Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Payment Transactions SET, Pay-Pal, Digital Cash

Published bySydney Richardson Modified over 6 years ago

Similar presentations

Presentation on theme: "E-Payment Transactions SET, Pay-Pal, Digital Cash"— Presentation transcript:

1 E-Payment Transactions SET, Pay-Pal, Digital Cash
Network Security Design Fundamentals ET-IDA-082 Lecture-20 E-Payment Transactions SET, Pay-Pal, Digital Cash , v18 Prof. W. Adi

2 Outlines E- Online Payment SET: Secured Electronic Transaction Pay Pal
Digital Cash Primitives Blind signature Cut-and-Choose protocol RIS (Random Identity String) Reading: Network Security Essentials: Applications and Standards, 3rd Edition William Stallings, Prentice Hall, © 2007, ISBN:

3 Overview of E-Paymen (1/2)
Various electronic devices for e-payment There are many different electronic devices for e-payment system. Different banks may be concerted in e-payment and the financial network is neccessary. E-payment flatform is built connecting the financial network and other open network, where the electronic devices can communicate with the flatform. PC is the most common device. Other devices include mobile devices, e.g. laptop, PDA, mobile telephone, ATM(Automatic Teller Machine), POS(Position of Sale), telephone and terminal. The electronic devices can connect the e-payment flatform using different open network.

4 Overview of E-Payment (2/2)
Participants Payer payee banks trusted third party (TTP) “Medium“ of Exchange cash cheque bank card Security Based on Public-key Infrastructure, X.509 TTP Payer (customer) Normally, four participants are involved in e-payment. They are payer(customer), payee(merchant), banks and TTP (Trusted Third Party). Banks, payer‘s bank and payee‘s bank, communicate each other using their own private network, financial network. TTP is used to authenticate users, it is connect by the Internet. The transaction between payer and payee will be done over the Internet. Three kinds of „Medium“ of the exchange can used in e-payment: cash, cheque and bank card. Bank cards, e.g. credit/debit card, visa/master card. Security is the most important property in e-payment. It is the basic of the e-payment technology. The security of e-payment is based on the public-key infrastructure.

5 Secure Electronic Transactions (SET)
(VISA, MasterCard) 5

6 Secure Electronic Transaction SET
Outlines of SET SET, An Open Standard, RFC 3538 Developed by VISA and MasterCard Designed to protect credit card transactions over Internet Confidentiality: all messages encrypted Trust: all parties must have digital certificates, non-repudiation Privacy: information made available only when and where necessary SET Business Requirements Provide confidentiality of payment and ordering information Ensure the integrity of all transmitted data Provide authentication that a cardholder is a legitimate user of a credit card account Provide authentication that a merchant can accept credit card transactions through its relationship with a financial institution This slide introduce a sandard protocol of e-payment: SET(Secure Electronic Transaction). SET is an open standard. The document RFC 3538 gives the detail of this protocol. This standard is developed by Visa and MasterCard. It is designed to protect credit card transactions over the Internet. All the messages transfered between the participants are encrypted and each participant has his/her own digital certificates. The transactions are not repudated. The information is made available only when and where it is necessary. SET protocol requires that the confidentiality of payment and ordering information have to be provided, the integrity of all transmitted data are ensured. It has to provide authentication that a cardholder is a legitimate user of a credit card account and authentication that a merchant can accept credit card transactions through its relationship with a financial institution.

