SlideShare a Scribd company logo

Electronic Payment Protocol

Download as PPTX, PDF
Aju Thomas
Aju Thomas

Electronic Payment Protocol

Education
1 of 26
ELECTRONIC PAYMENT PROTOCOL AJU MATHEWTHOMAS 1
Requirements of a E-Payment Protocol:E Payment protocol encompasses three participants (1) User  Purchases e-currency from the bank employing actual money by e payment. User then utilizes e-currency to carry out e-payment to buy goods. (2) Merchant  Data storage which provides user with both services and information (3) Bank The trusted authority who mediates between user and merchant to ease the duties they carry out. Shared set of characteristics for an E-Payment protocol are : (1) Anonymity  E-cash must not supply any user with information (2) Divisibility  E-Cash can be subdivided since the notes have a basic piece (3) Transference  E-Cash can be transferred to a trusted authority by providing the suitable amount of currency (4) Over spending detection  Must be used only once. 2
Kim and Lee Protocol: ■ An E-Payment protocol that supports multiple merchants. ■ Protocol is divided into three schemes : (i) Certificate issuing scheme (ii) Payment Scheme (iii) Redemption Scheme (1) Certificate Issuing Scheme: 3 User(U) requests a certificate to a bank B by sending his secret information The bank B passes CU[User Certificate] and SU will be employed for the root value in payment scheme later User creates his/her public and secret key pair (PKU ,SKU) & passes PKU with IU that contains max no: of merchants(N) ,size of hash (n) with his credit info to the bank The bank generates special infoTU which acts as a key factor of the root value. Only the bank can generate the new hash values
Kim and Lee Protocol (Cont.): ■ TU = h(U,rB , K) where U  User Information , rB  arbitrary number chosen by the bank and K is the private key of the bank ■ SU=(si |si=h(si+1,Tu ),i=N-1,…..0) where si is created by a shared user bank private key ■ The certificate CU in which all the elements as well as the expiry date of the certificate EU are signed by the bank B and pass to the User with SU and a nonce rU ■ CU = (IDB, IDU, PKU, TU, IU, EU )SKB Where IDB  Identity of the bank IDU  Identity of the user PKU  Public Key of the user TU  special information generated by the bank to the user IU  User Certificate serial number credit card information EU  Expiry information of the user details SKB  Secret Key of the bank 4
Kim and Lee Protocol (Cont.) Payment Scheme: ■ The root value of pay words is merged with si obtained from the bank which enables the user U to employ the rest of the unspent pay-words in chain for multiple payments to other merchants ■ The user generates pay-words and commitment after obtaining the certificate ■ The commitment contains identity of the merchant, the certificate, expiry date of the commitment (EM ), root elements (wj , h(wj ,sk ) ) and other data IM such that 0≤j ≤n employed to set up root values for other merchants.Then user signs the element MU = (V,CU, w0, h(wj ,sk ),EM , IM ,)SKU ■ To spend the remainder of the pay-words in chain,The user U must set the root value of pay- words to be spent in subsequent payment scheme with the merging of hash chain values respectively created by the user U and the bank B 5
Kim and Lee Protocol (Cont.) Redemption Scheme: ■ Merchant performs the redemption operation with the bank with in a pre agreed period of time. ■ Bank verifies if the payment request of the merchant is correct or not by checking the certificate. ■ First, Merchant orders for redemption to a bank B by passing the user U commitment and payment parameter. ■ Bank B checks merchant’s signature noticeable at the certificate and redeems Pj +1 to an equivalent amount of money ■ Bank processes redemption orders from merchants less than N before being overdue ■ Finally bank completes the redemption process when the last received value wi is less than the max value of the hash chains 6
Limitations of Kim and Lee Protocol: ■ The system performance is reduced by necessarily frequent signing in each transaction ■ The customer has to keep different hash chains and corresponding indices ■ The dispute arises if the merchant forges transaction records or the customer double spends ■ To securely deposit, the bank has to collect all pay-words belonging to the same chain. It needs an additional storage space and wastes undetermined waiting time 7
Proposed Protocol: ■ The proposed protocol is divided into four schemes, (1) registration scheme (2) blind scheme, (3) transaction scheme, and (4) redemption scheme ■ The blind scheme is introduced using a RSA type blind signature.This improvement makes the pay-word protocol more efficient and keeps all other characteristics consistent Blind Scheme ■ The user passes a withdrawl order to the bank prior to his order for any service from merchant Step 1: Bank ■ Select secretly and randomly two large prime p and q ■ Calculate modulus nB = p *q ■ Compute ø(n) = ( p −1)(q −1) ■ Choose exponent key e where 1<e< ø(n) and gcd (e, ø(n) )=1 ■ Calculate private key w where e*w ≡ 1mod ø(n) ■ Determine the public key (e,nB ) and private key (w, ø(n),p,q) 8
Proposed Protocol (Cont.): Step 2 User: ■ Select arbitrary numbers r and u ■ Calculate a = r^e h(x0 ) (u^2 +1 )mod ø(n) ■ Pass (b,a) to the bank Step 3 Bank: ■ Select an arbitrary number x1 < ø(n) ■ Pass x1 to the user Step 4 User: ■ Choose an arbitrary value r1 ■ Calculate b2 = r*r1 ■ Pass α = b2 ^ e * (u-x1 ) mod ø(n) to the bank 9
Proposed Protocol (Cont.): Step 5 Bank: ■ Calculate α^-1 mod ø(n) ■ Compute t1 = h(b)^w * (a(x1 ^2 + 1) * α ^-2)^2*w mod ø(n) ■ Pass (α^-1 ,t1 ) to the user Step 6 User: ■ Calculate c1 = (u*x1 +1)* α^-1 *(b2)^e = (u*x1 + 1) (u – x1) ^ -1 modø(n) ■ Calculate s1 = t1 * r^2 * r1 ^4 modø(n) ■ Parameter (b,c1,s1) is the signature on message x0 ■ Verification can be done if s1 ^e ≡ h(b)h(x0)^2 * (c1 ^2 + 1)^2 modø(n) 10
