Académique Documents
Professionnel Documents
Culture Documents
or repudiation (penolakan)
it is used very infrequently due to its complexity
and the need for a special card reader by the user
it may be abandoned if it is not simplified/improved
Security requirements
Authentication: A way to verify the buyers identity
before payments are made
Original
Message
Sender
Scrambled
Message
Encryption
Internet
Keyreceiver
Scrambled
Message
Original
Message
Decryption Receiver
Message
Original
Message
Scrambled
Message
Private Keyreceiver
Internet
Scrambled
Message
Sender
Receiver
Private Keysender
Digital
Original
Signature Message
Sender
Original
Message
Scrambled
Message
Public Keysender
Internet
Scrambled
Message
Original
Message
Receiver
Digital Signature
Analogous to handwritten signature
Sender encrypts
a message with
her private key
A digital signature is
attached by a sender
to a message
encrypted in the
receivers public key
Certificate
CCA
MCA
PCA
Hierarchy of Certificate Authorities
Certificate authority needs to be verified by a government or well trusted entity ( e.g., post office)
The Players
Cardholder
Merchant (seller)
Issuer (your bank)
Acquirer (merchants financial institution,
acquires the sales slips)
Brand (VISA, Master Card)
Cardholder
credit
card
Merchant
Payment authorization,
payment data
Issuer Bank
Acquirer Bank
Cardholder
Account
Merchant
Account
14
Senders Computer
1. The message is hashed to a prefixed length of message
digest.
2. The message digest is encrypted with the senders
private signature key, and a digital signature is created.
3. The composition of message, digital signature, and
Senders certificate is encrypted with the symmetric key
which is generated at senders computer for every
transaction. The result is an encrypted message. SET
protocol uses the DES algorithm instead of RSA for
encryption because DES can be executed much faster
than RSA.
4. The Symmetric key itself is encrypted with the receivers
public key which was sent to the sender in advance. The
result is a digital envelope.
Prentice Hall, 2000
15
Senders Computer
Message
Senders Private
Signature Key
Message Digest
Digital Signature
+
Message
Symmetric
Key
Encrypt
Senders
Certificate
Receivers
Certificate
Encrypted
Message
Encrypt
Receivers
Key-Exchange Key
Prentice Hall, 2000
Digital
Envelope
16
17
Receivers Computer
Receivers Private
Key-Exchange Key
Decrypt
Digital
Envelope
Message
Decrypt
Symmetric
Key
Encrypted
Message
+
+
Senders
Certificate
Message Digest
compare
Decrypt
Digital Signature
Senders Public
Signature Key
Prentice Hall, 2000
Message Digest
18
IC Card
Reader
Customer y
Customer x
With Digital Wallets
Certificate
Authority
Merchant B
Payment Gateway
Protocol
X.25
Credit Card
Brand
19
Simple
Internet
Payee
Payer
Cyber Bank
Cyber Bank
Payment
Gateway
Payment
Gateway
Bank
VAN
Bank
Automated
Clearinghouse
VAN
Smart Cards
The concept of e-cash is used in the non-Internet
environment
Plastic cards with magnetic stripes (old technology)
Includes IC chips with programmable functions on
them which makes cards smart
One e-cash card for one application
Recharge the card only at designated locations,
such as bank office or a kiosk. Future: recharge at
your PC
e.g. Mondex & VisaCash
DigiCash
The analogy of paper money or coins
Expensive, as each payment transaction must be
reported to the bank and recorded
Conflict with the role of central banks bill
issuance
Legally, DigiCash is not supposed to issue more
than an electronic gift certificate even though it
may be accepted by a wide number of member
stores
Internet
Can be used on the Internet as well as in a
non-Internet environment
money laundry
S$500 in Singapore; HK$3,000 in Hong Kong
Multiple Currencies
Can be used for cross border payments
Proximity Card
Used to access buildings and for paying in
Payer
Account
Receivable
Payee
E- Mail
WWW
Signature
Card
Signature Card
Workstation
Mall statement
E-Check line item
Remittance
Check
Signature
Certificate
Certificate
Remittance
Check
Signature
Certificate
Certificate
Endorsement
Certificate
Certificate
Secure Envelope
ACH
Secure Envelope
ECP
Payers Bank
Debit account
Clear Check
Payees Bank
Credit account
Deposit check
Electronic Checkbook
Counterpart of electronic wallet
To be integrated with the accounting information
system of business buyers and with the payment
server of sellers
To save the electronic invoice and receipt of
payment in the buyers and sellers computers for
future retrieval
Example : SafeCheck
Used mainly in B2B
Payers
Payees
checkbook
check-receipt
agent
Payer
Issue a check
agent
Payee
Receipt
Checkbook,
screened result
report
Request of
screening check
issuance
control
agent of
payers
bank
Internet
present
control
agent of
payees
bank
clearing
A/C
DB
A/C
DB
payers bank
payees bank
32
First cyberbank
Lower service charges to challenge the service
Visa
An onymous card
is necessary to
keep the certificates for
credit cards, EFT, and
electronic checkbooks
36