7 SET (Secure Electronic Transactions)
Provides a secure communications channel among all the parties involved in a transaction: Customer, Seller, Customer’s credit provider, Seller’s bank. Provides trust by the use of X.509v3 certificates. Ensures privacy because information is only made available to the parties that need it. Cardholder account authentication to the Merchant (Cardholder must have a Certificate issued by the credit company). Merchant may issue a temporary Certificate to assure the session is not hijacked). Verifies Merchant's relationship with financial institution. Integrity of data customer sends to Merchant (order info tied to funds transfer). 7

8 SET - Steps in a Transaction
1. Customer opens account with credit company or bank. 2. Bank issues X.509 cert. to the Customer with RSA Keys. 3. Merchant has two certificates for signing and key exchange. ---- 4. Customer places an order. 5. The Merchant sends the customer a copy of his certificate. 6. The Customer sends Order Information (OI) encrypted so the Merchant can read it, and Payment Information (PI) encrypted so the Merchant can not read it. --- 7. Merchant requests payment by sending PI to the “Payment Gateway” (who can decrypt it) and verifies Customer’s credit. 8. Merchant confirms the order to the Customer. 9. Merchant ships goods to Customer. 10. Merchant sends request for payment to the Payment Gateway which handles transfer of funds. 8

9 Secure Electronic Transaction SET Model
6. Electronic Funds Transfer 3. Verification Internet 7. Statement 8. Periodic Statement 4. Confirm 2. Encrypted Payment Info. Cardholder (customer) 1. Order & Payment Info. (OI & PI) The transaction scenarios of SET protocol shows: CAs(Certificate Authorities) issue the digital certificates to each participant before the business processing begins. A public-key is included in digital certificate and a secret-key should be kept by the user. The order and payment information encrpted by the public-key of the payer‘s bank(Issuer) is sent from a customer to a merchant. The merchant sends the encrypted information to payment gateway which connects to the issuer. The issuer will verify the payment information and give the answer back to payment gateway. Payment gateway confirms the payment. The merchant confirms the order. Issuer clears the balance with the the payee‘s bank(Acquirer) using EFT(Electronic Funds Transfer) protocol Acquirer gives the statement to merchant Issuer gives periodic statement to customer 5. Confirm

10 SET Key-Construction of Customer’s Dual Signature
2-stage hashing + Public-key signature Source: Stalling 10

11 SET – Customer’s Dual Signature Dual-Sig = E [ H ( H(PI) || H(OI) ) ]
PRc Cutomer private key The Dual signature allows to proof that: Merchant has received Order Information (OI) as issued. Bank has received Payment Information (PI) and verified the customer’s signature. Customer has linked OI and PI and can prove later that PI was not related to a different purchase order. Customer can not deny order 11

12 SET Customer’s Purchase Request to Merchant
Innovative idea of SET dual signature: Bank does not see OI Merchant does not see bank information Passed on by merchant to payment gateway (Bank) Received by Merchant Source: Stalling 12

13 SET Merchant Verifies Customer Purchase Request
Passed on by merchant to payment gateway (Bank) Source: Stalling 13

14 SET: Bank Verifies Payment Order
Passed on by merchant to gateway then to Bank Bank’s Verification Process PRb = Bank‘s Private key H D Ks D PRb Source: Stalling 14

15 SET Transaction over SSL (1/2)
Secure Socket Layer SSL , RFC 2246 A secure “tunnel“ through the Internet Runs above TCP/IP and below application layer Handshake to create connection 1. hello Alice Bob 2. Certified public key KB+ 3. KB+(MS) = EMS Random MS SSL(Secure Socket Layer) Protocol is a security protocol for the Internet. RFC 2246 gives the detail of this protocol. SSL tries to create a secure tunnel through the Internet. It runs above TCP/IP layer and below application layer in the ISO network layers. In order to create the secure connection, SSL gives a handshake protocol between two persons: Alice and Bob. Alice sends a „hello“ message to Bob. Bob sends his certificate to Alice. Alice creates a master secret(ME) and encrypts it with Bob‘s public key which is extracted from Bob‘s certificate, then sends the encrypted master secret(EMS) to Bob. Bob negotiates with Alice to create a session key and uses it to encript the following message. Alice and Bob have the same session key which is used to encrypt following messages. SSL uses public-key cryptography to create the „tunnel“ and uses symentic encryption for the following messages. Any side can send a message to break the connection. KB-(EMS) = MS Ks=H(MS) SSL VPN session: Ks (Data) Ks=H(MS) MS = master secret used to derive by a hash mapping H a symmetric session key Ks=H(MS) EMS = encrypted master secret,

