By G.

Karamchand

PROJECT GUIDED BY: Dr. S. Sudalai Muthu Department of Banking Technology School of Management

E-Payment Security

Keep financial data secret from unauthorized parties (privacy) CRYPTOGRAPHY Verify that messages have not been altered in transit (integrity) HASH FUNCTIONS Prove that a party engaged in a transaction (nonrepudiation) DIGITAL SIGNATURES Verify identity of users (authentication) PASSWORDS, DIGITAL CERTIFICATES

Propose System I Outline

Registration Payment Protocol Payment Transaction

Registration
RBI issue E-money by a registration protocol

Sx:( Signed 64 bit)

Rx:Random Number

Structure of E-money

Mx= f(Sx,Rx)
A user request through an untraceable channel for the manager to register the money Manager Generate a pair of key (Ku-user key and Km- money Key) and an Identifier ID. A Descriptor Dx (A term used to describe or identify of E-money is stored in database)

Mx= f(0,Rx)

Dx= gMx mod n

Messagecustomer= [ID,Ku,Km,Rx]

Where g is a primitive root of modulo n. g and n are public information of the system

Architecture of E-Cash
App. Layer

Customer

Regulatory bodies

Branch

Other banks

E-Cash Service Layer Business Layer

Core financial services Payments services Mutual fund services Bill payment, presentment services Security Services

Service Management Layer Service Broker Service Manager SA Agent

Data Layer

Bank Server

Knowledge repositories

Payment Protocol
Payer 4) Transaction

Recipient

1)Face value Descriptor

3) certification

4) Certification Descriptor

Guarantor 2) Check The face value

Manager 5) Check The consistency and update the database

Payment Protocol
Payer

Payer Encrypts a Descriptor Dx, Updates the face value and random number after transaction and send Message payer to guarantor. The Guarantor ensures the face value of money is greater than zero

Mpayer to guarantor = D(Kpriv , E(Kpub,[Dp , Mp, Rp ]))

Decrypt Encrypt

Guarantor

Payment Protocol
Payer

The Guarantor Check the face value is greater than zero. Then a certification is issued that shows the face value is valid. Next the certification is encrypted with the private key

Certification= E(Kpriv,[Dp , Mp, Rp ])

Encrypt

Guarantor

Payment Protocol
Let IDp- Identification for the payers Money
PAYER

Let Kp- Key Assigned to the payers Money

Let IDr- Identification for the recipients Money Let Kr- Key Assigned to the recipients Money
RECIPIENT

Payment Protocol
The Payer sends an Authenticator Apayer-manager = E([IDp,Dp,Certification];Kpayer-private); And encrypts data for the manager with private key Kmanagerprivate

Mpayer-manager = E([IDp;Dp;Certification;Ap]; Kmanager-private)

Mpayer-recipient = E([Transaction, Mpayer-manager],Krecipient-key)

Transaction = [Dp,Mp,Rp,Pay,Certification]

The Payer sends Transaction with Mpm to the Recipient.

Payment Protocol
The Recipient checks the validity of the Transaction. Next, the recipient calculates an authenticator
Arecipient-manager = E([IDb; Transaction],Krecipient); Recipient

and encrypts data with a banks key.

Mrecipient-manager = E([IDpayer ,Transaction;Arecipient-manager],Kmanager)

Finally the recipient sends Mpb and Mrb to the manager.

Manager

The manager decrypts Mpb and Mrb. Next, the manager checks the consistency and updates descriptors on the database. Finally, the manager sends the receipts to the payer and the recipient.

The Descriptor stored into the database after transaction is denoted as

Dpayer = gMpayer mod n Drecipient = gMrecipientmod n

Structure of Money Mx= f(Sx,Rx)