What is SET Protocol: ■ A cryptographic security protocol designed to ensure security & Integrity of electronic transactions done using credit cards & debit cards. ■ Protocol was developed byVisa & Mastercard in 1996. ■ Wide range of companies like IBM, RSA, Microsoft,Terisa etc were involved in developing the initial specification ■ Aim was to impart security to the electronic transactions which in turn will reduce operational cost , reducing cost and it also decreases technology costs ■ Salient Features  (i) Confidentiality - All messages will be encrypted (ii)Trust – All parties will have digital certificates (iii) Privacy – Information will be made available only when and where necessary 11
Requirement of a SET Protocol: ■ To provide confidenality of payment and ordering information ■ Ensure the integrity of all transmitted data ■ It has to keep the Payment Information & Order Information confidential by appropriate encryptions ■ It has to be resistive against message modifications ■ It should provide interoperability and make use of best security mechanisms 12
Who are the participants in SET • User who buys the productCard Holder • Person who sells the productMerchant • Bank of Card HolderIssuer • Financial Institution established to the merchant who accepts the payment from the bankAcquirer • Function interface between SET& the existing bankcard payment networks or authorization and payment functionsPayment Gateway • An entity that is trusted to issue X.509v3 public key certificates for cardholders, merchants and payment gatewaysCertification Authority 13
14
How SET is carried out ■ The customer opens an account with a card issuer like Mastercard,VISA etc ■ Customer receives a X.509v3 certificate signed by the bank ■ A merchant who accepts a certain brand of card must possess two X.509V3 certificates One for signing and one for key exchange ■ Customer places an order for a product through merchant’s website ■ The merchant then sends a copy of its certificate for verification ■ The customer then sends order & payment information to the merchant ■ The merchant requests payment authorization from the payment gateway prior to shipment ■ The merchant confirms order to the customer ■ The merchant provides the good or service to the customer ■ The merchant requests payment from the payment gateway 15
16
Dual Signature ■ The concept of dual signature is aimed at connecting two information pieces meant for two different receivers 1. Order Information for merchant 2. Payment Information for Bank 17
Concept of Dual Signatures: ■ Here Information related to payment will be send to the bank ■ Order information will be send to the merchant ■ Plain text of order information and message digest of payment information will be send to the merchant ■ Plaintext of payment information and message digest of order information will be send to the bank ■ The dual signature obtained by encrypting the message digest of Payment Order information (POMD) will be decrypted by both the merchant and the bank using the public key of customer obtained from the certificates ■ The certification authority provides the public key of the customer ■ The encryption is done by using private key of the customer and follows RSA encryption ■ Hashing algorithm used  SHA 1 18
Implementation of SET: ■ Three events should be generated to implement SET effectively 19 • Done by the customer and request will be send to the merchant Purchase Request • It will be done by the financial institution Payment Authorization • Request from the merchant to send the payment to the merchant’s bank account Payment Capture
Purchase Request: 20
Purchase Request ( Cont.): ■ Here Payment information, message digest of order information and dual signature will be encrypted by using a secret key ■ This secret key is encrypted using the public key of the bank and output obtained by encrypting using the public key is called digital envelope ■ Along with digital envelope and the encrypted component of payment info, OIMD and dual signature Order information , MD of Payment Information and dual signature and certificate containing the public key of the customer will also be send to the merchant ■ Merchant needs private key of the bank in order to decrypt the digital envelope which is impossible ■ Merchant applies hash on Order information to get the message digest and will be appended along with the PIMD to get POMD after further hashing ■ Merchant uses public key of the customer to decrypt the dual signature in order to get the POMD and this POMD will be compared with the generated POMD mentioned in the above step 21
Payment Authorization: 22
Payment Authorization (Cont.) ■ Here digital envelope & encrypted version of PI, OIMD and digital signature will be send to the bank ■ Bank decrypts the digital envelope using its private key to get the secret key ■ This secret key will be used to decrypt the combination of PI, OIMD and digital signature ■ Bank will apply hash on the payment information to get PIMD and it will be appended with OIMD to get POMD after hashing ■ Digital signature received will be decrypted using the public key of the customer which was sent along with the certificate to get POMD ■ This POMD will be compared with the generated POMD above ■ If both matches,Then it indicates payment info is not altered during the transmission 23
Payment Capture: ■ Here merchant will send transaction id and purchase request id to the acquirer. ■ Acquirer will check and debits the amount from the customer and the same amount gets credited to the merchant’s account 24
References: ■ Secure E Payment Protocol by Sattar J Aboud ■ A Review of Secure Authentication based e-Payment protocol by Mr. B Ratnakanth and Prof P.s Avadhani ■ Geeks for Geeks  Secure Electronic transaction (https://www.geeksforgeeks.org/secure- electronic-transaction-set-protocol/) ■ Youtube  Secure Electronic transaction by Sundeep Saradhi Kanthety (https://www.youtube.com/watch?v=Fu82aJJ3tQQ&t=4s) 25
26