16 SET Transaction over SSL (2/2)
6. Electronic Funds Transfer (secured) 3. Verification SSL-tunneled over Internet 7. Statement 8. Periodic Statement 4. Confirm 2. Encrypted Payment Info. The transaction scenarios based on SSL differs to these based on SET. It uses a different method to encryt the messages. But the transaction has the similar actions Cardholder (customer) 1. Order & Payment Info. 5. Confirm

17 PayPal A P2P Account based E-Payment System

18 A P2P E-Payment System - PayPal
2. Transfer Funds (withdraw) 5. Transfer Funds (deposit)** 7. Periodic Statement 6. Statement 4. Request transfer or request/ Receive paper check** 1. Purchase using PayPal 3. notice PayPal is a p2p e-payment system. It uses another mechanism for the transaction. PayPal ACH(Automatic Clearing House) is the intermedia between the payer and the payee. The precondition of using PayPal is that the user have a user account at PayPal, which connect to the bank account of the user. The customer uses PayPal to purchase something PayPal ACH withdraw money from the bank of customer PayPal ACH give a notice to the merchant The merchant requests a check if it is necessary PayPal ACH deposit money on the bank account of the merchant. In this mechanism there is direct trust between the user and PayPal. Payer (customer) ACH: Automatic Clearing House **: Optional

19 Digital Cash Fundamental Concepts

20 Basic Concepts of Digital Cash
An Important Choice of E-Payment Description of Digital Cash First proposed by D. Chaum in 1982, with blind signature Try to build a cash, electronically equivalent to paper currency Electronic money, monetary value stored on electronic device Exchanged electronically Digital cash is basically: A payment message bearing a digital signature which functions as a medium of exchange or store of value. Need to be backed by a trusted third party TTP, usually the government and the banking industry. Digital cash plays an important role in e-payment. It was proposed by Chaum in 1982 using blind signature. Digital cash tries to create a cach electronically equivalent of paper currency. It is electronic money and the monetary value can be stored on delectronic device. The people exhange it electronically. In summary we can say that: Digital cash is a payment message bearing a digital signature which functions as a medium of exchange or sore of value and it need to be backed by a trusted third party, usually the government and the banking industry.

21 Basic Properties of a Digital Cash*
Independence Do not require a physical transfer of value Security Not possible to be double-spent or illegally created Privacy Protect the privacy/anonymity of the user, untraceable Off-line Payment Payee does not need to involve a bank Transferability transferred directly from one user to another and can re-spent Divisibility be subdivided into many pieces, but the sum must be equivalent to the original According to Okamoto, digital cash should have six properties: Independence: digital cash should not depend on any physical condition. It can be stored on different electronic device or software as electronic wallet. Security: it prevents from double spending and being forged. Privacy: it means that the privacy of the user should be protected. The digital cash is untraceable. Off-line Payment: digital cash can be handled with off-line, where the payee does not to link the bank.(Issuer of the digital coin) Transferablility: digital cash can be transferred from one user to another, even to the third one Divisibility: A digital coin should be divided into small pieces and one can spends the small pieces respectively. But the sum must be equivalent to the original coin. *reference: Tatsuaki Okamoto and Kazuo Ohta, Universal Electronic Cash, CRYPTO’91

22 Digital Cash vs Credit Card
Anonymous Identified Online or Offline Online Store money in digital Private wallet Money is in the Bank Credit cards are the most popularly used in e-payment. They are identifed and can be used only online payment. The money is in bank. They are not so convenient as the ditital cash. With comparison to the credit cards, digital cash is anonymous, is used online and offline. The money is stored in digital wallet or electronic device, like smart card.

