![慍惘 愕悋悽惠 悋惘惠惡悋愀悋惠 惡惘悋 惠惡悋惆 悋愀悋惺悋惠 惠忰 愆惆 擧 惺悋 悋 慍惘 愕悋悽惠 愆惡擧 擧悋拆惠惘 悋愕惠 . 悋悋愀悋惺悋惠 惆惘 愆惡擧 悋 擧悋拆惠惘 惆惘 悋惡 Packet PDU(Protocol Data Unit) 惠愆惘 愆惆 悋愕惠 . 惶 愆惠 Communication security Process/ Application Transport Internet Network access S/MIME,S-HTTP Secure TELNET Secure RPC SASL,SSH SSL/TLS IP AH , IP ESP [CHAP,EAP] Link encryptio MAC address filterng Security mechanisms at different layers packet header trailer payload 惆 悋 愆惡擧 悋 悋惘惠惡悋愀 OSI TCP/IP App. Presentation Session Transport Network Data Link Physical](https://image.slidesharecdn.com/e-commercesecurity-110208232435-phpapp01/85/E-commerce-security-29-320.jpg)
E commerce security
- 1. E-commerce security 悋惠 惆 惘惠悴悋惘惠 悋擧惠惘擧 拆惘 悋惠 惆惘 惠悴悋惘惠 悋擧惠惘擧 惘 愕惘愕 愆悋惘 惆悋愆悴 : 8861048 Email : meryamsiroos@yahoo.com
- 2. 惺悋 惶 悋 悋惠 惆惘 惠悴悋惘惠 悋擧惠惘擧 擧悋慍 悋 忰惘悋擯 悋愀悋惺悋惠 擧悋慍 悋 擧拆悋惘擯 惆悋惆 悋 惠愆悽惶 惆惘惠 擧惆 擯悋 悋 愕愕惠 悋 拆惘惆悋悽惠 悋擧惠惘擧 悋惠 拆惘惆悋悽惠 悋擧惠惘擧 悋惠 惺悋惠 拆惘惆悋悽惠 Communication security
- 3. 惶 悋 惠惆惆 拆悵惘 惠惆惆 悽悋愀惘 惠惆惆 拆悵惘 : 惷惺 悋 悋悽惠悋 惆惘 愀惘悋忰 拆悋惆 愕悋慍 悋悴惘悋 悋 惆惘惠 擧 愕愕惠 悋悋惺 惠惆惆悋 : 悽惘悋惡 愀惺 愕惘愕 : 悋悋惺 惘愕 悋 愀惺 惡惘 慍慍 悛惠愆 愕慍 ( denial of service ) DOS 惆愕惠惘愕 愃惘 悴悋慍 : Phishing 惆愕 悋悴惠悋惺 Spyware 悋 擧愆 惘慍 惺惡惘 悋愕惠惘悋 愕惺 悋 惆惘悋惠 愃惘 悋 悋愀悋惺悋惠 悴惺 惠 ( Masquerading ) 惆愕惠擧悋惘 拆悋 ( Message Tampering ) 悋惠 惆惘 惠悴悋惘惠 悋擧惠惘擧
- 4. 惆惘惠 悽悋愀惘 惘悛惆 愆悋愕悋 悽悋愀惘悋惠 悋惠 惡惆 悛悋 惡惘 悋愕悋愕 慍 惘惆 悋慍 惡惘悋 惡悋慍悋惡 愕愕惠 惆惘 惶惘惠 惺 悽愀惘 愆悋愕悋 拆悋惆 愕悋慍 惘悋 擧悋惘悋 惡惘悋 擧悋愆 悋 悽悋愀惘悋惠 惘悋 惆惘惠 悽悋愀惘 悋惆 . 惠忰 惘愕擧 : 惘悋惡愀 惡 悴惆惠 悽愀惘 悋忰惠悋 惠擧惘悋惘 悛 慍 拆悋惆 愕悋慍 擧 惘悋 忰 惡惘悋 忰悋惴惠 悋慍 悛 悽愀惘 悋 惠惆惆 拆悵惘 惘悋 惡惘惘愕 擧惆 . 悴惆惠 悽愀惘 : 惡惘 悋愕悋愕 慍 慍惆 悋慍 惡惘悋 惡悋慍悋惡 悋慍 悛 惆惘 惶惘惠 惠 擧 忰 悋惆悋慍 擯惘 愆惆 . 悋慍悋愆 悴惆惠 + 愕愀忰 悽悋愀惘 悋慍悋愆 悋忰惠悋 惺 悽愀惘 悴惆 惠惺 愕愀忰 悽悋愀惘 惶 悋 悋惠 惆惘 惠悴悋惘惠 悋擧惠惘擧 悴惆惠 悋忰惠悋 惺 惡 惆惘惠 惡惺惷 悋悋惠 愃悋惡悋 擧 悋惠 1 2 3 悴惆 4 5 6 悽 悴惆 7 8 9
- 5. 愕悋愕惠 悋惠 ( Security Policy ) : 惡惘悋 悴擯惘 悋慍 惠惆惆悋 悋慍惆 擧 悴惺 愕悋愕惠 悋惠 愕惠 . 悽惆悋惠 悋惠 ( Security Services ) : 擧 悴惺 擧悋惘擧惘惆 惡惘悋 拆悋惆 愕悋慍 愕悋愕惠 悋 悋惠 擧 惠惘 悛悋 惺惡悋惘惠惆 悋慍 : 擧悋慍 悋 悋惠 : 悽惆悋惠 悋惠 惠愕愀 擧 悴惺 擧悋慍 悋 悋惠 拆悋惆 愕悋慍 悋悴惘悋 愆惆 . 擧 惡 惆 惆愕惠 悽悋惶 惘悋擯惘 惠愕 愆惆 . 擧悋慍 悋 悽悋惶 : 惡惘悋 拆悋惆 愕悋慍 擧 愕惘愕 悋惠 愆悽惶 惡 擧悋惘 惘惆 . 擧悋慍 悋 惘悋擯惘 : 惡惘悋 拆悋惆 愕悋慍 惘 悽惆惠 悋惡 悋愕惠悋惆 愕惠惆 . 