Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia.

Published byBelen Lockett Modified over 10 years ago

Similar presentations

Presentation on theme: "University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia."— Presentation transcript:

1 University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia Tufarolo) 2002. This work is the intellectual property of the Authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.

2 University of Washington B2C Credit Card Infrastructure

3 UW Web Credit Card Application

4 University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost Q&A

5 University of Washington B2C Credit Card Infrastructure Project Goal Central infrastructure: Web- based credit card purchases Available to all UW areas

6 University of Washington B2C Credit Card Infrastructure UW Web Credit Card Application Standard Methods Secure Installation Economies of Scale Mainstream the Expertise

7 University of Washington B2C Credit Card Infrastructure Project Approach Advisory Committee Project Team

8 University of Washington B2C Credit Card Infrastructure Project Approach Research – Internal – External

9 University of Washington B2C Credit Card Infrastructure Project Approach Build vs Buy – Security – Credit Card # not stored – Co-branding – Flexibility to change vendor – Integrate with UW banking

10 University of Washington B2C Credit Card Infrastructure Project Approach Implementation – Design – Development

11 University of Washington B2C Credit Card Infrastructure Application Overview

12 University of Washington B2C Credit Card Infrastructure Major Processes Transaction Authorization Transaction Processing Settlement Standard Reporting Administrative Functions

13 University of Washington B2C Credit Card Infrastructure Interfaces Departmental Application Generic Application – UW Web Conference – UW Web Donation – UW Web Store

14 University of Washington B2C Credit Card Infrastructure Example Installations UW Tuition UW Computer Training Health Policy Conference KEXP Pledge Drive

15 University of Washington B2C Credit Card Infrastructure Example Expansions Housing & Food Services Husky Store UWMC Gift Shop

16 University of Washington B2C Credit Card Infrastructure Cost Recovery Self-Sustaining Operation Multiple Cost Models – Fixed fee per transaction – Percent of transaction

17 University of Washington B2C Credit Card Infrastructure Cost Recovery Recharge Module in Web CC Annual Review of Rates

18 University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost

19 University of Washington B2C Credit Card Infrastructure Design Challenges Open Architecture Security Performance, Stability & Scale

20 University of Washington B2C Credit Card Infrastructure Open Architecture Provide a central, UW-wide service Integrate with departmental Web Apps Support all UW platforms and databases

21 University of Washington B2C Credit Card Infrastructure Open Architecture Work with UW financial systems Work with UW banking structure Be secure, secure, secure!

22 University of Washington B2C Credit Card Infrastructure Open Architecture Solution: Well-defined protocol layered on top of SSL (https)

23 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 1. Checkout Page

24 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 2. Checkout Request

25 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 3. Purchase Data Request

26 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 4. Purchase Data

27 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 5. Purchase Request Page

28 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 6. Purchase Request

29 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 7. Purchase Confirmation Page

30 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 8. Purchase Confirmation

31 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 9. Authorization Request

32 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 10. Authorized

33 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 11. Confirm Payment

34 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 12. Purchase Successful

35 University of Washington B2C Credit Card Infrastructure Payment Process UW Web Credit Card Server Department Server Processing Vendor 13. Purchase Receipt

36 University of Washington B2C Credit Card Infrastructure Security Highlights Java and ASP, Win2K and IIS Credit card data never stored SSL for all network communications

37 University of Washington B2C Credit Card Infrastructure Security Highlights Admin functions have 6 levels of access control Admin actions have an audit trail Financial transactions use RSA SecurID Data is encrypted and encoded

38 University of Washington B2C Credit Card Infrastructure Security Details Triple-DES encryption using Cryptix class libraries Base64-ASCII encoding at 6-bit boundaries and padded Objects compressed with GZIP

39 University of Washington B2C Credit Card Infrastructure Security Details MD5 digest ensures objects not tampered with during transmission Cookies are secure, scoped to the server, volatile and W3C P3P compliant Purchase session expires after 15 minutes

40 University of Washington B2C Credit Card Infrastructure Security Details Objects tied together with creation timestamp so cannot be used independently Completed, cancelled or expired purchase sessions cannot be reused Pages have Pragma no-cache header and are immediately expired

