Presentation is loading. Please wait.

Presentation is loading. Please wait.

EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National.

Published byMyles Barnaby Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National."— Presentation transcript:

1 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National University of Ireland, Galway paul_killoran@eircom.net SWiFT :: A New Secure Wireless Financial Transaction :: :: Architecture :: :: Architecture ::

2 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (2) Paul KilloranIntroduction Aim: to develop a more secure alternative to the credit card Credit card fraud totalled £500 million in 2004 Credit card security –Signature –Chip and PIN Types of fraud Architecture of current system

3 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (3) Paul Killoran Proposed Solution Model the credit card on a wireless mobile authentication device –J2ME (Java 2 micro edition) mobile phone Increase the security of the system by removing the trust required of the customer –Open a connection to the bank (GPRS) Focus on the security of the customer –Provide anonymity

4 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (4) Paul Killoran SWiFT Architecture Transaction Server –Bank or Banking Agent Customer Authorisation Device –MIDP enabled mobile phone –E-Card Retailer Kiosk –Modelled on existing terminals Network & Security –GPRS & Bluetooth –RSA, MD5 & Customer PIN

5 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (5) Paul KilloranSecurity E-Card – Merchant communication –Never occurs –Eliminates need for a third secure channel. Customer authorises bank directly –Must only trust their bank Centralised control of security (Bank) –All parties communicate through the bank –Bank controls security in the network by supporting requests of authorised nodes only

6 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (6) Paul KilloranProtocol Transaction server established with many retailer nodes connected E-Card logs onto the network 3 handshaked challenges Use geographic information to inform bank of its location E-Card receives list of local retailers

7 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (7) Paul KilloranProtocol Customer approaches a retailer pay point with goods and produces their mobile phone (E-Card) Customer uses their E-Card to request the Transaction Server to initiate a payment to the retailer Cashier is informed of this request on their merchant terminal

8 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (8) Paul KilloranProtocol Cashier requests payment using the Merchant Terminal Customer is asked to confirm payment of this amount on their E-Card by entering their PIN The PIN number is first padded, then hashed using MD5 and finally encrypted using RSA. The result is send to the Transaction Server for authorisation

9 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (9) Paul KilloranProtocol If the PIN authorisation is successful, a confirmation is then sent to the Merchant Terminal The cashier confirms the sale and the agreed amount is transferred between accounts The E-Card and Merchant Terminals receive a copy each of an e-receipt The e-receipt is printed by the Merchant Terminal and issued to the customer

10 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (10) Paul Killoran Points to Note Geographic location Customer username Customer initiated Marketing opportunity Card-present & card-not-present transactions support Security –RSA, MD5 & PIN number

11 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (11) Paul KilloranImplementation Transaction Server –HTTP requests & responses –Session tracking –Web user interface (account management) E-Card Application –J2ME & Mobile Information Device Profile (MIDP) –HTTP over WAP –Downloaded MIDlet –Secret shared values

12 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (12) Paul KilloranImplementation Retailer Kiosk –Easy integration with existing retail terminals –Requires MD5 & RSA encryption module –Requires online connection (GPRS)

13 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (13) Paul KilloranPrototype E-Card –Java PDA –Wi-Fi & sockets –Large touch screen Transaction Server –Java application –Sockets Retailer kiosk –ARM development kit –Keypad & small LCD –Modelled on current retail payment devices

14 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (14) Paul Killoran Future Work Expand the application to include card-not-present transactions Refine the RSA implementation for faster operation Transfer the E-Card application from the PDA to a mobile phone Extensive testing of the security of the network

15 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (15) Paul KilloranConclusion New approach to secure personal financial solutions Considerable improvements over credit card security Easy integration Support for card-present & non-present transactions Reliance of trust between customer and 3 rd parties removed Working prototype developed

16 EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (16) Paul Killoran SWiFT :: A New Secure Wireless Financial Transaction Architecture :: Paul Killoran Progress is impossible without change, and those who cannot change their minds cannot change anything. - Albert Einstein (1879-1955)

Download ppt "EUROCON 2005 - “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National."

Similar presentations

Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:

Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:
Ecosystem Scenarios for Cloud-based NFC Payments

Ecosystem Scenarios for Cloud-based NFC Payments
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
M-PAYMENT SYSTEM (e–WALLET ).

M-PAYMENT SYSTEM (e–WALLET ).
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Cryptography and Network Security

Cryptography and Network Security
Electronic Commerce Semester 1 Term 1 Lecture 22.

Electronic Commerce Semester 1 Term 1 Lecture 22.
Mobile Payments Index: Introduction Technologies Payment methods

Mobile Payments Index: Introduction Technologies Payment methods
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.

1 Applications of Computers Lecture-3 2 E-Commerce 4 Almost all major companies have their homes on the web, mainly for advertising 4 Companies were.
Near Field Communication By Van Logan HTM 304. What is Near Field Communication Short range wireless communication technology between electronic devices.

Near Field Communication By Van Logan HTM 304. What is Near Field Communication Short range wireless communication technology between electronic devices.
Chapter 8 Web Security.

Chapter 8 Web Security.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 9 Micropayments I.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
장홍예 Telecommunication Engineer Lab 2001.9.19 1 E-COMMERCE: TECHNICAL AND MARKET APPROACH.

장홍예 Telecommunication Engineer Lab E-COMMERCE: TECHNICAL AND MARKET APPROACH.
AS Level ICT Selection and use of input devices and input media: Capturing transaction data.

AS Level ICT Selection and use of input devices and input media: Capturing transaction data.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Similar presentations

Ads by Google