悋慍 悴 拆惘悋惠 惠惘 悛悋 惺惡悋惘惠惆 悋慍 : 惡悋慍悋惡 悋惠 : 惡 擧 愕愕惠 擧擧 擧惆 擯悋擧 擧 忰 悋惠悋 悋惠悋惆 惡惠悋惆 悽惆 惘悋 惡悋慍悋惡 擧惆 . 忰愕悋惡惘愕 悋惠 : 悋 擧悋慍 擧擧 擧惆 惺悋惠 悋 忰愕悋愕 惡 悋惠 擧 愕愕惠 拆悋拆 拆悋愆 愆惆 . 惠愆悽惶 忰 : 悋 擧悋慍 愆悋愕悋 惘 惆悋惆 悋 悽悋惶 悋愕惠 擧 愃悋惘 惡悋 愕悋愕惠 悋 悋惠 擧 愕愕惠 悋愕惠 悋 惡 愀惘 惡悋 惠悋惆 惡惘悋 悛 擧 惠惆惆 忰愕惡 擯惘惆惆 . 惶 悋 悋惠 惆惘 惠悴悋惘惠 悋擧惠惘擧 擧惠惘 惆愕惠惘愕 Authorization 忰惘悋擯 惆悋惆 悋 Data Confidentiality 擧拆悋惘擯 惆悋惆 悋 Data Integrity 惺惆 悋擧悋惘 Non Repudiation 愆悋愕悋 惠 Authentication Security Services
- 6. 擧悋慍 悋 忰惘悋擯 悋愀悋惺悋惠 悋惶悋 擧悋慍 悋 愕惠惆 擧 惡惘悋 忰惴 忰惘悋擯 惆悋惆 悋 悋愀悋惺悋惠 惡擧悋惘 惘惆 . 惡 愀惘 擧 惘慍擯悋惘 悋 Enciphering 愕惠惆 . : key Generator 惘愆惠 悋 悋慍 悋惺惆悋惆 惘悋 惡惘悋 悋 惠惆 擧惆擧 悋惶悋 random 愕惠惆 . 擧 惆惘 擧悋慍 悋 惘慍 擯悵悋惘 Stream Ciphers 擧悋惘惡惘惆 惆悋惘惆 . 悋慍 悴 愆悽惶悋惠 擧 惘 悋慍悋惘 悋 愕悽惠 悋慍悋惘 惆 擧惆 悋 key Generator 惡悋惆 惆悋愆惠 惡悋愆惆 惺惡悋惘惠惆 悋慍 : 1-Infinit Number of Crypto Variables (Keys) 2-Completely Random key Stream 3-Infinit Cycle Length 4-Random Starting places 5-Fail Safe Alarms 惶 惆 擧悋慍悋 忰惘悋擯 悋愀悋惺悋惠 擧悋慍悋 惘慍 擯悵悋惘 惠悋惘 Symmetric encryption 悋 惠悋惘 Asymmetric encryption Stream Ciphers Block Ciphers Synchronous Stream Ciphers Self-Asynchronous Stream Ciphers KAK Key-Auto-Key CKAK Cipher text-Auto-Key DES Data Encryption Standard AES Advanced Encryption Standard RSA Ronald Rivest Adishamir Leonard Adleman Blok Encryption Algorithms Diffie-Heeman Pohlig-Hellman ELGamal
- 7. 惡惘惘愕 擧悋慍 悋 惘慍 擯悵悋惘 Stream Ciphers Symmetric : 惆惘悋 惘愆 擧 惘愆惠 悋慍 悋愀悋惺悋惠 惡悋 擧 惘愆惠 悋慍惘慍 擧 惠惺惆悋惆 惡惠悋 悛 惺悋惆 愕惠惆 XOR 愆惆 . synchronization key stream key stream Cipher Text Encipher Decipher 慍 擧 悽悋惘悴 愆惆 悋 Cipher text 悋 惠 惘慍擯悵悋惘 愆惆 悋愕惠 慍悋擧 惡 惆惘悋惠 擧惆 悋愀悋惺悋惠 惘愕惆 惆惘悋惠 擧惆 惠悋惆 惡悋 擧惆 惡 悋惶愀悋忰 愆惘惺 擧惆 悋愀悋惺悋惠 惘悋 惘慍 擯愆悋 擧惆 . 惆惘悋惠 擧惆 悋愀悋惺悋惠 擧 惆 擧惆 惆悋惘惆 惡悋 悋 Initialization Vector (IV) 擧 惘慍 擯悵悋惘 擧惆 悋愀悋惺悋惠 惆悋愆惠 . 惆惘 悋 惘愆 愕惠 悋慍 惆惠悋 惘慍 擯悵悋惘 愆惆 惡愆擧 惆悋悧 惡 key Generator 惡悋慍悽惘悋惆 愆惆 惡惘悋 惠惆 擧惆 惡悋惡惘悋 惆悋悧悋 悋 惆 惡惠 悋慍 Cipher text 惘悋 惡悋慍悽惘悋惠 惡 key Generator 惡惘悋 悋擧 擧惆 惘悋 惡惆愕惠 悛惘 . 惺 惠悋惡惺 惠惆 擧惆 擧惆 悋 擧 悋慍 拆悋惘悋惠惘 悋 惘惆愆 n 惡惠 悋慍 惠 惘慍擯悵悋惘 愆惆 悋愕惠 . Cipher Text Encipher Decipher 惶 惆 擧悋慍悋 忰惘悋擯 悋愀悋惺悋惠 KAK Key-Auto-Key Cryptographic Varriables(cv) Initialization Vector(iv) Key Generator Key Generator Cryptographic Varriables(cv) Initialization Vector(iv) + + Plaintext Plaintext CKAK Cipher text-Auto-Key Cryptographic Varriables(cv) Key Generator Key Generator Cryptographic Varriables(cv) + + Plaintext Plaintext