23 Basic e-Cash Protocol (1/3)
Withdrawal Deposit Payer (customer) Payment Three steps of e-payment using digital cash: The customer withdrawal digital coin from her/his bank, withdrawal protocol The customer spends the digital coin for the payment at merchant, payment protocol The customer deposit the digital coin at bank, deposit protocol

24 Basic e-Cash Protocol (2/3)
Withdrawal Protocol 1. Customer asks his Bank to withdraw $10. 2. Bank returns a $10 coin which looks like this : {I am a $10 coin, #4527}SKB and withdraw $10 from Customer account. 3. Customer accepts the coin if bank’s signature is valid. Payment Protocol 1. Customer pays the merchant with the coin. 2. Merchant accepts the coin if bank’s signature is valid. Deposit Protocol 1. Merchant gives the coin to the Bank Bank checks own signature. If valid, pays $10 to merchant. Withdrawal Deposit Payer (customer) Payment Withdrawal protocol: Payment protocol: Deposit protocol:

25 Basic e-Cash Protocol (3/3) Possible Implementation Scenario
Customer Bank Merchant m message m = amount, serial no send m (m)d d is secret key of the Bank send (m)d spend (m)d A senarios of a digital cash in use. Customer create the message which includes the amount of money and the serial number using the withdrawal protocol Bank signs the message and sends it back to customer Customer spends the signed message, i.e. digital cash, at merchant, based on the payment protocol. Merchant verifies the digital cash at bank, deposit protocol is involved. Verify / claim (m)d

26 Problems and Solutions
Anonymity Problem Bank can link user to serial number, therefore bank knows where the user spent the coin. Double Spending Problem Copy the original coin and spend it again Solutions Blind signature (to create anonymous coins) Cut-and-Choose protocol (enhance anonymity) RIS (Random Identity String) (counteract double-spending) Secret splitting (counteract double-spending) Group signature There are obvious problems in the basic protocol: Anonymity problem: the bank can link the user and serial number of the digital coin and knows where the user spent the coin Double spending problem: the user may copy the original coin and spend it again. In order to the above problems, many researchers invented different security techniques to ensure the digital coin, e.g. Blind signature Cut-and-choose protocol RIS(Random Identity String) Secret splitting Group signature And so on

27 Blind Signature: mechanical Simulation (Create anonymous coins)
A message is signed where the signer does not see the signed contents User A User B M Blind signature is the basic technology in digital cash. It provides a idea which the user blinds a message and sends it to bank for a signature. The step of blind signature can be described as follows: User creates a blinding factor and adds it to blind the original message User encrypts the blinded message using the publick-key of the bank The bank signs the blinded message using its secret key. Before the bank does it, the blinded message can be stored by the bank. User receives the signed message from the bank and remove the blinding factor The original message with the signature of the bank is obtained by user, which can be used for a digital coin. B

28 Blind Signature Cryptographic scheme
Blinding Factor ( )e Open directory Bank’s Public key e All arithmetic modulo m m = p q (RSA Modulus) r re Private key d d.e = 1 mod φ(m) gcd(r,m)=1 User B User A ( )d M r-1 M B Md r = x Signed Message: bank does not know the signed contests!

29 Blindly signing a Message M of user A by user B
Blinding Factor Open directory Authority Public key e Arithmetic modulo m m = p q (RSA Modulus) Private key d d= e-1 mod φ(m) d.e = 1 mod φ(m) Select a random unit r gcd(m,r) = 1 Blinding factor BF BF= re mod m User B User A Blinded Message BM = M re mod m Signed BM SBM = (BM)d = Md r Blind Signature BS = (SBM) r-1 BS = Md SBM = (BM)d mod m

30 Sample Blind Signature and its parameter design: Two strong primes p & q are required that is: Notice that we know how to factor p-1 and q-1 as we generated them! : p-1 = = 6 = q-1 = 23-1 =22 = Select e such that gcd (e,132)=1 Number of possible e’s = Select e= Check gcd (132,35)=1, the setup of the public key directory is Authority‘s Public Directory m= 161, e = 35

