III YEAR BCA E-COMMERCE UNIT-2 &3 MADRAS UNIVERSITY(PAGE-2)

 

Decrypts the secret key

2. Decrypts the information, message digest, and account holder's public key.

3. Computes and compares message digest

· The certified documentation is then encrypted using a secret key which is in

turn encrypted with the account holder's public key.

· The certified documentation is then verified by the account holder by using

Merchant registration:

· Merchant must register with TPs that correspond to particular

account type that they wish to honor before transacting business with customer

who share the same account types.

For example if a merchant wishes to accept visa and MasterCard ,that

merchant may have to register with two TPs or find a TP that represent both

· The merchant registration is similar to the account holder's registration

process.

Account Holder(customer)ordering:

· To send a message to a merchant the customer (account holder)must have a

copy of the merchant's public key and a copy of the TPs public key that

corresponds to the account type to be used.

· The order form is completed ,that customer software does the following

the public key of the TP, thus checking the digital signature. The account

holder's software for future use in electronic commerce transaction.









Ø Encrypts account information with the TP‟s public key.

Ø Attaches encrypted account information to the order form

Ø Creates a message digest of the order form and digitally signs it with the

customer's private key.

Ø Encrypts the following with the secret key order form ,digital signature, and

customer's.

Ø Encrypts secret key with the merchant's public key from the merchant CD.

Ø Transmits the secret key encrypted message and encrypted secret key to the

merchant

· When the merchants software receives the order ,it does the following









Payment authorization:

· The processing of an order ,the merchant will need a authorize(clear) the

transaction with the TP responsible for that particular account.

· The authorization assures the merchant that the necessary funds or credit

limit is available to cover the cost of the order.

· The merchant has no access to the customer account information since it

was encrypted using the TP‟s public key thus it is required that this

information be sent to the TP so that the merchant can receive payment

authorization from the TP and that the proper customer account is debited

for the transaction.

TP the following information using encryption and digital signature process

previously described:

Merchant's CD

v Specific order information such as amount to be authorized order , number,

date.

v Customers ID

v Customers account information

· After verifying the merchant , customer, and account information the TP

would then analyze the amount to be authorized

 

On-Line Electronic cash:

Overview:

· E-cash works in the following way: a consumer opens an account with an

appropriate bank.

· The consumer shows the bank some form of identification so that the bank

knows who the consumer is.

· The e-cash is then stored on a PCs hard drive or possibly a PCMCIA card

for later use.

· These transaction could all be done using public key cryptography and

digital signatures as discussed easily.

Problem with simple electronic cash:

· A problem with the e-cash example just discussed is that double spending

cannot be attacked or prevent since all cash would look the same.

· The bank sees e-cash from a merchant with a certain serial number ,it can

trace back to the consumer who spent it and possibly deduce purchasing

habits

· This frustrate the nature of privacy associated with real cash.

Creating electronic cash anonymity:

· To allow anonymity the bank and the customer must collectively create the

e-cash and associate serial number, whereby the bank can digitally sign and

thus verify the e-cash ,but not recognize it as coming from a particular

consumer.

· To get e-cash the consumer choose a random number to be used as the serial

number for the e-cash.

Preventing double spending:

· While the preceding process protects the anonymity of the consumer and

can identify when money has been double spent ,it still does not prevent

consumer ,or merchant for that matter ,from double spending.

· To create a process to identify double spender but one that keep the

anonymity of lawful individuals requires the use of tamperproof software

and complex cryptography algorithms.

· The software prevents double spending by encrypting an individuals

identity by using a random secret key generated for each piece of e-cash.









E-cash Interoperability:

· Consumer must be able to transact with any merchant or bank .Hence

process and security standard must exit for all hardware and software used

in e-cash transaction.

· Interoperability can only be achieved by adherence to algorithm and process

in support e- cash-initiate commerce

Electronic payment scheme:

The leading commercial electronic payment schemes that have

been proposed in the past few years and the companies using them .

Netscape. Netscape secure courier electronic payment scheme which has been

selected by intuit for secure payment between users of its quicken home

banking program and bank use SEPP.

Microsoft: Microsoft STT is similar to SEEP/SET in that it provides digital

signature and user authentication for securing electronic payments. STT is

an embellished version of Netscape's SSL security tool and is compatible

with SSL version 2.0.

Check free: check free corporation provides online payment processing service

to major clients

To major clients, including CompuServe, Genie, Cellular one, Delphi Internet

service corporation and Sky-Tel. check free has also announced intension to

support all security methods that achieve prominence inn the marketplace.

e.g., SET.

 Cyber Cash :combines features from checks and   is a

digital cash software system which is used like a money order guaranteeing

payment to the merchant before the goods shifting. Cyber Cash wants a

micropayment capabilities of 5 to 20 cents pre transaction.







VeriSign: VeriSign is offering its digital signature technology for

authenticating as a component separated from encryption which allows for

export of stronger authentication. IBM is building support for digital ID into

its web browser and internet connection secure server for AIX and OS/2.

Digi Cash: Digi Cash is a software company whose products allow users to

purchase goods over the internet without using accredit card. The threat of

privacy loss(where expenses can be easily traced ) gave rice to the idea of

anonymous e-cash ,an electronic store of cash replacement funds which can

be loaded into a smart card for electronic purchase.

First virtual holding:It‟s targeting individuals and small business that want to

buy and sell on the internet but cannot afford an extensive on-line

infrastructure. A first virtual e-mail account and first virtual hosting system

to track and record the transfer of information ,products , and payment for

accounting and billing purpose ,consumer and merchant can buy and sell

goods on the internet without sensitive information such as credit card

number moving across the network. All sensitive information is delivered

by telephone.






Commerce Net: In 1993 a group of silicon valley entrepreneurs envisioned the

internet as a whole new model of commerce one defined around global

access a large number of buyers and seller many to many interaction and a

significantly accelerated pace of procurement and development they called

this model Spontaneous commerce.

Net cash :Net cash is the internet answer to traveler's check. To use Net cash user

must enter their checking account or credit card numbers into an on screen

form and e-mail it to the Net cash.

Other approach: This section lists a few other approaches that have appeared

in the recent past.

Mondex is based on smart card technology initially backed by the united

kingdom's West minster and midland Banks. The electronic purse is a

handled smart card it remembers previous transaction and use RSA

cryptography.

Open market handles credit card transaction via web servers but it was planning

to provide support for debit cards checking account and corporate purchase

order.

Global online use on-line challenge/response. It is based on a third party

originating agreements therefore the seller has a higher cost to enter the

market.








Wallet and such: Even in the absence of standards(e.g., SET) vendors have

been developing system to handle sales over the internet and companies

willing to accept that the products are not interoperable can support business

before standard become widely deployed.


No comments:

Post a Comment