1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.
-
Upload
isaac-bradford -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.
![Page 1: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/1.jpg)
1
Introduction
The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997
![Page 2: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/2.jpg)
2
Requirements and Safeguards for ECommerce
• Entity authentication
• Message integrity
• Payment non-repudiation
• Effective audit mechanism
• Privacy
![Page 3: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/3.jpg)
3
Safeguards and Security Mechanisms
• Cryptography– Private- and Public-key Cryptography– Cryptographic Certificates
![Page 4: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/4.jpg)
4
Hello World and Welcome to The simple crypt
Key=23
_r{{x7@xe{s7vys7@r{txzr7cx7Cr7d�~zg{r7tengc
Private-key Cryptography
![Page 5: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/5.jpg)
5
ALICE BOB
Eve
![Page 6: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/6.jpg)
6
MessageThis is a big secret
MessageI?~jhYUWEKUia
The Internet
MessageThis is a big secret
MessageI?~jhYUWEKUia
Recipient’s private key
Recipient’s PUBLIC key
![Page 7: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/7.jpg)
7PGP,Version 6.5.1 Manual, NetworkAssociates, 1999.
![Page 8: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/8.jpg)
8
PGP,Version 6.5.1 Manual, NetworkAssociates, 1999.
![Page 9: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/9.jpg)
9
Certificate Authorities
• The Certificate Authority (CA) is a trusted third party
• Provides the necessary authentication and security infrastructure
• The CA creates and issues certificates
![Page 10: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/10.jpg)
10
PGP,Version 6.5.1 Manual, NetworkAssociates, 1999.
![Page 11: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/11.jpg)
11Sondra Schneider, IFsec, June 11, 1999.
![Page 12: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/12.jpg)
12
Using the CA to Establish Trust
Customer Merchant
The CA1- Establisha Certificate
2- send signed requestand certificate
3- CheckSignature
4-Merchant can trust customerand may continue with trade
![Page 13: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/13.jpg)
13Sondra Schneider, IFsec, June 11, 1999.
![Page 14: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/14.jpg)
14
Sondra Schneider, IFsec, June 11, 1999.
![Page 15: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/15.jpg)
15
Authentication Protocols
• General-purpose secure messaging protocols include:– SSL– S/MIME
• Secure protocols for electronic commerce include:– EDI/MIME. – SET
![Page 16: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/16.jpg)
16
SET
Byte, June 1997
![Page 17: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/17.jpg)
17
June 1997
![Page 18: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/18.jpg)
18
June 1997
![Page 19: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/19.jpg)
19
The Use of Smartcards
Byte, June 1997
![Page 20: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/20.jpg)
20Minimal Key Lengths for Symmetric Ciphers, Matt Blaze and others, 1996.
![Page 21: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/21.jpg)
21
Avoiding bogus encryption products, Matt Curtin, 1998.
![Page 22: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/22.jpg)
22
RSAfrom the RSA FAQ
• RSA is a public-key cryptosystem– take two large primes, p and q,– find their product n = pq; (n is called the
modulus)– Choose, e, less than n and relatively prime to (p-
1)(q-1), and find its inverse, d, mod (p-1)(q-1), which means that:
ed = 1 mod (p-1)(q-1);– e and d are called the public and private
exponents, respectively.– The public key is the pair (n,e);– the private key is d.– The factors p and q must be kept secret, or
destroyed.
![Page 23: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/23.jpg)
23
Two numbers are relatively prime when they share no factors in common other than 1. In other words, if the greatest common divisor of a and n is equal to 1. This is written:
gcd(a,n) = 1
![Page 24: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/24.jpg)
24
• It is difficult (presumably) to obtain the private key d from the public key (n,e).
• If one could factor n into p and q, however, then one could obtain the private key d.
• Thus the entire security of RSA is predicated on the assumption that factoring is difficult.
![Page 25: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/25.jpg)
25
RSA encryption:• suppose Alice wants to send a private
message, m, to Bob.• Alice creates the ciphertext
c = m^e mod n,• e and n are Bob's public key.• To decrypt, Bob computes:
m = c^d mod n, • and recovers the original message m; the
relationship between e and d ensures that Bob correctly recovers m. Since only Bob knows d, only Bob can decrypt.
![Page 26: 1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.](https://reader036.fdocuments.net/reader036/viewer/2022062517/56649f285503460f94c4037f/html5/thumbnails/26.jpg)
26
• public-key operations take O(k^2) steps,
• private key operations take O(k^3) steps,
• key generation takes O(k^4) steps
• where k is the number of bits in the modulus