University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia.

Slides:

Advertisements

Similar presentations

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.

Advertisements

Overview Environment for Internet database connectivity

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Web Performance Tuning Lin Wang, Ph.D. US Department of Education Copyright [Lin Wang] [2004]. This work is the intellectual property of the author. Permission.

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

A Successful Help Desk Process for all IT Support

WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.

Intellectual Property Statement Copyright Timothy Antonowicz, This work is the intellectual property of the author. Permission is granted for this.

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.

University of Washington CUMREC 2003 A Self Sustaining IS Consulting Unit - Client Services Project Consulting University of Washington CUMREC 2003 Copyright.

PCI Compliance in the University Setting Copyright Sandie Rosko, John Chapman, Jay Maylor This work is the intellectual property of the author. Permission.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.

Copyright Brian T. Huntley and Tim Antonowicz 2007 This work is the intellectual property of the authors. Permission is granted for this material to be.

1 CBM: UBC's "One Stop" Billing and Payment Web Service Gordon Uyeda, Project Manager Fred Wang, Systems Analyst Nancy Low, Manager Registration & Systems.

University of Central Florida’s ePay System: Online, Not In Line CUMREC 2004 May 16th – 19th Aaron Streimish Special Projects Coordinator Computer Services.

Yale University Information Technology Services Administrative Systems Art Hunt 3/22/04 Software Service Level Agreement with Finance, Procurement and.

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Virtualization Across The Enterprise Rob Lowden Director, Enterprise Infrastructure Indiana University 23 May 2007.

Midterm 2: April 28th Material:   Query processing and Optimization, Chapters 12 and 13 (ignore , 12.7, and 13.5)   Transactions, Chapter.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Survivable Network Analysis Oracle Financial Management Services Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

University of Washington CUMREC 2003 Uncompromised Web Applications: Variety Without Chaos University of Washington CUMREC 2003 Copyright University of.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Turning Information Into Action: Enterprise Reporting at Columbia University Maria E. Mosca, Director Student Information Systems Columbia University in.

Western Illinois University - Electronic Student Services Copyright Statement Copyright Western Illinois University – Electronic Student Services 2001.

West Virginia University Office of Information Technology Support Services One Stop Shopping For IT Support Services Sid Morrison Director, OIT Support.

Technologically Disinclined A presentation to EDUCAUSE Fall, 2002 Copyright Kathy Luker and Scott Manley, This work is the intellectual property.

Cheryl Ast Project Team Leader, Administrative Computing Services (949) EDUCAUSE Southwest Regional Conference University of.

Cheryl Ast Project Team Leader, Administrative Computing Services (949) CUMREC 2003 University of California, Irvine Tuesday, May.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.

Reengineering Web Application Design - Customers In Charge Copyright Ruth Butlin This work is the intellectual property of the author. Permission.

Copyright - L. Thanasides, 2002 Using the Right FACTS Can Be Informative: Florida’s Statewide Student Information System Linda Thanasides Marsha Stickel.

Copyright Tim Antonowicz, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

Page 1 Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine This work is the.

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

Chapter 10 Developing a Web-Based Online Shopping Application (I)

Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.

AMSI Hosting Options User Panel Discussion Presented by Brian Torney Session 107 Advantages of Self Hosting.

Computer Emergency Notification System (CENS)

Module 13 Implementing Business Continuity. Module Overview Protecting and Recovering Content Working with Backup and Restore for Disaster Recovery Implementing.

ISC Networking & Telecommunications Migrating from Centrex to IP Telephony at Penn EDUCAUSE MARC 2006 Melissa Muth & Dawn Augustino University of Pennsylvania.

BOSS Business Objects Shared Service Steve Rademacher – June 2009.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA Bringing IT All Back Home Centralized Systems in a Decentralized.

Walking the Line Between Customer Service and Customer Codependency

Julian Hooker Assistant Managing Director Educause Southwest

John O’Keefe Director of Academic Technology & Network Services

EDUCAUSE 2011 Three Paths, One Goal: Three Institutions’ Journey with Providing and Supporting Mobile Technology Emporia State University The Faculty &

Introduction to Databases Transparencies

Project for OnLine Instructional Support (POLIS)

RKL Remote key loading.

myIS.neu.edu – presentation screen shots accompany:

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

Presentation transcript:

University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia Tufarolo) This work is the intellectual property of the Authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.

