This document discusses security and trust in e-payments. It begins with an introduction on how communication technologies have led to new terms like e-commerce and e-payments. However, these new payment systems require high security to address risks from a lack of trust in online transactions. The document then defines key terms related to e-payment security like cryptography, public key infrastructure (PKI), and digital signatures. It describes how encryption, digital signatures, and hash algorithms can establish concepts of trust and security through identification, authentication, access control and more. Finally, the document examines specific e-payment systems and how cryptography and PKI using public/private key pairs and digital certificates can help build trust in online financial exchanges

1. security and trust in
e- payments

2. OUTLINE
•
•
•
•
•
Introduction
Definition
Security
Identification of trust
e-payment
• Cryptography and PKI
• Conclusion
• References

3. INTRODUCTION
Communication, fast-paced and an abundance of information and , among
other things created by this development is the emergence of new terms ,
exceeded the boundaries of physical and geographical and canceled all the
limitations of human freedom in the exercise of his business and among these
new terms is the term * e * Trade , which trades became accessible to many
individuals. Which include e-commerce all business transactions , from the sale
and purchase of goods and services reflected its importance in that it is an
effective means to expand domestic markets and lowers the cost of
correspondence , but show us the importance of having systems of high
security because of the high risk as a result of lack of confidence in dealing in
this way whether or her grandmother for easy manipulation in transactions
made through which .

4. Definition
What and Why….?




Security
E-Payment
Trust
Cryptography and PKI

5. Security
• Encryption
• Digital signatures.
• Checksums/hash
algorithms.
• To establish the concepts
of trust and security:

Identification,
Authentication, Access
Control, Confidentiality,
Integrity, Nonrepudiation, and
Availability.

6. Identification of trust
• characterizes:
• - the fact that all entities are uniquely
identifiable,
• - that there is a minimum number of a priori
trusted entities, and
• - that these entities have unquestionable trust
to other participating entities.

7. What Electronic Payment system is?
Electronic Payment is a financial exchange that takes place
online between buyers and sellers. The content of this
exchange is usually some form of digital financial instrument
(such as encrypted credit card numbers, electronic cheques or
digital cash) that is backed by a bank or an intermediary, or
by a legal tender.
Electronic payment system(EPS) is a system which helps the
customer or user to make online payment for their shopping.

8. Two Storage Methods of EPS
 On-line
 Individual does not have possession personally of
electronic cash
 Trusted third party, e.g. online bank, holds customers’
cash accounts
 Off-line
 Customer holds cash on smart card or software wallet
 Fraud and double spending require tamper-proof
encryption

9. E-Payment
• Participants:
- Client, Merchant, and Bank
• feature of EPS is the money model.
• Token, Cash, Cheque, and Cards.
• feature of e-payment systems
 Pre-paid systems, Pay-now systems, and Post-pay systems
• Some Examples Of EPS:
Online Reservation , Online Bill Payment , Online Order Placing , Online Ticket Booking
• Types of EPS
• E- CASH, E- WALLETS, CREDIT CARDS, SMART CARDS

10. Security Requirements of EPS
Integrity
Authentication
Privacy
Fraud prevention
and tolerance
Safety

11. Security properties of EPS
Transferability
Divisibility
Double-spending
prevention
Payment
confidentiality
Payer
untraceability
Payment
anonymity

12. Cryptography and PKI
• Cryptography is represented in two forms. The first is
called symmetric or secret key cryptography, uses one
common key for both encryption and decryption and a
second named public key cryptography or asymmetric,
uses two different keys (a private and public) to transform
plaintext into ciphertext.

13. Keys
• Symetric Keys
• Both parties share the same secret key
• Problem is securely distributing the key
• DES - 56 bit key considered unsafe for financial purposes
since 1998
• 3 DES uses three DES keys
• Public/Private keys
• One key is the mathematical inverse of the other
• Private keys are known only to the owner
• Public key are stored in public servers, usually in a X.509
certificate.
• RSA (patent expires Sept 2000), Diffie-Hellman, DSA

14. Elements of PKI
• Certificate Authorities (CA)
• OpenSSL, Netscape, Verisign, Entrust, RSA Keon
• Public/Private Key Pairs - Key management
• x.509 Identity Certificates - Certificate management
• LDAP servers

15. Digital Signatures
• Combines a hash with a digital signature algorithm
• To sign
• hash the data
• encrypt the hash with the sender's private key
• send data signer’s name and signature
• To verify
• hash the data
• find the sender’s public key
• decrypt the signature with the sender's public key
• the result of which should match the hash

16. Conclusion
• Good infrastructure
• Profitability investment with security and trust
• Two solutions to build trust
• Existing relationship
• Great relationship by PKI

17. References
•
•
•
•
The concept of security and trust in e- payments
Forum.stop55.com 286327.html
http://acs.lbl.gov/~mrt/talks/secPrimer.ppt.
http://s3.amazonaws.com/pptdownload/electronicpaymentsystem-110901110128phpapp01.pptx

18. Questions…??