Lecture_EC_Payment Ericsson Credit Card Machine W25 Siemens
User Manual: Ericsson Credit Card Machine W25
Open the PDF directly: View PDF 
.
Page Count: 11
| Download | |
| Open PDF In Browser | View PDF |
SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Table of Contents – 5) Digital Payment Systems 5.1) Introduction • • • Motivation (Examples, Demo) Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept) Market View (Technological & Economical Clustering, Conceptual Clustering) 5.2) Secure Electronic Transactions (SET) • • • • • Introduction (Shopping Demo, Motivation, Background, Scenario, Scope) Security (Requirements, Dual Signature, Mechanisms) Participation (Prerequisites, Certification Hierarchy, Registration) Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages) Summary (Status, Discussion, Outlook, 3D-SET) 5.3) Internet Payment Systems • • • • Small Payment Systems (CyberCoin, Ecash, Geldkarte) Micropayment Systems (MilliCent, IBM-MP) Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay) Summary and Conclusions 5.4) Mobile Payment Systems • • • Introduction (Scenario, Internet&Mobile Security, Classification, Market View) Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal) Summary and Open Issues SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 173 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Mobile Digital Payment Scenario Issuer financial network client relationship Payer client relationship transfer of value (Customer) • • • Acquirer Payee (Merchant) Payment: Transfer of monetary value from payer to payee Mobile Payment: –”– via mobile networks Mobile Payment Service Providers today • • Banks / Credit Card Companies / Dedicated Payment Processors Network Operators – Identified Customers – Prepaid Customers SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 174 1 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Internet Payment Security Technologies • Plain Security • Outband Security • Secure Communication Channel (SSL, TLS) • • • • • • Login & Password, TANs (Transaction Numbers) Email, mobile phones, premium phone numbers, .... Encrypted channel between customer browser & merchant Web server Server authentication, optional browser authentication Supported by the main browsers Application Security • Digital Signatures – Non-repudiation of digital actions – Normally wallet support (plug-ins, helper applications, ...) required – PKI – Public Key Infrastructure – Smart cards for storing the private key • Digital Envelopes – Encrypting (parts of) messages on application level SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 175 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Mobile Payment Security Technologies • PIN-based Security • • • Authentication and authorization via Login / PIN or Password / TAN Standard security arrangement defaulting PKI based mechanisms Mobile Operator Driven Security • Channel Encryption between End-User Device and WAP gateway – Wireless Transport Layer Security (WTLS) – No End-To-End-Security between Customer and Merchant – .... unless the Merchant operates the WTLS-Gateway • • User Identity Module (UIM): (U)SIM/WIM Financial Institute Driven Security • • Dual slot mobile phone – second smart card Multi-application SIM card SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 176 2 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Classification of Mobile Payment Solutions • Banks / Credit Card Companies / Dedicated Payment Processors • • • Mobile Network Operators • • Utilization of existing Billing Mechanisms (Prepaid and contract based) Multi-Payment Method Frameworks • • • • Mobile Credit Card Payments Migrating Internet Payment Systems Mobile Network Operators Dedicated Payment Processors Shopping Malls, Large Shops Other Mobile Payment Systems • Mobile Home Banking, Internet Payments, Mobile Retailer Support SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 177 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems m-Payment: Market View Migrating Internet Payment Systems CyberCash Ecash Geldkarte IBM-MP Iti Achat MilliCent SET SSL Internet Payments GiSMo Paybox WebTrade.Net Mobile Credit Card Payments Chargit WAP EMPS GMCIG MasterCard Netlife Pure Commerce Trintech Sagem Visa WireCard Mobile Home Banking 724 Solutions BizPay EarthPort PayPal PostGirot Mob.Smart S1 Solo e-Payment W-Trade Multiple Payment Method Platforms Atos Poseidon Brokat Twister Ericsson Jalda GlobeId @Pay MoreMagic MBroker PayItMobile Sonera Mobile Pay Thyron YES.pay Prepaid Accounts LHS Prepaid Siemens Pay@Once Prepaid 13Paid eXcape With Mobile Phones MobilPay Seasoning Yen-Raku Mobile Retailer Support ePayWireless Skypay Other Mobile Payment Systems Aether Mosaic Postilion Motorola m-Wallet MovilPago Telco Italia Easybuy * Details in this Lecture SIEMENS AG, CT IC 3 - Security / Electronic Commerce * Siemens Involvement © Dr. Ricarda Weber, March 2001 / Page 178 3 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Table of Contents – 5) Digital Payment Systems 5.1) Introduction • • • Motivation (Examples, Demo) Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept) Market View (Technological & Economical Clustering, Conceptual Clustering) 5.2) Secure Electronic Transactions (SET) • • • • • Introduction (Shopping Demo, Motivation, Background, Scenario, Scope) Security (Requirements, Dual Signature, Mechanisms) Participation (Prerequisites, Certification Hierarchy, Registration) Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages) Summary (Status, Discussion, Outlook, 