ARUN RAJ.R - PowerPoint PPT Presentation

1 / 60
About This Presentation
Title:

ARUN RAJ.R

Description:

An application-layer security mechanism, consisting of a set ... Customer Browses for Products. Purchase Request. Select the Card for Payment. Purchase Request ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 61
Provided by: view6
Category:
Tags: arun | raj | browses

less

Transcript and Presenter's Notes

Title: ARUN RAJ.R


1
Presented By
  • ARUN RAJ.R
  • JES VARGHESE
  • NEERAJ.R
  • SATHEESH.S

2
Organization of Presentation
  • Introduction
  • Credit Cards on the Internet
  • Credit Card Protocols
  • SET Business Requirements
  • Parties in SET
  • SET Transactions
  • Symmetric key encryption system
  • Public key encryption system
  • Message Digest
  • Digital Signature
  • Digital Envelope
  • Digital Certificate
  • Dual Signatures
  • SET Supported Transactions
  • Card Holder Registration
  • Merchant Registration
  • Purchase Request
  • Payment Authorization
  • SYSTEM CONFIGURATION

3
Introduction
  • An application-layer security mechanism,
    consisting of a set of protocols.
  • Protect credit card transaction on the Internet.
  • Companies involved MasterCard, Visa, IBM,
    Microsoft, Netscape, RSA, Terisa and Verisign
  • Not a payment system.
  • It has a complex specification.

4
Credit Cards on the Internet
  • Problem communicate credit card and purchasing
    data securely to gain consumer trust
  • Authentication of buyer and merchant
  • Confidential transmissions
  • Systems vary by
  • type of public-key encryption
  • type of symmetric encryption
  • message digest algorithm
  • number of parties having private keys
  • number of parties having certificates

5
Credit Card Protocols
  • SSL 1 or 2 parties have private keys
  • TLS (Transport Layer Security)
  • IETF version of SSL
  • i KP (IBM)
  • SEPP (Secure Encryption Payment Protocol)
  • MasterCard, IBM, Netscape
  • STT (Secure Transaction Technology)
  • VISA, Microsoft
  • SET (Secure Electronic Transactions)
  • MasterCard, VISA all parties have certificates

OBSOLETE
6
Identification is the Challenge
but in e-transactions, it is important to Know
if you are dealing with a dog.
7
SET Business Requirements
  • Provide confidentiality of payment and ordering
    information.
  • Ensure the integrity of all transmitted data.
  • Provide authentication that a cardholder is a
    legitimate user of a credit card account
  • Provide authentication that a merchant can accept
    credit card transactions through its relationship
    with a financial institution

8
SET Business Requirements (contd)
  • Ensure the use of the best security practices and
    system design techniques to protect all
    legitimate parties in an electronic commerce
    transaction
  • Create a protocol that neither depends on
    transport security mechanisms nor prevents their
    use
  • Facilitate and encourage interoperability among
    software and network providers

9
Secure Electronic Transaction
  • Confidentiality all messages encrypted
  • Trust all parties must have digital certificates
  • Privacy information made available only when and
    where necessary

10
Components to build Trust
  • Data Confidentiality ? Encryption
  • Who am I dealing with? ? Authentication
  • Message integrity ? Message Digest
  • Non-repudiation ? Digital Signature
  • Access Control ? Certificate Attributes

11
Parties in SET
12
SET Transactions
13
Symmetric key encryption system
  • Same key is used to both encrypt and decrypt data

Examples of encryption systems DES, 3DES, AES
14
Public key encryption system
Recipients Public Key
Recipients Private Key
Each user has 2 keys what one key encrypts, only
the other key in the pair can decrypt. Public key
can be sent in the open. Private key is never
transmitted or shared. Eg. RSA (Rivest, Shamir,
and Adleman )
15
Message Digest
  • Used to determine if document has changed
  • Usually 128-bit or 160-bit digests
  • Infeasible to produce a document matching a
    digest
  • A one bit change in the document affects about
    half the bits in the digest
  • Eg. SHA-1 (160-bit digest), Secure Hash Algorithm

16
Digital Signature
17
Digital Signature
Signers Private Key
Encrypted Digest
Digest
Hash Algorithm
18
Verifying the Digital Signature
Digest
Hash Algorithm
Digest
Signers Public Key
Integrity One bit change in the content changes
the digest
19
Digital Envelope
One time encryption Key
Digital Envelope
Recipients Public Key
  • Combines the high speed of DES (symmetric
    encryption) and the key management convenience of
    RSA (public key encryption)

20
Digital Certificate
  • A digital certificate or Digital ID is a
    computer-based record that attests to the binding
    of a public key to an identified subscriber.
  • Certificate issued by Certification Authority
    (CA).
  • Certified digital signature attests to message
    content and to the identity of the signer.
  • Combined with a digital time stamp, messages can
    be proved to have been sent at certain time.

