Rubina of m.

Com 2nd year presents

Electronic payment mechanism

Topics to be dealt with..

What Electronic payment mechanism means ? Encryption meaning encryption and cryptography methods Methods of electronic payment Set protocol and its components

Electronic payment
Electronic payment is an integral part of electronic commerce Electronic payment is a financial exchange that takes place online between buyers and sellers The content of this exchange is usually some form of digital financial instrument such as encrypted credit card numbers ,electronic checks, digital cash. It decreases technology cost, reduced operational and processing costs and increases online commerce.

Features of payment methods

Anonymity : it is concerned with whether a third party can trace back who was involved in the payment transaction Security: it is concerned with whether a payment method is secure Overhead cost: it is concerned with overhead cost of processing a payment Transferability: whether a payment can be carried out without involvement of a third party Divisibility: whether the total sum of payment is easily divisible in small sums Acceptability: it should have been globally accepted

Encryption
Meaning It is the process of transforming plain text or data into cipher text that cannot be read by any one other than the sender and the receiver. Purpose of encryption To secure stored information To secure information transmission It provides following security services: Message integrity-assure non alteration of message Non repudiation-prevents user from denying he/she has send it Authentication-provides verification of identity of person Confidentiality- assure that message was not read by others

Methods of encryption and cryptography

There are two basic methods of encryption Symmetric key Asymmetric or public key Symmetric key : It is also known as secret key encryption. Here both the sender and receiver of message uses the same key for encryption and decryption The keys or ciphers used are digital strings i.e. combination of 0s and 1s (bits) For instance binary representation of letter A in ASCII code is 8 binary digits i.e. 01000001 To encrypt the above 8 bit binary digit into cipher form we multiply each letter by another 8 bit key number (eg:01010101) By doing so we get an encrypted message which is then sent to the recipient.

Public key encryption: Here both the sender and the receiver uses different keys to encrypt and decrypt the message Features Two mathematically related digital keys are used a public and a private key The private key is kept secret by the owner and the public key is widely disseminated. Once a key is used to encrypt the message the same cannot be used to decrypt the message. it solves the problem of exchanging keys

 Basic Public key cryptography process

1.Original message buy Cisco @RS.25000

Sender

2.Recipient s public key

Recipien t

3.Message encrypted in cipher text 10101101110 001

Buy cicso @RS

4.internet
5.Recepie nts private key

Public key using digital signature and hash digits

In basic public key encryption some elements of security is missing A more sophisticated use of public key cryptography can achieve authentication, on repudiation, and integrity This can be done by using hash function and digital signature Hash function: it is an algorithm that produces fixed length number called hash or message digest The results of applying hash is send to the recipient. Digital signature: it is a signed cipher text that can be sent over internet , Generally senders private key is used to sign the cipher text Steps in encryption: The sender encrypts the entire block of cipher text one more time by using his private key.

 The recipient of this signed text first user senders public key to authenticate message Then uses his private key to obtain hash result and original message Finally , he computes the hash value and compare with the received hash value If the results are same then the message ha snot been altered Digital envelope A technique that uses symmetric key for encrypting and alsouses public key to encrypt and send the symmetric key Here we have a key within a key It helps in improving the efficiency and provide authentication of message

SET protocol for credit payment

Secure electronic transactions (SET) is a protocol for encrypted credit card payment transfers. Announced in February 1996, by visa and master card Set establishes a single technical standard for protecting payment card purchases over the internet

Features of SET: confidentiality through encryption Integrity- through digital signatures Consumer account and merchant account authentication through digital certificates Interoperability must be applicable on a variety of hardware and software platforms

SET components and its phases

Merchant the seller Cardholder a registered holder of credit card Issuer bank which issues card to cardholder Acquirer a third party acting as an agent to merchant Payment gateway a third party which authorizes and processes credit card payments. SET has the following phases: Certificate issuance Purchase initiation and response Authentication of merchant and cardholder Authorization of transaction by the credit card company

SET purchase model

Verification of merchant certificate

Certificate authority chain

Verification of Cardholder certificate

Certificate authority
merchant certificate issued

Certificate authority
cardholder certificate issued

Merchant

purchase request purchase response

Cardholder

Authorization request
Authorization response

Payment gateway(acquirer)

 Finally it employs cryptography method , it uses symmetric and public private key It even uses dual signature Set is much wider in scope when compared to SSL (secure socket layer ) connection as it does not mandate the use of digital certificates, dual signatures and online authorization.

Thank you