Recommended

Pay your payments safely merchant account services by jay wigdore
Pay your payments safely merchant account services by jay wigdorePay your payments safely merchant account services by jay wigdore
Pay your payments safely merchant account services by jay wigdoreJayWigdore
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...AJIT Singh
 
AnyID and Privacy
AnyID and PrivacyAnyID and Privacy
AnyID and PrivacyNarudom Roongsiriwong, CISSP
 
Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System OverviewNarudom Roongsiriwong, CISSP
 
AnyID: Security Point of View
AnyID: Security Point of ViewAnyID: Security Point of View
AnyID: Security Point of ViewNarudom Roongsiriwong, CISSP
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Syed Taimoor Hussain Shah
 

Recommended

Pay your payments safely merchant account services by jay wigdore
Pay your payments safely merchant account services by jay wigdorePay your payments safely merchant account services by jay wigdore
Pay your payments safely merchant account services by jay wigdoreJayWigdore
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...E secure transaction project ppt(Design and implementation of e-secure trans...
E secure transaction project ppt(Design and implementation of e-secure trans...AJIT Singh
 
AnyID and Privacy
AnyID and PrivacyAnyID and Privacy
AnyID and PrivacyNarudom Roongsiriwong, CISSP
 
Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System OverviewNarudom Roongsiriwong, CISSP
 
AnyID: Security Point of View
AnyID: Security Point of ViewAnyID: Security Point of View
AnyID: Security Point of ViewNarudom Roongsiriwong, CISSP
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Syed Taimoor Hussain Shah
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Secure electronic transaction ppt
Secure electronic transaction pptSecure electronic transaction ppt
Secure electronic transaction pptSubhash Gupta
 