- 8. 惡惘惘愕 擧悋慍 悋 Symmetric Block Ciphers : 擧 悋擯惘惠 惘慍擯悵悋惘 Block Cipher 悋擯 惺 擧惆 擧 惠 悋 Data 悋惘悋 惡 惡悋擧悋 X 惡惠 愆擧惆 惘 惡悋擧 惘悋 惡 愆擧 悴惆悋擯悋 惘慍擯悵悋惘 擧惆 . 惡 悋 惺惆惆 x 擧 擧 惺惆惆 惓惡惠 integer 悋愕惠 Block Size 擯 . key= 56 Encryption k1 悋擯惘惠 DES block=64 bit 8 Parity bits 惘悛惆 惘慍擯悵悋惘 DES 愀 16 惘忰 悽惠 擧 惡愆擧 悴惆悋擯悋 悋 擧悋惘 惘慍擯悵悋惘 DES 惘悋 悋悴悋 惆惆 惶惘惠 拆悵惘惆 . 悋擯惘惠 DES 悋慍 忰悋惴 悋惠 惡愕悋惘拆悋 悋愕惠 惡 惆 悋擯惘惠 AES 悴悋擯慍 愆惆 擧 悋惘慍 悋愕惠悋惆 愆惆 : key=128 192 256 Encryption 惠惺惆悋惆 惘悋忰 拆惘惆悋慍愆 ( 惡 惠惘惠惡 擧惆 ) =10 12 14 悋擯惘惠 AES block=128 bit 惘悛惆 惘慍 擯悵悋惘 惘慍 惡惘惆悋惘 擧惆 惡惺悋 悋忰惆 惡悋惠 惆惘 悋惡 擧 悛惘悋 惡 悋 悛惘悋 惷惺惠 悋 State Matrix 拆惘惆悋慍愆 愆惆 . 惠惺惆悋惆 愕愀惘 = 4 愆 惓悋惡惠 悋愕惠 State Matrix key=128 4 愕惠 惠惺惆悋惆 愕惠 = 悋惡愕惠 惡 惺惆惆 擧惆 key=192 6 愕惠 key=128 8 愕惠 惶 惆 擧悋慍悋 忰惘悋擯 悋愀悋惺悋惠 Plaintext Block Crypto Variables Block Cipher Algorithm Cryptographic Varriables(cv) Blok Encryption Algorithms Block Cipher Algorithm Crypto Variables Cipher Block Cipher Block Block size DES : 64-bit AES : 128-bit
- 9. 惡惘惘愕 擧悋慍 悋 Asymmetric : 悋 惆擯惘 擧惆 悋 悋擯惘惠悋 愃惘 惠悋惘 Public-Key 悋 擧惆 惺 悋愕惠 . 悋擯惘惠 RSA 惡惆 愆擧 惺 擧惆 擧 : p , q = 悋惺惆悋惆 悋 愕惡惠悋 惡慍惘擯 n = p*q 惷 悋惘 Qn = Qpq = (p-1)(q-1) Public-Key = pub 悋 惡悋愆惆 愕惡惠 惡 Qn private-Key (pub * private) 愆惠 惡悋 1 惡 拆悋 Qn Public-key 悋惡 悋惠愆悋惘 Private-key 忰惘悋 惶 惆 擧悋慍悋 忰惘悋擯 悋愀悋惺悋惠 RSA Ronald Rivest Adishamir Leonard Adleman
- 10. Cryptographic Hash Function 悋惶悋 Hash Function 惡 惠悋惡惺 擯惠 愆惆 擧 擧 惘惆 惡悋 愀 惠悋惠 惡 擧惆 擧 悽惘悴 惡悋 擧 愀 惓悋惡惠 惘悋 惠惆 擧惆 . Fanction hash = H 惘惆 惠悋惡惺 = m 惆悋惘 惠悋惡惺 = H(m) 擧 H(m) 惆悋惘悋 悽惶惶悋惠 慍惘 悋愕惠 : 愀 拆悋 惠悋惆 惡 惘悋惆悋慍 悋 惡悋愆惆 . Has Value ( 擧惆 拆悋 ) 愀 惓悋惡惠 惆悋惘惆 . 惡惘悋 惘 拆悋 惺 忰悋愕惡 H(m) 愕惡惠悋 悛愕悋 悋愕惠 . 拆惆悋 擧惘惆 拆悋 擧 愆 惺 惆悋惘惆 愃惘 惺 悋愕惠 . 惠愃惘 拆悋 惡惆 惠愃惘 愆 悛 愃惘 擧 悋愕惠 . 悋惠 惆 拆悋 惠悋惠 惡悋 擧 愆 擧愕悋 擧 愕惠 . MAC (Message Authorization Code): Secret Key + input Message = 惘惆 Message Authorization Code = 悽惘悴 悋 擧悋慍 惆惘 愆悋愕悋 惠 惘惆 惘愕惠惆 惡愕悋惘 擧悋惘惡惘惆 惆悋惘惆 擯惘惆 擧悋悋 愀悧 悋愕惠 拆悋 惘悋 惘愕惠惆 悋惶 惘愕惠悋惆 . 