Epayment System using Java April, 11. 2001 Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Internet payment systems
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Chapter 8 Web Security.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
Chapter 8 Electronic Payment Systems and Security 1.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Henric Johnson1 Chapter 8 WEB Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
Cryptography and Network Security
Chapter 8 Electronic Payment Systems and Security
BY GAWARE S.R. DEPT.OF COMP.SCI
Cryptography and Network Security
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung

2 Index 1. Introduction 2. What is E-payment system ? 3. Comparison between SSL and SET(1)(2) 4. Secure Transmission Schemes in SSL and SET Protocol(1)(2) 5. The Player and essential security Requirements in SET 6. Entities of SET protocol in Cybershopping 7. Overview of main Messages in SET 8. Smart Card (Physical layout)

3 Index 9. Software Stack of a Java Card 10. Program Development Process 11. Cyberflex Access Cards(1)(2) 12. What should we implement in this Project 13. Java Card Security package 14. Java Layer in the Host Software Architecture

4 1. Introduction Describe typical electronic payment systems for EC Compare the relationship between SSL and SET protocols Classify and describe the types of Smart Card used for payments Describe the characteristics of Java Card Implement Java Smart Card applying to SET

5 2. What is E-payment system?  E-payment system is the new payment methods with the emergence of electronic commerce on the Internet.  Secure payment systems are critical to the success of EC.  There are four essential security requirements for safe electronic payments.(Authentication, Encryption, Integrity, Non-repudiation)  The key security schemes adopted for electronic payment systems are encryption.  Security schemes are adopted in protocols like SSL and SET.

6 3. Comparison between SSL and SET(1) A part of SSL (Secure Socket Layer) is available on customers’ browsers it is basically an encryption mechanism for order taking, queries and other applications it does not protect against all security hazards it is mature, simple, and widely use SET ( Secure Electronic Transaction) is a very comprehensive security protocol it provides for privacy, authenticity, integrity, and, or Non repudiation it is used very infrequently due to its complexity and the need for a special card reader by the user it may be abandoned if it is not simplified/improved

7 3. Comparison between SSL and SET (2) Secure Electronic Transaction(SET) Secure Socket Layer (SSL) ComplexSimple SET is tailored to the credit card payment to the merchants. SSL is a protocol for general- purpose secure message exchanges (encryption). SET protocol hides the customer’s credit card information from merchants, and also hides the order information to banks, to protect privacy. This scheme is called dual signature. SSL protocol may use a certificate, but there is no payment gateway. So, the merchants need to receive both the ordering information and credit card information, because the capturing process should be initiated by the merchants.

8 4. Secure Transmission Schemes in SSL and SET Protocol(1) Sender’s Computer 1. The message is hashed to a prefixed length of message digest. 2. The message digest is encrypted with the sender’s private signature key, and a digital signature is created. 3. The composition of message, digital signature, and Sender’s certificate is encrypted with the symmetric key which is generated at sender’s computer for every transaction. The result is an encrypted message. SET protocol uses the DES algorithm instead of RSA for encryption because DES can be executed much faster than RSA. 4. The Symmetric key itself is encrypted with the receiver’s public key which was sent to the sender in advance. The result is a digital envelope.

9 Sender’s Private Signature Key Sender’s Certificate + + Message + Digital Signature  Receiver’s Certificate Encrypt Symmetric Key Encrypted Message  Receiver’s Key-Exchange Key Encrypt Digital Envelope  Message Message Digest  Sender’s Computer

10 4.Secure Transmission Schemes in SSL and SET Protocol (2) Receiver’s Computer 5. The encrypted message and digital envelope are transmitted to receiver’s computer via the Internet. 6. The digital envelope is decrypted with receiver’s private exchange key. 7. Using the restored symmetric key, the encrypted message can be restored to the message, digital signature, and sender’s certificate. 8. To confirm the integrity, the digital signature is decrypted by sender’s public key, obtaining the message digest. 9. The delivered message is hashed to generate message digest. 10. The message digests obtained by steps 8 and 9 respectively, are compared by the receiver to confirm whether there was any change during the transmission. This step confirms the integrity.

