IKP: i-Key-Protocol Christopher Hsu 2/23/2019.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Atomic Transactions CS523 - Spring Brian Schmidt.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Electronic Transaction Security (E-Commerce)
Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
IKP Secure Electronic Payment System Presented by Jinping Li.
1 Design, Implementation and Deployment of the iKP Secure Electronic Payment System Mihir Bellare, Juan A. Garay et al. “ … At this day and age it is hardly.
Supporting Technologies III: Security 11/16 Lecture Notes.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Payment Systems. Payment Revolution 1970: Electronic Funds Transfer between banking industries 1980: Electronic Data Interchange (EDI) for e- commerce.
Security Chapter 8.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 9: Payment System for Electronic Commerce.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Week 3.  Business document from which information for journal entry is obtained.  Transaction generates source document.  Each transaction must have.
Electronic Payment Systems Presented by Rufus Knight Veronica Ogle Chris Sullivan As eCommerce grows, so does our need to understand current methods of.
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
1 Original Message Scrambled Message Public Key receiver Internet Scrambled+Signed Message Original Message Private Key receiver The Process of Sending.
April 20023CSG11 Electronic Commerce Payment systems John Wordsworth Department of Computer Science The University of Reading
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
ELECTRONIC PAYMENT SYSTEM
Lesson 05-I E-commerce Payments
Onno W. Purbo e-Banking Onno W. Purbo
Regular Payments First and Subsequent Payments
Cryptography and Network Security
Cryptography and Network Security
Secure Electronic Transaction
Chapter 5 Electronic Commerce | Security
Uses Uses of cryptography Lab today on RSA
Onno W. Purbo Payment Gateway Onno W. Purbo
BY GAWARE S.R. DEPT.OF COMP.SCI
Identity-based deniable authentication protocol
Onno W. Purbo e-Banking Onno W. Purbo
Banking.
Mobile Payment Protocol 3D by Using Cloud Messaging
Cryptography and Network Security
Secure Electronic Transaction (SET)
Chapter 5 Electronic Commerce | Security
The Journal and Source Documents
OTR AKE Protocol.
Secure Electronic Transaction (SET) University of Windsor
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
ELECTRONIC PAYMENT SYSTEM.
Secure Electronic Transactions (SET)
CDK: Chapter 7 TvS: Chapter 9
ECT455 Website Engineering
Cryptography and Network Security
Presentation transcript:

iKP: i-Key-Protocol Christopher Hsu 2/23/2019

What is iKP? i-Key-Protocol, i = 1, 2, 3, … Family of protocols Secure electronic payment Based on credit card payments Can be extended to debit card and check payments 2/23/2019

History of iKP 1995, IBM Research Labs Zurich and Watson Research Centre Open industry standard Incorporated into SEPP, SET ZiP: fully operational prototype Did not become commercial product But has been deployed in some businesses 2/23/2019

Initial Assumptions Only partial privacy is emphasized Encryption not used in protocol Can be implemented by other means Or protocol can be extended iKP emphasizes the payment Assumes purchase order is already known 2/23/2019

Parties and Attackers Three parties: Acquirer (A), Merchant (M), Customer (C) Three attackers: eavesdropper, active attacker, insider 2/23/2019

Acquirer Requirements A1. Proof of transaction authorization of customer A2. Proof of transaction authorization by merchant 2/23/2019

Merchant Requirements M1. Proof of transaction authorization by acquirer M2. Proof of transaction authorization by customer 2/23/2019

Customer Requirements C1. Unauthorized payment is impossible C2. Proof of transaction authorization by acquirer C3. Certification and authentication of merchant C4. Receipt from merchant 2/23/2019

Extra Customer Requirements C5. Privacy C6. Anonymity 2/23/2019

Components of the Protocol Keys: PKX, SKX, CERTX Cryptography: H(.), EX(.), SX(.) Quantities: SALTC, PRICE, DATE, NONCEM, IDM, TIDM, DESC, CAN, RC, CID, Y/N, PIN, V Discuss 1KP in detail, comparison with 2KP and 3KP 2/23/2019

1KP Protocol Flow Initiate: CM Invoice: CM Payment: CM Auth-Request: MA Auth-Response: MA Confirm: CM SALTC, CID Clear EncSlip Clear, H(DESC,SALTC), EncSlip Y/N, SigA Common: PRICE, IDM, TIDM, DATE, NONCEM, CID, H(DESC,SALTC) Clear: IDM, TIDM, DATE, NONCEM, H(Common) SLIP: PRICE, H(Common), CAN, RC, [PIN] EncSlip: EA(SLIP) SigA: SA(Y/N, H(Common)) 2/23/2019

