Lecture_EC_Payment Ericsson Credit Card Machine W25 Siemens
User Manual: Ericsson Credit Card Machine W25
Open the PDF directly: View PDF .
Page Count: 11
1
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 173
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Table of Contents –5) Digital Payment Systems
5.1) Introduction
•Motivation (Examples, Demo)
•Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept)
•Market View (Technological & Economical Clustering, Conceptual Clustering)
5.2) Secure Electronic Transactions (SET)
•Introduction (Shopping Demo, Motivation, Background, Scenario, Scope)
•Security (Requirements, Dual Signature, Mechanisms)
•Participation (Prerequisites, Certification Hierarchy, Registration)
•Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages)
•Summary (Status, Discussion, Outlook, 3D-SET)
5.3) Internet Payment Systems
•Small Payment Systems (CyberCoin, Ecash, Geldkarte)
•Micropayment Systems (MilliCent, IBM-MP)
•Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay)
•Summary and Conclusions
5.4) Mobile Payment Systems
•Introduction (Scenario, Internet&Mobile Security, Classification, Market View)
•Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal)
•Summary and Open Issues
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 174
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Mobile Digital Payment Scenario
•Payment: Transfer of monetary value from payer to payee
•Mobile Payment: –” –via mobile networks
•Mobile Payment Service Providers today
•Banks / Credit Card Companies / Dedicated Payment Processors
•Network Operators
–Identified Customers
–Prepaid Customers
Payer
(Customer) Payee
(Merchant)
Issuer Acquirer
client
relationship client
relationship
financial network
transfer of value
2
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 175
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Internet Payment Security Technologies
•Plain Security
•Login & Password, TANs (Transaction Numbers)
•Outband Security
•Email, mobile phones, premium phone numbers, ....
•Secure Communication Channel (SSL, TLS)
•Encrypted channel between customer browser & merchant Web server
•Server authentication, optional browser authentication
•Supported by the main browsers
•Application Security
•Digital Signatures
–Non-repudiation of digital actions
–Normally wallet support (plug-ins, helper applications, ...) required
–PKI –Public Key Infrastructure
–Smart cards for storing the private key
•Digital Envelopes
–Encrypting (parts of) messages on application level
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 176
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Mobile Payment Security Technologies
•PIN-based Security
•Authentication and authorization via Login / PIN or Password / TAN
•Standard security arrangement defaulting PKI based mechanisms
•Mobile Operator Driven Security
•Channel Encryption between End-User Device and WAP gateway
–Wireless Transport Layer Security (WTLS)
–No End-To-End-Security between Customer and Merchant
–.... unless the Merchant operates the WTLS-Gateway
•User Identity Module (UIM): (U)SIM/WIM
•Financial Institute Driven Security
•Dual slot mobile phone –second smart card
•Multi-application SIM card
3
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 177
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Classification of Mobile Payment Solutions
•Banks / Credit Card Companies / Dedicated Payment Processors
•Mobile Credit Card Payments
•Migrating Internet Payment Systems
•Mobile Network Operators
•Utilization of existing Billing Mechanisms (Prepaid and contract based)
•Multi-Payment Method Frameworks
•Mobile Network Operators
•Dedicated Payment Processors
•Shopping Malls, Large Shops
•Other Mobile Payment Systems
•Mobile Home Banking, Internet Payments, Mobile Retailer Support
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 178
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
m-Payment:Market View
* Siemens Involvement
Migrating Internet Payment Systems
CyberCash Ecash
Geldkarte IBM-MP
Iti Achat MilliCent
SET SSL
Mobile Credit Card Payments
Chargit WAP EMPS
GMCIG MasterCard
Netlife Pure Commerce
Sagem Trintech
Visa WireCard
Multiple Payment Method Platforms
Atos Poseidon Brokat Twister
Ericsson Jalda GlobeId @Pay
MoreMagic MBroker PayItMobile
Sonera Mobile Pay Thyron YES.pay
Prepaid Accounts
LHS Prepaid
Siemens Pay@Once Prepaid
Mobile Home Banking
724 Solutions BizPay
EarthPort PayPal
PostGirot Mob.Smart S1
Solo e-Payment W-Trade
Other Mobile Payment Systems
Aether Mosaic Postilion
Motorola m-Wallet MovilPago
Telco Italia Easybuy
Internet Payments With Mobile Phones
GiSMo MobilPay
Paybox Seasoning
WebTrade.Net Yen-Raku
Mobile Retailer Support
13Paid ePayWireless
eXcape Skypay
* Details in this Lecture
4
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 179
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Table of Contents –5) Digital Payment Systems
5.1) Introduction
•Motivation (Examples, Demo)
•Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept)
•Market View (Technological & Economical Clustering, Conceptual Clustering)
5.2) Secure Electronic Transactions (SET)
•Introduction (Shopping Demo, Motivation, Background, Scenario, Scope)
•Security (Requirements, Dual Signature, Mechanisms)
•Participation (Prerequisites, Certification Hierarchy, Registration)
•Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages)
•Summary (Status, Discussion, Outlook, 3D-SET)
5.3) Internet Payment Systems
•Small Payment Systems (CyberCoin, Ecash, Geldkarte)
•Micropayment Systems (MilliCent, IBM-MP)
•Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay)
•Summary and Conclusions
5.4) Mobile Payment Systems
