南京財經(jīng)大學電子商務雙語版Chapter5electronicpaym

1、Chapter 5 electronic payment systems5.1 Security In Electronic Payment systems 5.2 Electronic Payment methods5.3 Case of E-banking 5.1SecurityInElectronic Paymentsystems5.1.1Requirement of SecurepaymentAuthenticity:thesender (eitherclient or server)ofamessage is whohe,she or it claimstobe.Privacy:th

2、econtentsofamessage aresecretand onlyknowntothe senderandreceiver.Integrity:thecontentsofamessage arenotmodified(intentionallyoraccidentally)duringtransmission.Non-repudiation:thesenderofamessage cannotdeny thathe, sheoritactuallysent themessage.5.1.2PublicKeyInfrastructurePKIhas becomethe cornersto

3、ne forsecuree-payments.AttheheartofPKI is encryption.Encryption :The processofscrambling(encrypting)amessage in suchawaythatitisdifficult,expensive,ortime-consumingforanunauthorized persontounscramble (decrypt )it.Encryption hasfour basic partsPlaintextCiphertextEncryption algorithmkeyThetwo major c

4、lassesofencryption:Symmetricsystems(withonesecret key),Asymmetric systems(withtwo keys)密碼學是是關于應應用加密密算法對對信息進進行加密密的科學學。加密算法法就是用用基于數(shù)數(shù)學計算算方法與與一串數(shù)數(shù)字（密密鑰）對對普通的的文本（信息）進行編編碼，產(chǎn)產(chǎn)生不可可理解的的密文的的一系列列步驟。發(fā)送方將將消息在在發(fā)送到到公共網(wǎng)網(wǎng)絡或互互聯(lián)網(wǎng)之之前進行行加密，接收方方收到消消息后對對其解碼碼或稱為為解密，所用的的程序稱稱為解密密程序，這是加加密的逆逆過程。密碼學原原理字母 ABCZ空格，./:?明文 010203 26

5、272829303132密文 18192043444546474849加密與解解密示例例例如：把英文26個字母表表的順序序編號作作為明文文，將密密鑰定為為17，將明文文的編號號加上17，就可以以得到一一個密碼碼表：一個簡單單的密碼碼表1.Symmetric(private)keysysteDES: standard symmetricencryption algorithmPlaintextmessageCiphertextPlaintextmessageEncryptionprivate keyDecryptionprivate keysenderreceiver2.Asymmetric(p

6、ublic)key systemRSA: themost commonpublickey encryptionalgorithmPlaintextmessageCiphertextPlaintextmessageEncryptionpublickeyDecryptionprivate keysenderreceiver3.Digitalsignaturesinclude:Hash:A mathematicalcomputationthat is appliedtoamessage,usinga privatekey,toencrypt themessage.Message digest:A s

7、ummaryofamessage,convertedintoa stringofdigits, after thehash hasbeen applied.Digital envelope:thecombinationofthe encryptedoriginalmessage andthedigitalsignature, using therecipientspublickeyHash算法:不是加密密算法，能產(chǎn)生生信息的的數(shù)字“指紋”(message digest)，主要用用途是為為了確保保數(shù)據(jù)沒沒有被篡篡改或發(fā)發(fā)生變化化，以維維護數(shù)據(jù)據(jù)的完整整性。Hash算法的特性：能處理任任意大小小的

8、信息息，并能能生成固固定長度度的信息息摘要。信息摘要要的大小小與原信信息的大大小沒有有關系，原信息息的一個個微小變變化都會會對信息息摘要產(chǎn)產(chǎn)生和大大的影響響。具有不可可逆性。（1）messageWithcontractMessagewithDigitalsignature（1）messageWithcontractMessage digestDigital signatureDigital envelopeDigital signatureOriginalmessage digestNewmessagedigest（2）senderapplieshash function(3)Senderen

9、cryptsusingsendersprivatekey(4)Senderencryptsusingrecipientspublickey(5)Sendere-mailstorecipient(6)Recipientdecryptsusingrecipientsprivatekey(7)Recipientdecryptsusingsenderspublic key(8)Recipientapplieshash function(9)Compare formatchDigital signatures4.Certificate authorities:Thirdparties thatissue

10、digitalcertificates. (電子商務務認證中中心)CA就是承擔擔網(wǎng)上安安全電子子交易的的認證服服務的服服務機構構 ，它它能簽發(fā)發(fā)數(shù)字證證書，并并能確認認用戶身身份。CA的主要任任務是受受理數(shù)字字證書的的申請，簽發(fā)及及管理數(shù)數(shù)字證書書。A certificate contains :TheholdersnameValidityperiodPublickey informationA signedhash of thecertificatedata5.SSLandSETSecuresocket layer (SSL):protocolthat utilizes standard c

