GLOBAL E-PAYMENT SYSTEM

Done by

● Muhammed Hafis PC (10104101)

● Naveed Enudeen (10104118)

● Rashid Mohammed Basheer (10104133)

● Salman Khaja (10104143)

● Vijith Venugopalan (10104163)

INTRODUCTION

There are a lot of people in our society who can’t access or afford current e-

payment facilities due to lack of resources or finance required.

In developing countries, Especially in rural areas a large number of peoples in are

unable access Internet banking and costly credit card services.

In this project we are building a simple and low cost electronic payment system

which is accessible to public.

In this e-payment system the user do not need smartphone, computer or internet

connection.

The user can access various e-payment services through a ATM like public kiosk.

This system enables users to use most of internet based e-payment services through a

public kiosk.

SYSTEM OVERVIEW

This system uses concept of virtual money and smartcard for e-payment.

When a user register on this system, he/she will get:

● A VIRTUAL ACCOUNT: In which they have to deposit money for e-payment transactions.

● A UNIQUE USER ID CARD : For identification.

● A PASSWORD : For authentication.

The system consist of network of Central units connected to a central Server.

The Central Unit provides an ATM like electronic interface to the user, that is placed in public places.

By using the ID card and password provided, users can access their account and perform various payments (like prepaid mobile recharge, electricity bill payments etc.) through the Central Unit.

The money used for each payment will be deducted from respective users virtual account in the server.

The Central Units will be installed throughout the country so any registered user can use the system anywhere.

BLOCK DIAGRAM

SMS

GATEWAY

USER

DATABASE,

CONTROL &

MONITORING

SYSTEM

VARIOUS

PAYMENT

GATEWAYS

RFID CARDRFID

MODULE

LCD

DISPLAY

KEYPAD

A

R

D

U

I

N

O

GSM

MODULE

RADIO LINK

GSM

NETWORK

COMPONENTS

● RFID card: Stores user identification data

● RFID module: For reading data from RFID card and transfer to Micro controller unit

● LCD display : For giving instructions to user and displaying various menus

● Keypad : Numeric keypad used for entering passwords, amounts and selecting various options in menus.

● Micro controller unit : Used for data processing and interfacing.

● GSM module : For sending and receiving data between Central Unit and server through Short Messaging service (SMS).

● Server : For storing user data like account details, connecting to third-party payment gateways. It sends and receives encrypted data to and from central unit through SMS gateway.

WORKING● The central unit gets activated and a fresh session will be started when user shows

RFID card near transceiver of RFID module.

● The microcontroller reads the unique user identification number from RFID card and

generate it’s hash

● And sends the hash code to the server in the following format.

Hashed user dataMessage TypeDevice ModeDevice ID

Field Function

Device ID Represents of unique ID of central unit

Device Mode Represents the mode in with central unit is working

Message Type Represents the content of message

Hashed user data Contains hashed user ID data

WORKING

● The server responds by sending back encrypted account details of the user

corresponding to that RFID card in following format.

● During this time the central unit prompts the user to enter his/her password.

● The password entered by user through keypad is used to decrypt the user's details

received from server.

Username Balance User Status

Field Function

Username Consist of name of current user

Balance Consist of balance amount in user account

User Status Represents status of user account (blocked, good etc.)

WORKING● Then the user will be provided with various menus for checking account balance,

selecting different payment for services, choosing service plans, entering amount

etc.

● If the amount user entered for transaction is available in balance, An encrypted

message containing details about menus selected and values entered by user for

payment of different services is send back to the server.

Field Function

Message type Represents the content of message

Menu1 Represents ID of 1st menu selected by user.

Menu2 Represents ID of 2nd menu (inside first menu) selected by

user.

Service ID Contain detail about the user’s identification number of

that server user selected for payment.

Example: Mobile number, Electricity consumer number etc

Amount Contains amount entered by user for selected service

Message type Menu1 Menu2 Service ID Amount

WORKING

● The server receives and decrypt the encrypted message.

● Then server perform various e-payment procedures as mentioned in the message

send by central unit, though different e-payment gateways.

● Server updates the database of current user with a new balance.

Arduino Program AlgorithmSTART

READ RFID DATA

GENERATE SHA-1 HASH OF RFID DATA

SENT HASHED DATA TO SERVER

WAIT FOR SERVER REPLY

PROMPTS TO ENTER PASSWORD

DECRYPT RECEIVED DATA

PURSE RECEIVED DATA

DISPLAY NAME, BALANCE AND STATUS OF USER

IS STATUS IS GOOD?