Project security
Project securityProject security
Project securitymaryam H
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Ajmi Siraj
 
Sploitego
SploitegoSploitego
SploitegoLondon School of Cyber Security
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emvAnil Chaurasiya
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 
Online Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic CashOnline Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic CashJewel George Thomas
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack- Mark - Fullbright
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Banking operations unit5
Banking operations unit5Banking operations unit5
Banking operations unit5UNBFS
 
Ec module 4
Ec module 4Ec module 4
Ec module 4Sakshi Nagpal
 
Electronic cheque
Electronic chequeElectronic cheque
Electronic chequeEmmanual Jose
 
Electronic paymebt stemys
Electronic paymebt stemysElectronic paymebt stemys
Electronic paymebt stemysnishankjain000
 
Methods of payment
Methods of paymentMethods of payment
Methods of paymentŠkola Futura
 
Ec ch5 e payment system
Ec ch5 e payment systemEc ch5 e payment system
Ec ch5 e payment systemAhmad sohail Kakar
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Suraj Dhalwar
 
SRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.pptSRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.pptubaidullah75790
 
SRS for banking system requirement s.ppt
SRS for banking system requirement s.pptSRS for banking system requirement s.ppt
SRS for banking system requirement s.pptubaidullah75790
 

More Related Content

What's hot

Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 
Secure electronic transaction ppt
Secure electronic transaction pptSecure electronic transaction ppt
Secure electronic transaction pptSubhash Gupta
 
Project security
Project securityProject security
Project securitymaryam H
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Ajmi Siraj
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 
Online Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic CashOnline Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic CashJewel George Thomas
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack- Mark - Fullbright
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Banking operations unit5
Banking operations unit5Banking operations unit5
Banking operations unit5UNBFS
 
Electronic paymebt stemys
Electronic paymebt stemysElectronic paymebt stemys
Electronic paymebt stemysnishankjain000
 

What's hot (19)

Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
 
Secure electronic transaction ppt
Secure electronic transaction pptSecure electronic transaction ppt
Secure electronic transaction ppt
 
Project security
Project securityProject security
Project security
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
 
Sploitego
SploitegoSploitego
Sploitego
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etc
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
 
Online Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic CashOnline Payment System - Debit Cards, Direct Debit and Electronic Cash
Online Payment System - Debit Cards, Direct Debit and Electronic Cash
 
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
 
Online payment system
Online payment systemOnline payment system
Online payment system
 
Banking operations unit5
Banking operations unit5Banking operations unit5
Banking operations unit5
 
Ec module 4
Ec module 4Ec module 4
Ec module 4
 
Electronic cheque
Electronic chequeElectronic cheque
Electronic cheque
 
Electronic paymebt stemys
Electronic paymebt stemysElectronic paymebt stemys
Electronic paymebt stemys
 
Methods of payment
Methods of paymentMethods of payment
Methods of payment
 
Ec ch5 e payment system
Ec ch5 e payment systemEc ch5 e payment system
Ec ch5 e payment system
 

Similar to Electronic Payment Protocol

Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Suraj Dhalwar
 
SRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.pptSRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.pptubaidullah75790
 
SRS for banking system requirement s.ppt
SRS for banking system requirement s.pptSRS for banking system requirement s.ppt
SRS for banking system requirement s.pptubaidullah75790
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0Nugroho Gito
 
Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways Sarujan Chandrakumaran
 
Guide to Understanding Credit Card Processing for Merchants
Guide to Understanding Credit Card Processing for MerchantsGuide to Understanding Credit Card Processing for Merchants
Guide to Understanding Credit Card Processing for MerchantsChloeBeckham
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 
Electronic transaction final
Electronic transaction finalElectronic transaction final
Electronic transaction finalShikhaLohchab1
 
Secure E-payment Protocol
Secure E-payment ProtocolSecure E-payment Protocol
Secure E-payment ProtocolCSCJournals
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project abhiROCKS1103
 
E banking of axis bank
E banking of axis bankE banking of axis bank
E banking of axis bankSitaram Saini
 
Secure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying TechnologiesSecure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying TechnologiesBangNgoVanCong
 

Similar to Electronic Payment Protocol (20)

Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)
 
SRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.pptSRS for banking system requirement engineer.ppt
SRS for banking system requirement engineer.ppt
 