惶 愕 擧悋慍悋 悋惠 ( Hash function ) MAC Message Authorization Codee SHA Source Hash Standard MD5 Message DIGEST Algorithm 擧悋慍 悋 擧惠惘 惆愕惠惘愕 Authorization Dentity-Based Access Control Rule-Based Access Control Sender Receiver Message Mac Algorithm Key(k) MAC Message Mac Algorithm Key(k) MAC Message MAC =? MAC 擧悋慍悋 擧拆悋惘擯 悋愀悋惺悋惠 愆悋愕悋 惠
- 11. SHA(Source Hash Standard): 悴惠 愆悋愕悋 惠 惘愕惠惆 惡惘悋 擧 擧惘惆 擧拆悋惘擯 惆悋惆 悋愕惠悋惆 愆惆 惡惆 惠惘惠惡 擧 悽惘悴 惠悋惡惺 Hash Message Digest 悋愕惠 擧 悋擯惘 拆悋 悋 惆愕惠擧悋惘 愆惆 惡悋 Message Digest 悽悋 惆悋惘惆 悋 惠悴 惠愃惘 惆惠悋 愆 愃惘擧 悋愕惠 擧愕 惡 Message Digest 惺 悋惶 拆悋 惆愕惠惘愕 拆惆悋 擧惆 . 惘悋 SHA : SHA1 , SHA2 , SHA3 愀 擧惆 拆悋 惡愕惠 惡 悋擯惘惠 悋慍 160 惠悋 512 惡惠 惠悋惠 悋愕惠 . 悋 惘愆 悋 悋惆 愆惆 慍惘悋 愀悋惡 悋愕惠悋惆悋惘惆 : 1- 悋惠 拆悋 擧 惡 擧 擧惆 拆悋 惘惷 惘惠惡愀 悋愕惠 2- 悋惠 惆 拆悋 惠悋惠 擧 悋 擧惆 惘悋 惠惆 擧惆 惡愕 忰悋愕惡 愃惘 惺 悋愕惠 . MD5 (Message DIGEST Algorithm): 惘悋 MD : MD4 , MD2 , MD5 悋 愕 悋擯惘惠 擧 Message Digest 128 惡惠 惠惆 擧惆 惶惘惴惘 悋慍 悋擧 惘惆 悋 惠悋惡惺 愀 惆悋愆惠 惡悋愆惆 . 悋惡惠 悋惺惆惠悋 擯惆 惘惆愆 惡悋惆 擧擧惠惘 悋慍 2 惡 惠悋 64 惡惠 惡悋愆惆 . . 惶 愕 擧悋慍悋 擧拆悋惘擯 悋愀悋惺悋惠 愆悋愕悋 惠
- 12. ) 擧悋慍 悋 擧惠惘 惆愕惠惘愕 Authorization): 慍悋擧 惘惆 愆悋愕悋 惠 愆惆 悋惘惆 愕愕惠 愆惆 悋 擧悋慍 惴 惆惘惠 惘惆 悵擧惘 惘悋 惆悋惘惆 Dentity-Based Access Control 惆惘 悋 愕愕惠 惆愕惠惘愕 悋惘悋惆 惡惘 悋愕悋愕 擯悋 擧 悋惡惺 悽惠 愕愕惠 惆悋惘惆 惠惺惘 愆惆 . 悋 惺 悋慍 惘愆悋 擧惠惘 惆愕惠惘愕 惘悋 Discretionary 擯惆 擧 惺 悋擧 悛 惡惺 惠惺 擧惆 惆愕惠惘愕 惘惆 惠 愆惆 愕惠 . Object ObjectA ObjectB ObjectC Subject Subject A Type Access Rule-Based Access Control 惆惘 悋 愕愕惠 惆愕惠惘愕 悋惘悋惆 惡惘 悋愕悋愕 擧 悋 惠惺惘 愆惆 . 愕愕惠悋 悋愀悋惺悋惠 擧 悋慍 惡 悋惠 惡悋悋 惆悋惘惆 惓 愕愕惠悋 惴悋 悋慍 悋 擧悋慍 悋愕惠悋惆 擧惆 . 惆惘 悋悴悋 悋愕惠 惘惆 惡悋 悛 惆愕惠惘愕 擧惆 . 惡惘悋 悋擧 愕愕惠 Rule Based 惘悋 拆悋惆 擧 惡 惘 Object 惘 惡惺 惘 惘惆 擧 Security Label 悋悽惠惶悋惶 惆 . 惶 愕 擧悋慍悋 擧拆悋惘擯 悋愀悋惺悋惠 愆悋愕悋 惠
- 13. 擧愕惘 擯悋 悋 惡惘悋 惠悋惆 悋惶 惡惆 擧惆悋 惺 悋愕惠悋惆 愆惆 . Public Key infrastructure (PKI) : 擯悋 悋愕惠悋惆 悋慍 擧惆 惺 悋慍 悋愕惠 擧 擧 愕愕惠 悴悋惺 惆悋愆惠 惡悋愆 惡惘悋 惘慍擯悵悋惘 擧惆 惺 悽悋惠 悋惷悋 惆悴惠悋 惠悋 愀悧 愆 悋慍 忰惘悋擯 Authorization Data integerity access control 惺惆 悋擧悋惘 . 悋 愕愕惠 PKI 悋愕惠 . spoofing 1- 惺 擧 惘惆 悛惆 Public Key 悽惆愆 惘悋 悴悋擯慍 擧惆 ( 悴惺 惠 ) 惡惘悋 擧愕 擧 悽悋惆 悋 悋愀悋惺悋惠 惘悋 惠愕愀 悛 Public Key 惘慍擯悵悋惘 擧惆 悋惘愕悋 擧惆 . PKI 悋 惶忰惠 愕 惘悋 擧 擧惆 . 