Presentation is loading. Please wait.

Presentation is loading. Please wait.

Epayment System using Java April, 11. 2001 Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.

Published byDerick Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Epayment System using Java April, 11. 2001 Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung."— Presentation transcript:

1 Epayment System using Java April, 11. 2001 Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung

2 2 Index 1. Introduction 2. What is E-payment system ? 3. Comparison between SSL and SET(1)(2) 4. Secure Transmission Schemes in SSL and SET Protocol(1)(2) 5. The Player and essential security Requirements in SET 6. Entities of SET protocol in Cybershopping 7. Overview of main Messages in SET 8. Smart Card (Physical layout)

3 3 Index 9. Software Stack of a Java Card 10. Program Development Process 11. Cyberflex Access Cards(1)(2) 12. What should we implement in this Project 13. Java Card Security package 14. Java Layer in the Host Software Architecture

4 4 1. Introduction Describe typical electronic payment systems for EC Compare the relationship between SSL and SET protocols Classify and describe the types of Smart Card used for payments Describe the characteristics of Java Card Implement Java Smart Card applying to SET

5 5 2. What is E-payment system?  E-payment system is the new payment methods with the emergence of electronic commerce on the Internet.  Secure payment systems are critical to the success of EC.  There are four essential security requirements for safe electronic payments.(Authentication, Encryption, Integrity, Non-repudiation)  The key security schemes adopted for electronic payment systems are encryption.  Security schemes are adopted in protocols like SSL and SET.

6 6 3. Comparison between SSL and SET(1) A part of SSL (Secure Socket Layer) is available on customers’ browsers it is basically an encryption mechanism for order taking, queries and other applications it does not protect against all security hazards it is mature, simple, and widely use SET ( Secure Electronic Transaction) is a very comprehensive security protocol it provides for privacy, authenticity, integrity, and, or Non repudiation it is used very infrequently due to its complexity and the need for a special card reader by the user it may be abandoned if it is not simplified/improved

7 7 3. Comparison between SSL and SET (2) Secure Electronic Transaction(SET) Secure Socket Layer (SSL) ComplexSimple SET is tailored to the credit card payment to the merchants. SSL is a protocol for general- purpose secure message exchanges (encryption). SET protocol hides the customer’s credit card information from merchants, and also hides the order information to banks, to protect privacy. This scheme is called dual signature. SSL protocol may use a certificate, but there is no payment gateway. So, the merchants need to receive both the ordering information and credit card information, because the capturing process should be initiated by the merchants.

8 8 4. Secure Transmission Schemes in SSL and SET Protocol(1) Sender’s Computer 1. The message is hashed to a prefixed length of message digest. 2. The message digest is encrypted with the sender’s private signature key, and a digital signature is created. 3. The composition of message, digital signature, and Sender’s certificate is encrypted with the symmetric key which is generated at sender’s computer for every transaction. The result is an encrypted message. SET protocol uses the DES algorithm instead of RSA for encryption because DES can be executed much faster than RSA. 4. The Symmetric key itself is encrypted with the receiver’s public key which was sent to the sender in advance. The result is a digital envelope.

9 9 Sender’s Private Signature Key Sender’s Certificate + + Message + Digital Signature  Receiver’s Certificate Encrypt Symmetric Key Encrypted Message  Receiver’s Key-Exchange Key Encrypt Digital Envelope  Message Message Digest  Sender’s Computer

10 10 4.Secure Transmission Schemes in SSL and SET Protocol (2) Receiver’s Computer 5. The encrypted message and digital envelope are transmitted to receiver’s computer via the Internet. 6. The digital envelope is decrypted with receiver’s private exchange key. 7. Using the restored symmetric key, the encrypted message can be restored to the message, digital signature, and sender’s certificate. 8. To confirm the integrity, the digital signature is decrypted by sender’s public key, obtaining the message digest. 9. The delivered message is hashed to generate message digest. 10. The message digests obtained by steps 8 and 9 respectively, are compared by the receiver to confirm whether there was any change during the transmission. This step confirms the integrity.