University of Washington B2C Credit Card Infrastructure

UW Web Credit Card Application

University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost Q&A

University of Washington B2C Credit Card Infrastructure Project Goal Central infrastructure: Web- based credit card purchases Available to all UW areas

University of Washington B2C Credit Card Infrastructure UW Web Credit Card Application Standard Methods Secure Installation Economies of Scale Mainstream the Expertise

University of Washington B2C Credit Card Infrastructure Project Approach Advisory Committee Project Team

University of Washington B2C Credit Card Infrastructure Project Approach Research – Internal – External

University of Washington B2C Credit Card Infrastructure Project Approach Build vs Buy – Security – Credit Card # not stored – Co-branding – Flexibility to change vendor – Integrate with UW banking

University of Washington B2C Credit Card Infrastructure Project Approach Implementation – Design – Development

University of Washington B2C Credit Card Infrastructure Application Overview

University of Washington B2C Credit Card Infrastructure Major Processes Transaction Authorization Transaction Processing Settlement Standard Reporting Administrative Functions

University of Washington B2C Credit Card Infrastructure Interfaces Departmental Application Generic Application – UW Web Conference – UW Web Donation – UW Web Store

University of Washington B2C Credit Card Infrastructure Example Installations UW Tuition UW Computer Training Health Policy Conference KEXP Pledge Drive

University of Washington B2C Credit Card Infrastructure Example Expansions Housing & Food Services Husky Store UWMC Gift Shop

University of Washington B2C Credit Card Infrastructure Cost Recovery Self-Sustaining Operation Multiple Cost Models – Fixed fee per transaction – Percent of transaction

University of Washington B2C Credit Card Infrastructure Cost Recovery Recharge Module in Web CC Annual Review of Rates

University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost

University of Washington B2C Credit Card Infrastructure Design Challenges Open Architecture Security Performance, Stability & Scale

University of Washington B2C Credit Card Infrastructure Open Architecture Provide a central, UW-wide service Integrate with departmental Web Apps Support all UW platforms and databases

University of Washington B2C Credit Card Infrastructure Open Architecture Work with UW financial systems Work with UW banking structure Be secure, secure, secure!

University of Washington B2C Credit Card Infrastructure Open Architecture Solution: Well-defined protocol layered on top of SSL (https)

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 1. Checkout Page

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 2. Checkout Request

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 3. Purchase Data Request

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 4. Purchase Data

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 5. Purchase Request Page

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 6. Purchase Request

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 7. Purchase Confirmation Page

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 8. Purchase Confirmation

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 9. Authorization Request

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 10. Authorized

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 11. Confirm Payment

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 12. Purchase Successful

University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 13. Purchase Receipt

University of Washington B2C Credit Card Infrastructure Security Highlights Java and ASP, Win2K and IIS Credit card data never stored SSL for all network communications

University of Washington B2C Credit Card Infrastructure Security Highlights Admin functions have 6 levels of access control Admin actions have an audit trail Financial transactions use RSA SecurID Data is encrypted and encoded

University of Washington B2C Credit Card Infrastructure Security Details Triple-DES encryption using Cryptix class libraries Base64-ASCII encoding at 6-bit boundaries and padded Objects compressed with GZIP

University of Washington B2C Credit Card Infrastructure Security Details MD5 digest ensures objects not tampered with during transmission Cookies are secure, scoped to the server, volatile and W3C P3P compliant Purchase session expires after 15 minutes

University of Washington B2C Credit Card Infrastructure Security Details Objects tied together with creation timestamp so cannot be used independently Completed, cancelled or expired purchase sessions cannot be reused Pages have Pragma no-cache header and are immediately expired

University of Washington B2C Credit Card Infrastructure Security Details Ke3VFNix_W3RjfYPujNbuPqFJewtFh2v1q5PQPzrMrfJIkDz3rqEvmlTa AmiBCDj5E8LwOEeTzudRbAt4KlXC_agf0OAkorIY21vTcuoJNGLe2Re 88ImRiVPqcKIh6u6wpDYYQaiidp7Kk9qHnPPpF5nB1KMxngMa0YMLS VZPIkqXOkZ_sEXGyx_MMmixUaGB9zXoq0zjlWG_07uF_MsSN0zKPl6 5LsN4ejQppj^8r1MCV1E_2T9Ra8EuM18O89IruDSjuB6i99C5lZjj_Dlhfg 7 Example of Encrypted And Encoded Data

University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Web Servers – Win2K and IIS – Virtual host: load balanced at n+1 – Hot swap-able & interchangeable

University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Web Servers – Minimal server-side caching reduces memory consumption – Automatic monitoring with failures escalated to pagers – Leverage UW DRBR (disaster recovery)

University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Database Servers – Win2K and MS-SQL – Primary and secondary with mirrored disk – Tape backup every two hours – Minimal database activity

University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Database Servers – File UDL for easier fail-over – Automatic monitoring with failures escalated to pagers – Leverage UW DRBR

University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost

University of Washington B2C Credit Card Infrastructure Demonstration UW Computer Training UW Web Donation UW Web Credit Card

University of Washington B2C Credit Card Infrastructure UW Computer Training Existing system Java, Informix, Apache Server Department application interface C&C Link

University of Washington B2C Credit Card Infrastructure UW Web Donation New System ASP, MS-SQL, IIS Generic Donation Donation Link

University of Washington B2C Credit Card Infrastructure UW Web Credit Card ASP, Java, MS-SQL, IIS Multiple Levels of Security Central User Link

University of Washington B2C Credit Card Infrastructure UW Web Credit Card Application Client Services Project Consulting