Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Slides:



Advertisements
Similar presentations
Weighing the Risks and Benefits of Online Financial Transactions
Advertisements

Internet payment systems
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Electronic Check Payment Protocols and Systems
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.
Paying via the Net Jan Damsgaard Dept. of Informatics Copenhagen Business School
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.
“Electronic Payment System”
FINANCIAL SOCCER Module 3 Credit, debit and prepaid cards Collect a quiz and worksheet from your teacher.
Electronic Payment Systems. Transaction reconciliation –Cash or check.
E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.
Payment Systems for Electronic Commerce
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
DEBIT CARDS.
Copyright © 2002 Pearson Education, Inc. Slide 6-1.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
MIS 3090 IT for Financial Services Digital Cash September 4, 2015.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Chapter 7 Online Banking.  Online Banking Online banking isn't out to change your money habits. It simply uses today's technology to give you the option.
Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Lecture 12 E-Commerce and Digital Cash. As communication technologies, such as the Internet and wireless networks, have advanced, new avenues of commerce.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Business Administration term project 2 (25%) financial Management Systems Debit card and credit card payments By Ashleigh Gray.
Chapter 9: Payment System for Electronic Commerce.
Figure 15.1 Conventional Cryptography
2/16/001 E-commerce Systems Electronic Payment Systems.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
BZUPAGES.COM E-cash Payment System A company, DigiCash, has pioneered the use of electronic cash or e-cash. Anonymity of the buyer is the key feature of.
Credit Card. Basic Knowledge about Credit Card A Credit card is a plastic card that provides a cardholder electronic access to his / her bank account.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Electronic Banking & Security Electronic Banking & Security.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
DEBIT CARDS. What is a Debit Card? almost instantaneously  When a consumer makes a purchase with a debit card, the funds are electronically transferred.
Secure Electronic Transaction
Who Uses Encryption? Module 7 Section 3.
Secure Electronic Transaction (SET) University of Windsor
Electronic Payment Security Technologies
Presentation transcript:

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt

Understanding Networked Applications: A First Course Electronic payments by David G. Messerschmitt

Understanding Networked Applications A First Course 3 Electronic payments: the players Consumer Merchant Financial institutions Physical tokens representing value

Understanding Networked Applications A First Course 4 Some forms of spending money Demand deposit Cash reserves Credit Debit Check Cash Loan Withdrawal

Understanding Networked Applications A First Course 5 Questions about value tokens Who will back the value? How is fraud, counterfeiting, etc. prevented? Will value restored if lost or stolen? Is it subject to regulation? Who pays for the system? Is it traced?

Understanding Networked Applications A First Course 6 Policy dilemmas Multiplicity of incompatible payment systems? Tracing and auditing: –Criminal prosecution –Taxation vs –Personal privacy

Understanding Networked Applications A First Course 7 Some privacy initiatives Open Profiling Standard TRUSTe Anonymous digital cash

Understanding Networked Applications A First Course 8 Electronic credit and debit Standard authentication, confidentiality, and non-repudiation techniques can be used –Asymmetric encryption and certificates Framework must take into account different institutions involved Example: Secure Electronic Transactions (SET) of Visa/Mastercard

Understanding Networked Applications A First Course 9 Participants Consumer (cardholder) Merchant Acquirer: financial institution acting as transaction clearinghouse for merchant Issuer: financial institution that issued consumer credit/debit card Association: Visa or Mastercard

Understanding Networked Applications A First Course 10 SET chain of trust Cardholder Acquirer Issuer AssociationSET Root Merchant (self-signed, included in all software)

Understanding Networked Applications A First Course 11 SET order/payment protocol initiate purchase authorize capture ConsumerMerchant Acquirer Issuer authorize capture

Understanding Networked Applications A First Course 12 Smartcard Card that contains encapsulated electronics and can be used for various forms of electronic commerce (and other things)

Understanding Networked Applications A First Course 13 Prepaid smartcard options Memory card –Memory plus password/PIN protection Shared-secret –Mutual authentication of any terminal sharing the secret Signature-carrying –Carries signatures created by institution Signature-creating –Hardware to create signature based on secret key

Understanding Networked Applications A First Course 14 Smartcard merits Memory –Closed system: single institution –No authentication of terminal Shared-secret –Requires encapsulated module in terminal, one to carry each card secret –One secret per institution implies that all cards of that institution can be compromised

Understanding Networked Applications A First Course 15 Smartcard merits (con’t) Signature –Terminals need only public keys –Easy to handle multiple institutions All but signature-carrying have unique card identity, and hence institutions can invade privacy by linking transactions

Understanding Networked Applications A First Course 16 Hard vs. digital cash Withdraw Deposit

Understanding Networked Applications A First Course 17 Digital cash Since digital cash is represented by data, it is easily replicated. How do we prevent: Counterfeiting? Multiple spending?

Understanding Networked Applications A First Course 18 What is a digital cash token? Unique identifier Value attribute Bank digital signature Bit string Prevents counterfeiting Prevents spending more than once

Understanding Networked Applications A First Course 19 Financial institution perspective Consumer’s demand deposit Branch ATMDigital branch Currency in wallet Currency in smartcard Merchant Merchant’s demand deposit Vault cash  Digital cash liability  Payment Deposit Withdrawal May return as more digital cash

Understanding Networked Applications A First Course 20 Digital cash must be deposited Consumer walletConsumer smartcard Merchant Hard currency SpendDeposit Digital cash Deposit Withdraw as new digital cash

Understanding Networked Applications A First Course 21 Possible characteristics of digital cash Anonymity of consumer –Merchant knows who paid, but that information is not inherent to the digital cash itself –Financial institution knows what merchant deposited Attribution of cheating –Double spending Authorized traces

Understanding Networked Applications A First Course 22 Spending anonymity Withdrawal Payment Deposit Withdrawal and deposit are traceable, but can we break the chain somewhere?

Understanding Networked Applications: A First Course Supplements by David G. Messerschmitt

Understanding Networked Applications A First Course 24 Message digest MD algorithm Message Message digest MD is a fixed length (128 or 160 bit) summary of message One way: message cannot be recovered from MD Collision-free: computationally infeasible to find a message corresponding to a given MD

Understanding Networked Applications A First Course 25 Digital signature based on a message digest MD Encrypt secret key Message Decrypt public key MD Compare Signature generation Signature checking

Understanding Networked Applications A First Course 26 Dual signature Offer Payment authorization Dual signature Merchant Acquirer Consumer MD Acquirer can verify binding of offer and authorization, does not see offer Merchant can verify binding of offer and authorization, does not see authorization

Understanding Networked Applications A First Course 27 Spending anonymity Create $$, including identifier Blind signature If the consumer’s software creates the digital cash, and the bank signs it blindly, the bank will not see the identifier. The cut and choose protocol assures the bank the $$ is proper. Repeat n times Cut and choose one

Understanding Networked Applications A First Course 28 Blind signature analogy Token Carbon Put token and carbon in envelope $$ Present to bank for embossing Remove token from envelope $$ Consumer gets bank to sign cash token without observing contents

Understanding Networked Applications A First Course 29 Cut and choose protocol $$ Randomly choose one, check others Blind signature $$ Although the bank can’t see what it is signing, with the cut and choose the incentive for the consumer is to generate legitimate instances of digital cash.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.