Electronic Payment Mechanism
Transcript of Electronic Payment Mechanism
-
8/2/2019 Electronic Payment Mechanism
1/15
Electronic payment
mechanism
Rubina of
m.Com 2nd
yearpresents
-
8/2/2019 Electronic Payment Mechanism
2/15
Topics to be dealt with..
What Electronic payment mechanism means ?
Encryption meaning
encryption and cryptography methods Methods of electronic payment
Set protocol and its components
-
8/2/2019 Electronic Payment Mechanism
3/15
Electronic payment
Electronic payment is an integral part of
electronic commerce Electronic payment is a financial exchange that
takes place online between buyers and sellers
The content of this exchange is usually someform of digital financial instrument such asencrypted credit card numbers ,electronicchecks, digital cash.
It decreases technology cost, reducedoperational and processing costs and increasesonline commerce.
-
8/2/2019 Electronic Payment Mechanism
4/15
Features of payment methods Anonymity : it is concerned with whether a third
party can trace back who was involved in thepayment transaction
Security: it is concerned with whether apayment method is secure
Overhead cost: it is concerned with overheadcost of processing a payment
Transferability: whether a payment can becarried out without involvement of a third party
Divisibility: whether the total sum of payment iseasily divisible in small sums
Acceptability: it should have been globallyaccepted
-
8/2/2019 Electronic Payment Mechanism
5/15
EncryptionMeaning
It is the process of transforming plain text or data into
cipher text that cannot be read by any one other thanthe sender and the receiver.
Purpose of encryption
To secure stored information
To secure information transmission
It provides following security services:
Message integrity-assure non alteration of message
Non repudiation-prevents user from denying he/she hassend it
Authentication-provides verification of identity of person
Confidentiality- assure that message was not read byothers
-
8/2/2019 Electronic Payment Mechanism
6/15
Methods of encryption and cryptographyThere are two basic methods of encryption
Symmetric key
Asymmetric or public key
Symmetric key :
It is also known as secret key encryption.
Here both the sender and receiver of message uses the
same key for encryption and decryption The keys or ciphers used are digital strings i.e. combination
of 0s and 1s (bits)
For instance binary representation of letter A in ASCIIcode is 8 binary digits i.e. 01000001
To encrypt the above 8 bit binary digit into cipher form wemultiply each letter by another 8 bit key number(eg:01010101)
By doing so we get an encrypted message which is thensent to the recipient.
-
8/2/2019 Electronic Payment Mechanism
7/15
Public key encryption:
Here both the sender and the receiver uses
different keys to encrypt and decrypt themessage
Features
Two mathematically related digital keys are useda public and a private key
The private key is kept secret by the owner and
the public key is widely disseminated. Once a key is used to encrypt the message the
same cannot be used to decrypt the message.
it solves the problem of exchanging keys
-
8/2/2019 Electronic Payment Mechanism
8/15
Basic Public key cryptography process
1.Original
messagebuy Cisco
@RS.25000
2.Recipients public key
3.Message
encrypted incipher text
10101101110001
4.internet5.Recepie
nts private
key
Buycicso
@RS
Recipien
t
Sender
-
8/2/2019 Electronic Payment Mechanism
9/15
Public key using digital signature and hash digits In basic public key encryption some elements of security is
missing
A more sophisticated use of public key cryptography canachieve authentication, on repudiation, and integrity
This can be done by using hash function and digital signature
Hash function: it is an algorithm that produces fixed lengthnumber called hash or message digest
The results of applying hash is send to the recipient.
Digital signature: it is a signed cipher text that can be sent over
internet , Generally senders private key is used to sign thecipher text
Steps in encryption:
The sender encrypts the entire block of cipher text one more
time by using his private key.
-
8/2/2019 Electronic Payment Mechanism
10/15
The recipient of this signed text first user senders public key
to authenticate message
Then uses his private key to obtain hash result and original
message
Finally , he computes the hash value and compare with the
received hash value
If the results are same then the message ha snot been altered
Digital envelope
A technique that uses symmetric key for encrypting and alsouses
public key to encrypt and send the symmetric key
Here we have a key within a keyIt helps in improving the efficiency and provide authentication of
message
-
8/2/2019 Electronic Payment Mechanism
11/15
SET protocol for credit payment Secure electronic transactions (SET) is a protocol for
encrypted credit card payment transfers.
Announced in February 1996, by visa and master card
Set establishes a single technical standard forprotecting payment card purchases over the internet
Features of SET:
confidentiality through encryption
Integrity- through digital signatures
Consumer account and merchant accountauthentication through digital certificates
Interoperability must be applicable on a variety of
hardware and software platforms
-
8/2/2019 Electronic Payment Mechanism
12/15
SET components and its phasesMerchant the seller
Cardholdera registered holder of credit card Issuer bank which issues card to cardholder
Acquirer a third party acting as an agent to merchant
Payment gateway a third party which authorizes andprocesses credit card payments.
SET has the following phases:
Certificate issuance
Purchase initiation and response Authentication of merchant and cardholder
Authorization of transaction by the credit cardcompany
-
8/2/2019 Electronic Payment Mechanism
13/15
SET purchase modelVerification of merchant Verification of
certificate Cardholder certificate
merchant certificate issued cardholder certificateissued
purchase request
purchase response
Authorization request
Authorization response
Certificate
authority chain
Certificate
authority
Certificate
authority
Merchant Cardholder
Payment
gateway(acquirer)
-
8/2/2019 Electronic Payment Mechanism
14/15
Finally it employs cryptography method , ituses symmetric and public private key
It even uses dual signature
Set is much wider in scope when compared toSSL (secure socket layer ) connection as itdoes not mandate the use of digitalcertificates, dual signatures and online
authorization.
-
8/2/2019 Electronic Payment Mechanism
15/15
Thank you