1 / 16

EUROCON 2005

EUROCON 2005. SWiFT :: A New Secure Wireless Financial Transaction :: :: Architecture ::. Paul Killoran, Fearghal Morgan & Michael Schukat National University of Ireland, Galway paul_killoran@eircom.net. Introduction. Aim: to develop a more secure alternative to the credit card

oswald
Télécharger la présentation

EUROCON 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EUROCON 2005 SWiFT:: A New Secure Wireless Financial Transaction :: :: Architecture :: Paul Killoran, Fearghal Morgan & Michael Schukat National University of Ireland, Galway paul_killoran@eircom.net

  2. Introduction • Aim: to develop a more secure alternative to the credit card • Credit card fraud totalled £500 million in 2004 • Credit card security • Signature • Chip and PIN • Types of fraud • Architecture of current system

  3. Proposed Solution • Model the credit card on a wireless mobile authentication device • J2ME (Java 2 micro edition) mobile phone • Increase the security of the system by removing the trust required of the customer • Open a connection to the bank (GPRS) • Focus on the security of the customer • Provide anonymity

  4. SWiFT Architecture • Transaction Server • Bank or Banking Agent • Customer Authorisation Device • MIDP enabled mobile phone • E-Card • Retailer Kiosk • Modelled on existing terminals • Network & Security • GPRS & Bluetooth • RSA, MD5 & Customer PIN

  5. Security • E-Card – Merchant communication • Never occurs • Eliminates need for a third secure channel. • Customer authorises bank directly • Must only trust their bank • Centralised control of security (Bank) • All parties communicate through the bank • Bank controls security in the network by supporting requests of authorised nodes only

  6. Protocol • Transaction server established with many retailer nodes connected • E-Card logs onto the network • 3 handshaked challenges • Use geographic information to inform bank of its location • E-Card receives list of local retailers

  7. Protocol • Customer approaches a retailer pay point with goods and produces their mobile phone (E-Card) • Customer uses their E-Card to request the Transaction Server to initiate a payment to the retailer • Cashier is informed of this request on their merchant terminal

  8. Protocol • Cashier requests payment using the Merchant Terminal • Customer is asked to confirm payment of this amount on their E-Card by entering their PIN • The PIN number is first padded, then hashed using MD5 and finally encrypted using RSA. The result is send to the Transaction Server for authorisation

  9. Protocol • If the PIN authorisation is successful, a confirmation is then sent to the Merchant Terminal • The cashier confirms the sale and the agreed amount is transferred between accounts • The E-Card and Merchant Terminals receive a copy each of an e-receipt • The e-receipt is printed by the Merchant Terminal and issued to the customer

  10. Points to Note • Geographic location • Customer username • Customer initiated • Marketing opportunity • Card-present & card-not-present transactions support • Security • RSA, MD5 & PIN number

  11. Implementation • Transaction Server • HTTP requests & responses • Session tracking • Web user interface (account management) • E-Card Application • J2ME & Mobile Information Device Profile (MIDP) • HTTP over WAP • Downloaded MIDlet • Secret shared values

  12. Implementation • Retailer Kiosk • Easy integration with existing retail terminals • Requires MD5 & RSA encryption module • Requires online connection (GPRS)

  13. Prototype • E-Card • Java PDA • Wi-Fi & sockets • Large touch screen • Transaction Server • Java application • Sockets • Retailer kiosk • ARM development kit • Keypad & small LCD • Modelled on current retail payment devices

  14. Future Work • Expand the application to include card-not-present transactions • Refine the RSA implementation for faster operation • Transfer the E-Card application from the PDA to a mobile phone • Extensive testing of the security of the network

  15. Conclusion • New approach to secure personal financial solutions • Considerable improvements over credit card security • Easy integration • Support for card-present & non-present transactions • Reliance of trust between customer and 3rd parties removed • Working prototype developed

  16. SWiFT :: A New Secure Wireless Financial Transaction Architecture :: Paul Killoran Progress is impossible without change, and those who cannot change their minds cannot change anything. - Albert Einstein (1879-1955)

More Related