3D-SET) 5.3) Internet Payment Systems • • • • Small Payment Systems (CyberCoin, Ecash, Geldkarte) Micropayment Systems (MilliCent, IBM-MP) Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay) Summary and Conclusions 5.4) Mobile Payment Systems • • • Introduction (Scenario, Internet&Mobile Security, Classification, Market View) Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal) Summary and Open Issues SIEMENS AG, CT IC 3 - Security / Electronic Commerce Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems © Dr. Ricarda Weber, March 2001 / Page 179 SIEMENS NetCom Trial – Siemens Pay@Once • • • • Customer connects to payment center by dialing number displayed on vending machine Payment system calls vending machine and informs it that customer can purchase a drink When drink is selected, a response is sent to payment center Customer‘s phone bill charged (fixed rate call = cost of refreshment) SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 180 4 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Mobile SET – Secure Electronic Transactions • Standard by Visa & MasterCard • • for secure usage of credit cards on the Internet Protocols between Customer, Merchant and Payment Gateway • • • Cardholder registration, merchant registration Purchase Request, Payment Authorization Payment Capture • • Uses public-key cryptography Credit card companies interested in support of SET by mobile devices • Today’s alternatives to smart cards & advanced security support • • • Server Wallets with Customer Id and PIN authorization Merchant initiated SET in the background, proprietary forms in the front-end Both void the main security feature of SET, i.e. customer non-repudiation http://www.setco.org http://www.gmcig.org SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 181 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Trintech PayWare mAccess – Form Filling http://www.trintech.com • PayWare mAccess provides mobile shopping support • • • • PayWare mAccess operates as protocol monitor • • • • • Pre-recordes customer credit card and shipment address details auto-fills order form using ECML (http://www.ecml.org) transfers payment and shipping details to merchant kind of WAP gateway / access control proxy monitors communication between customer and merchant authenticates the customer via login and PIN forwards the auto-filled order form to the merchant Security • • WTLS between wireless device and mAccess SSL between mAccess and merchant PayWare DB WTLS Customer SIEMENS AG, CT IC 3 - Security / Electronic Commerce mAccess WAP Gateway SSL Merchant © Dr. Ricarda Weber, March 2001 / Page 182 5 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Trintech PayWare mAccess - Workflow Customer requests order form mAccess intercepts order form mAccess auto-fills order form from pre-recorded customer details using ECML Customer logs on to mAccess Customer selects details mAccess forwards customer credit card and shipping details to merchant mAccess presents auto-filled order form for customer approval SIEMENS AG, CT IC 3 - Security / Electronic Commerce Customer gets receipt from merchant © Dr. Ricarda Weber, March 2001 / Page 183 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Broker Twister X.Pay http://www.brokat.de • The Internet version of Twister X·Pay • • operationally deployed in many Internet shops and shopping malls small and macropayments – credit card payments, account -based aggregation, loyalty points • • Thin Java Wallet is SET-certified Multi-Payment-Method Broker Framework SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 184 6 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Brokat Twister X.Pay - Mobile Payment Workflow • • • • • Banks, etc. Monthly Bill PrePaid Account Telephone Bill Bank Account Credit Card 9. Inter-Account Transfer 8. Payment Method Specific Messages Intranet C.-Account Web, WAP or SMS GUI 3. Payment request 5. PM Select. & Auth. Req. 6. A u t h. 4. Cust. Authent. M.-Account 7. Reassurance 11. (SMS) Receipt Internet 10. Confirmation 1. Service Request Customer 2. Payment Request Merchant 12. Service Delivery SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 185 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Brokat Twister X.Pay - Mobile Payment Screenshots (2/3) Pay Request • (6) Authorization (10.a) Receipt (11) SMS Receipt Payment workflows equivalent • • • (5) Invoice for the Internet scenario and the mobile scenario allowing for a close integration and an identical merchant payment interface Technique of mutual redirections between merchant and broker • minimal demands on the customer's end-user device • can be handled equally well in WAP and Internet szenarios SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 186 7 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems PayBox – Authorization via Cell Phone Current Account http://www.paybox.de Current Account 4. Debit 5. Credit Intranet 3. Authorization Web GUI & mobile phone • • • • • Payer 2.Invoice with payer's mobile phone id 1. Mobile Phone Id Internet 6. Confirmation Payee Customers register with Paybox (mobile phone id and account details) Customer renders mobile phone id (1) to merchant, who contacts (2) Paybox Paybox calls (3) mobile phone with voice & DTMF based authorization dialog Paybox places (4) a direct debit to the customer’s account Paybox credits (5) and notifies (6) merchant SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 187 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems PayBox - Further