Chapter5electronicpaymentsystems5.1SecurityInElectronicPaymentsystems5.2ElectronicPaymentmethods5.3CaseofE-banking5.1SecurityInElectronicPaymentsystems5.1.1RequirementofSecurepaymentAuthenticity:thesender(eitherclientorserver)ofamessageiswhohe,sheoritclaimstobe.Privacy:thecontentsofamessagearesecretandonlyknowntothesenderandreceiver.Integrity:thecontentsofamessagearenotmodified(intentionallyoraccidentally)duringtransmission.Non-repudiation:thesenderofamessagecannotdenythathe,sheoritactuallysentthemessage.5.1.2PublicKeyInfrastructurePKIhasbecomethecornerstoneforsecuree-payments.AttheheartofPKIisencryption.Encryption:Theprocessofscrambling(encrypting)amessageinsuchawaythatitisdifficult,expensive,ortime-consumingforanunauthorizedpersontounscramble(decrypt)it.EncryptionhasfourbasicpartsPlaintextCiphertextEncryptionalgorithmkeyThetwomajorclassesofencryption:Symmetricsystems(withonesecretkey),Asymmetricsystems(withtwokeys)

密碼學(xué)是關(guān)于應(yīng)用加密算法對(duì)信息進(jìn)行加密的科學(xué)。加密算法就是用基于數(shù)學(xué)計(jì)算方法與一串?dāng)?shù)字（密鑰）對(duì)普通的文本（信息）進(jìn)行編碼，產(chǎn)生不可理解的密文的一系列步驟。發(fā)送方將消息在發(fā)送到公共網(wǎng)絡(luò)或互聯(lián)網(wǎng)之前進(jìn)行加密，接收方收到消息后對(duì)其解碼或稱(chēng)為解密，所用的程序稱(chēng)為解密程序，這是加密的逆過(guò)程。密碼學(xué)原理字母ABC…Z空格，./:?明文010203…26272829303132密文181920…43444546474849加密與解密示例

例如：把英文26個(gè)字母表的順序編號(hào)作為明文，將密鑰定為17，將明文的編號(hào)加上17，就可以得到一個(gè)密碼表：一個(gè)簡(jiǎn)單的密碼表1.Symmetric(private)keysysteDES:standardsymmetricencryptionalgorithmPlaintextmessageCiphertextPlaintextmessageEncryptionprivatekeyDecryptionprivatekeysenderreceiver2.Asymmetric(public)keysystemRSA:themostcommonpublickeyencryptionalgorithmPlaintextmessageCiphertextPlaintextmessageEncryptionpublickeyDecryptionprivatekeysenderreceiver3.Digitalsignaturesinclude:Hash:

Amathematicalcomputationthatisappliedtoamessage,usingaprivatekey,toencryptthemessage.Messagedigest:

Asummaryofamessage,convertedintoastringofdigits,afterthehashhasbeenapplied.Digitalenvelope:

thecombinationoftheencryptedoriginalmessageandthedigitalsignature,usingtherecipient’spublickeyHash算法:不是加密算法，能產(chǎn)生信息的數(shù)字“指紋”(messagedigest)，主要用途是為了確保數(shù)據(jù)沒(méi)有被篡改或發(fā)生變化，以維護(hù)數(shù)據(jù)的完整性。Hash算法的特性：能處理任意大小的信息，并能生成固定長(zhǎng)度的信息摘要。信息摘要的大小與原信息的大小沒(méi)有關(guān)系，原信息的一個(gè)微小變化都會(huì)對(duì)信息摘要產(chǎn)生和大的影響。具有不可逆性。（1）messageWithcontractMessagewithDigitalsignature（1）messageWithcontractMessagedigestDigitalsignatureDigitalenvelopeDigitalsignatureOriginalmessagedigestNewmessagedigest（2）senderapplieshashfunction(3)Senderencryptsusingsender’sprivatekey(4)Senderencryptsusingrecipient’spublickey(5)Sendere-mailstorecipient(6)Recipientdecryptsusingrecipient’sprivatekey(7)Recipientdecryptsusingsender’spublickey(8)Recipientapplieshashfunction(9)CompareformatchDigitalsignatures4.Certificateauthorities:Thirdpartiesthatissuedigitalcertificates.(電子商務(wù)認(rèn)證中心)CA就是承擔(dān)網(wǎng)上安全電子交易的認(rèn)證服務(wù)的服務(wù)機(jī)構(gòu)，它能簽發(fā)數(shù)字證書(shū)，并能確認(rèn)用戶(hù)身份。CA的主要任務(wù)是受理數(shù)字證書(shū)的申請(qǐng)，簽發(fā)及管理數(shù)字證書(shū)。Acertificatecontains:Theholder’snameValidityperiodPublickeyinformationAsignedhashofthecertificatedata5.SSLandSETSecuresocketlayer(SSL):protocolthatutilizesstandardcertificatesforauthenticationanddataencryptiontoensureprivacyorconfidentiality,inventedbyNetscape.Secureelectronictransaction(SET):AprotocoldesignedtoprovidesecureonlinecreditcardtransactionsforbothconsumersandjointlybyNetscape,Visa,MasterCard,andothers.SET協(xié)議與SSL協(xié)議的比較（1）SET是一個(gè)多方的報(bào)文協(xié)議，它定義了銀行、商家、持卡人之間的必須的報(bào)文規(guī)范，而SSL只是簡(jiǎn)單地在兩方之間建立了一條安全連接。（2）SET允許各方之間的報(bào)文交換不是實(shí)時(shí)的，而SSL則是面向連接的，必須實(shí)時(shí)的進(jìn)行。（3）SET報(bào)文能夠在銀行內(nèi)部網(wǎng)或者其他網(wǎng)絡(luò)上傳輸，而SSL之上的卡支付系統(tǒng)只能與Web瀏覽器捆綁在一起。（4）SET的安全要求較高，因此所有參與SET交易的成員都必須申請(qǐng)數(shù)字證書(shū)，而SSL中只有商家端的服務(wù)器需要驗(yàn)證，客戶(hù)段則是有選擇的。5.2ElectronicPaymentMethods5.2.1E-paymenttoolsElectronicCardsElectroniccashElectroniccheckWhateverthee-paymentmethod,fivepartiesinvolvedine-payments:1.Customer/payer/buyer2.Merchant/payee/seller3.Issuer4.Regulator5.AutomatedClearingHouse(ACH)AutomatedClearingHouse(ACH):