2- 悋慍 愀惘 惆擯惘 悋愕拆惘 惠悋惆 悋惘惠惡悋愀 惆 愕悋慍悋 悋 惆 愆悽惶 惘悋 悋愕惠惘悋 愕惺 擧惆 惆惘 惠悴 擧惆 惺 惘 擧悋惘惡惘 惡悋惆 惠愕愀 擧 Certificate authority 惠惶惆 ( 悋惷悋 ) 愆惆 . 惠惺惘 PKI : 慍惘愕悋悽惠 擧惆 惺 惡 悴惺 悋 悋慍 愕悽惠 悋慍悋惘 惘 悋慍悋惘 愕悋愕惠悋 惘悛惆悋 擧 惡惘悋 惠惆 悵悽惘 擯惆悋惘 惠慍惺 愀惘 惡悋慍悽悋 悋 Revoke 擧惘惆 擯悋 悋 惆悴惠悋 悋 Digital Certificate 悋 悋慍 悋愕惠 . 惡 悋 悴惺 擧悋 Public Key Infrastructure 擯惠 愆惆 . 惠惺惘 Digital Certificate ( identity ): 擧 愕惆 悋擧惠惘擧 悋愕惠 擧 惡悋 悋愕惠悋惆 悋慍 擧悋慍 悋 悋惷悋 悋擧惠惘擧 Public Key 惠 悋惶 悋愕惠悋惆 擧惆 惶悋忰惡 Publick Key 惘悋 惡 惆擯惘 拆惆 惆惆 . 擧 悋 擯悋 悋 惆悴惠悋 惘悋 愕悋慍悋悋 惶悋惆惘 擧惆 擧 惡 悛悋 Certificate authority 擯惆 . 惶 悋惘 惆惘惠 擧惆 擯悋悋 惴悋 PKI 惆惘惠 Life Cycle 擧惆悋 惺 擯悋悋 惘惠惡愀 悋惘悋悧 擧悋慍悋 backup , Recovery 惡惘悋 愕惘愕悋 擯惆悋惘 惠悋惘悽 擯悋悋 擧惆 悋 惶悋惆惘愆惆 Update 擯悋悋 擧惆 悋 悋惘悋悧 Cross Certification
- 14. X.509 : 悋愕惠悋惆悋惘惆 擯悋 悋 惆悴惠悋 惡惘悋 悋愕惠悋惆 擧惆擯悋 擧惠 : 擯悋 惺悋 惡惘 悋擧 惠悋惘悽 悋惺惠惡悋惘愆 惠悋 愆惆 惡 惆悋 悋慍 悴 愕悄 悋愕惠悋惆 愕惘惠 惠愃惘 .... 惠悋惆 Revoke 愆惆 悋 悋惶愀悋忰悋 悋惘惠惡悋愀愆 惠愕愀 CA 擯惘惠 愆惆 . 悋 擯悋 悋 revoke 愆惆 惆惘 愕惠 惡 悋 CRL 悋 Certification revocation List 惘悋惘 擯惘惆 . 惶 悋惘 惆惘惠 擧惆 擯悋悋 Serial number 惷惺 擯悋悋 愆悽惶悋惠 惶惠忰惡 惶悋惆惘 擧惆 Subject Public Key Information 惷惺 擯悋 惠悋惘悽 悋惺惠惡悋惘 惶悋惆惘 擧惆 擯悋 悋惷悋 ( CA ) Version Number 惆悋 擯悋 悋 悋愕惠悋惆 擧惆 悋慍 X.509
- 15. Publik Key Infrastructure: operational transaction and management Managment transaction Transaction PKI user PKI Management entities public certifacate public Management transactions Certificate and CRL 惶 悋惘 惆惘惠 擧惆 擯悋悋 悗 悋 悋惶 PKI Certification authority 1 Registration authority 2 PKI User 3 End entity (Client) 4 Repositories 5 CRL End entity Registration Authority Certification Authority Certification Authority
- 16. 惘悋忰 擧悋惘 惡惘悋 擯惘惠 擧 certificate : 1- 惓惡惠 悋 惆惘 擧 CA 惆惘悽悋愕惠 惡惘悋 擯惘惠 擧 certificate 2- 惡惘惘愕 惠悋惆 惠 悋 惠愕愀 CA 惶悋惆惘 擧惆 擯悋 3- 惘悋惘惆悋惆 悋惠愆悋惘 擯悋 惶悋惆惘 愆惆 惆惘 擧 repository 惶 悋惘 惆惘惠 擧惆 擯悋悋 Certificate athurity/ Registration authority Respository site Alice Bob 1 2 3 4 5 6 Enciphered Message Digital signature 7
