Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009)"— Presentation transcript:

1 Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009) 321 – 328 Presenter: 林志鴻

2 Outline Introduction Proposed method Adversary scenarios Adversary scenarios Discussion Conclusions

3 Introduction(1/2)

4 Introduction Introduction (2/2) SSL 口 Anonymity 口 Authenticity 口 Non-reusability Customer Acquiring BankPayment GatewayCard Issuing Company MerchantIssuing Bank Process Payment Information Approval/Denial Request Payment Request Authorization Request Make Payment Request Amount deducted from Customer Account

5 Outline Introduction Proposed method Adversary scenarios Adversary scenarios Discussion Conclusions

6 Proposed method Proposed method (1/6) CustomerMerchant Acquiring Bank Payment Gateway Card Issuing Company Card Issuing Bank Initialization request Initialization response Payment request Payment processing Authorization request I Authorization request II Authorization status Authorization approved Authorization status Purchase status

7 Proposed method Proposed method (2/6) 1: Initialization request Request an invoice and the public keys of the merchant and credit card issuing company. 2: Initialization response Reply with a signed message that includes an invoice consisting of a transaction identifier, and two certificates (from the merchant and the card issuing company then verifies the two certificate details. CustomerMerchant Initialization request Initialization response

8 3: Payment request Generates two packets of a message: (a) payment details (b) common order information Proposed method Proposed method (3/6) CustomerMerchant Payment request a Paymet_request_details { random_no. r, Hash(card_no.), Hash(cardholder_name), Hash(date_of_expire), Hash(security_code), Hash(password), Hash(common_order_info), current_time_and_date, time_to_vaild, } b Common_order_info { size_of_transaction_id:tid, amount_agreed, {time_stamp, time_to_valid} }

9 4: Payment processing Decrypt the common order details using the merchant ‘ s private key and to confirm the details 5: Authorization request – I Verify the message whether include the pre- generated merchant's authorization message Sends it to the credit card issuing company Proposed method Proposed method (4/6) Merchant Payment Gateway Payment processing Card Issuing Company Authorization request I

10 6: Authorization request – II Decrypt the payment information using its own private key, Check the timestamp and its expiration. Check the common order details. Sends messages to the issuing bank, to verify whether sufficient funds are available for this transaction and sends back an approval or denial message to the credit card issuing company. Proposed method (5/7) Authorization request II Card Issuing Company Card Issuing Bank

11 Proposed method Proposed method (6/6) CustomerMerchant Acquiring Bank Payment Gateway Card Issuing Company Card Issuing Bank Authorization status Authorization approved Authorization status Purchase status 7: Authorization status RSA cryptosystem Encryption Decryption

12 Proposed method Proposed method (7/7) 口 Anonymity -> hash 口 Authenticity -> Authorization status 口 Non-reusability -> timestamp

13 Outline Introduction Proposed method Adversary scenarios Adversary scenarios Discussion Conclusions

14 Adversary scenarios 11 (i)If a dishonest merchant replays the same payment information of an honest customer Timestamp Random number (ii)An attacker spies on the payment information Timestamp Dynamic hash

15 Adversary scenarios (iii)An attacker obtains the timestamp value and payment details of a customer Card issuing company ’ s public key timestamp (iv)An attacker spies on the approved payment status authorized by a payment gateway. Unique transaction ID timestamp

16 12 Adversary scenarios (v)A consumer lost his/her card Password (vi)Dishonest customer claims more money then the actual amount debited for the product authorization status (vii)Dishonest merchant claims customer did not purchase a product authorization status

17 Outline Introduction Proposed method Adversary scenarios Adversary scenarios Discussion Conclusions

18 Discussion 13 Proposed methodSETSSL AnonymityFullLimited/No ReusabilityNoYes VerificationPassYesNo KeyNoYesNo ComplexityLowHighLow RegistrationCICCANo CIC – Card Issuing Company CA - Certificate Authority

19 Outline Introduction Proposed method Adversary scenarios Adversary scenarios Discussion Conclusions

20 Conclusions This paper presented a protocol that ensures that the customer is able to minimize their privacy and identity theft risk. The proposed protocol allows consumers to anonymously purchase goods or services from an online merchant, thus achieving the ideal privacy environment in which to shop.

Download ppt "Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009)"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
E-Commerce Payment Systems

E-Commerce Payment Systems
Payment Gateway Onno W. Purbo Issu Utama Payment Method Security Certificate Authority Cyberlaw.

Payment Gateway Onno W. Purbo Issu Utama Payment Method Security Certificate Authority Cyberlaw.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-

SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Summary of Reading Assignments: Credits and Debits on the Internet & New Payment Systems Hope To Cash In Dr. Deepak Khazanchi.

Summary of Reading Assignments: Credits and Debits on the Internet & New Payment Systems Hope To Cash In Dr. Deepak Khazanchi.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Electronic Payment Systems In any commercial transaction payment is an integral part for goods supplied. Four types of payments may be made in e-commerce.

Electronic Payment Systems In any commercial transaction payment is an integral part for goods supplied. Four types of payments may be made in e-commerce.

Similar presentations

Ads by Google