Removing Nonce and Date Initiate: CM Invoice: CM Payment: CM Auth-Request: MA Auth-Response: MA Confirm: CM SALTC, CID Clear EncSlip* Clear, H(DESC,SALTC), EncSlip* Y/N, SigA Common: PRICE, IDM, TIDM, DATE, NONCEM, CID, H(DESC,SALTC) Clear: IDM, TIDM, DATE, NONCEM, H(Common) SLIP: PRICE, H(Common), CAN, RC, [PIN] EncSlip: EA(SLIP) SigA: SA(Y/N, H(Common)) 2/23/2019

Removing SALTC Initiate: CM Invoice: CM Payment: CM Auth-Request: MA Auth-Response: MA Confirm: CM SALTC, CID Clear EncSlip Clear, H(DESC,SALTC), EncSlip Y/N, SigA Common: PRICE, IDM, TIDM, DATE, NONCEM, CID, H(DESC,SALTC) Clear: IDM, TIDM, DATE, NONCEM, H(Common) SLIP: PRICE, H(Common), CAN, RC, [PIN] EncSlip: EA(SLIP) SigA: SA(Y/N, H(Common)) 2/23/2019

Removing SALTC: Invariant -- Intruder never knows desc and salt from same customer invariant "Intruder does not know DESC" forall i: IntruderId do forall j: CustomerId do !int[i].descs[j] | !int[i].salts[j] end end; 2/23/2019

What is not fulfilled? Acquirer’s proof of transaction authorization by merchant Merchant’s proof of transaction authorization by customer Customer’s certification and authentication of merchant Customer’s receipt from merchant 2/23/2019

2KP and 3KP Satisfies deficiencies of 1KP Differs in the number of public keys available Guarantees more undeniable receipts for the transaction 2/23/2019

2KP Protocol Flow Initiate: CM Invoice: CM Payment: CM Auth-Request: MA Auth-Response: MA Confirm: CM SALTC, CID Clear, SigM, CERTM EncSlip Clear, H(DESC,SALTC), EncSlip, SigM, CERTM Y/N, SigA Y/N, V, SigA Common: PRICE, IDM, TIDM, DATE, NONCEM, CID, H(DESC,SALTC), H(V) Clear: IDM, TIDM, DATE, NONCEM, H(V), H(Common) SLIP: PRICE, H(Common), CAN, RC EncSlip: EA(SLIP) SigA: SA(Y/N, H(Common)) SigM: SM(H(Common), H(V)) 2/23/2019

2KP Additions Merchant has public/private key and certificate Acquirer has certification and authentication of merchant Customer has certification and authentication of merchant Customer has receipt from merchant 2/23/2019

3KP Protocol Flow Initiate: CM Invoice: CM Payment: CM Auth-Request: MA Auth-Response: MA Confirm: CM SALTC, CID, CERTC Clear, SigM EncSlip, SigC Clear, H(DESC,SALTC), EncSlip, SigM, SigC Y/N, SigA Y/N, V, SigA Common: PRICE, IDM, TIDM, DATE, NONCEM, CID, H(DESC,SALTC), H(V) Clear: IDM, TIDM, DATE, NONCEM, H(V), H(Common) SLIP: PRICE, H(Common), CAN, RC EncSlip: EA(SLIP) SigA: SA(Y/N, H(Common)) SigM: SM(H(Common), H(V)) SigC: SC(EncSlip, H(Common)) 2/23/2019

3KP Additions Customer has public/private key and certificate Merchant has proof of transaction authorization by customer 2/23/2019

iKP Comparison Overview Requirements / Protocols 1KP 2KP 3KP A1. Proof of Transaction Authorization by Customer * ** A2. Proof of Transaction Authorization by Merchant M1. Proof of Transaction Authorization by Acquirer M2. Proof of Transaction Authorization by Customer C1. Unauthorized Payment is Impossible C2. Proof of transaction Authorization by Acquirer C3. Certification and Authentication of Merchant C4. Receipt from Merchant 2/23/2019

iKP Summary 1KP: simple, merchant is not authenticated, order and receipt are deniable 2KP: merchant is authenticated 3KP: non-repudiation for all messages Intended for gradual deployment 2/23/2019

Bibliography Bellare, Mihir et al. Design, Implementation and Deployment of the iKP Secure Electronic Payment System. IEEE Journal of Selected Areas in Communications, VOL 18, NO. 4, April 2000. Bellare, Mihir et al. iKP – A Family of Secure Electronic Payment Protocols. 1995. 2/23/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.