Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Engineering Department

Similar presentations


Presentation on theme: "Computer Engineering Department"— Presentation transcript:

1 Computer Engineering Department
Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad University Petroleum & Minerals Dhahran-Saudi Arabia Muhammad Wasim Raad

2 Entities of the E-payment System
Identification Card Issuer (Corporate or Service Provider) Purse Charger (Bank or third party) Access Control/E-payment terminal .Corporate secure Log in .Retail POS collecting Highway tax Card Holder (User) Corporate Information Center (Database) Muhammad Wasim Raad

3 Support multi-application
System Requirements Privacy Security Support multi-application Muhammad Wasim Raad

4 EMVيورو ماستر فيزا Established 1999 by Europay International, Mastercard International & VISA International EMV IC card Spec for payment ensures Cross payment Interoperability between Cards and terminals Latest version:EMV2000 version 4.0(support for lower voltage cards & contactless interface Currently there are greater than 200 million Mastercard, Maestro & Cirrus Chip cards worldwide( more than 80 million of these support EMV) Muhammad Wasim Raad

5 Smart Card Smart Card Market : VISA Smart Credit/Debit (CCCP)
Magnetic Credit Authorization Terminal Smart Credit Authorization Terminal 2000. Stop manufacturing easy entry card and terminal as well Differentiate a commission rate for interchange : Chip Card versus M/S card 2002. All the new terminals should work on Visa Smart Credit/Debit card Recommendation of PIN Pad. 2000 2002 2005 2008 2005. All the new cards should be equipped with Visa Smart Credit/Debit card in functions. All the Card must be issued with functions of Visa Smart Credit/Debit Card. All the terminals must work on Smart Credit/Debit Card Muhammad Wasim Raad

6 Static Data Authentication
Card Data : - SDA Certificate - Issuer Public Key Certificate Scheme public key 1. Card Sends : - selected card data - card data certificate - issuer public-key certificate 2. Terminal decodes issuer public key using scheme public key. 3. Verifies card certificate using issuer public key 4. Compares with hashed form of the card data Static Data Authentication Muhammad Wasim Raad

7 Authentication (cont’d)
Dynamic Authentication Challenge-based. The terminal issues a challenge to the card, The card signs the card serial number and this challenge. The terminal verifies this signature. The card must incorporate the public-key encryption functions. The private key is permanently stored in the card and protected by physical security features. Key management issue. Muhammad Wasim Raad

8 Authentication (cont’d)
Reset card Answer to reset Select Application Send Application Data Auth. card & terminal Terminal risk management Request cryptogram Card risk management Send cryptogram (Perform online Transaction) Send Results (Complete Transaction) EMV Transaction Model Muhammad Wasim Raad

9 Electronic Cashالنقد الالكتروني
Electronic cash is a general term that describes the attempts of several companies to create a value storage and exchange system that operates online in much the same way that government-issued currency operates in the physical world. Concerns about electronic payment methods include: Privacy Security Independence Portability Convenience Muhammad Wasim Raad

10 Electronic Cash Issues
Primary advantage is with purchase of items less than £5 Credit card transaction fees make small purchases unprofitable Facilitates Micropayments – eg for items costing less than £1 Must be anonymous, just like regular currency Safeguards must be in place to prevent counterfeiting Must be independent and freely transferable regardless of nationality or storage mechanism Muhammad Wasim Raad

11 Electronic Cash Muhammad Wasim Raad

12 Electronic Cash Storage
Two methods On-line Individual does not have possession personally of electronic cash Trusted third party, e.g. e-banking, bank holds customers’ cash accounts Off-line Customer holds cash on smart card or electronic wallet Fraud and double spending require tamper-proof encryption Muhammad Wasim Raad

13 Electronic Cash Advantages Disadvantages
Electronic cash transactions are more efficient and less costly than other methods. The distance that an electronic transaction must travel does not affect cost. The fixed cost of hardware to handle electronic cash is nearly zero. Electronic cash does not require that one party have any special authorization. Disadvantages Electronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop. Muhammad Wasim Raad

14 Disadvantages of Electronic Cash
Electronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop. Muhammad Wasim Raad

15 ePayment by Smart Card Replace cash Cash is expensive to make and use
Printing, replacement Anti-counterfeiting measures Transportation Security Cash is inconvenient not machine-readable humans carry limited amount risk of loss, theft Additional smart card benefits Muhammad Wasim Raad 52

