110 likes | 350 Vues
iKP Secure Electronic Payment System. Presented by Jinping Li. iKP Secure Electronic Payment System. Introduction iKP Payment Model Security Requirement Framework of iKP Protocols Conclusion Questions. Introduction. Security for electronic payments is of the utmost importance
E N D
iKP Secure Electronic Payment System Presented by Jinping Li
iKP Secure Electronic Payment System • Introduction • iKP Payment Model • Security Requirement • Framework of iKP Protocols • Conclusion • Questions
Introduction • Security for electronic payments is of the utmost importance “… Indeed, the appeal of electronic commerce without electronic payment is limited. Moreover, insecure electronic payment methods are more likely to impede, than to promote, electronic commerce… ” One scenario could be a shopper buying something from a Web site for the first time that buys an expensive item and has it shipped to an address that is different from the billing address B2B vs B2C • Adversaries and threats interception
iKP Model Payment System Provider Clearing Issuer Acquirer • Parties in iKP Buyer,Seller,Acquirer 2. iKP protocols is a family i=1,2,3, which reflects number of parties with public key pairs • iKP protocols are based on the existing credit-card system Payment Buyer Seller Generic model of a payment system
iKP Model Root Key Subject PK Signature of TTP Association Signature Issuer Signature Acquirer Signature Cardholder Signature Cardholder Signature Merchant Signature Merchant Signature 4. iKP protocols are based on public key cryptography 5. Certification Authorities
Security Requirement • Issuer/Acquirer Requirements • A1- Proof of Transaction Authorization by Buyer • A2- Proof of Transaction Authorization by Seller • Seller Requirements • S1- Proof of Transaction Authorization by Acquirer • S2- Proof of Transaction Authorization by Buyer • Buyer Requirements • B1- Impossibility of Unauthorized Payment • B2- Proof of Transaction Authorization by Acquirer • B3- Certification and Authentication of Seller • B4- Receipt from Seller
Framework of iKP Protocols Buyer Seller Acquirer (ST-INFB) (ST-INFS) (ST-INFA) Initiate(SALTB, IDB) Invoice(Clear, [2,3 SigS]) Payment(EncSlip,[3 SigB]) Auth-Request(Clear, Hk(SALTB, DESC), EncSlip,[2,3 SigS,[3 SigB]]) Auth-Response(RESPCODE,SigA) Conform(RESPCODE,SigA,[2,3 V|VC]) Goods and Services
Conclusion • The greater the number of partied that hold public-key pairs, the greater the level of security provided • Allows for gradual deployment of the system • SET is developed based on iKP protocols, which is supported by most signification organizations • Less privacy of order information and the amount of payment • Offers no anoymity form the payment system provider
Question How does iKP satisfy A1?