SRS for banking system requirement s.ppt
SRS for banking system requirement s.pptSRS for banking system requirement s.ppt
SRS for banking system requirement s.ppt
 
Design.pptx
Design.pptxDesign.pptx
Design.pptx
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0
 
Online payments and Security Gateways
Online payments and Security Gateways Online payments and Security Gateways
Online payments and Security Gateways
 
Guide to Understanding Credit Card Processing for Merchants
Guide to Understanding Credit Card Processing for MerchantsGuide to Understanding Credit Card Processing for Merchants
Guide to Understanding Credit Card Processing for Merchants
 
Mb2420032007
Mb2420032007Mb2420032007
Mb2420032007
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
 
SET (1).ppt
SET (1).pptSET (1).ppt
SET (1).ppt
 
E Payment
E PaymentE Payment
E Payment
 
Electronic transaction final
Electronic transaction finalElectronic transaction final
Electronic transaction final
 
Secure E-payment Protocol
Secure E-payment ProtocolSecure E-payment Protocol
Secure E-payment Protocol
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project
 
E banking of axis bank
E banking of axis bankE banking of axis bank
E banking of axis bank
 
secnet.ppt
secnet.pptsecnet.ppt
secnet.ppt
 
secnet.ppt
secnet.pptsecnet.ppt
secnet.ppt
 
Secure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying TechnologiesSecure Web Transactions Electronic Commerce Underlying Technologies
Secure Web Transactions Electronic Commerce Underlying Technologies
 
SET.ppt
SET.pptSET.ppt
SET.ppt
 
SET.ppt
SET.pptSET.ppt
SET.ppt
 

Recently uploaded

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 

Recently uploaded (20)