11 11 Decrypt Symmetric Key Encrypted Message  Sender’s Certificate + + Message compare  Digital Envelope Receiver’s Private Key-Exchange Key  Decrypt Message DigestDigital Signature Sender’s Public Signature Key  Decrypt Message Digest  Receiver’s Computer

12 12 5. The Player and essential security Requirements in SET The player Cardholder Merchant (seller) Issuer (your bank) Acquirer (Merchant’s financial institution, acquires the sales slips) Brand (Visa, Master Card) Payment Gateway (e-payment infra-structure) Essential Security Requirements in SET Authentication Encryption Integrity Non-repudiation

13 13 6.Entities of SET protocol in Cybershopping 6.Entities of SET protocol in Cybershopping IC Card Reader Customer x Customer y With Digital Wallets Certificate Authority Electronic Shopping Mall Merchant AMerchant B Credit Card Brand Protocol X.25 Payment Gateway

14 14 7.Overview of main Messages in SET Cardholder Registration Purchase Request Payment Authorization Payment Capture Merchant Registration Authorization Request Response Capture Request Response Capture Request Certificate Certificate Request Certificate Request to Verity the information Response Authorization Request Clearing Request Authorization Request Response Acquirer Card HolderCAIssue Merchant CA Payment Gateway Card Reader Purchase Response Purchase Request :Over the Internet:Over Financial Network

15 15 8. Smart Card (Physical layout) ROM(16K) - OS - Com - Security CPU - 8 bit - 5 MHz - crypto-coprocessor RAM - 4 kb EEPROM (16K) - File System - Program files - Keys - Passwords - Applications

16 16 9. Software Stack of a Java Card  FrameWork provide Java Card API  JVM executes the bytecode of the applet and of the library functions  Applet is a small program developed by application designer.

17 17 10. Program Development Process

18 18 11.Cyberflex (TM) Access Cards(1) Manufacture : Schlumberger General Characteristics : - Communication protocol : ISO T=0 - Data transmission baud rate : 9600 bit/sec by default, up to 55,800 bit/sec - Nonvolatile memory : 16 KB of EEPROM (13.5 KB available for cardlet, keys, and certificate ) - APDU buffer : 255 + 5 bytes - Access control structure : As many as 8 identities per directory/program - Fast native file system

19 19 Cyberflex (TM) Access Cards(2) Cryptographic Features - Host system generation of DES keys and RSA keys(512, 768, 1024 bits) - Enciphering and deciphering data with DES or 3DES keys in CBC mode - External Authentication with DES or 3DES keys - Internal Authentication with DES or 3DES keys in EBC mode, or with RSA digital signatures - SHA-1 and MAC hashing(carried out by Java APIs, not by APDUs)

20 20 12. What should we implement in this Project Cardholder Registration - Certificate Request to CA Read from Card reader (Authentication) Purchase Request (simultaneously) - to Issuer to get the certificate - to Merchant Design the protocol using DES-3,RSA,etc. Purchase Response to Client Authorization Request to gateway Capture Request to gateway Response processing - to Client, Payment, CA Request to Verify the Certificate - Response from Card Holder - Request to Issue Merchant Registration - Authorization Request (to Acquirer) - response to Merchant Authorization process - request to Issue - response to Merchant Capture process - request to Issue Merchant Authorization process - response to CA Verify Card Holder information - send confirm to CA Authorization process - response to Gateway Capture process - clearing request from gateway - bill to client Client Merchant PG CA ISSUE Acquirer

21 21 13. Java Card Security package needed in this project Key SecretKey DESKey PrivateKey PublicKey RSAPrivateKey RSAPrivateCrtKey RSAPublicKey DSAKey DSAPrivateKey DSAPublicKey KeyBuilder MessageDigest Signature RandomData CrytoException

22 22 14.Java Layer in the Host Software Architecture

Download ppt "Epayment System using Java April, 11. 2001 Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Internet payment systems

Internet payment systems
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-

SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Chapter 8 Web Security.

Chapter 8 Web Security.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google