Security and trust in e payment

security and trust ine- payments

M o h a m m e d F. A l - O t a i b iH a m a d M . A l - S h l a w i

OUTLINE• Introduction• Definition• Security• Identification of trust• e-payment • Cryptography and PKI• Conclusion• References

INTRODUCTION

Communication, fast-paced and an abundance of information and , among other things created by this development is the emergence of new terms , exceeded the boundaries of physical and geographical and canceled all the limitations of human freedom in the exercise of his business and among these new terms is the term * e * Trade , which trades became accessible to many individuals. Which include e-commerce all business transactions , from the sale and purchase of goods and services reflected its importance in that it is an effective means to expand domestic markets and lowers the cost of correspondence , but show us the importance of having systems of high security because of the high risk as a result of lack of confidence in dealing in this way whether or her grandmother for easy manipulation in transactions made through which .

Definition

Security E-Payment Trust Cryptography and PKI

What and Why….?

• Encryption• Digital signatures.

• Checksums/hash algorithms.• To establish the concepts

of trust and security: Identification,

Authentication, Access Control, Confidentiality, Integrity, Non-repudiation, and Availability.

Security

Identification of trust

• characterizes:• - the fact that all entities are uniquely

identifiable,• - that there is a minimum number of a priori

trusted entities, and• - that these entities have unquestionable trust

to other participating entities.

What Electronic Payment system is?

Electronic Payment is a financial exchange that takes place online between buyers and sellers. The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or by a legal tender.

Electronic payment system(EPS) is a system which helps the customer or user to make online payment for their shopping.

Two Storage Methods of EPS On-line

Individual does not have possession personally of electronic cash

Trusted third party, e.g. online bank, holds customers’ cash accounts

Off-line Customer holds cash on smart card or software wallet Fraud and double spending require tamper-proof

encryption

E-Payment

• Participants:- Client, Merchant, and Bank

• feature of EPS is the money model.• Token, Cash, Cheque, and Cards.

• feature of e-payment systems Pre-paid systems, Pay-now systems, and Post-pay

systems

• Some Examples Of EPS:Online Reservation , Online Bill Payment , Online Order Placing , Online Ticket Booking

• Types of EPS• E- CASH, E- WALLETS, CREDIT CARDS, SMART CARDS

Authentication

Integrity

Fraud prevention and tolerance

Privacy

Safety

Security Requirements of EPS

Divisibility

Transferability

Double-spending prevention

Payment confidentiality

Payment anonymity

Security properties of EPS

Payer untraceability

Cryptography and PKI• Cryptography is represented in two forms. The first is

called symmetric or secret key cryptography, uses one common key for both encryption and decryption and a second named public key cryptography or asymmetric, uses two different keys (a private and public) to transform plaintext into ciphertext.

Keys• Symetric Keys

• Both parties share the same secret key

• Problem is securely distributing the key

• DES - 56 bit key considered unsafe for financial purposes since 1998

• 3 DES uses three DES keys

• Public/Private keys

• One key is the mathematical inverse of the other

• Private keys are known only to the owner

• Public key are stored in public servers, usually in a X.509 certificate.

• RSA (patent expires Sept 2000), Diffie-Hellman, DSA

Elements of PKI

• Certificate Authorities (CA)

• OpenSSL, Netscape, Verisign, Entrust, RSA Keon

• Public/Private Key Pairs - Key management

• x.509 Identity Certificates - Certificate management

• LDAP servers

Digital Signatures

• Combines a hash with a digital signature algorithm

• To sign

• hash the data

• encrypt the hash with the sender's private key

• send data signer’s name and signature

• To verify

• hash the data

• find the sender’s public key

• decrypt the signature with the sender's public key

• the result of which should match the hash

Conclusion

• Good infrastructure• Profitability investment with security and trust• Two solutions to build trust • Existing relationship• Great relationship by PKI

References• The concept of security and trust in e- payments • Forum.stop55.com/ 286327.html• http://acs.lbl.gov/~mrt/talks/secPrimer.ppt.• http://s3.amazonaws.com/ppt-download/

electronicpaymentsystem-110901110128-phpapp01.pptx

Questions…??