General Purpose E­Commerce
System
With Focus on Payment Systems
By:
Mohamed Yahya
Mousa Shamieh
Supervisor:
Dr. Adnan Yahya
1

Introduction
2

What is a General Purpose E­
Commerce System?
General Purpose E­Commerce System
Browse products and services
●
Customers interact with merchants
●
Buy & Pay for products
●
●
General Purpose: Should be generic enough to
satisfy the needs of a varied audience
3

Do not Reinvent the Wheel!
●
Support for several Payment Systems
●
Modular (add new payment & shipment methods...)
●
Secure
●
Well documented
4

E­Commerce Payment Systems
Like most E­commerce systems,
osCommerce supports:
●
Central credit accounts:
●
Online Stored Value:
●
Accumulating Balance:
s 5

Lets Innovate
A new payment system
Digital Cash
like regular cash, you carry it around in your
'digital wallet' = Smart Phone / Smart Card
= =
6

Ideal Digital Cash
●
Privacy: User ID protected
●
Offline Payment: No connection needed
●
Security: Cannot be copied (Double spent)
●
Independence: Security not dependent on
location.
●
Transferability: transfer money to others.
●
Divisibility: ≠
7

What did we do?
8

Outline
We Will Discuss
●
Complete Scenario
– User ID Generation
– Coin Generation
– Point of Sale (POS)
●
Mobile Phone Payment.
●
Storage of Coins on Smart Cards
●
Using Coins in Online Transaction
s 9

Let's Take A Scenario
Point Of Sale (POS)
10

Step 1: Get user ID
●
Everyone using the system (Merchants and
Clients) needs an ID file.
●
ID signed by bank
●
To get an ID, your personal information is
needed – So we can catch you if you double
spend
11

Generation Of ID
1) Generate Unique ID = 2550
2) Generate 5 Random Numbers:
•
2053, 5369, 8241, 2317, 5931
3) XOR each with ID: 2550 XOR 2953 = 8634
•
2550 XOR 2953 = 8634
•
2550 XOR 5369 = 3654
•
......
12

Step 2: Coin Generation
●
User Requests a Coin
– denomination
– User's ID file
●
Generated Coin Format
– Serial Number
– Denomination
– Validity
– Split User ID
●
Bank Signs Coin
13

Step 2: Coin Generation
s 14

Step 5: (POS)
Point Of Sale (POS)
2. ID File 1. Coin, ID File
15
3. Coin

Step 5: Blind Received Coin (POS)
●
Point of sale (POS) in merchant's device will
blind the client's ID in the received coin.
●
Next, POS will append Merchant's ID to the
received coin & store it.
Coin stored by
merchant 16

Let's Look at a Double Spender
17

When a coin is deposited twice
5369 XOR 3654 = 8241 XOR 3746 = 5931 XOR 7769 = ID
Bank has identified double spender
18

Progress...
●
Complete Scenario
– User ID Generation
– Coin Generation
– Point of Sale (POS)
●
Mobile Phone Payment.
●
Storage of Coins on Smart Cards
●
Using Coins in Online Transaction
s 19

Lets see the various ways to spend
money
20

Mobile Phone Transaction
21

Step 1: Merchant Advertises Himself
Hello People, I am
a merchant
My friendly name is
6630
In Bluetooth A service is identified by
UUID
C53DC6C3A98E4B38­
A588121EAEDB6146
22

Step 2: Client Looks For A Merchant
I am looking for
surrounding devices
Client Performs
Device Discovery
23

Step 3: Client Selects A Discovered
Device
I selected 6630, Is
it a merchant?
Client Performs
Service Discovery
Makes sure the Device he is
connecting to is Maerchat =>
has a Merchant UUID 24

Step 4: Client Send User ID Then
Coins
1. Send User ID
2. Your ID is OK
3. Send Coin
Step 3 can be repeated as many
times as you like
25

Progress...
●
Complete Scenario
– User ID Generation
– Coin Generation
– Point of Sale (POS)
●
Mobile Phone Payment.
●
Storage of Coins on Smart Cards
●
Using Coins in Online Transaction
s 26

We Have Seen How to Use Mobile
Phones For Payment
Let's Look At How Smart Cards are
Used To Securely Carry Coins
27

Using Smart Cards
●
Why use smart cards?
–
securely.
To carry digital cash
– You have to be the owner of a smart card to use
it.
– Many of us already carry smart cards around,
why not pay with it?!
28

Step 1: Accessing a Smart Card
29

Write/Read/Transfer
●
Write: Fetch coin, store it on Smart Card.
●
Read: View card contents.
●
Transfer: Send Coin to PC
30

Write Coin
●
Smart Card files composed of records, each
of 32 bytes.
●
Divide fetched coin into 32 byte records.
●
Store records in Smart Card file.
31

Read/Transfer Coin
●
Choose coin file.
●
Read records byte by byte.
●
Send the read bytes to PC.
32

Progress...
●
Complete Scenario
– User ID Generation
– Coin Generation
– Point of Sale (POS)
●
Mobile Phone Payment.
●
Storage of Coins on Smart Cards
●
Using Coins in Online Transaction
s 33

Online Transactions
●
Coins &User ID can be fetched from mobile
phone, smart card...
●
Coin & User ID can then be uploaded to
online merchant.
34

Digital Cash & osCommerce
●
osCommerce is modular.
●
We created a digital cash payment module
(PHP).
●
Module accepts user ID & coin file uploaded
by user.
●
Module Passes user ID & coin file to a Java
POS.
35

Transaction Security
●
TO secure online transactions use Secure
Sockets Layer (SSL)
36

Transaction Security
s 37

Almost Done
Let's Recap
●
Complete Scenario
– User ID Generation
– Coin Generation
– Point of Sale (POS)
●
Mobile Phone Payment.
●
Storage of Coins on Smart Cards
●
Using Coins in Online Transaction
s 38

Future Prospects
●
Return change to clients.
●
Integrate into personal finance applications
(keep track of your spending)
●
New protocol: move POS to client. This will
result in a higher degree of security.
39

Quick Questions...Demo...
Question Time
40