3. INTRODUCTION
Communication, fast-paced and an abundance of information and , among
other things created by this development is the emergence of new terms ,
exceeded the boundaries of physical and geographical and canceled all the
limitations of human freedom in the exercise of his business and among these
new terms is the term * e * Trade , which trades became accessible to many
individuals. Which include e-commerce all business transactions , from the sale
and purchase of goods and services reflected its importance in that it is an
effective means to expand domestic markets and lowers the cost of
correspondence , but show us the importance of having systems of high
security because of the high risk as a result of lack of confidence in dealing in
this way whether or her grandmother for easy manipulation in transactions
made through which .
5. Security
• Encryption
• Digital signatures.
• Checksums/hash
algorithms.
• To establish the concepts
of trust and security:
Identification,
Authentication, Access
Control, Confidentiality,
Integrity, Nonrepudiation, and
Availability.
6. Identification of trust
• characterizes:
• - the fact that all entities are uniquely
identifiable,
• - that there is a minimum number of a priori
trusted entities, and
• - that these entities have unquestionable trust
to other participating entities.
7. What Electronic Payment system is?
Electronic Payment is a financial exchange that takes place
online between buyers and sellers. The content of this
exchange is usually some form of digital financial instrument
(such as encrypted credit card numbers, electronic cheques or
digital cash) that is backed by a bank or an intermediary, or
by a legal tender.
Electronic payment system(EPS) is a system which helps the
customer or user to make online payment for their shopping.
8. Two Storage Methods of EPS
On-line
Individual does not have possession personally of
electronic cash
Trusted third party, e.g. online bank, holds customers’
cash accounts
Off-line
Customer holds cash on smart card or software wallet
Fraud and double spending require tamper-proof
encryption
9. E-Payment
• Participants:
- Client, Merchant, and Bank
• feature of EPS is the money model.
• Token, Cash, Cheque, and Cards.
• feature of e-payment systems
Pre-paid systems, Pay-now systems, and Post-pay systems
• Some Examples Of EPS:
Online Reservation , Online Bill Payment , Online Order Placing , Online Ticket Booking
• Types of EPS
• E- CASH, E- WALLETS, CREDIT CARDS, SMART CARDS
10. Security Requirements of EPS
Integrity
Authentication
Privacy
Fraud prevention
and tolerance
Safety
12. Cryptography and PKI
• Cryptography is represented in two forms. The first is
called symmetric or secret key cryptography, uses one
common key for both encryption and decryption and a
second named public key cryptography or asymmetric,
uses two different keys (a private and public) to transform
plaintext into ciphertext.
13. Keys
• Symetric Keys
• Both parties share the same secret key
• Problem is securely distributing the key
• DES - 56 bit key considered unsafe for financial purposes
since 1998
• 3 DES uses three DES keys
• Public/Private keys
• One key is the mathematical inverse of the other
• Private keys are known only to the owner
• Public key are stored in public servers, usually in a X.509
certificate.
• RSA (patent expires Sept 2000), Diffie-Hellman, DSA
15. Digital Signatures
• Combines a hash with a digital signature algorithm
• To sign
• hash the data
• encrypt the hash with the sender's private key
• send data signer’s name and signature
• To verify
• hash the data
• find the sender’s public key
• decrypt the signature with the sender's public key
• the result of which should match the hash
16. Conclusion
• Good infrastructure
• Profitability investment with security and trust
• Two solutions to build trust
• Existing relationship
• Great relationship by PKI
17. References
•
•
•
•
The concept of security and trust in e- payments
Forum.stop55.com 286327.html
http://acs.lbl.gov/~mrt/talks/secPrimer.ppt.
http://s3.amazonaws.com/pptdownload/electronicpaymentsystem-110901110128phpapp01.pptx