- 17. 惆愕惠 惡惆 愕愕惠 悋 拆惘惆悋悽惠 悋擧惠惘擧 1-Offline Vs, Online Offline system : 愆惠惘 惘愆惆 惡 擯悋 惡悋惆悋惠 惠悴悋惘 惡悋 惆擯惘 悛悋 愕惠惆 悋愀悋惺悋惠 惡悋擧 悛悋 悛悋 悋愕惠 . 惺惡 擧 愕愕惠 悛悋 惆惘 惡惘悋惡惘 悛悋 惆悋惘惆 悋 悋愕惠 擧 惘愆惆 惆悋惆 擧 悽惘惆悋惘 悛悋 拆 惆 惘忰愕悋惡愆 惆悋惘惆 悋 . Online system : 擧 悋愀悋惺悋惠 愕愕惠悋 擧 惆惘 惡惘惆悋惘惆 愕惘愕 惆惆 擧悋慍悋 拆惘惆悋悽惠 愆惠惘 愕惠惆 擯 惡惘 惘 愆惡擧 惆惘 擧 忰惴 悋忰惆 悋惡 惆愕惠惘愕 愕惠惆 . 2-Debit Vs, Credit Debit : 悋惆惘 擧 惆惘 忰愕悋惡 惆悋惘 悋惆惘 惠悋 悽惘悴 悋 惡惘惆悋愆惠 擧 . 愕愕惠 惡悋擧惆悋惘 悋惘悋 惡惘 悋愕悋愕 惆惡惠 惺 擧惆 . Credit : 惡悋擧 悋 悋惺惠惡悋惘 惘悋 惡 悋 惆惆 擧 拆 擧 惆悋惘 悽惘悴 擧 惡惺惆悋 惡 惡悋擧 拆惘惆悋悽惠 擧 . 惓 擧悋惘惠 惆惡惠 悋 擧悋 惶 拆悴 E-Payment Systems E-Payment Systems 1-Offline Vs, Online 2-Debit Vs, Credit 3-Macro Vs, Micro
- 18. 惆愕惠 惡惆 愕愕惠 悋 拆惘惆悋悽惠 悋擧惠惘擧 3-Macro Vs, Micro Macro system : 愕愕惠悋 愕惠惆 擧 惡愃 拆惘惆悋悽惠 惆惘 悛 愕愕惠悋 惡愆惠惘 悋慍 擧 惡愃 (5 惠悋 10 惆悋惘 ) 惡愆惠惘 悋愕惠 . Micro system : 愕愕惠悋 愕惠惆 擧 惡愃 拆惘惆悋悽惠 惆惘 悛 愕愕惠悋 擧惠惘 悋慍 擧 惡愃 (5 惠悋 10 惆悋惘 ) 悋愕惠 . 惶 拆悴 E-Payment Systems Entity 悋 惆惘擯惘 惆惘 愕愕惠 Credit Card holder Card issuing bank Merchant 慍悋 愕惠惘 惆愕擧悋惘 惆悋慍 悋 擯悵悋惘 regulate 擧惘惆 惠惺 惠惺惘 悋 ... 惴 Transaction Network Merchant account Acquire bank
- 19. 拆惘惆悋悽惠 惆惘 忰愀 惠悴悋惘惠 悋擧惠惘擧 惶 拆悴 E-Payment Systems s s Issuer Bank Acquirer Bank Interbank(clearing) network 3 Authorization 6 Settlement Interbank Settlement Account 2 Auth 5 Charges Customer (Payer) Merchant (Payee) 7 Natification 1 Credit card info 4 惺悋惠 拆惘惆悋悽惠 惆惘 Credit Card s Payment Instruments 1- Cash Like 2- Check Like 3- Credit Card 4- Electronic money 5- Electronic Check
- 20. Payment Instruments Electronic money : 惺悋惆 拆 悋惺 惆 惘惆悋 悴悋慍 悋愕惠 擧 惺惆惠悋 惡惘悋 拆惘惆悋悽惠 惆惘 愕愕惠悋 悋擧惘 惡擧悋惘 惘惆 悋忰惆 拆 悋擧惠惘擧 愕擧 惆悴惠悋 悋 悋擧惠惘擧 悽悋惆 愆惆 . Electronic check : 惺惡悋惘惠愕惠 悋慍 愕惆 悋擧惠惘擧 擧 惆悋惆 悋 悋惡 惘悋 惆惘 惡惘 擯惘惆 : 惶 拆悴 E-Payment Systems Electronic Money e-cash Digital cash Digital money Digital/electronic currency 惓悋 : 愕愕惠 悋悽惠悋拆愕 Pay Pall 悋惷悋 悋擧惠惘擧 惆惘悋惠 擧惆 悋惷悋 悋擧惠惘擧 拆惘惆悋悽惠 擧惆 悋忰惆 拆 擧 惠悋惘悽 悋惷悋 擧 惠悋惘悽 擧 惡愃 擧 悋 擯惘惆 擧 悋 惡悋擧 惆悋惘悋 忰愕悋惡 愆悋惘 忰愕悋惡 惆悋惘惆 忰愕悋惡 悋 惶悋惆惘 擧惆 擧 愆悋惘 擧 Electronic Check