11、ertificatesforauthenticationand dataencryptiontoensureprivacyorconfidentiality, invented by Netscape.Secureelectronictransaction(SET):Aprotocoldesignedtoprovide secureonlinecredit cardtransactions forboth consumersandjointlybyNetscape,Visa,MasterCard,and others.SET協(xié)議與SSL協(xié)議的比比較（1）SET是一個多多方的報報文協(xié)議議，它定定

12、義了銀銀行、商商家、持持卡人之之間的必必須的報報文規(guī)范范，而SSL只是簡單單地在兩兩方之間間建立了了一條安安全連接接。（2）SET允許各方方之間的的報文交交換不是是實時的的，而SSL則是面向向連接的的，必須須實時的的進行。（3）SET報文能夠夠在銀行行內(nèi)部網(wǎng)網(wǎng)或者其其他網(wǎng)絡絡上傳輸輸，而SSL之上的卡卡支付系系統(tǒng)只能能與Web瀏覽器捆捆綁在一一起。（4）SET的安全要要求較高高，因此此所有參參與SET交易的成成員都必必須申請請數(shù)字證證書，而而SSL中只有商商家端的的服務器器需要驗驗證，客客戶段則則是有選選擇的。5.2Electronic PaymentMethods5.2.1E-payment

13、toolsElectronic CardsElectronic cashElectronic checkWhateverthee-paymentmethod,fiveparties involved in e-payments:1.Customer/payer/buyer2.Merchant/payee/seller3.Issuer4.Regulator5.AutomatedClearingHouse(ACH)AutomatedClearingHouse(ACH):Electronic networkthatconnectsallfinancial institutionsforthe pur

14、poseofmaking funds transfers.5.2.2Characteristicsofsuccessfule-paymentmethodsIndependenceInteroperability andportabilitySecurityAnonymityDivisibilityEase of useTransactionfeesCriticalmass5.2.3ElectronicCardsandSmartCards1.Paymentcard:Electronic cardthatcontainsinformationthat canbeused forpayment pu

15、rposesCreditcardsChargecardsDebitcardsCreditcard的付款過過程持卡人商家支付網(wǎng)關關開戶銀行行發(fā)卡行認證中心心（1）訂單及及信用卡卡號（2）審核（5）確認（6）確認（3）審核（4）批準認證認證認證支付網(wǎng)關關：連接Internet與銀行網(wǎng)網(wǎng)絡，完完成支付付協(xié)議和和現(xiàn)存銀銀行交易易系統(tǒng)協(xié)協(xié)議之間間的信息息格式轉(zhuǎn)轉(zhuǎn)換，支支付網(wǎng)關關須由收收單行授授權，再再由CA發(fā)放數(shù)字字證書。支付網(wǎng)關關的功能能：確認商商家身份份、解密密從持卡卡人處得得到的支支付指令令，驗證證持卡人人的證書書與在購購物中所所使用的的賬號是是否匹配配，驗證證持卡人人和商家家申請信信息的完完整性

16、等等。Electronic Cards andSmartCards(cont.)2.Smart card: An electroniccardcontaining an embedded microchipthat enablespredefinedoperations or theaddition,deletion, or manipulationofinformationonthecard.Electronic Cards andSmartCards(cont.)Contact card: Asmartcardcontaining asmallgoldplateonthefacethat

17、wheninsertedinasmart-card readermakescontact andsopassesdatatoandfromtheembeddedmicrochip.Contactless(proximity)card:A smart cardwithanembeddedantenna,bymeansofwhichdata andapplicationsare passedtoandfroma cardreader unitorotherdevice withoutcontactbetweenthecardandthe cardreader5.2.4E-cashandE-chec

18、kE-cash:Thedigitalequivalent of paper currency andcoins,whichenablessecureand anonymouspurchaseoflow-priced items.Micro-payments:smallpayments, usuallyunder$10.數(shù)字現(xiàn)金金支付的的特點匿名性可傳遞性性可分性E-cash的支付過過程（1）請求開開設E-cash帳戶（2）帳號（3）購買數(shù)數(shù)字現(xiàn)金金的請求求（4）銀行數(shù)數(shù)字簽名名的數(shù)字字現(xiàn)金（5）訂單及及加密的的數(shù)字現(xiàn)現(xiàn)金（6）加密的的數(shù)字現(xiàn)現(xiàn)金（8）確認（9）確認信信息買方方賣方銀行行數(shù)字現(xiàn)金金庫（7）核對E-Che