16 Electronic Purse EMV Smart Card Electronic Purse : MONDEX, CEPS, KEP,
EFT-POS Magnetic, Credit/Debit Card EMV Smart Card Electronic Purse : MONDEX, CEPS, KEP, Ministry of Commerce, Industry & Energy 1) KEP (Korean Electronic Purse) Korea Financial Telecommunications & Clearings Institute 2) Mondex Electronic Purse Cheju Island (Resort) Project ASEM Project Muhammad Wasim Raad

17 6 Smart Cards & ecommerce Multi Channel Access
البطاقات الذكية والتجارة الالكترونية 6 Multi Channel Access Muhammad Wasim Raad

18 What Is The Octopus? A pre-paid stored value card utilizing contactless smart card technology Operates within wallet/purse for up to 10cm Less than 1/3 second transaction time Muhammad Wasim Raad

19 Octopus Applications Public Transport and related
3 railways, 6000 buses, ferries, Peak Tram, Tramways, public light bus Car parks Parking meters Muhammad Wasim Raad

20 Octopus in Off-Street Car Parks
Muhammad Wasim Raad

21 Octopus Applications Recreational facilities Non-payment service
Public swimming pools Racecourses Non-payment service Access Control for residential estates School Attendance Muhammad Wasim Raad

22 Octopus Transaction time < 300 milliseconds
Transaction fees: HK$ % $10 transaction costs $0.095 (0.95%) Applications Transit Telephones Road tolls Point-of-sale Access control Anonymous / personalized How does money get to service providers? Net settlement system operated by Creative Star Muhammad Wasim Raad 52

23 M(obile)-Payments – the future?
“Analysts believe that easy mobile payment is one of the main prerequisites for the success of m-commerce. When the mobile phone can function as an electronic wallet for mobile payments, including micropayments, application developers will find it attractive to introduce new mobile communication services to the market. Examples include mobile entertainment (downloads of music, mobile gambling, etc.), information services (sports news, horoscopes, location-based services, etc.), and real-world services (paying parking fees, buying train or concert tickets, etc.). Network operators envision micropayments as an attractive business that does not compete with banks or credit card companies. For the end user, PayCircle will make m-commerce easy and secure and thus eliminate the major hurdles to widespread adoption and popularity.” PayCircle.org Press release Jan 23rd 2002 Muhammad Wasim Raad

24 Payment Cards 8-128 Kb Data rate 115 Kb/sec ISO 7816 compliant
EMV = EUROPAY INT’L, MASTERCARD, VISA MPCOS = MULTI PAYMENT CHIP OPERATING SYSTEM 8-128 Kb Data rate 115 Kb/sec ISO 7816 compliant Visa-certified PIN management and verification 3DES algorithm for authentication, secure messaging Epurse with payment command set (debit, credit, balance, floor limit management) SOURCE: GEMPLUS Muhammad Wasim Raad

25 Can Smart Cards Support Multi-Applications?
Capability to download independent Applets, securely Isolated(Java Card) Example: A card may contain Individual’s driver’s license, multiple credit card & bank accounts, stored value for company cafeteria, & health records A police officer’s card reader can read driver’s license info, but not bank account Muhammad Wasim Raad

26 The Java Simtoolkit Since 3KB SIM memory has increased to 8KB, 32KB and lately to 64KB SIM Application toolkit explores full potential smart cards Spec defines commands and proceduresfor running handset independent SIMtoolkit applications Produces extra revenue through ( mobile banking, stock trading, games, s,…) Muhammad Wasim Raad

27 France Telecom first launch of Sim toolkit developped by Gemplus
Operators can give end-users access to many on screen services Fast user-friendly access to the latest news, weather report or practical details on traffic finance and leasure Subscribers can update their selection and gain access to new services Java applets can be downloaded using SMS or internet Muhammad Wasim Raad

28 Muhammad Wasim Raad

29 Providing Value Added services
GSM Cellnet and Barclaycard developped wireless finantial service smart card SIM activates user’s Cellnet GSM phone Provides a Barclay services menu Muhammad Wasim Raad

30 Swedish Bank Utility Bill Payment
SIM card allows users to access service by menu navigation Users can pay their utility bills away from home by keying information such as origin and destination bank account numbers Muhammad Wasim Raad

31 Hong Kong Smart Cards Octopus Visacash ComPass Visa (VME) Mondex
8 million cards, 9000 readers 7 million transactions/day Visacash ComPass Visa (VME) Mondex GSM SIM ePark Muhammad Wasim Raad

32 Mondex Smart-card-based, stored-value card (SVC)
Subsidiary of MasterCard NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal Muhammad Wasim Raad 52

