Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.
-
Upload
ariel-elmore -
Category
Documents
-
view
219 -
download
1
Transcript of Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.
![Page 1: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/1.jpg)
Internet payment systemsInternet payment systems
Varna Free University
E-BUSINESS
Prof. Teodora Bakardjieva
![Page 2: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/2.jpg)
27 Sept. 99 2
Outline
• Introduction
• Issues related
• Security
• Outstanding protocols
• Mechanisms
• Advantages and disadvantages
• Conclusion
![Page 3: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/3.jpg)
27 Sept. 99 3
Introduction
• In the past year, the number of users reachable through Internet has increased dramatically
• Potential to establish a new kind of open marketplace for goods and services
![Page 4: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/4.jpg)
27 Sept. 99 4
Introduction (cont)
• Online shops in Internet– Bookshop (Amazon.com)– Flight Resevation and Hotel Reservation
shopping place, etc.
• An effective payment mechanism is needed
![Page 5: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/5.jpg)
27 Sept. 99 5
Issues related
• Security Performance
• Reliability
• Efficiency
• Bandwidth
• Anonymity (mainly in electronic coins)
![Page 6: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/6.jpg)
27 Sept. 99 6
Security
• Internet is not a secure place
• There are attacks from:– eavesdropping– masquerading– message tampering– replay
![Page 7: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/7.jpg)
27 Sept. 99 7
How to solve?
• RSA public key cryptography is widely used for authentication and encryption in the computer industry
• Using public/private (asymmetric) key pair or symmetric session key to prevent eavesdropping
![Page 8: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/8.jpg)
27 Sept. 99 8
How to solve? (cont)
• Using message digest to prevent message tampering
• Using nonce to prevent replay
• Using digital certificate to prevent masquerading
![Page 9: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/9.jpg)
![Page 10: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/10.jpg)
![Page 11: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/11.jpg)
![Page 12: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/12.jpg)
27 Sept. 99 12
Outstanding protocols
• Credit card based– Secure Electronic Transaction (SET)– Secure Socket Layer (SSL)
• Electronic coins– DigiCash– NetCash
![Page 13: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/13.jpg)
27 Sept. 99 13
Credit-card based systems
• Parties involved: cardholder, merchant, issuer, acquirer and payment gateway
• Transfer user's credit-card number to merchant via insecure network
• A trusted third party to authenticate the public key
![Page 14: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/14.jpg)
27 Sept. 99 14
Secure Electronic Transaction (SET)
• Developed by VISA and MasterCard
• To facilitate secure payment card transactions over the Internet
• Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity
• It is the most secure payment protocol
![Page 15: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/15.jpg)
27 Sept. 99 15
FrameworkFinancial Network
Card Issuer
Payment Gateway
Card Holder
MerchantSET
SET
Non-SETNon-SET
![Page 16: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/16.jpg)
27 Sept. 99 16
Payment processes
• The messages needed to perform a complete purchase transaction usually include:– Initialization (PInitReq/PInitRes)– Purchase order (PReq/PRes)– Authorization (AuthReq/AuthRes)– Capture of payment (CapReq/CapRes)
![Page 17: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/17.jpg)
Typical SET Purchase Trans.Payment GatewayMerchantCardHolder
PInitReq
PInitRes
PReq
PRes
AuthReq
AuthRes
CapReq
CapRes
![Page 18: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/18.jpg)
27 Sept. 99 18
Initialization
CardholderCardholder MerchantMerchant
PInitReq: {BrandID, LID_C, Chall_C}
PInitRes: {TransID, Date, Chall_C, Chall_M}SigM, CA, CM
![Page 19: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/19.jpg)
27 Sept. 99 19
Purchase order
CardholderCardholder MerchantMerchant
PReq: {OI, PI}
Pres: {TransID, [Results], Chall_C}SigM
![Page 20: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/20.jpg)
27 Sept. 99 20
Authorization
MerchantMerchant AcquirerAcquirer IssuerIssuer
{{AuthReq}SigM}PKA
{{AuthRes}SigA}PKM
Existing Financial Network
![Page 21: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/21.jpg)
27 Sept. 99 21
Capture of payment
MerchantMerchant AcquirerAcquirer IssuerIssuer
{{CapRes}SigA}PKM
Existing Financial Network
Clearing
CapReqCapTokenCapToken
![Page 22: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/22.jpg)
27 Sept. 99 22
Advantages
• It is secure enough to protect user's credit-card numbers and personal information from attacks
• hardware independent
• world-wide usage
![Page 23: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/23.jpg)
27 Sept. 99 23
Disadvantages
• User must have credit card
• No transfer of funds between users
• It is not cost-effective when the payment is small
• None of anonymity and it is traceable
![Page 24: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/24.jpg)
27 Sept. 99 24
Electronic cash/coins
• Parties involved: client, merchant and bank
• Client must have an account in the bank
• Less security and encryption
• Suitable for small payment, but not for large payment
![Page 25: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/25.jpg)
27 Sept. 99 25
DigiCash (E-cash)• A fully anonymous electronic cash syste
m• Using blind signature technique• Parties involved: bank, buyer and mercha
nt• Using RSA public-key cryptography• Special client and merchant software are
needed
![Page 26: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/26.jpg)
27 Sept. 99 26
Withdrawing Ecash coins
• User's cyberwallet software calculates how many digital coins are needed to withdraw the requested amount
• software then generates random serial numbers for those coins
• the serial numbers are blinded by multiplying it by a random factor
![Page 27: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/27.jpg)
27 Sept. 99 27
Withdrawing Ecash coins (cont)
• Blinded coins are packaged into a message, digitally signed with user's private key, encrypted with the bank's public key, then sent to the bank
• When the bank receives the message, it checks the signature
• After signing the blind coins, the bank returns them to the user
![Page 28: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/28.jpg)
27 Sept. 99 28
Spending Ecash
![Page 29: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/29.jpg)
27 Sept. 99 29
Advantages
• Cost-effective for small payment
• User can transfer his electronic coins to other user
• No need to apply credit card
• Anonymous feature
• Hardware independent
![Page 30: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/30.jpg)
27 Sept. 99 30
Disadvantages
• It is not suitable for large payment because of lower security
• Client must use wallet software in order to store the withdrawn coins from the bank
• A large database to store used serial numbers to prevent double spending
![Page 31: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/31.jpg)
27 Sept. 99 31
Comparisons
• SET– use credit card– 5 parties involved– no anonymous– large and small
payment
• Ecash– use e-coins– 3 parties involved– anonymous nature– a large database is
needed to log used serial numbers
– small payment
![Page 32: Internet payment systems Varna Free University E-BUSINESS Prof. Teodora Bakardjieva.](https://reader035.fdocuments.net/reader035/viewer/2022062511/5516a20e550346a25b8b5506/html5/thumbnails/32.jpg)
27 Sept. 99 32
Conclusions
• An effective, secure and reliable Internet payment system is needed
• Depending on the payment amount, different level of security is used
• SET protocol is an outstanding payment protocol for secure electronic commerce