Electronicnetworkthatconnectsallfinancialinstitutionsforthepurposeofmakingfundstransfers.5.2.2

Characteristicsofsuccessfule-paymentmethodsIndependenceInteroperabilityandportabilitySecurityAnonymityDivisibilityEaseofuseTransactionfeesCriticalmass5.2.3ElectronicCardsand

SmartCards1.Paymentcard:

ElectroniccardthatcontainsinformationthatcanbeusedforpaymentpurposesCreditcardsChargecardsDebitcardsCreditcard的付款過(guò)程持卡人商家支付網(wǎng)關(guān)開(kāi)戶(hù)銀行發(fā)卡行認(rèn)證中心（1）訂單及信用卡號(hào)（2）審核（5）確認(rèn)（6）確認(rèn)（3）審核（4）批準(zhǔn)認(rèn)證認(rèn)證認(rèn)證

支付網(wǎng)關(guān)：連接Internet與銀行網(wǎng)絡(luò)，完成支付協(xié)議和現(xiàn)存銀行交易系統(tǒng)協(xié)議之間的信息格式轉(zhuǎn)換，支付網(wǎng)關(guān)須由收單行授權(quán)，再由CA發(fā)放數(shù)字證書(shū)。

支付網(wǎng)關(guān)的功能：確認(rèn)商家身份、解密從持卡人處得到的支付指令，驗(yàn)證持卡人的證書(shū)與在購(gòu)物中所使用的賬號(hào)是否匹配，驗(yàn)證持卡人和商家申請(qǐng)信息的完整性等。ElectronicCardsand

SmartCards(cont.)2.Smartcard:Anelectroniccardcontaininganembeddedmicrochipthatenablespredefinedoperationsortheaddition,deletion,ormanipulationofinformationonthecard.ElectronicCardsand

SmartCards(cont.)Contactcard:Asmartcardcontainingasmallgoldplateonthefacethatwheninsertedinasmart-cardreadermakescontactandsopassesdatatoandfromtheembeddedmicrochip.Contactless(proximity)card:Asmartcardwithanembeddedantenna,bymeansofwhichdataandapplicationsarepassedtoandfromacardreaderunitorotherdevicewithoutcontactbetweenthecardandthecardreader5.2.4E-cashandE-checkE-cash:

Thedigitalequivalentofpapercurrencyandcoins,whichenablessecureandanonymouspurchaseoflow-priceditems.Micro-payments:smallpayments,usuallyunder$10.數(shù)字現(xiàn)金支付的特點(diǎn)匿名性可傳遞性可分性E-cash的支付過(guò)程（1）請(qǐng)求開(kāi)設(shè)E-cash帳戶(hù)（2）帳號(hào)（3）購(gòu)買(mǎi)數(shù)字現(xiàn)金的請(qǐng)求（4）銀行數(shù)字簽名的數(shù)字現(xiàn)金（5）訂單及加密的數(shù)字現(xiàn)金（6）加密的數(shù)字現(xiàn)金（8）確認(rèn)（9）確認(rèn)信息買(mǎi)方賣(mài)方銀行數(shù)字現(xiàn)金庫(kù)（7）核對(duì)E-CheckingE-check:TheelectronicversionorrepresentationofapapercheckEliminatetheneedforexpensiveprocessreengineeringandtakingadvantageofthebankingindustryCanbeusedbyallbankcustomerswhohavecheckingaccountsE-check的支付過(guò)程（1）注冊(cè)申請(qǐng)（2）支票（3）訂單和支票（6）確認(rèn)（4）審核（5）確認(rèn)（7）定期將電子支票存入銀行帳戶(hù)買(mǎi)方銀行賣(mài)方9、春去春又回，新桃換舊符。在那桃花盛開(kāi)的地方，在這醉人芬芳的季節(jié)，愿你生活像春天一樣陽(yáng)光，心情像桃花一樣美麗，日子像桃子一樣甜蜜。2月-252月-25Thursday,February13,202510、人的志向通常和他們的能力成正比例。14:31:3014:31:3014:312/13/20252:31:30PM11、夫?qū)W須志也，才須學(xué)也，非學(xué)無(wú)以廣才，非志無(wú)以成學(xué)。2月-2