南京财经大学电子商务双语版Chapter5electronicpaym

1、Chapter 5 electronic payment systems5.1 Security In Electronic Payment systems 5.2 Electronic Payment methods5.3 Case of E-banking 5.1SecurityInElectronic Paymentsystems5.1.1Requirement of SecurepaymentAuthenticity:thesender (eitherclient or server)ofamessage is whohe,she or it claimstobe.Privacy:th

2、econtentsofamessage aresecretand onlyknowntothe senderandreceiver.Integrity:thecontentsofamessage arenotmodified(intentionallyoraccidentally)duringtransmission.Non-repudiation:thesenderofamessage cannotdeny thathe, sheoritactuallysent themessage.5.1.2PublicKeyInfrastructurePKIhas becomethe cornersto

3、ne forsecuree-payments.AttheheartofPKI is encryption.Encryption :The processofscrambling(encrypting)amessage in suchawaythatitisdifficult,expensive,ortime-consumingforanunauthorized persontounscramble (decrypt )it.Encryption hasfour basic partsPlaintextCiphertextEncryption algorithmkeyThetwo major c

4、lassesofencryption:Symmetricsystems(withonesecret key),Asymmetric systems(withtwo keys)密码学是是关于应应用加密密算法对对信息进进行加密密的科学学。加密算法法就是用用基于数数学计算算方法与与一串数数字（密密钥）对对普通的的文本（信息）进行编编码，产产生不可可理解的的密文的的一系列列步骤。发送方将将消息在在发送到到公共网网络或互互联网之之前进行行加密，接收方方收到消消息后对对其解码码或称为为解密，所用的的程序称称为解密密程序，这是加加密的逆逆过程。密码学原原理字母 ABCZ空格，./:?明文 010203 26

5、272829303132密文 18192043444546474849加密与解解密示例例例如：把英文26个字母表表的顺序序编号作作为明文文，将密密钥定为为17，将明文文的编号号加上17，就可以以得到一一个密码码表：一个简单单的密码码表1.Symmetric(private)keysysteDES: standard symmetricencryption algorithmPlaintextmessageCiphertextPlaintextmessageEncryptionprivate keyDecryptionprivate keysenderreceiver2.Asymmetric(p

6、ublic)key systemRSA: themost commonpublickey encryptionalgorithmPlaintextmessageCiphertextPlaintextmessageEncryptionpublickeyDecryptionprivate keysenderreceiver3.Digitalsignaturesinclude:Hash:A mathematicalcomputationthat is appliedtoamessage,usinga privatekey,toencrypt themessage.Message digest:A s

7、ummaryofamessage,convertedintoa stringofdigits, after thehash hasbeen applied.Digital envelope:thecombinationofthe encryptedoriginalmessage andthedigitalsignature, using therecipientspublickeyHash算法:不是加密密算法，能产生生信息的的数字“指纹”(message digest)，主要用用途是为为了确保保数据没没有被篡篡改或发发生变化化，以维维护数据据的完整整性。Hash算法的特性：能处理任任意大小小的

8、信息息，并能能生成固固定长度度的信息息摘要。信息摘要要的大小小与原信信息的大大小没有有关系，原信息息的一个个微小变变化都会会对信息息摘要产产生和大大的影响响。具有不可可逆性。（1）messageWithcontractMessagewithDigitalsignature（1）messageWithcontractMessage digestDigital signatureDigital envelopeDigital signatureOriginalmessage digestNewmessagedigest（2）senderapplieshash function(3)Senderen

9、cryptsusingsendersprivatekey(4)Senderencryptsusingrecipientspublickey(5)Sendere-mailstorecipient(6)Recipientdecryptsusingrecipientsprivatekey(7)Recipientdecryptsusingsenderspublic key(8)Recipientapplieshash function(9)Compare formatchDigital signatures4.Certificate authorities:Thirdparties thatissue