•Introduction (Scenario, Internet&Mobile Security, Classification, Market View)
•Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal)
•Summary and Open Issues
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 180
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
NetCom Trial –Siemens Pay@Once
•Customer connects to payment center by dialing number displayed on
vending machine
•Payment system calls vending machine and informs it that customer can
purchase a drink
•When drink is selected, a response is sent to payment center
•Customer‘s phone bill charged (fixed rate call = cost of refreshment)
5
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 181
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Mobile SET –Secure Electronic Transactions
•Standard by Visa & MasterCard
•for secure usage of credit cards on the Internet
•Protocols between Customer, Merchant and Payment Gateway
•Cardholder registration, merchant registration
•Purchase Request, Payment Authorization
•Payment Capture
•Uses public-key cryptography
•Credit card companies interested in support of SET by mobile devices
•Today’s alternatives to smart cards & advanced security support
•Server Wallets with Customer Id and PIN authorization
•Merchant initiated SET in the background, proprietary forms in the front-end
•Both void the main security feature of SET, i.e. customer non-repudiation
http://www.setco.org
http://www.gmcig.org
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 182
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
http://www.trintech.com
Trintech PayWare mAccess –Form Filling
•PayWare mAccess provides mobile shopping support
•Pre-recordes customer credit card and shipment address details
•auto-fills order form using ECML (http://www.ecml.org)
•transfers payment and shipping details to merchant
•PayWare mAccess operates as protocol monitor
•kind of WAP gateway / access control proxy
•monitors communication between customer and merchant
•authenticates the customer via login and PIN
•forwards the auto-filled order form to the merchant
•Security
•WTLS between wireless device and mAccess
•SSL between mAccess and merchant
Customer Merchant
mAccess
WAP Gateway
PayWare DB
WTLS SSL
6
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 183
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Customer requests
order form mAccess intercepts
order form Customer logs
on to mAccess Customer
selects details
mAccess presents
auto-filled order
form for customer
approval
Customer gets receipt
from merchant
mAccess auto-fills
order form from
pre-recorded
customer details
using ECML
mAccess forwards
customer credit
card and shipping
details to merchant
Trintech PayWare mAccess -Workflow
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 184
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Broker Twister X.Pay
•The Internet version of Twister X·Pay
•operationally deployed in many Internet shops and shopping malls
•small and macropayments
–credit card payments, account-based aggregation, loyalty points
•Thin Java Wallet is SET-certified
•Multi-Payment-Method Broker Framework
http://www.brokat.de
7
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 185
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Brokat Twister X.Pay -Mobile Payment Workflow
12. Service Delivery
Customer Merchant
Banks, etc.
6.
A
u
t
h.
1. Service Request
9. Inter-Account Transfer
Intranet
Internet
C.-Account M.-Account
8. Payment Method
Specific Messages
5. PM
Select.
&
Auth.
Req.
4. Cust. Authent.
Web,
WAP
or SMS
GUI
• Monthly Bill
•PrePaid Account
• Telephone Bill
• Bank Account
• Credit Card
2. Payment Request
10. Con-
firmation
3.
Pay-
ment
re-
quest
7. Re-
assur-
ance
11. (SMS)
Receipt
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 186
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Brokat Twister X.Pay -Mobile Payment Screenshots
•Payment workflows equivalent
•for the Internet scenario and the mobile scenario
•allowing for a close integration and an identical merchant payment interface
•Technique of mutual redirections between merchant and broker
•minimal demands on the customer's end-user device
•can be handled equally well in WAP and Internet szenarios
(2/3) Pay Request (5) Invoice (6) Authorization (10.a) Receipt (11) SMS Receipt
8
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 187
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
PayBox –Authorization via Cell Phone
•Customers register with Paybox (mobile phone id and account details)
•Customer renders mobile phone id (1) to merchant, who contacts (2) Paybox
•Paybox calls (3) mobile phone with voice & DTMF based authorization dialog
•Paybox places (4) a direct debit to the customer’s account
•Paybox credits (5) and notifies (6) merchant
http://www.paybox.de
Payer Payee
Current Account
Intranet
Internet
4. Debit
Web GUI &
mobile
phone
2.Invoice with payer's
mobile phone id
3. Authori-
zation
Current Account
5. Credit
6. Confir-
mation
1. Mobile Phone Id
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 188
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
PayBox -Further Details
•Peer to Peer / Physical Situation (e.g. Taxi) Mobile Payments
•TA fee from 25 Cent up to 2 Euro, payment limit 200 Euro
•Payer renders mobile phone id to payee
•Payee invoices payer by calling a special Paybox phone number
•Transaction proceeds as described before
•Security Concerns
•Payer must render to payee mobile phone Id or Paybox pseudonym
•These data are sufficient to terrorize the payer with fake invoices
•Payer uses PIN authentication and authorization
•Payments neither non-repudiable nor durable
–Risk for merchant and Paybox operator
•Deutsche Bank involved
•Similar Systems: GiSMo, Seasoning, ...