41 University of Washington B2C Credit Card Infrastructure Security Details Ke3VFNix_W3RjfYPujNbuPqFJewtFh2v1q5PQPzrMrfJIkDz3rqEvmlTa AmiBCDj5E8LwOEeTzudRbAt4KlXC_agf0OAkorIY21vTcuoJNGLe2Re 88ImRiVPqcKIh6u6wpDYYQaiidp7Kk9qHnPPpF5nB1KMxngMa0YMLS VZPIkqXOkZ_sEXGyx_MMmixUaGB9zXoq0zjlWG_07uF_MsSN0zKPl6 5LsN4ejQppj^8r1MCV1E_2T9Ra8EuM18O89IruDSjuB6i99C5lZjj_Dlhfg 7 Example of Encrypted And Encoded Data

42 University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Web Servers – Win2K and IIS – Virtual host: load balanced at n+1 – Hot swap-able & interchangeable

43 University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Web Servers – Minimal server-side caching reduces memory consumption – Automatic monitoring with failures escalated to pagers – Leverage UW DRBR (disaster recovery)

44 University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Database Servers – Win2K and MS-SQL – Primary and secondary with mirrored disk – Tape backup every two hours – Minimal database activity

45 University of Washington B2C Credit Card Infrastructure Performance, Stability & Scale Database Servers – File UDL for easier fail-over – Automatic monitoring with failures escalated to pagers – Leverage UW DRBR

46 University of Washington B2C Credit Card Infrastructure Client Services Project Consulting Project Review Marcy Tufarolo Architecture & Security Scott Stephenson Application Demo Joe Frost

47 University of Washington B2C Credit Card Infrastructure Demonstration UW Computer Training UW Web Donation UW Web Credit Card

48 University of Washington B2C Credit Card Infrastructure UW Computer Training Existing system Java, Informix, Apache Server Department application interface C&C Link

49 University of Washington B2C Credit Card Infrastructure UW Web Donation New System ASP, MS-SQL, IIS Generic Donation Donation Link

50 University of Washington B2C Credit Card Infrastructure UW Web Credit Card ASP, Java, MS-SQL, IIS Multiple Levels of Security Central User Link

51 University of Washington B2C Credit Card Infrastructure UW Web Credit Card Application Client Services Project Consulting projects@cac.washington.edu http://depts.washington.edu/cac/projects

Download ppt "University of Washington B2C Credit Card Infrastructure University of Washington Copyright University of Washington (Joe Frost, Scott B. Stephenson, Marcia."

Similar presentations

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Web Performance Tuning Lin Wang, Ph.D. US Department of Education Copyright [Lin Wang] [2004]. This work is the intellectual property of the author. Permission.

Web Performance Tuning Lin Wang, Ph.D. US Department of Education Copyright [Lin Wang] [2004]. This work is the intellectual property of the author. Permission.
CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; 2004. This work is the intellectual property of the authors. Permission is granted for.

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.
CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
A Successful Help Desk Process for all IT Support

A Successful Help Desk Process for all IT Support
WebISO PanelEducause SAC 2003 1 Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.

WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
Intellectual Property Statement Copyright Timothy Antonowicz, 2006. This work is the intellectual property of the author. Permission is granted for this.

Intellectual Property Statement Copyright Timothy Antonowicz, This work is the intellectual property of the author. Permission is granted for this.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, 2003. This work is the intellectual property of the author.

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.
University of Washington CUMREC 2003 A Self Sustaining IS Consulting Unit - Client Services Project Consulting University of Washington CUMREC 2003 Copyright.

University of Washington CUMREC 2003 A Self Sustaining IS Consulting Unit - Client Services Project Consulting University of Washington CUMREC 2003 Copyright.
PCI Compliance in the University Setting Copyright Sandie Rosko, John Chapman, Jay Maylor 2007. This work is the intellectual property of the author. Permission.

PCI Compliance in the University Setting Copyright Sandie Rosko, John Chapman, Jay Maylor This work is the intellectual property of the author. Permission.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Copyright Brian T. Huntley and Tim Antonowicz 2007 This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Brian T. Huntley and Tim Antonowicz 2007 This work is the intellectual property of the authors. Permission is granted for this material to be.

Similar presentations

Ads by Google