10、digitalcertificates. (电子商务务认证中中心)CA就是承担担网上安安全电子子交易的的认证服服务的服服务机构构 ，它它能签发发数字证证书，并并能确认认用户身身份。CA的主要任任务是受受理数字字证书的的申请，签发及及管理数数字证书书。A certificate contains :TheholdersnameValidityperiodPublickey informationA signedhash of thecertificatedata5.SSLandSETSecuresocket layer (SSL):protocolthat utilizes standard c

11、ertificatesforauthenticationand dataencryptiontoensureprivacyorconfidentiality, invented by Netscape.Secureelectronictransaction(SET):Aprotocoldesignedtoprovide secureonlinecredit cardtransactions forboth consumersandjointlybyNetscape,Visa,MasterCard,and others.SET协议与SSL协议的比比较（1）SET是一个多多方的报报文协议议，它定定

12、义了银银行、商商家、持持卡人之之间的必必须的报报文规范范，而SSL只是简单单地在两两方之间间建立了了一条安安全连接接。（2）SET允许各方方之间的的报文交交换不是是实时的的，而SSL则是面向向连接的的，必须须实时的的进行。（3）SET报文能够够在银行行内部网网或者其其他网络络上传输输，而SSL之上的卡卡支付系系统只能能与Web浏览器捆捆绑在一一起。（4）SET的安全要要求较高高，因此此所有参参与SET交易的成成员都必必须申请请数字证证书，而而SSL中只有商商家端的的服务器器需要验验证，客客户段则则是有选选择的。5.2Electronic PaymentMethods5.2.1E-payment

13、toolsElectronic CardsElectronic cashElectronic checkWhateverthee-paymentmethod,fiveparties involved in e-payments:1.Customer/payer/buyer2.Merchant/payee/seller3.Issuer4.Regulator5.AutomatedClearingHouse(ACH)AutomatedClearingHouse(ACH):Electronic networkthatconnectsallfinancial institutionsforthe pur

14、poseofmaking funds transfers.5.2.2Characteristicsofsuccessfule-paymentmethodsIndependenceInteroperability andportabilitySecurityAnonymityDivisibilityEase of useTransactionfeesCriticalmass5.2.3ElectronicCardsandSmartCards1.Paymentcard:Electronic cardthatcontainsinformationthat canbeused forpayment pu

15、rposesCreditcardsChargecardsDebitcardsCreditcard的付款过过程持卡人商家支付网关关开户银行行发卡行认证中心心（1）订单及及信用卡卡号（2）审核（5）确认（6）确认（3）审核（4）批准认证认证认证支付网关关：连接Internet与银行网网络，完完成支付付协议和和现存银银行交易易系统协协议之间间的信息息格式转转换，支支付网关关须由收收单行授授权，再再由CA发放数字字证书。支付网关关的功能能：确认商商家身份份、解密密从持卡卡人处得得到的支支付指令令，验证证持卡人人的证书书与在购购物中所所使用的的账号是是否匹配配，验证证持卡人人和商家家申请信信息的完完整性

16、等等。Electronic Cards andSmartCards(cont.)2.Smart card: An electroniccardcontaining an embedded microchipthat enablespredefinedoperations or theaddition,deletion, or manipulationofinformationonthecard.Electronic Cards andSmartCards(cont.)Contact card: Asmartcardcontaining asmallgoldplateonthefacethat

17、wheninsertedinasmart-card readermakescontact andsopassesdatatoandfromtheembeddedmicrochip.Contactless(proximity)card:A smart cardwithanembeddedantenna,bymeansofwhichdata andapplicationsare passedtoandfroma cardreader unitorotherdevice withoutcontactbetweenthecardandthe cardreader5.2.4E-cashandE-chec

18、kE-cash:Thedigitalequivalent of paper currency andcoins,whichenablessecureand anonymouspurchaseoflow-priced items.Micro-payments:smallpayments, usuallyunder$10.数字现金金支付的的特点匿名性可传递性性可分性E-cash的支付过过程（1）请求开开设E-cash帐户（2）帐号（3）购买数数字现金金的请求求（4）银行数数字签名名的数字字现金（5）订单及及加密的的数字现现金（6）加密的的数字现现金（8）确认（9）确认信信息买方方卖方银行行数字现金金库（7）核对E-Che