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 

Electronic Payment Protocol

  • 2. Requirements of a E-Payment Protocol:E Payment protocol encompasses three participants (1) User  Purchases e-currency from the bank employing actual money by e payment. User then utilizes e-currency to carry out e-payment to buy goods. (2) Merchant  Data storage which provides user with both services and information (3) Bank The trusted authority who mediates between user and merchant to ease the duties they carry out. Shared set of characteristics for an E-Payment protocol are : (1) Anonymity  E-cash must not supply any user with information (2) Divisibility  E-Cash can be subdivided since the notes have a basic piece (3) Transference  E-Cash can be transferred to a trusted authority by providing the suitable amount of currency (4) Over spending detection  Must be used only once. 2
  • 3. Kim and Lee Protocol: ■ An E-Payment protocol that supports multiple merchants. ■ Protocol is divided into three schemes : (i) Certificate issuing scheme (ii) Payment Scheme (iii) Redemption Scheme (1) Certificate Issuing Scheme: 3 User(U) requests a certificate to a bank B by sending his secret information The bank B passes CU[User Certificate] and SU will be employed for the root value in payment scheme later User creates his/her public and secret key pair (PKU ,SKU) & passes PKU with IU that contains max no: of merchants(N) ,size of hash (n) with his credit info to the bank The bank generates special infoTU which acts as a key factor of the root value. Only the bank can generate the new hash values
  • 4. Kim and Lee Protocol (Cont.): ■ TU = h(U,rB , K) where U  User Information , rB  arbitrary number chosen by the bank and K is the private key of the bank ■ SU=(si |si=h(si+1,Tu ),i=N-1,…..0) where si is created by a shared user bank private key ■ The certificate CU in which all the elements as well as the expiry date of the certificate EU are signed by the bank B and pass to the User with SU and a nonce rU ■ CU = (IDB, IDU, PKU, TU, IU, EU )SKB Where IDB  Identity of the bank IDU  Identity of the user PKU  Public Key of the user TU  special information generated by the bank to the user IU  User Certificate serial number credit card information EU  Expiry information of the user details SKB  Secret Key of the bank 4
  • 5. Kim and Lee Protocol (Cont.) Payment Scheme: ■ The root value of pay words is merged with si obtained from the bank which enables the user U to employ the rest of the unspent pay-words in chain for multiple payments to other merchants ■ The user generates pay-words and commitment after obtaining the certificate ■ The commitment contains identity of the merchant, the certificate, expiry date of the commitment (EM ), root elements (wj , h(wj ,sk ) ) and other data IM such that 0≤j ≤n employed to set up root values for other merchants.Then user signs the element MU = (V,CU, w0, h(wj ,sk ),EM , IM ,)SKU ■ To spend the remainder of the pay-words in chain,The user U must set the root value of pay- words to be spent in subsequent payment scheme with the merging of hash chain values respectively created by the user U and the bank B 5
  • 6. Kim and Lee Protocol (Cont.) Redemption Scheme: ■ Merchant performs the redemption operation with the bank with in a pre agreed period of time. ■ Bank verifies if the payment request of the merchant is correct or not by checking the certificate. ■ First, Merchant orders for redemption to a bank B by passing the user U commitment and payment parameter. ■ Bank B checks merchant’s signature noticeable at the certificate and redeems Pj +1 to an equivalent amount of money ■ Bank processes redemption orders from merchants less than N before being overdue ■ Finally bank completes the redemption process when the last received value wi is less than the max value of the hash chains 6
  • 7. Limitations of Kim and Lee Protocol: ■ The system performance is reduced by necessarily frequent signing in each transaction ■ The customer has to keep different hash chains and corresponding indices ■ The dispute arises if the merchant forges transaction records or the customer double spends ■ To securely deposit, the bank has to collect all pay-words belonging to the same chain. It needs an additional storage space and wastes undetermined waiting time 7
  • 8. Proposed Protocol: ■ The proposed protocol is divided into four schemes, (1) registration scheme (2) blind scheme, (3) transaction scheme, and (4) redemption scheme ■ The blind scheme is introduced using a RSA type blind signature.This improvement makes the pay-word protocol more efficient and keeps all other characteristics consistent Blind Scheme ■ The user passes a withdrawl order to the bank prior to his order for any service from merchant Step 1: Bank ■ Select secretly and randomly two large prime p and q ■ Calculate modulus nB = p *q ■ Compute ø(n) = ( p −1)(q −1) ■ Choose exponent key e where 1<e< ø(n) and gcd (e, ø(n) )=1 ■ Calculate private key w where e*w ≡ 1mod ø(n) ■ Determine the public key (e,nB ) and private key (w, ø(n),p,q) 8
  • 9. Proposed Protocol (Cont.): Step 2 User: ■ Select arbitrary numbers r and u ■ Calculate a = r^e h(x0 ) (u^2 +1 )mod ø(n) ■ Pass (b,a) to the bank Step 3 Bank: ■ Select an arbitrary number x1 < ø(n) ■ Pass x1 to the user Step 4 User: ■ Choose an arbitrary value r1 ■ Calculate b2 = r*r1 ■ Pass α = b2 ^ e * (u-x1 ) mod ø(n) to the bank 9
  • 10. Proposed Protocol (Cont.): Step 5 Bank: ■ Calculate α^-1 mod ø(n) ■ Compute t1 = h(b)^w * (a(x1 ^2 + 1) * α ^-2)^2*w mod ø(n) ■ Pass (α^-1 ,t1 ) to the user Step 6 User: ■ Calculate c1 = (u*x1 +1)* α^-1 *(b2)^e = (u*x1 + 1) (u – x1) ^ -1 modø(n) ■ Calculate s1 = t1 * r^2 * r1 ^4 modø(n) ■ Parameter (b,c1,s1) is the signature on message x0 ■ Verification can be done if s1 ^e ≡ h(b)h(x0)^2 * (c1 ^2 + 1)^2 modø(n) 10
