CARDS ON THE NET

    EFT p 287
    VAN (via ACH) preceded NET: provided better security compared to the Internet. The Internet is destined to become the most economical EFT medium DEBIT CARDS To authorize an EFT. Offer less protection compared to a credit card, but are fee-free to the merchant (incentive)
    17

    Smart cards p 291

    Store ID information and available balance Now include programmable IC chip, to enable recharging Read Mondex example in the box item, p 291

    18

    REPRESENTATION OF CASH SYSTEMS

    E Money Pioneered by DigiCash (1999)


    Issuing Banks were affiliated to DigiCash Needed tracing of usage records, which made it as expensive as EFT

    More serious issue: Functional conflict with banking authority


    19

    REPRESENTATION OF CASH SYSTEMS

    Stored-value cards p 292 For all practical purposes, same as a prepaid card Mondex, VisaCash and others have used the approach May be either anonymous or identifiable (be careful with the word onymous it is currently not being used)
    Anonymous cards are transferable
    20

    E Cheques p 295

    Security features as discussed

    E Chequebook as discussed
    With the proposed SafeCheck system, unintentional default risky cheque issuance can be prevented

    The cost of paper cheques can be saved


    21

    S-ar putea să vă placă și