- 21. Payment Instruments Cash Like : 惆惘 愕愕惠 拆惘惆悋悽惠 悋擧惠惘擧 忰愕悋惡 愆惠惘 惘悋 擧 擧惆 惡惺惆 悋慍 忰愕悋惡 惡惘惆悋愆惠 擧惆 惡惺惆 悋慍 悋 惘愆惆 擧悋悋 惘悽惠 愆惆 惘悋 惆惘 悋悽惠悋惘 愆惠惘 惘悋惘 惆惆 . Electronic Wallet 擧 electronic wallet 悋愕愀 惡惘悋 悵悽惘 愕悋慍 悋愀悋惺悋惠 擧悋惘惠 悋惺惠惡悋惘 悋惘悋愀悋惺悋惠 悋 惆擯惘 悋愕惠 . 悋 惆擯惘 悛 擧 拆 悋擧惠惘擧 悋愕惠 擧 惆悋 愆悋惡 擧 擧 拆 惆惘 惆悋 悋惺 悋愕惠 . 惆惘 electronic wallet 拆 惆悴惠悋 擧悋惘惠悋 惡悋擧 惠悋 惆悋愆惠 惡悋愆 . 惓 Pay Pall Google Check out 惶 拆悴 E-Payment Systems s s Issuer Bank Acquirer Bank Interbank(clearing) network 4 settlement Interbank settlement account 3 Endorsed check Customer (Payer) Merchant (Payee) 1 Invoice 2 Signed Check Check Like 5 s Payer Payee
- 22. 愆擧悋惠 惆惘 拆惘惆悋悽惠 悋擧惠惘擧 : 1- 愕悄 悋愕惠悋惆 悋慍 悋愀悋惺悋惠 擧悋惘惠 悋惺惠惡悋惘 2- 惠愃惘 拆悋悋 惆惘 愆惡擧 惠愕愀 忰 擧惆擯悋 惡愀惘擧 惡悋 惠愃惘 悋愀悋惺悋惠 惘惆 惠悴悋惘惠 悋擧惠惘擧 惆悋惘 愆擧 愆惆 3- 悴惆 惘愆惆擯悋 悋惶悋惆 擧 悋慍 悋愀悋惺悋惠 擧悋惘惠 悋惺惠惡悋惘 愕悄 悋愕惠悋惆 擧惆 . 惶 愆愆 1-Payment authorication 2-Payment Integrity 3-Payment Authorization 4- Payment confidentiality 悋慍 悋 悋惠 擧 愕愕惠 拆惘惆悋悽惠 悋擧惠惘擧 惆惘 擯悋 拆惘惆悋悽惠 : 悋惠 拆惘惆悋悽惠 悋擧惠惘擧 愕惘愕悋 悋惠 拆惘惆悋悽惠 悋擧惠惘擧 : 愕惘愕悋 悋惠 惺悋惠 拆惘惆悋悽惠 愕惘愕悋 悋惠 拆 惆悴惠悋 愕惘愕悋 悋惠 擧 惆悴惠悋 惡悋 擧悋惘惡惘 惺惆 悋惡惠 惘擯惘 擧悋 惡悋 拆惘惆悋悽惠 擧惆 惺惆 悋惡惠 惘擯惘 惺悋惠 拆惘惆悋悽惠 忰惘悋擯 悋愀悋惺悋惠 拆惘惆悋悽惠 惺惆 悋擧悋惘 拆惘惆悋悽惠 惠悋慍擯 悋愀悋惺悋惠 惺悋惠 拆惘惆悋悽惠
- 23. 惡悋 擧悋惘惡惘 ( User anonymity ): 悋慍 悋愆悋 愆惆 悋愀悋惺悋惠 悋 擧悋惘惡惘 惆惘 惺悋惠 拆惘惆悋悽惠 悋惺惠 擧惆 . 擧 惘悋 悋愕惠悋惆 悋慍 愆惡 悋 悋愕惠 . 惺惆 悋惡惠 惘擯惘 擧悋 ( Location Untraceability ) : 悋惡惠 拆悋惆 愕悋慍 悛 悋慍 愀惘 愕惘 惆 拆悋悋 拆惘惆悋悽惠 悋慍 愀惘 擧 愕惘 Host 悋 悋悴悋 愆惆 . 惶 惠 A B C X Y Z l 擧悋愕 惡悋 擧悋惘惡惘 惺惆 悋惡惠 惘惆悋惡 擧悋 : Mix1 Mix4 Mix7 Mix5 Mix2 Mix8 Mix6 Mix3 Mix9 悋惠 惺悋惠 拆惘惆悋悽惠
- 24. 惘 慍惘 拆悋悋 擧 惡悋惆 惡 Mix 悋 悽惠 悋慍 惡惆悋 惠悋 惶惆 惠惆 擧 惘悋 惡 悋 悋惘悋悧 惆惆 A Mix1 : E1(Mix2,E2(Mix3,E3(Y,Message))) Mix1 Mix2 : E2(Mix3,E3(Y,Message)) Mix2 Mix3 : E3 (Y,Message) Mix3 y : Message 惶 惠 mix A B C X Y Z 擧悋愕 悴惆惆 惡悋 擧悋惘惡惘 惺惆 悋惡惠 惘惆悋惡 擧悋 : M : Public key of mix E : encryption function Mix: mix address Y : public key of y 悋惠 惺悋惠 拆惘惆悋悽惠
- 25. 惡悋 拆惘惆悋悽惠 擧惆 ( Payer anonymity ) : 悋慍 愀惘 悋愕惠悋惆 悋慍 悋 愕惠惺悋惘 惡惘悋 拆惘惆悋悽惠 擧惆 惆惘 拆惘惆悋悽惠 惡惆愕惠 悛惆 . 愆惡 悋悋 悋 惡悋惘 惠愕愀 first virtual holding 悋愕惠悋惆 愆惆惆 擧 惡 愆擧 慍惘 惺 擧惘惆 : 惶 惠 s s Issuer Bank Acquirer Bank Interbank(clearing) network 9.clearing 3.Yes 5.Transaction info Customer Merchant 8a.Withdrawal 1.Buy(VPIN) 4.Supply services 惺悋惠 拆惘惆悋悽惠 惆惘 first virtual 悋惠 惺悋惠 拆惘惆悋悽惠 FV 2.VPIN OK? 7.Yes 6.Yes/No/Froud? 8b.Depositl 悋 愆惘擧惠 忰 愆惆 惡 惠惆惘悴 悋悋 愕惠惺悋惘 擧悋惘 擯悵悋愆惠 愆惆惆 .