  • 11. What is SET Protocol: ■ A cryptographic security protocol designed to ensure security & Integrity of electronic transactions done using credit cards & debit cards. ■ Protocol was developed byVisa & Mastercard in 1996. ■ Wide range of companies like IBM, RSA, Microsoft,Terisa etc were involved in developing the initial specification ■ Aim was to impart security to the electronic transactions which in turn will reduce operational cost , reducing cost and it also decreases technology costs ■ Salient Features  (i) Confidentiality - All messages will be encrypted (ii)Trust – All parties will have digital certificates (iii) Privacy – Information will be made available only when and where necessary 11
  • 12. Requirement of a SET Protocol: ■ To provide confidenality of payment and ordering information ■ Ensure the integrity of all transmitted data ■ It has to keep the Payment Information & Order Information confidential by appropriate encryptions ■ It has to be resistive against message modifications ■ It should provide interoperability and make use of best security mechanisms 12
  • 13. Who are the participants in SET • User who buys the productCard Holder • Person who sells the productMerchant • Bank of Card HolderIssuer • Financial Institution established to the merchant who accepts the payment from the bankAcquirer • Function interface between SET& the existing bankcard payment networks or authorization and payment functionsPayment Gateway • An entity that is trusted to issue X.509v3 public key certificates for cardholders, merchants and payment gatewaysCertification Authority 13
  • 14. 14
  • 15. How SET is carried out ■ The customer opens an account with a card issuer like Mastercard,VISA etc ■ Customer receives a X.509v3 certificate signed by the bank ■ A merchant who accepts a certain brand of card must possess two X.509V3 certificates One for signing and one for key exchange ■ Customer places an order for a product through merchant’s website ■ The merchant then sends a copy of its certificate for verification ■ The customer then sends order & payment information to the merchant ■ The merchant requests payment authorization from the payment gateway prior to shipment ■ The merchant confirms order to the customer ■ The merchant provides the good or service to the customer ■ The merchant requests payment from the payment gateway 15
  • 16. 16
  • 17. Dual Signature ■ The concept of dual signature is aimed at connecting two information pieces meant for two different receivers 1. Order Information for merchant 2. Payment Information for Bank 17
  • 18. Concept of Dual Signatures: ■ Here Information related to payment will be send to the bank ■ Order information will be send to the merchant ■ Plain text of order information and message digest of payment information will be send to the merchant ■ Plaintext of payment information and message digest of order information will be send to the bank ■ The dual signature obtained by encrypting the message digest of Payment Order information (POMD) will be decrypted by both the merchant and the bank using the public key of customer obtained from the certificates ■ The certification authority provides the public key of the customer ■ The encryption is done by using private key of the customer and follows RSA encryption ■ Hashing algorithm used  SHA 1 18
  • 19. Implementation of SET: ■ Three events should be generated to implement SET effectively 19 • Done by the customer and request will be send to the merchant Purchase Request • It will be done by the financial institution Payment Authorization • Request from the merchant to send the payment to the merchant’s bank account Payment Capture
  • 21. Purchase Request ( Cont.): ■ Here Payment information, message digest of order information and dual signature will be encrypted by using a secret key ■ This secret key is encrypted using the public key of the bank and output obtained by encrypting using the public key is called digital envelope ■ Along with digital envelope and the encrypted component of payment info, OIMD and dual signature Order information , MD of Payment Information and dual signature and certificate containing the public key of the customer will also be send to the merchant ■ Merchant needs private key of the bank in order to decrypt the digital envelope which is impossible ■ Merchant applies hash on Order information to get the message digest and will be appended along with the PIMD to get POMD after further hashing ■ Merchant uses public key of the customer to decrypt the dual signature in order to get the POMD and this POMD will be compared with the generated POMD mentioned in the above step 21
  • 23. Payment Authorization (Cont.) ■ Here digital envelope & encrypted version of PI, OIMD and digital signature will be send to the bank ■ Bank decrypts the digital envelope using its private key to get the secret key ■ This secret key will be used to decrypt the combination of PI, OIMD and digital signature ■ Bank will apply hash on the payment information to get PIMD and it will be appended with OIMD to get POMD after hashing ■ Digital signature received will be decrypted using the public key of the customer which was sent along with the certificate to get POMD ■ This POMD will be compared with the generated POMD above ■ If both matches,Then it indicates payment info is not altered during the transmission 23
  • 24. Payment Capture: ■ Here merchant will send transaction id and purchase request id to the acquirer. ■ Acquirer will check and debits the amount from the customer and the same amount gets credited to the merchant’s account 24
  • 25. References: ■ Secure E Payment Protocol by Sattar J Aboud ■ A Review of Secure Authentication based e-Payment protocol by Mr. B Ratnakanth and Prof P.s Avadhani ■ Geeks for Geeks  Secure Electronic transaction (https://www.geeksforgeeks.org/secure- electronic-transaction-set-protocol/) ■ Youtube  Secure Electronic transaction by Sundeep Saradhi Kanthety (https://www.youtube.com/watch?v=Fu82aJJ3tQQ&t=4s) 25
  • 26. 26