CHECK FOR RFID CARD

IS CARD AVAILABLE DISPLAY MENUS TO SELECT SERVICES AND

FIELDS TO ENTER USER ID OF RESPETIVE SERVICES AND AMOUNTS.

IS ENTERED AMOUNT IS LESS THAN BALANCE

AVAILABLE

SEND ENCRYPTED DATA TO SERVER

DISPLAY MENUS TO SELECT SERVICES AND FIELDS TO ENTER USER ID OF RESPETIVE

SERVICES AND AMOUNTS.

ENCRYPTED USER ENTERED DATAS

STOP

CONTACT CUSTOMER CARE

TRY AGAIN

NO

NO

NO

YES

YES

YES

Server Program AlgorithmSTART

CHECK FOR 1st MESSAGE

IS NEW MESSAGE

RECEIVED?

SEARCH FOR USER CORRESPONDING TO RECEIVED DATA IN RECEIVED

MESSAGE IN DATABASE

ENCRYPT CORRESPONDING USER’S DATA

SENT ENCYPTED DATA TO CENTRAL UNIT

CHECK FOR 2nd MESSAGE

IS NEW MESSAGE

RECEIVED?

DECRYPT THE MESSAGE

PURSE DECRYPTED MESSAGE

SENT DETAILS ABOUT PAYMENT IN RECEIVED

MASSAGE TO CORRESPONDING PAYMENT

GATEWAY

UPDATE BALANCE CORRESPONDING

STOP

NO

NO

YES

YES

CONVERTING CIPHER FROM UNSIGNED BYTE INTO ASCII

CONVERTING DATA FROM ASCII UNSIGNED BYTE

CRYPTOGRAPHY

Since this is a system that deals with money we needs more security.

It is necessary to hide all data exchanges in this system from any unauthorized third

party.

We need to secure the identification key inside user ID cards and all communications

between the server and central unit.

Because if any unauthorized person got the code inside user ID card he can clone it

and access corresponding users account.

Also if a intruder gets access to our communication channel, he can intercept and

alter the data exchanged in his favor.

These may leads to frauds and failure of system.

So we needs to use cryptography in order to prevent these problems.

Cryptography enables to store or transmit sensitive information across insecure

networks so that it cannot be read by anyone except the intended recipient.

ALGORITHM SELECTION

For encryption and decryption of data we choose symmetric key algorithm.

Because here both ends knows the key to encrypt and decrypt.

Among different symmetric key algorithms we choose Advanced

Encryption Standard (AES) .

AES is fast in both software and hardware, is relatively easy to implement,

and requires little memory and computing power.

It is more suitable embedded environments like Arduino.

For hashing we used SHA-1 algorithm over because MD5 is bad due to

collision problems and need less computation power.

SHA-1 HASH FUNCTION

Designed by the NSA, following the structure of MD4 and MD5.

Stands for Secure Hash Algorithm

Maps strings of any length to strings of 160 bit.

In this project we use SHA-1 generate hash of user identification code inside the user

ID card.

And we only sent this unique hash corresponding to that user ID card to the server via

GSM network.

So third parties can’t get the real identification code inside user ID card.

Server knows the SHA-1 hash corresponding to each user, so it can identify the user

behind that hash.

This will prevent the cloning of user ID card.

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government in late 90’s

AES is requires less computation power and it cannot cracked practically using any of current cryptanalysis methods.

Here we are using AES-128, that uses 128 bit key for encryption.

Cipher Detail:

Key sizes: 128 bits

Plane text block size: 128 bits

Cypher text block size: 128 bits

In our project we use AES to encrypt and decrypt data exchanged between Central

unit and server as SMS through GSM network.

Password given to user is used as the key for AES algorithm.

So that no third party can access or modify the original data.

This provides confidentiality and prevent men in middle attacks.

MERITS & DEMERITS

MERITS :

Low cost implementation.

Accessible to public 24x7 hours

Maximum security.

No need of internet.

Users do not need any high cost equipment or services for e-payment.

No need for bank account.

Centralized.

Low power consumption

No problem of exact change tender

DEMERITS :

Communication using SMS is slow when compared to TCP/IP methods.

Future works

Can be used at toll booths for collecting toll.

Can be interfaced with vending machines.

Can be also interfaced with taxi meter.

Can be used for payments in public transport.

THE END