Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Internet payment systems
CP3397 ECommerce.
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Cryptography and Network Security Chapter 17
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Chapter 8 Web Security.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Secure Electronic Transaction Creating Debts Online with Confidence.
Supporting Technologies III: Security 11/16 Lecture Notes.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar
Network Security CSC332. Dr. Munam Ali Shah PhD: University of Bedfordshire MS: University of Surrey M.Sc: University of Peshawar Serving COMSATS since.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.
Henric Johnson1 Chapter 8 WEB Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
CS580 Internet Security Protocols
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
or call for office visit, or call Kathy Cheek,
Chapter 7 - Secure Socket Layer (SSL)
Cryptography and Network Security
Cryptography and Network Security
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Secure Electronic Transactions (SET)
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah

Summary of the Previous Lecture We talked about SET (Secure Electronic Transaction) SET  Participants  Requirements  Features Dual Signature Signature verification

Summary of the Previous Lecture

WHY Dual Signatures Suppose that customers send the merchant two messages:  The signed order information (OI).  The signed payment information (PI).  In addition, the merchant passes the payment information (PI) to the bank. If the merchant can capture another order information (OI) from this customer, the merchant could claim this order goes with the payment information (PI) rather than the original.

Outlines of today’s lecture We will continue our discussion on SET and explore the following Payment Processing in SET A. Purchase request B. Payment authorization C. Payment capture

Objectives You would be able to present an understanding of transaction that is carried out over the Internet. You would be able demonstrate knowledge about different entities and their role in a SET and how the actual payment is processed in SET

SET Participants Interface b/w SET and bankcard payment network e.g. a Bank Provides authorization to merchant that given card account is active and purchase does not exceed card limit Must have relationship with acquirer issue X.509v3 public-key certificates for cardholders, merchants, and payment gateways

SET Requirements Provide confidentiality Ensure the integrity Provides authentication that card holder is a legitimate user of a card and account: Ensure the best security practices

SET Key features Confidentiality of information Integrity of data Card holder account authentication Merchant authentication Facilitate interoperability among software and hardware providers

SET supported Transactions  card holder registration  merchant registration  purchase request  payment authorization  payment capture  certificate query  purchase inquiry  purchase notification  sale transaction  authorization reversal  capture reversal  credit reversal

SET Transaction

Payment Processing A. Purchase request B. Payment authorization C. Payment capture

A. SET Purchase Request SET purchase request exchange consists of four messages 1. Initiate Request – includes brand of card, ID by customer and a nonce_A sent to merchant, get certificates of merchant and payment gateway 2. Initiate Response – merchant signed response, includes nonce_A, nonce_B, transaction ID, certificate of merchant and payment gateway 3. Purchase Request – creates OI & PI 4. Purchase Response

A. Purchase Request Purchase related information: will be forwarded to the payment gateway by the merchant (includes PI, DS, OIMD) encrypted with key K S and K S is encrypted with Bank’s Public key Order related information: needed by the merchant (includes OI, DS, PIMD) Cardholder certificate: need by the merchant and the payment gateway

Structure of Purchase Request 15

Purchase Request – Verification by Merchant 1. Verifies cardholder certificates using CA sigs 2. Verifies dual signature using customer's public signature key to ensure order has not been tampered with in transit & that it was signed using cardholder's private signature key 3. Processes order and forwards the payment information to the payment gateway for authorization (described later) 4. Sends a purchase response to cardholder

Purchase Request – Merchant 17

Purchase response Merchant prepares a response block that includes acknowledge of order transaction number The block signed by the merchant using its private key Merchant sent to customer the response block Signature on block Merchant’s signature certificate

B. Payment Authorization The merchant authorized the transaction with the payment gateway. The payment gateway authorization ensures that the transaction was approved by the issuer This will guarantees that merchant will receive the payment

Authorization request Purchase related information: obtained from the customer and consists of Payment block E(Ks, [PI, DS, OIMD]) and digital envelop Authorization related information: generated by the merchant, consists of Authorization block: transaction ID signed with merchant private key, encrypted with symmetric key generated by merchant Digital envelop: encrypting the symmetric key with the payment gateway’s public key-exchange key

Authorization request Certificates: Cardholder’s signature key certificate (verify the dual sig) Merchant signature key certificate (verify merchant sig) Merchant key exchange certificate (needed in response)

Payment Gateway Authorization 1. verifies all certificates 2. decrypts digital envelope of authorization block to obtain symmetric key & then decrypts authorization block 3. verifies merchant's signature on authorization block 4. decrypts digital envelope of payment block to obtain symmetric key & then decrypts payment block 5. verifies dual signature on payment block 6. verifies that transaction ID received from merchant matches that in PI received (indirectly) from customer 7. requests & receives an authorization from issuer 8. sends authorization response back to merchant

C. Payment Capture Merchant sends payment gateway a payment capture request (payment amount, transaction ID, Capture token info sign and encrypted by the merchant) Gateway checks request Then create and sent the clearing request to the issuer that causes funds to be transferred to merchants account Notifies merchant using capture response

SET Overheads A Simple purchase transaction:  Four messages between merchant and customer  Two messages between merchant and payment gateway  6 digital signatures  9 RSA encryption/decryption cycles  4 DES encryption/decryption cycles  4 certificate verifications  Multiple servers need copies of all certificates

Summary In today’s lecture, we talked about SET (Secure Electronic Transaction) We have seen its functionality and how different entities are involved to make a transaction secure and successful.

Next lecture topics Our discussion on more interesting topics on incorporating security in networks will continue. We will proceed to the last part of the course. The main concepts that will be discussed in this part are: Tools and techniques to protect data during the transmission over the Internet, Sobig F. worm, grappling Hook attack, Morris Internet worm, Overview of the Internet security protocols such as https and ssh.

The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.