- 26. 悋惡惠 惺惆 惘擯惘 惺惠 拆惘惆悋悽惠 ( Payment transaction untraceability ) : 惺 惘愆惆 惠悋惆 惡悋 拆惘惆悋悽惠悋 悽惠 愆惠惘 惘悋 愆悋愕悋 擧惆 . 惡惘悋 悋 擧悋惘 愆惠惘 擧 惺惆惆 惠惶悋惆 惡悋 RSC 惘悋 惡悋 悋愀悋惺悋惠 惡悋擧 悽惆 BAN 惆惘 擧 hash runction 悋惘惆 擧 愆惡 悋 惡悋 IDC 惡惆愕惠 悛惘惆 . 惆惘 惘 惠惘悋擧愆 擧 RSC 惠悋惠 悋惘惆 愆惆 拆愕 惘 惡悋惘 慍 擧 IDC 惠悋惠 惡惆愕惠 悛惆 愆惠惘 惘悋 惠悋 悋慍 惘 拆惘惆悋悽惠悋 拆擯惘 惆 惘愆惆 惠悋惆 2 悋 悴惆 惺悋惠 拆惘惆悋悽惠 惘悋 惡 擧 愆惠惘 惘惡愀 惆惆 . IDC = hk(Rc , BAN) 忰惘悋擯 惆悋惆 悋 惺悋惠 拆惘惆悋悽惠 ( confidentiality of payment ) : 惶 惠 悋惠 惺悋惠 拆惘惆悋悽惠 惡惘悋 悋擧 悋愀悋惺悋惠 悽惘惆 悋慍 惆惆 惡悋擧 悋愀悋惺悋惠 惡悋擧 悋慍 惆惆 惘愆惆 悽 惡悋惆 惘愆 慍惘 惘悋 惆悋惘 : 悽 悋惆 悋愀悋惺悋惠 惡悋擧 悋慍 惆惆 惘愆惆 悽 悋惆 悋愀悋惺悋惠 悽惘惆 悋慍 惆惆 惡悋擧 惆悋惆 悋 惺悋惠 Payment Instruction Order Information Payment acqurer bank Issuer bank gateway 愀 惆惘 悋悽惠悋惘 悋 3 擯惘 惘悋惘 擯惘惆 惆惘 悋悽惠悋惘 惘愆惆 Pseudorandom function IDC = hk(RC , BAN) HK(SALTC , DSC)
- 27. SET ( Secure electronic transaction ): 惴 忰惴 忰惘悋擯 悋愀悋惺悋惠 惆惘 擧 悽惘惆 惘愆 悛悋 . 擯 惆 悋惷悋 惶 惠 悋惠 惺悋惠 拆惘惆悋悽惠 PI OI H H OIMD PIMD II H POMD E Dual Signature KRc PI = Payment Information OI = Order Information H = Hash function(SHA-1) II = Concatention PIMD = PI message digest OMID = OI message digest POMD = Payment Order message digest E = Encryption (RSA) KRc = Customers privatesignature key
- 28. 惺惆 悋擧悋惘 拆悋悋 惺悋惠 拆惘惆悋悽惠 ( nonrepudiation ) : 悋慍 愀惘 悋愕惠悋惆 悋慍 悋 愕惠惺悋惘 惡惘悋 拆惘惆悋悽惠 擧惆 惆惘 拆惘惆悋悽惠 惡惆愕惠 悛惆 . 愆惡 悋悋 悋 惡悋惘 惠愕愀 first virtual holding 悋愕惠悋惆 愆惆惆 擧 惡 愆擧 慍惘 惺 擧惘惆 : 惶 惠 Nonrepudiation messages 悋惠 惺悋惠 拆惘惆悋悽惠 payer payee Acquirer Payers Payment Auth. Payers Payment Auth. Payees Payment Auth. Acquirers Payee Auth. Acquirers Payment Auth. Acquirers Payee Auth. Acquirers Payment Auth. Payees Payment Auth.
- 29. 慍惘 愕悋悽惠 悋惘惠惡悋愀悋惠 惡惘悋 惠惡悋惆 悋愀悋惺悋惠 惠忰 愆惆 擧 惺悋 悋 慍惘 愕悋悽惠 愆惡擧 擧悋拆惠惘 悋愕惠 . 悋悋愀悋惺悋惠 惆惘 愆惡擧 悋 擧悋拆惠惘 惆惘 悋惡 Packet PDU(Protocol Data Unit) 惠愆惘 愆惆 悋愕惠 . 惶 愆惠 Communication security Process/ Application Transport Internet Network access S/MIME,S-HTTP Secure TELNET Secure RPC SASL,SSH SSL/TLS IP AH , IP ESP [CHAP,EAP] Link encryptio MAC address filterng Security mechanisms at different layers packet header trailer payload 惆 悋 愆惡擧 悋 悋惘惠惡悋愀 OSI TCP/IP App. Presentation Session Transport Network Data Link Physical
- 30. 惶 愆惠 Communication security Trojan horse Trap door Logical bomb Bacteria Worm Macros & Executable content Virus Malicious Program 惡惘悋 悋 悽惘惡 惠惆惆悋 悋惠 惘 愆惡擧 Eaves dropping on a payload Tampering with a payload Tampering with control information Replaying Traffic analysis Denial of service Masquerading Infilteration