Details • Peer to Peer / Physical Situation (e.g. Taxi) Mobile Payments • • • • • TA fee from 25 Cent up to 2 Euro, payment limit 200 Euro Payer renders mobile phone id to payee Payee invoices payer by calling a special Paybox phone number Transaction proceeds as described before Security Concerns • • • • Payer must render to payee mobile phone Id or Paybox pseudonym These data are sufficient to terrorize the payer with fake invoices Payer uses PIN authentication and authorization Payments neither non-repudiable nor durable – Risk for merchant and Paybox operator • • Deutsche Bank involved Similar Systems: GiSMo, Seasoning, ... SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 188 8 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems PayPal – Mobile Home Banking http://www.paypal.com • • • • • By Confinity Inc. with support from Nokia and Deutsche Bank Peer-to-peer payments via wireless PDAs or Web phones From a credit card account to the recipient's PayPal account PayPal gains float, customers avoid mailing paper checks Access to the user‘s PayPal account is passphrase / PIN protected Credit Card. 4. Inter-Account Transfer 3. Debit Intranet Payer-Account 2. Remittance Web GUI or Phone / PDA GUI Payee-Account 6. Notification Payer 5. Notification 1. Email Address SIEMENS AG, CT IC 3 - Security / Electronic Commerce Internet Payee © Dr. Ricarda Weber, March 2001 / Page 189 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems PayPal – Further Details • Transaction Workflow • • • • (1) The payee places a remittance with PayPal (2) The payment is deducted from the payer‘s credit card / PayPal account (3) The payment is credited to the payee‘s PayPal account (4) The payee and (5) payer each receive an email notification • The payer must register with PayPal • Money can be sent to both PayPal and not yet PayPal users • • • • The payer may use a Web-enabled phone or a wireless PDA The payee‘s email address must be specified The payee must sign up or log in to PayPal • • • New payers must specify their credit card details The payment appears in the payee‘s PayPal account balance. The payee can transfer the funds to a bank account, request a check, or pay the funds to someone else. Similar Systems: EarthPoint, BizPay, ... • Use of the mobile phone id instead of email address SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 190 9 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Table of Contents – 5) Digital Payment Systems 5.1) Introduction • • • Motivation (Examples, Demo) Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept) Market View (Technological & Economical Clustering, Conceptual Clustering) 5.2) Secure Electronic Transactions (SET) • • • • • Introduction (Shopping Demo, Motivation, Background, Scenario, Scope) Security (Requirements, Dual Signature, Mechanisms) Participation (Prerequisites, Certification Hierarchy, Registration) Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages) Summary (Status, Discussion, Outlook, 3D-SET) 5.3) Internet Payment Systems • • • • Small Payment Systems (CyberCoin, Ecash, Geldkarte) Micropayment Systems (MilliCent, IBM-MP) Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay) Summary and Conclusions 5.4) Mobile Payment Systems • • • Introduction (Scenario, Internet&Mobile Security, Classification, Market View) Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal) Summary and Open Issues SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 191 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Mobile Payment Systems Summary • Current Status • • • • • All systems in very early stages of planning or piloting Usually very little information and technical details disclosed Often little more than declarations of intent Lack of appropriate security mechanisms in the mobile environment Indirect payment model dominates • UserId / PIN / TAN authentication and authorization widely used Only a few direct payments (e.g. Iti Achat, Geldkarte, ...) • Rarely use of advanced security technologies (e.g. MobilSmart) • – Special security support in the mobile end-user device – SIM card application signs SMS remittance authorization SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 192 10 SIEMENS Technological Foundations of E-Commerce – Chapter 5: Digital Payment Systems Mobile Payment Systems Open Issues • Suitable Security Support in the Mobile Environment • • • • Not just UserId / PIN / TAN Strong Public Key Cryptography Based Security Mechanisms Smart Card Support Mechanisms Required • • Ensure: Confidentiality, Integrity, Authentication, Non-Repudiation, .... End-2-End security between customer and merchant – Equivalent to SSL, WTLS mostly isn‘t good enough • • • Mobile Digital Envelopes & Signatures Authentication and WPKI-Support Mobile Security and Payment Standardization Bodies (examples) • • • • WAP forum: WTLS, E2E-Security, WML Script SignText, ... 3GPP SIM Toolkit standardization GMCIF - MasterCard Global Mobile Commerce Interoperability Forum MSign - Brokat Mobile Digital Signature Merchant API SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 193 SIEMENS Questions and Comments ? Thanks for your Attention. SIEMENS AG, CT IC 3 - Security / Electronic Commerce © Dr. Ricarda Weber, March 2001 / Page 194 11
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.2 Linearized : No Page Count : 11 Creator : Microsoft PowerPoint Create Date : 2001:07:03 21:47:46 Title : Lecture_EC_Payment Author : weber_ri Producer : Acrobat PDFWriter 4.05 für WindowsEXIF Metadata provided by EXIF.tools