33 Mondex Subsidiary of MasterCard
Smart-card-based, stored-value card (SVC) NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal Muhammad Wasim Raad

34 Mondex Smart Card Holds and dispenses electronic cash
Developed by MasterCard International Requires specific card reader for merchant or customer to use card over Internet Supports micropayments as small as 2p and works both online and off-line at stores or over the telephone Muhammad Wasim Raad

35 Mondex Smart Card Muhammad Wasim Raad

36 SOURCES: OKI, MONDEX USA
Mondex Overview SOURCES: OKI, MONDEX USA Muhammad Wasim Raad

37 Mondex Security Active and dormant security software
Security methods constantly changing ITSEC E6 level (military) VTP (Value Transfer Protocol) Globally unique card numbers Globally unique transaction numbers Challenge-response user identification Digital signatures MULTOS operating system firewalls on the chip Muhammad Wasim Raad

38 Mondex Smart Card Disadvantages
Card carries real cash in electronic form, creating the possibility of theft No deferred payment as with credit cards -cash is dispensed immediately Trialled in Swindon but not taken up Muhammad Wasim Raad

39 Mondex Components (Hitachi)
Cashless ATM PCMCIA Reader/Writer Electronic Cash Register Key Fob Balance Reader Electronic Wallet SOURCE: HITACHI Muhammad Wasim Raad 52

40 E-payment smart cards Muhammad Wasim Raad

41 E-payment smart cards continued
Muhammad Wasim Raad

42 Muhammad Wasim Raad

43 Muhammad Wasim Raad

44 Smart cards in ecommerce
13 Amex Blue Muhammad Wasim Raad

45 Muhammad Wasim Raad

46 Proximity Solutions for MULTOS
2 types of MULTOS “Dual-Interface” cards – supporting communication with the chip via both the contact plate and the contactless interface based on Proximity Standard - ISO 14443 Hitachi/DNP Contactless MULTOS: 36K EEPROM, Type B contactless interface, Available now Supports both versions of Paypass transaction (contactless M/Chip 4, or Contactless Track 2 data) and in fact can execute ANY existing MULTOS application over the contactless interface. Keycorp / Philips Contactless MULTOS, 16K EEPROM, MIFARE Type A contactless interface, Prototypes available now Supports Mifare ticketing only. Full contactless MULTOS application execution planned for Q3 2004 250K issued for Japan Residential ID card Muhammad Wasim Raad

47 Visa Wave First Commercial Visa contact less card Global Platform EMV
Visa debit/credit for more than 2000 consumer Muhammad Wasim Raad

48 Electronic Payment Evolution in the U.S.
Online credit & debit Speed, convenience, & reward to drive cash replacement faster Differentiating payment services Enriched consumer shopping experience Possible Objective by 2010: Electronic Payment – 70% Cash & Checks – 30% Contactless payment solution was introduced in 2002 Online Authorization Draft capture Electronic settlement Online credit & debit 2004 Results: Electronic Payment – 36% Cash & Checks – 64% Magnetic Stripe card was Introduced Credit card acceptance by retailers Zip zap machine Negative card list First plastic credit card was introduced Muhammad Wasim Raad

49 ViVOpay Contactless Readers for POS
ViVOpay Drive Thru ViVOtech has shipped 100,000 contactless readers in last 18 months. Mostly in the U.S. Box Office Window Muhammad Wasim Raad

50 ViVOwallet Software for NFC Phone
ViVOwallet is a Software Utility that turns an NFC-enabled Mobile Phone into a Payment Device Supports a standard credit card in form of a “soft card”. Provisioning via OTA (Over The Air) transmission Makes it work with 10’s of thousands of contactless readers being deployed Muhammad Wasim Raad

51 Wireless Card Authorization
SOURCE: SAMSUNG Muhammad Wasim Raad

52 Multi-application smart card example
Muhammad Wasim Raad

53 Case Studies Muhammad Wasim Raad

54 Smart Cards Will Play an Important Role In Ecommerce:
Provide a secure storage for digital certificates and personal identification Convenience-Multifunction Card like the JAVA Card and very portable Log recent activities Can Provide automatic Logins to designated websites without having to remember passwords and login procedures Suitable for payment over the internet Muhammad Wasim Raad

55 Conclusionالخلاصة With EMV expected to move to Smart Cards by 2007, huge boom expected. Cards will become truly multifunctional. Application Downloading. Interoperability issue solved Muhammad Wasim Raad

56 References www.smartcardbasics.com www.gemplus.com
Muhammad Wasim Raad


Download ppt "Computer Engineering Department"

Similar presentations


Ads by Google