11 Decrypt Symmetric Key Encrypted Message  Sender’s Certificate + + Message compare  Digital Envelope Receiver’s Private Key-Exchange Key  Decrypt Message DigestDigital Signature Sender’s Public Signature Key  Decrypt Message Digest  Receiver’s Computer

12 5. The Player and essential security Requirements in SET The player Cardholder Merchant (seller) Issuer (your bank) Acquirer (Merchant’s financial institution, acquires the sales slips) Brand (Visa, Master Card) Payment Gateway (e-payment infra-structure) Essential Security Requirements in SET Authentication Encryption Integrity Non-repudiation

13 6.Entities of SET protocol in Cybershopping 6.Entities of SET protocol in Cybershopping IC Card Reader Customer x Customer y With Digital Wallets Certificate Authority Electronic Shopping Mall Merchant AMerchant B Credit Card Brand Protocol X.25 Payment Gateway

14 7.Overview of main Messages in SET Cardholder Registration Purchase Request Payment Authorization Payment Capture Merchant Registration Authorization Request Response Capture Request Response Capture Request Certificate Certificate Request Certificate Request to Verity the information Response Authorization Request Clearing Request Authorization Request Response Acquirer Card HolderCAIssue Merchant CA Payment Gateway Card Reader Purchase Response Purchase Request :Over the Internet:Over Financial Network

15 8. Smart Card (Physical layout) ROM(16K) - OS - Com - Security CPU - 8 bit - 5 MHz - crypto-coprocessor RAM - 4 kb EEPROM (16K) - File System - Program files - Keys - Passwords - Applications

16 9. Software Stack of a Java Card  FrameWork provide Java Card API  JVM executes the bytecode of the applet and of the library functions  Applet is a small program developed by application designer.

Program Development Process

18 11.Cyberflex (TM) Access Cards(1) Manufacture : Schlumberger General Characteristics : - Communication protocol : ISO T=0 - Data transmission baud rate : 9600 bit/sec by default, up to 55,800 bit/sec - Nonvolatile memory : 16 KB of EEPROM (13.5 KB available for cardlet, keys, and certificate ) - APDU buffer : bytes - Access control structure : As many as 8 identities per directory/program - Fast native file system

19 Cyberflex (TM) Access Cards(2) Cryptographic Features - Host system generation of DES keys and RSA keys(512, 768, 1024 bits) - Enciphering and deciphering data with DES or 3DES keys in CBC mode - External Authentication with DES or 3DES keys - Internal Authentication with DES or 3DES keys in EBC mode, or with RSA digital signatures - SHA-1 and MAC hashing(carried out by Java APIs, not by APDUs)

What should we implement in this Project Cardholder Registration - Certificate Request to CA Read from Card reader (Authentication) Purchase Request (simultaneously) - to Issuer to get the certificate - to Merchant Design the protocol using DES-3,RSA,etc. Purchase Response to Client Authorization Request to gateway Capture Request to gateway Response processing - to Client, Payment, CA Request to Verify the Certificate - Response from Card Holder - Request to Issue Merchant Registration - Authorization Request (to Acquirer) - response to Merchant Authorization process - request to Issue - response to Merchant Capture process - request to Issue Merchant Authorization process - response to CA Verify Card Holder information - send confirm to CA Authorization process - response to Gateway Capture process - clearing request from gateway - bill to client Client Merchant PG CA ISSUE Acquirer

Java Card Security package needed in this project Key SecretKey DESKey PrivateKey PublicKey RSAPrivateKey RSAPrivateCrtKey RSAPublicKey DSAKey DSAPrivateKey DSAPublicKey KeyBuilder MessageDigest Signature RandomData CrytoException

22 14.Java Layer in the Host Software Architecture

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.