Presentation is loading. Please wait.

Presentation is loading. Please wait.

Muhammad Wasim Raad1 Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad.

Similar presentations


Presentation on theme: "Muhammad Wasim Raad1 Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad."— Presentation transcript:

1 Muhammad Wasim Raad1 Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad University Petroleum & Minerals Dhahran-Saudi Arabia

2 Muhammad Wasim Raad2 Entities of the E- payment System Purse Charger (Bank or third party) Identification Card Issuer (Corporate or Service Provider) Card Holder (User) Access Control/E- payment terminal.Corporate secure Log in. Retail POS collecting Highway tax Corporate Information Center (Database)

3 Muhammad Wasim Raad3 System Requirements Privacy Security Support multi- application

4 Muhammad Wasim Raad4 EMV يورو ماستر فيزا Established 1999 by Europay International, Mastercard International & VISA International EMV IC card Spec for payment ensures Cross payment Interoperability between Cards and terminals Latest version:EMV2000 version 4.0(support for lower voltage cards & contactless interface Currently there are greater than 200 million Mastercard, Maestro & Cirrus Chip cards worldwide( more than 80 million of these support EMV)

5 Muhammad Wasim Raad5 Smart Card Market : VISA Smart Credit/Debit (CCCP) Smart Card Market : VISA Smart Credit/Debit (CCCP) Magnetic Credit Authorization Terminal Magnetic Credit Authorization Terminal Smart Credit Authorization Terminal Smart Credit Authorization Terminal Stop manufacturing easy entry card and terminal as well Differentiate a commission rate for interchange : Chip Card versus M/S card All the new terminals should work on Visa Smart Credit/Debit card Recommendation of PIN Pad All the new cards should be equipped with Visa Smart Credit/Debit card in functions All the Card must be issued with functions of Visa Smart Credit/Debit Card. All the terminals must work on Smart Credit/Debit Card Smart Card

6 Muhammad Wasim Raad6 Authentication Card Data : - SDA Certificate - Issuer Public Key Certificate 1. Card Sends : - selected card data - card data certificate - issuer public-key certificate 2. Terminal decodes issuer public key using scheme public key. 3. Verifies card certificate using issuer public key 4. Compares with hashed form of the card data Scheme public key Static Data Authentication

7 Muhammad Wasim Raad7 Authentication (contd) Dynamic Authentication –Challenge-based. –The terminal issues a challenge to the card, –The card signs the card serial number and this challenge. –The terminal verifies this signature. –The card must incorporate the public-key encryption functions. –The private key is permanently stored in the card and protected by physical security features. –Key management issue.

8 Muhammad Wasim Raad8 Authentication (contd) Reset card Answer to reset Select Application Send Application Data Auth. card & terminal Terminal risk management Request cryptogram Card risk management Send cryptogram (Perform online Transaction) Send Results (Complete Transaction) EMV Transaction Model

9 Muhammad Wasim Raad9 Electronic Cash النقد الالكتروني Electronic cash is a general term that describes the attempts of several companies to create a value storage and exchange system that operates online in much the same way that government- issued currency operates in the physical world. Concerns about electronic payment methods include: –Privacy –Security –Independence –Portability –Convenience

10 Muhammad Wasim Raad10 Electronic Cash Issues Primary advantage is with purchase of items less than £5 Credit card transaction fees make small purchases unprofitable Facilitates Micropayments – eg for items costing less than £1 Must be anonymous, just like regular currency Safeguards must be in place to prevent counterfeiting Must be independent and freely transferable regardless of nationality or storage mechanism

11 Muhammad Wasim Raad11 Electronic Cash

12 Muhammad Wasim Raad12 Electronic Cash Storage Two methods –On-line Individual does not have possession personally of electronic cash Trusted third party, e.g. e-banking, bank holds customers cash accounts –Off-line Customer holds cash on smart card or electronic wallet Fraud and double spending require tamper-proof encryption

13 Muhammad Wasim Raad13 Electronic Cash Advantages Electronic cash transactions are more efficient and less costly than other methods. The distance that an electronic transaction must travel does not affect cost. The fixed cost of hardware to handle electronic cash is nearly zero. Electronic cash does not require that one party have any special authorization. Disadvantages Electronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop.

14 Muhammad Wasim Raad14 Disadvantages of Electronic Cash Electronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop.

