EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National.

Slides:



Advertisements
Similar presentations
Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:
Advertisements

Ecosystem Scenarios for Cloud-based NFC Payments
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
M-PAYMENT SYSTEM (e–WALLET ).
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Cryptography and Network Security
Electronic Commerce Semester 1 Term 1 Lecture 22.
Mobile Payments Index: Introduction Technologies Payment methods
Electronic Transaction Security (E-Commerce)
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Cryptography and Network Security Chapter 17
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Near Field Communication By Van Logan HTM 304. What is Near Field Communication Short range wireless communication technology between electronic devices.
Chapter 8 Web Security.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
장홍예 Telecommunication Engineer Lab E-COMMERCE: TECHNICAL AND MARKET APPROACH.
AS Level ICT Selection and use of input devices and input media: Capturing transaction data.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Supporting Technologies III: Security 11/16 Lecture Notes.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Information Security for Managers (Master MIS)
Mobile Commerce. Electronic CommercePrentice Hall © Mobile Computing Overview of Mobile Commerce mobile commerce (m-commerce, m-business) Any business.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
ITEC0722: Mobile Business and Implementation: Mobile Payment and Security Suronapee Phoomvuthisarn, Ph.D.
LU Chenglong ( ) DIAO Wenrui ( )
Secure Electronic Transaction (SET)
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
TOPICS TO BE DISCUSSED  Mobile Commerce Mobile Commerce  M-Commerce Technology M-Commerce Technology  M-Commerce Services and Applications M-Commerce.
1 The Networked Transaction Environment. 2 Blackboard’s Product Strategy Leading institutions are wiring their campuses to connect people and resources.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Supplementary to Presentation on Kiosk Services ATM System Overview TrigMax Enterprise Solutions Mason Liu, Ph.D.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Payment Systems. Payment Revolution 1970: Electronic Funds Transfer between banking industries 1980: Electronic Data Interchange (EDI) for e- commerce.
Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
A Generalized Effectuate Strategy for Mash-up Mobile Circumstances A Generalized Effectuate Strategy for Mash-up Mobile Circumstances Project Guide M.J.Jeyasheela.
Chapter 11 Working with Credit Card Methods of Processing Credit Cards Preparing for Cyber Cash Authoring a Credit card Transaction.
Existing Alternative for Pushing Content to Mobile Devices – an Analysis and an Implementation Diplomityöseminaari Marcus Mattila 49836w.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
Josef Noll Payment and Access 1 Payment and Access through the Mobile Phone Josef Noll 1,2, Erzsébet Somogyi 3, Gyorgy Kalman 1, Ola Høiby 1 1.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Electronic Banking & Security Electronic Banking & Security.
MOBILE PAYMENTS (“M-PAYMENTS”) August 2007 Potential impact on South African banking industry Team Galahad Lionel Diakanyo Joshua Makgate Sean Rule.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Smart Money Concept.
Chapter 7 - Secure Socket Layer (SSL)
Entrepreneurship Secure Ordering Presented By Mrs. Bowden.
Electronic Commerce Payment Systems CIS 579 – Technology of E-Business
M-COMMERCE.
PPP – Point to Point Protocol
Cryptography and Network Security
Electronic Commerce Payment Systems
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National University of Ireland, Galway SWiFT :: A New Secure Wireless Financial Transaction :: :: Architecture :: :: Architecture ::

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (2) Paul KilloranIntroduction Aim: to develop a more secure alternative to the credit card Credit card fraud totalled £500 million in 2004 Credit card security –Signature –Chip and PIN Types of fraud Architecture of current system

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (3) Paul Killoran Proposed Solution Model the credit card on a wireless mobile authentication device –J2ME (Java 2 micro edition) mobile phone Increase the security of the system by removing the trust required of the customer –Open a connection to the bank (GPRS) Focus on the security of the customer –Provide anonymity

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (4) Paul Killoran SWiFT Architecture Transaction Server –Bank or Banking Agent Customer Authorisation Device –MIDP enabled mobile phone –E-Card Retailer Kiosk –Modelled on existing terminals Network & Security –GPRS & Bluetooth –RSA, MD5 & Customer PIN

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (5) Paul KilloranSecurity E-Card – Merchant communication –Never occurs –Eliminates need for a third secure channel. Customer authorises bank directly –Must only trust their bank Centralised control of security (Bank) –All parties communicate through the bank –Bank controls security in the network by supporting requests of authorised nodes only

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (6) Paul KilloranProtocol Transaction server established with many retailer nodes connected E-Card logs onto the network 3 handshaked challenges Use geographic information to inform bank of its location E-Card receives list of local retailers

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (7) Paul KilloranProtocol Customer approaches a retailer pay point with goods and produces their mobile phone (E-Card) Customer uses their E-Card to request the Transaction Server to initiate a payment to the retailer Cashier is informed of this request on their merchant terminal

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (8) Paul KilloranProtocol Cashier requests payment using the Merchant Terminal Customer is asked to confirm payment of this amount on their E-Card by entering their PIN The PIN number is first padded, then hashed using MD5 and finally encrypted using RSA. The result is send to the Transaction Server for authorisation

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (9) Paul KilloranProtocol If the PIN authorisation is successful, a confirmation is then sent to the Merchant Terminal The cashier confirms the sale and the agreed amount is transferred between accounts The E-Card and Merchant Terminals receive a copy each of an e-receipt The e-receipt is printed by the Merchant Terminal and issued to the customer

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (10) Paul Killoran Points to Note Geographic location Customer username Customer initiated Marketing opportunity Card-present & card-not-present transactions support Security –RSA, MD5 & PIN number

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (11) Paul KilloranImplementation Transaction Server –HTTP requests & responses –Session tracking –Web user interface (account management) E-Card Application –J2ME & Mobile Information Device Profile (MIDP) –HTTP over WAP –Downloaded MIDlet –Secret shared values

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (12) Paul KilloranImplementation Retailer Kiosk –Easy integration with existing retail terminals –Requires MD5 & RSA encryption module –Requires online connection (GPRS)

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (13) Paul KilloranPrototype E-Card –Java PDA –Wi-Fi & sockets –Large touch screen Transaction Server –Java application –Sockets Retailer kiosk –ARM development kit –Keypad & small LCD –Modelled on current retail payment devices

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (14) Paul Killoran Future Work Expand the application to include card-not-present transactions Refine the RSA implementation for faster operation Transfer the E-Card application from the PDA to a mobile phone Extensive testing of the security of the network

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (15) Paul KilloranConclusion New approach to secure personal financial solutions Considerable improvements over credit card security Easy integration Support for card-present & non-present transactions Reliance of trust between customer and 3 rd parties removed Working prototype developed

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (16) Paul Killoran SWiFT :: A New Secure Wireless Financial Transaction Architecture :: Paul Killoran Progress is impossible without change, and those who cannot change their minds cannot change anything. - Albert Einstein ( )

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.