9
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 189
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
PayPal –Mobile Home Banking
•By Confinity Inc. with support from Nokia and Deutsche Bank
•Peer-to-peer payments via wireless PDAs or Web phones
•From a credit card account to the recipient's PayPal account
•PayPal gains float, customers avoid mailing paper checks
•Access to the user‘s PayPal account is passphrase / PIN protected
http://www.paypal.com
Payer Payee
Credit Card.
2. Remit-
tance
4. Inter-Account Transfer
Intranet
Internet
Payer-Account Payee-Account
3. Debit
Web GUI or
Phone /
PDA GUI
5. Notifi-
cation
6. Notifi-
cation
1. Email Address
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 190
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
PayPal –Further Details
•Transaction Workflow
•(1) The payee places a remittance with PayPal
•(2) The payment is deducted from the payer‘s credit card / PayPal account
•(3) The payment is credited to the payee‘s PayPal account
•(4) The payee and (5) payer each receive an email notification
•The payer must register with PayPal
•New payers must specify their credit card details
•Money can be sent to both PayPal and not yet PayPal users
•The payer may use a Web-enabled phone or a wireless PDA
•The payee‘s email address must be specified
•The payee must sign up or log in to PayPal
•The payment appears in the payee‘s PayPal account balance.
•The payee can transfer the funds to a bank account, request a check, or pay the
funds to someone else.
•Similar Systems: EarthPoint, BizPay, ...
•Use of the mobile phone id instead of email address
10
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 191
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Table of Contents –5) Digital Payment Systems
5.1) Introduction
•Motivation (Examples, Demo)
•Taxonomy (Payment Models, Validation, Payment Size, Status, Security, Concept)
•Market View (Technological & Economical Clustering, Conceptual Clustering)
5.2) Secure Electronic Transactions (SET)
•Introduction (Shopping Demo, Motivation, Background, Scenario, Scope)
•Security (Requirements, Dual Signature, Mechanisms)
•Participation (Prerequisites, Certification Hierarchy, Registration)
•Payment (Payment Demo, Payment Workflow, Invoice Example, Further Messages)
•Summary (Status, Discussion, Outlook, 3D-SET)
5.3) Internet Payment Systems
•Small Payment Systems (CyberCoin, Ecash, Geldkarte)
•Micropayment Systems (MilliCent, IBM-MP)
•Further Digital Payment Systems (Phone Ticks, Brokat Twister X.Pay)
•Summary and Conclusions
5.4) Mobile Payment Systems
•Introduction (Scenario, Internet&Mobile Security, Classification, Market View)
•Selected Systems (Pay@Once, SET, mAccess, X.Pay, PayBox, PayPal)
•Summary and Open Issues
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 192
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Mobile Payment Systems Summary
•Current Status
•All systems in very early stages of planning or piloting
•Usually very little information and technical details disclosed
•Often little more than declarations of intent
•Lack of appropriate security mechanisms in the mobile environment
•Indirect payment model dominates
•UserId / PIN / TAN authentication and authorization widely used
•Only a few direct payments (e.g. Iti Achat, Geldkarte, ...)
–Special security support in the mobile end-user device
•Rarely use of advanced security technologies (e.g. MobilSmart)
–SIM card application signs SMS remittance authorization
11
SIEMENS AG, CT IC 3 -Security / Electronic Commerce © Dr. RicardaWeber, March2001 / Page 193
Technological Foundations of E-Commerce –Chapter 5:Digital Payment Systems SIEMENS
Mobile Payment Systems Open Issues
•Suitable Security Support in the Mobile Environment
•Not just UserId / PIN / TAN
•Strong Public Key Cryptography Based Security Mechanisms
•Smart Card Support
•Mechanisms Required
•Ensure: Confidentiality, Integrity, Authentication, Non-Repudiation, ....
•End-2-End security between customer and merchant
–Equivalent to SSL, WTLS mostly isn‘t good enough
•Mobile Digital Envelopes & Signatures
•Authentication and WPKI-Support
•Mobile Security and Payment Standardization Bodies (examples)
•WAP forum: WTLS, E2E-Security, WML Script SignText, ...
•3GPP SIM Toolkit standardization
•GMCIF -MasterCard Global Mobile Commerce Interoperability Forum
•MSign -Brokat Mobile Digital Signature Merchant API
© Dr. RicardaWeber, March2001 / Page 194SIEMENS AG, CT IC 3 -Security / Electronic Commerce
SIEMENS
Questions and Comments ?
Thanks for your Attention.