资源描述
Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,*,单击此处编辑母版标题样式,*,单击此处编辑母版文本样式,第二级,第三级,第四级,第五级,Chapter 5 electronic payment systems,5.1 Security In Electronic Payment systems,5.2 Electronic Payment methods,5.3 Case of E-banking,5.1Security In Electronic Payment systems,5.1.1Requirement of Secure payment,Authenticity:,the sender(either client or server)of a message is who he,she or it claims to be.,Privacy:,the contents of a message are secret and only known to the sender and receiver.,Integrity:,the contents of a message are not modified(intentionally or accidentally)during transmission.,Non-repudiation:,the,sender of a message cannot deny that he,she or it actually sent the message.,5.1.2Public Key Infrastructure,PKI has become the cornerstone for secure,e-payments.,At the heart of PKI is encryption.,Encryption:The process of scrambling(encrypting)a message in such a way that it is difficult,expensive,or time-consuming for an unauthorized person to unscramble(decrypt)it.,Encryption has four basic parts,Plaintext,Ciphertext,Encryption algorithm,key,The two major classes of encryption:,Symmetric systems(with one secret key),Asymmetric systems(with two keys),密码学是关于应用加密算法对信息进行加密的科学。,加密算法就是用基于数学计算方法与一串数字(密钥)对普通的文本(信息)进行编码,产生不可理解的密文的一系列步骤。,发送方将消息在发送到公共网络或互联网之前进行加密,接收方收到消息后对其解码或称为解密,所用的程序称为解密程序,这是加密的逆过,程。,密码学原理,字母,A,B,C,Z,空格,,,.,/,:,?,明文,01,02,03,26,27,28,29,30,31,32,密文,18,19,20,43,44,45,46,47,48,49,加密与解密示例,例如,:,把英文26个字母表的顺序编号作为明文,将密钥定为17,将明文的编号加上17,就可以得到一个密码表:,一个简单的密码表,1.Symmetric(private)key syste,DES:standard symmetric encryption algorithm,Plaintext,message,Cipher,text,Plaintext,message,Encryption,private key,Decryption,private key,sender,receiver,2.Asymmetric(public)key system,RSA:the most common public key encryption algorithm,Plaintext,message,Cipher,text,Plaintext,message,Encryption,public key,Decryption,private key,sender,receiver,3.Digital signatures include:,Hash:,A mathematical computation that is applied to a message,using a private key,to encrypt the message.,Message digest:,A summary of a message,converted into a string of digits,after the hash has been applied.,Digital envelope:,the combination of the encrypted original message and the digital signature,using the recipients public key,Hash,算法:不是加密算法,能产生信息的数字“指纹”(,message digest),,主要用途是为了确保数据没有被篡改或发生变化,以维护数据的完整性。,Hash算法,的特性:,能处理任意大小的信息,并能生成固定长度的信息摘要。,信息摘要的大小与原信息的大小没有关系,原信息的一个微小变化都会对信息摘要产生和大的影响。,具有不可逆性。,(1),message,With,contract,Message,with,Digital,signature,(1),message,With,contract,Message digest,Digital signature,Digital envelope,Digital signature,Original message digest,New message digest,(2),sender applies,hash function,(3),Sender encrypts using senders private key,(4)Sender encrypts using,recipients public key,(5)Sender e-mails to recipient,(6)Recipient decrypts using recipients private key,(7)Recipient decrypts using senders public key,(8)Recipient applies,hash function,(9)Compare for match,Digital signatures,4.Certificate authorities:Third parties that issue digital certificates.(,电子商务认证中心)CA就是承担网上安全电子交易的认证服务的服务机构,它能签发数字证书,并能确认用户身份。CA的主要任务是受理数字证书的申请,签发及管理数字证书。,A certificate contains:,The holders name,Validity period,Public key information,A signed hash of the certificate data,5.SSL and SET,Secure socket layer(SSL):protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality,invented by Netscape.,Secure electronic transaction(SET):A protocol designed to provide secure online credit card transactions for both consumers and jointly by Netscape,Visa,MasterCard,and others.,SET协议与SSL协议的比较,(1)SET是一个多方的报文协议,它定义了银行、商家、持卡人之间的必须的报文规范,而SSL只是简单地在两方之间建立了一条安全连接。,(2)SET允许各方之间的报文交换不是实时的,而SSL则是面向连接的,必须实时的进行。,(3)SET报文能够在银行内部网或者其他网络上传输,而SSL之上的卡支付系统只能与Web浏览器捆绑在一起。,(4)SET的安全要求较高,因此所有参与SET交易的成员都必须申请数字证书,而SSL中只有商家端的服务器需要验证,客户段则是有选择的。,5.2Electronic Payment Methods,5.2.1E-payment tools,Electronic Cards,Electronic cash,Electronic check,Whatever the e-payment method,five parties involved in e-payments:,1.Customer/payer/buyer,2.Merchant/payee/seller,3.Issuer,4.Regulator,5.Automated Clearing House(ACH),Automated Clearing House(ACH):,Electronic network that connects all financial institutions for the purpose of making funds transfers.,5.2.2,Characteristics of successful e-payment methods,Independence,Interoperability and portability,Security,Anonymity,Divisibility,Ease of use,Transaction fees,Critical mass,5.2.3Electronic Cards and Smart Cards,1.Payment card:,Electronic card that contains information that can be used for payment purposes,Credit cards,Charge cards,Debit cards,Credit card的付款过程,持卡人,商家,支付网关,开户银行,发卡行,认证中心,(1)订单及信用卡号,(2)审核,(5)确认,(6)确认,(3),审核,(4),批准,认证,认证,认证,支付网关:,连接Internet与银行网络,完成支付协议和现存银行交易系统协议之间的信息格式转换,支付网关须由收单行授权,再由CA发放数字证书。,支付网关的功能,:确认商家身份、解密从持卡人处得到的支付指令,验证持卡人的证书与在购物中所使用的账号是否匹配,验证持卡人和商家申请信息的完整性等。,Electronic Cards and Smart Cards,(cont.),2.Smart card:An electronic card containing an embedded microchip that enables predefined opera
展开阅读全文