security and trust ine- payments
M o h a m m e d F. A l - O t a i b iH a m a d M . A l - S h l a w i
OUTLINE• Introduction• Definition• Security• Identification of trust• e-payment • Cryptography and PKI• Conclusion• References
INTRODUCTION
Communication, fast-paced and an abundance of information and , among other things created by this development is the emergence of new terms , exceeded the boundaries of physical and geographical and canceled all the limitations of human freedom in the exercise of his business and among these new terms is the term * e * Trade , which trades became accessible to many individuals. Which include e-commerce all business transactions , from the sale and purchase of goods and services reflected its importance in that it is an effective means to expand domestic markets and lowers the cost of correspondence , but show us the importance of having systems of high security because of the high risk as a result of lack of confidence in dealing in this way whether or her grandmother for easy manipulation in transactions made through which .
Definition
Security E-Payment Trust Cryptography and PKI
What and Why….?
• Encryption• Digital signatures.
• Checksums/hash algorithms.• To establish the concepts
of trust and security: Identification,
Authentication, Access Control, Confidentiality, Integrity, Non-repudiation, and Availability.
Security
Identification of trust
• characterizes:• - the fact that all entities are uniquely
identifiable,• - that there is a minimum number of a priori
trusted entities, and• - that these entities have unquestionable trust
to other participating entities.
What Electronic Payment system is?
Electronic Payment is a financial exchange that takes place online between buyers and sellers. The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or by a legal tender.
Electronic payment system(EPS) is a system which helps the customer or user to make online payment for their shopping.
Two Storage Methods of EPS On-line
Individual does not have possession personally of electronic cash
Trusted third party, e.g. online bank, holds customers’ cash accounts
Off-line Customer holds cash on smart card or software wallet Fraud and double spending require tamper-proof
encryption
E-Payment
• Participants:- Client, Merchant, and Bank
• feature of EPS is the money model.• Token, Cash, Cheque, and Cards.
• feature of e-payment systems Pre-paid systems, Pay-now systems, and Post-pay
systems
• Some Examples Of EPS:Online Reservation , Online Bill Payment , Online Order Placing , Online Ticket Booking
• Types of EPS• E- CASH, E- WALLETS, CREDIT CARDS, SMART CARDS
Authentication
Integrity
Fraud prevention and tolerance
Privacy
Safety
Security Requirements of EPS
Divisibility
Transferability
Double-spending prevention
Payment confidentiality
Payment anonymity
Security properties of EPS
Payer untraceability
Cryptography and PKI• Cryptography is represented in two forms. The first is
called symmetric or secret key cryptography, uses one common key for both encryption and decryption and a second named public key cryptography or asymmetric, uses two different keys (a private and public) to transform plaintext into ciphertext.
Keys• Symetric Keys
• Both parties share the same secret key
• Problem is securely distributing the key
• DES - 56 bit key considered unsafe for financial purposes since 1998
• 3 DES uses three DES keys
• Public/Private keys
• One key is the mathematical inverse of the other
• Private keys are known only to the owner
• Public key are stored in public servers, usually in a X.509 certificate.
• RSA (patent expires Sept 2000), Diffie-Hellman, DSA
Elements of PKI
• Certificate Authorities (CA)
• OpenSSL, Netscape, Verisign, Entrust, RSA Keon
• Public/Private Key Pairs - Key management
• x.509 Identity Certificates - Certificate management
• LDAP servers
Digital Signatures
• Combines a hash with a digital signature algorithm
• To sign
• hash the data
• encrypt the hash with the sender's private key
• send data signer’s name and signature
• To verify
• hash the data
• find the sender’s public key
• decrypt the signature with the sender's public key
• the result of which should match the hash
Conclusion
• Good infrastructure• Profitability investment with security and trust• Two solutions to build trust • Existing relationship• Great relationship by PKI
References• The concept of security and trust in e- payments • Forum.stop55.com/ 286327.html• http://acs.lbl.gov/~mrt/talks/secPrimer.ppt.• http://s3.amazonaws.com/ppt-download/
electronicpaymentsystem-110901110128-phpapp01.pptx
Questions…??
Top Related