31 e b1 b2 q r 132 35 1 3 27 -3 8 4 -15 2 34 -49 The inverse of e=35 is:
1 3 27 -3 8 4 -15 2 34 -49 The inverse of e is d = -49 which is the corresponding secret key.  d = -49 ⟹ d = = => Assume that message to be signed is M = 10 and a random r = 3 ( 3 is a random unit defined by user A ) as gcd (161,3)= => Blinding factor BF= 124

32 m r b1 b2 q 161 3 1 53 2 -53 54 Blinding operation:
1 53 2 -53 54 The blindly signed message is then: (M, BS) = (10,40) Prove authenticity of the blind certificate ( M, BS) = (10,40):

33 Cut-and-Choose Protocol (1/3) (to enhance anonymity)
Customer Create k different blinding factors: b1e,…, bke Blind k equal units m1b1e, …, mk bke (mi=mj for any i,j) m1b1e , …, mkbke Send them to bank for signing Cut-and-choose protocol improves the blind signature: User randomly creates k blinding factors. User blinds k messages with same amount of money value using the k blinding factors. All the blinded message are sent to bank (signer) Bank

34 Cut-and-Choose Protocol (2/3)
Bank does not trust customer/sender, therefore chooses randomly k –1 envelops to check and ask the sender to disclose them Customer sends all k-1 blinding factors for the selected envelops except for one unit i Bank checks if they are all really the same 4. Bank randomly chooses k-1 to check 5. User gives all blinding factors except that one in which the blinded message is not checked. That means only that message which is not checked by bank is unknown by bank. i . The remaining unit i is used

35 Cut-and-Choose Protocol (3/3)
Bank signs the remaining one (i) and sends it back – (mibie)d = mid bi i Customer The customer removes the blinding factor using bi-1 to get  mid as a blindly signed coin/check. Customer can spend it. The bank is not able to trace back that signed coin/check. 6. The bank signs the unchecked message and sends it back to user 7. The user removes the blind message to obtain the original message with signature of the bank This protocol in the blind signature is cut-and-choose protocol. This protocol can be used for other processing to guess the correction of an unknown message based on the known message. Serial no

36 Counteract double-spending
Two sample techniques: 1. Random Identity String RIS During the payment, the user is forced to write RIS on the coin. RIS must have the following properties: must be different for every payment of the coin only the user can create a valid RIS two different RIS on the same coin should allow disclosing the user ID 2. Secret Splitting RIS is used to prevent from double spending. If a digital coin is double-spent, the bank can reveal the user id using this random identity strings in the twice-used coin. A method that splits the user ID into n parts Each part on its own is useless but when combined will reveal the user ID (Shamir threshold scheme)

37 Digital Cash Products DigiCash http://www.digicash.com/
founded and created by David Chaum in 1990 ecash, a prototype for digital cash, 1995 Chaum’s digital cash system, but on-line „Mondex“ cracked by Cambridge University CyberCash/CyberCoin, founded in 1994 by William Melton and Daniel Lynch Wallet, access to credit card and cyber coin Mondex originally developed by National Westminster Bank in the United Kingdom 1990‘s Later Master card . smart card based. Seriously attacked 2009 Virtual Money !!?? Survived .. Still in use! There are many different products of digital cash invented by researchers. Here only several typical products are mentioned. Mondex is the most close to a ideal digital cash. . Digital Cash Products still suffer serious security gaps . Still not acceptable for widespread use !!

Download ppt "E-Payment Transactions SET, Pay-Pal, Digital Cash"

Similar presentations

Internet payment systems

Internet payment systems
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Payment Systems. Transaction reconciliation –Cash or check.

Electronic Payment Systems. Transaction reconciliation –Cash or check.

Similar presentations

Ads by Google