21
Digital Certificate
22
X.509 Certificate Version 3
  • Version
  • This identifies which version of the X.509
    standard applies to this certificate.
  • Serial Number
  • The entity that created the certificate is
    responsible for assigning it a serial number to
    distinguish it from other certificates it issues.
  • Signature Algorithm Identifier
  • This identifies the algorithm used by the CA to
    sign the certificate.

23
X.509 Certificate Version 3
  • Issuer Name
  • The X.500 name of the entity that signed the
    certificate. This is normally a CA.
  • Validity Period
  • Each certificate is valid only for a limited
    amount of time. This period is described by a
    start date and time and an end date and time.
  • Subject Name
  • The name of the entity whose public key the
    certificate identifies.
  • Subject Public Key Information
  • This is the public key of the entity being named,
    together with an algorithm identifier which
    specifies which public key crypto system this key
    belongs to and any associated key parameters.

24
X.509 Certificate Version 3
25
X.509 Certificate Version 3
26
Dual Signatures
  • Links two messages securely but allows only one
    party to read each. Used in SET.

MESSAGE 1
MESSAGE 2
HASH 1 2 WITH SHA
CONCATENATE DIGESTS TOGETHER
DIGEST 2
DIGEST 1
HASH WITH SHA TO CREATE NEW DIGEST
NEW DIGEST
ENCRYPT NEW DIGEST WITH SIGNERS PRIVATE KEY
PRIVATE KEY
DUAL SIGNATURE
27
SET Transactions
28
SET Supported Transactions
  • certificate query
  • purchase inquiry
  • purchase notification
  • sale transaction
  • authorization reversal
  • capture reversal
  • credit reversal
  • card holder registration
  • merchant registration
  • purchase request
  • payment authorization
  • payment capture

29
Card Holder Registration
30
Card Holder Registration
31
Card Holder Registration
32
Card Holder Registration
Cardholder Initiates Registration
33
Card Holder Registration
CA Sends Response
34
Card Holder Registration
Cardholder Requests Registration Form
35
Card Holder Registration
CA Sends Registration Form
36
Card Holder Registration
Cardholder Requests Certificate
37
Card Holder Registration
CA Sends Certificate
1.
2.
38
Card Holder Registration
Cardholder Receives Certificate
39
SET Supported Transactions
  • certificate query
  • purchase inquiry
  • purchase notification
  • sale transaction
  • authorization reversal
  • capture reversal
  • credit reversal
  • card holder registration
  • merchant registration
  • purchase request
  • payment authorization
  • payment capture

40
Merchant Registration
41
SET Supported Transactions
  • certificate query
  • purchase inquiry
  • purchase notification
  • sale transaction
  • authorization reversal
  • capture reversal
  • credit reversal
  • card holder registration
  • merchant registration
  • purchase request
  • payment authorization
  • payment capture

42
Purchase Request
43
Purchase Request
Customer Browses for Products
44
Purchase Request
Select the Card for Payment
45
Purchase Request
46
Purchase Request
Cardholder Initiates Request
47
Purchase Request
Merchant Sends Response
48
Purchase Request
The Cardholder Sends Request
49
Purchase Request
Cardholder Sends Purchase Request
50
Purchase Request
Merchant Processes Purchase Request Message
51
Purchase Request
Merchant Sends Purchase Response
52
SET Supported Transactions
  • certificate query
  • purchase inquiry
  • purchase notification
  • sale transaction
  • authorization reversal
  • capture reversal
  • credit reversal
  • card holder registration
  • merchant registration
  • purchase request
  • payment authorization
  • payment capture

53
Payment Authorization
Payment Authorization Process
54
SYSTEM CONFIGURATION
  • Hardware requirements
  • Any 32-bit processor
  • Memory of minimum 128 MB RAM
  • Sufficient Hard Disk Free space
  • Mouse preferred for ease of use
  • Software requirements
  • Development tool Java 1.3 or above, Bouncy
    Castle Provider
  • Operating system Compatible to all OS
  • Back end Microsoft SQL Server / Microsoft Access
  • Any Web Browser

55
Database Organization
A database is used at the Cardholder Machine to
store his Card Details
56
Important Source Files
57
Important Source Files
58
Conclusion
With the help of the above discussions, the SET
protocol appears to be complete, sound, robust
and reasonably secure for the purpose of
credit-card transactions. However, it is
important that the encryption algorithms and
key-sizes used, will be robust enough to prevent
observation by hostile entities. The secure
electronic transactions protocol (SET) is
important for the success of electronic commerce.
Secure electronic transactions will be an
important part of electronic commerce in the
future. Without such security, the interests of
the merchant, the consumer, and the credit or
economic institution cannot be served.
59
References
  • William Stallings, Cryptography and Network
    Security 3/e, Pearson, 2003
  • http//www.setco.org/download/set_bk2.pdf
  • http//www.cl.cam.ac.uk/Research/Security/resource
    s/SET/intro.html
  • Jonathan B. Knudsen, Java Cryptography, First
    Edition May 1998
  • Herb Schildt, Java 2 Complete Reference 4/e,
    Osborne,1999

60
Thank you
Write a Comment
User Comments (0)
About PowerShow.com