15 Muhammad Wasim Raad15 ePayment by Smart Card Replace cash Cash is expensive to make and use –Printing, replacement –Anti-counterfeiting measures –Transportation –Security Cash is inconvenient –not machine-readable –humans carry limited amount –risk of loss, theft Additional smart card benefits

16 Muhammad Wasim Raad16 Magnetic, Credit/Debit Card EMV Smart Card Electronic Purse : MONDEX, CEPS, KEP, Ministry of Commerce, Industry & Energy Electronic Purse EFT-POS 1) KEP (Korean Electronic Purse) Korea Financial Telecommunications & Clearings Institute 2) Mondex Electronic Purse Cheju Island (Resort) Project ASEM Project

17 Muhammad Wasim Raad17 6 Smart Cards & ecommerce البطاقات الذكية والتجارة الالكترونية Multi Channel Access

18 Muhammad Wasim Raad18 What Is The Octopus? A pre-paid stored value card utilizing contactless smart card technology Operates within wallet/purse for up to 10cm Less than 1/3 second transaction time

19 Muhammad Wasim Raad19 Octopus Applications Public Transport and related –3 railways, 6000 buses, ferries, Peak Tram, Tramways, public light bus –Car parks –Parking meters

20 Muhammad Wasim Raad20 Octopus in Off-Street Car Parks

21 Muhammad Wasim Raad21 Octopus Applications Recreational facilities –Public swimming pools –Racecourses Non-payment service –Access Control for residential estates –School Attendance

22 Muhammad Wasim Raad22 Octopus Transaction time < 300 milliseconds Transaction fees: HK$ % –$10 transaction costs $0.095 (0.95%) Applications –Transit –Telephones –Road tolls –Point-of-sale –Access control Anonymous / personalized How does money get to service providers? –Net settlement system operated by Creative Star

23 Muhammad Wasim Raad23 M(obile)-Payments M(obile)-Payments – the future? Analysts believe that easy mobile payment is one of the main prerequisites for the success of m-commerce. When the mobile phone can function as an electronic wallet for mobile payments, including micropayments, application developers will find it attractive to introduce new mobile communication services to the market. Examples include mobile entertainment (downloads of music, mobile gambling, etc.), information services (sports news, horoscopes, location-based services, etc.), and real-world services (paying parking fees, buying train or concert tickets, etc.). Network operators envision micropayments as an attractive business that does not compete with banks or credit card companies. For the end user, PayCircle will make m-commerce easy and secure and thus eliminate the major hurdles to widespread adoption and popularity. PayCircle.org PayCircle.org Press release Jan 23rd 2002

24 Muhammad Wasim Raad24 Payment Cards Kb Data rate 115 Kb/sec ISO 7816 compliant Visa-certified PIN management and verification 3DES algorithm for authentication, secure messaging Epurse with payment command set (debit, credit, balance, floor limit management) SOURCE: GEMPLUSGEMPLUS EMV = EUROPAY INT L, MASTERCARD, VISA MPCOS = MULTI PAYMENT CHIP OPERATING SYSTEM

25 Muhammad Wasim Raad25 Can Smart Cards Support Multi-Applications? Capability to download independent Applets, securely Isolated(Java Card) Example: A card may contain Individuals drivers license, multiple credit card & bank accounts, stored value for company cafeteria, & health records A police officers card reader can read drivers license info, but not bank account

26 Muhammad Wasim Raad26 The Java Simtoolkit Since 3KB SIM memory has increased to 8KB, 32KB and lately to 64KB SIM Application toolkit explores full potential smart cards Spec defines commands and proceduresfor running handset independent SIMtoolkit applications Produces extra revenue through ( mobile banking, stock trading, games, s,…)

27 Muhammad Wasim Raad27 France Telecom first launch of Sim toolkit developped by Gemplus Operators can give end-users access to many on screen services Fast user-friendly access to the latest news, weather report or practical details on traffic finance and leasure Subscribers can update their selection and gain access to new services Java applets can be downloaded using SMS or internet

28 Muhammad Wasim Raad28

29 Muhammad Wasim Raad29 Providing Value Added services GSM Cellnet and Barclaycard developped wireless finantial service smart card SIM activates users Cellnet GSM phone Provides a Barclay services menu

30 Muhammad Wasim Raad30 Swedish Bank Utility Bill Payment SIM card allows users to access service by menu navigation Users can pay their utility bills away from home by keying information such as origin and destination bank account numbers

31 Muhammad Wasim Raad31 Hong Kong Smart Cards Octopus –8 million cards, 9000 readers –7 million transactions/day Visacash ComPass Visa (VME) Mondex GSM SIM ePark

32 Muhammad Wasim Raad32 Mondex Smart-card-based, stored-value card (SVC) Subsidiary of MasterCard NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM –ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal

33 Muhammad Wasim Raad33 Mondex Subsidiary of MasterCard Smart-card-based, stored-value card (SVC) NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM –ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal

34 Muhammad Wasim Raad34 Mondex Smart Card Holds and dispenses electronic cash Developed by MasterCard International Requires specific card reader for merchant or customer to use card over Internet Supports micropayments as small as 2p and works both online and off-line at stores or over the telephone

35 Muhammad Wasim Raad35 Mondex Smart Card

36 Muhammad Wasim Raad36 Mondex Overview SOURCES: OKI, MONDEX USA

37 Muhammad Wasim Raad37 Mondex Security Active and dormant security software –Security methods constantly changing –ITSEC E6 level (military) VTP (Value Transfer Protocol) –Globally unique card numbers –Globally unique transaction numbers –Challenge-response user identification –Digital signatures MULTOS operating system –firewalls on the chip

38 Muhammad Wasim Raad38 Mondex Smart Card Disadvantages –Card carries real cash in electronic form, creating the possibility of theft –No deferred payment as with credit cards -cash is dispensed immediately –Trialled in Swindon but not taken up

39 Muhammad Wasim Raad39 Mondex Components (Hitachi) Cashless ATM Electronic Cash Register PCMCIA Reader/Writer Electronic Wallet Key Fob Balance Reader SOURCE: HITACHI

40 Muhammad Wasim Raad40 E-payment smart cards

41 Muhammad Wasim Raad41 E-payment smart cards continued

42 Muhammad Wasim Raad42

43 Muhammad Wasim Raad43

44 Muhammad Wasim Raad44 13 Smart cards in ecommerce Amex Blue

45 Muhammad Wasim Raad45

46 Muhammad Wasim Raad46 Proximity Solutions for MULTOS 2 types of MULTOS Dual-Interface cards – supporting communication with the chip via both the contact plate and the contactless interface based on Proximity Standard - ISO l Hitachi/DNP Contactless MULTOS: 36K EEPROM, Type B contactless interface, Available now l Supports both versions of Paypass transaction (contactless M/Chip 4, or Contactless Track 2 data) and in fact can execute ANY existing MULTOS application over the contactless interface. l Keycorp / Philips Contactless MULTOS, 16K EEPROM, MIFARE Type A contactless interface, Prototypes available now l Supports Mifare ticketing only. Full contactless MULTOS application execution planned for Q K issued for Japan Residential ID card

47 Muhammad Wasim Raad47 Visa Wave First Commercial Visa contact less card Global Platform EMV Visa debit/credit for more than 2000 consumer

48 Muhammad Wasim Raad48 Electronic Payment Evolution in the U.S. Credit card acceptance by retailers Zip zap machine Negative card list First plastic credit card was introduced Online Authorization Draft capture Electronic settlement Online credit & debit 2004 Results: Electronic Payment – 36% Cash & Checks – 64% Magnetic Stripe card was Introduced Online credit & debit Speed, convenience, & reward to drive cash replacement faster Differentiating payment services Enriched consumer shopping experience Possible Objective by 2010: Electronic Payment – 70% Cash & Checks – 30% Contactless payment solution was introduced in 2002

49 Muhammad Wasim Raad49 ViVOpay Contactless Readers for POS ViVOtech has shipped 100,000 contactless readers in last 18 months. Mostly in the U.S. ViVOpay 3000 ViVOpay Drive Thru ViVOpay 4000 Box Office Window

50 Muhammad Wasim Raad50 ViVOwallet Software for NFC Phone ViVOwallet is a Software Utility that turns an NFC-enabled Mobile Phone into a Payment Device Supports a standard credit card in form of a soft card. Provisioning via OTA (Over The Air) transmission Makes it work with 10s of thousands of contactless readers being deployed

51 Muhammad Wasim Raad51 Wireless Card Authorization SOURCE: SAMSUNGSAMSUNG

52 Muhammad Wasim Raad52 Multi-application smart card example

53 Muhammad Wasim Raad53 Case Studies

54 Muhammad Wasim Raad54 Smart Cards Will Play an Important Role In Ecommerce: Provide a secure storage for digital certificates and personal identification Convenience-Multifunction Card like the JAVA Card and very portable Log recent activities Can Provide automatic Logins to designated websites without having to remember passwords and login procedures Suitable for payment over the internet

55 Muhammad Wasim Raad55 Conclusion الخلاصة –With EMV expected to move to Smart Cards by 2007, huge boom expected. –Cards will become truly multifunctional. –Application Downloading. –Interoperability issue solved

56 Muhammad Wasim Raad56 References


Download ppt "Muhammad Wasim Raad1 Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad."

Similar presentations


Ads by Google