پروژه درس امنیت - مریم سادات حاج اکبری

1. Security in e-Business استاد: آقاي دکتر سخاوتی مريم سادات حاج اکبری 8861022 2/8/2011 1

3. Customer to business -> such as online stores

4. Customer to customer -> such as Ebay

5. Customer business to public administrator -> such as filling electronic tax2/8/2011 2

6. A typical electronic payment system 3 6.Interbank(clearing) network 7.ok Payment gateway 4.withdrawal 5.deposit 8.Registration Authorization transaction 3.registration 2.Check account customer 1.Payment info 9.Delivery+Confirmation

7. E-payment systems Offline vs. online Debit vs. credit Macro vs. Micro 2/8/2011 4

9. Crew prints payment’s information and customer’s credit card by a mechanical device in a paper and then enter online system.2/8/2011 5

10. Offline vs. Online Online payment system 2/8/2011 6

12. Card holder

13. Card issuing bank -> visa or Master or AMEX ….

14. Merchant

15. Name on credit card -> visa or master

16. Association 2/8/2011 7

17. How credit card act? 2/8/2011 8

19. Example: Public transportation system, Restaurants, Online Advertising….

20. Difference:

21. For any transaction it has a fee about 20 to 30 cent for payer and payee.2/8/2011 9

22. Payment instructure Cash like Check like Credit card Electronic money Electronic check 2/8/2011 10

23. Mechanism payment by credit cart 2/8/2011 11 3 2 4 1

26. Will issue next chapter2/8/2011 12

27. Electronic money Define : Scripting money or exchanged only in electronic form Called as:e- cash, digital cash, digital/electronic currency Mainly Used as: micro system Electronic Currencies : Digital or electronic coin 2/8/2011 13

29. The user can from their account to other account holders to give or receive money.2/8/2011 14

30. Electronic check 2/8/2011 15 6.Interbank(clearing) network settlement Difference with cash like: In cash like, Electronic payment system the first check customer’s account then delivery product or services 5.Endorsed check 1.Payment info 2- invoice 3.Signed check 4.

32. Such as digital money and credit cards

34. Identify risks, threats, vulnerability

35. Identify Related prioritiesNotice: any payment system have needs and special features. 2/8/2011 17

37. Signature can be forgot

39. A payer’s identity can be associated with every payment transaction.

40. Digital signatures can be produced by who knows the private key.Notice: electronic commerce need To more attention. 2/8/2011 18

42. The basic security requirements Payment authentication Payment integrity Payment authorization Payment confidentiality 2/8/2011 20

43. Payment authentication No anonymity -> mechanisms such as MAC – SHA – MD5 With anonymity –> It needs to more security 2/8/2011 21

45. Payee’s identity.

46. Content of the purchase.

47. The amount.2/8/2011 22

49. Payment security services Payment transaction security services Digital money security Electronic checks security 2/8/2011 25

50. Payment transaction security services User anonymity Location un-traceability Payer anonymity Payment transaction intractability Confidentiality of payment Non-repudiation freshness 2/8/2011 26

58. Payment transaction security An electronic payment transaction is an execution of a protocol by which an amount of money is taken from a payer and given to payee 2/8/2011 34

60. Problem: if a network transaction can be traced back to the originating host, and if the host is used by a known network user only, This anonymity is obviously not sufficient 2/8/2011 35

62. The requires that at least one of the hosts on the network path be honest.2/8/2011 36

63. Chain of mixes A user anonymity and location untraceability mechanism based on a series of anonymizing hosts or mixes has been proposed by D. Chaum. 2/8/2011 37 Mix A X B Y Z C

64. Chain of mixes The problem of having a mix trusted by all participants can be solved by using a matrix (or network) of mixes instead of just one. 2/8/2011 38

65. Chain of mixes 2/8/2011 39 If A wants to send an anonymous and untraceable message to Y, as in the example with one mix, the protocol goes as follows:

66. Payer Anonymity 2/8/2011 40 The simplest way to ensure payer anonymity with respect to the payee is for the payer to use pseudonyms instead of his or her real identity. If one wants be sure that two different payment transactions by the same payer cannot be linked, then payment transaction untraceabilitymust also be provided.

67. Pseudonyms 2/8/2011 41 First virtual Holding, Inc Started to operate the first internet payment system that was based on the Existing Internet infrastructure, that is e-mail and telnet Send email

70. Nonrepudiation of Payment Transaction Messages 2/8/2011 45 Digital Signature: To explain the nonrepudiation issues in a payment transaction protocol we will use a simplified model based on the 3KP payment protocol Nonrepudiation messages.

72. IOTP 2/8/2011 48 Format for electronic payment It is for any transaction It modify for any message Data integrity + nonrepudiation -> Digital certificate+ Digital signature Confidentiality -> ssl+tls

73. Fine 2/8/2011 49