电子支付系统(二)

本论文在其他论文栏目，由论文格式网整理,转载请注明来源www.lwgsw.com,更多论文,请点论文格式范文查看
Smart cards智能卡
Smart cards are cards that look like credit cards, but store information on a microprocessor chip instead of magnetic strips.智能卡是卡，卡看上去像信用卡，但磁条存储信息，而在微处理器芯片。 A microchip can hold significantly more information than a magnetic strip.一个芯片可以容纳更多地带显着的信息比1磁性。 Because of this capacity, a single smart card can be used for many different purposes.由于这种能力，一个智能卡可以用于许多不同的目的。 Unlike magnetic strip cards which can be read by any magnetic reader, and are therefore vulnerable to loss or theft, a smart card can be password-protected to guarantee that it's only used by the owner.不像磁条卡阅读器，可以读取任何磁性，因此容易丢失或被盗，智能卡，可密码保护，以保证它的唯一拥有者使用的。
Smart cards can run RSA encryption and can be programmed to generate a pair of public/private keys.智能卡可以运行RSA加密，可以通过编程来生成一个密钥对公共/私人。 The public key is made publicly readable, but the private key is be stored on the card without anyone being able to copy it.公钥是公开可读，但私钥被卡存储在没有它的人能够复制。 Therefore, to use the private key, the user must physically possess the card.因此，要使用私钥，用户必须具备的物理卡。
Electronic payment systems
Electronic payment systems are non-credit-card online payment systems. The goal of their development is to create analogs of checks and cash on the Internet, i.e. to implement all or some of the following features:
Protecting customers from merchant's fraud by keeping credit card numbers unknown to merchants.
Allowing people without credit cards to engage in online transactions.
Protecting confidentiality of customers.
In some cases providing anonymity of customers ("electronic cash").
The problems in implementing electronic payment systems, especially anonymous electronic money, are:
Preventing double-spending: copying the "money" and spending it several times. This is especially hard to do with anonymous money.
Making sure that neither the customer nor the merchant can make an unauthorized transaction.
Preserving customer's confidentiality without allowing customer's fraud.
While electronic payment systems have not gained a very wide popularity, except for PayPal system used on online auctions, such as eBay, they may become more popular in the future if more businesses start using them. Electronic payment systems may be more convenient for international online business due to differences in credit card customer protection laws in different countries.
Below we look at examples of online payment systems. Most of these products are no longer used, but the ideas developed by their authors are used in other products.
Virtual PIN
Virtual PIN, started in 1994 by a company called First Virtual Holding, was a system for making credit card payments over the Internet without exposing the credit card number to the merchant. It required no special software for a customer to make a purchase. Virtual PIN relied on difficulty of intercepting and forging e-mail.
To enroll, a customer gives their credit card information and their e-mail address to the First Virtual (this was done by phone). After the credit card information has been verified, the customer receives their PIN by e-mail.
The procedure for purchasing an item using Virtual PIN is as follows:
The customer gives the merchant their Virtual PIN.
The merchant sends the Virtual PIN and the amount of transaction to First Virtual.
First Virtual sends an e-mail to the customer asking to confirm the purchase.
The customer answered "Yes", "No", or "Fraud".
If the answer is "Yes", the merchant is informed that the charge has been accepted. If "No", the charge is declined. If the answer is "Fraud", the charge is investigated.
Even though no encryption was involved, an eavesdropper could not use a virtual PIN without being able to intercept and answer the e-mail message to confirm the purchase.
Unlike credit cards which carry the customer's name, Virtual PIN provided a customer's anonymity from the merchant. The e-mail confirmation of the transaction served as a protection against merchant's fraud.
Unfortunately, while the system has been created for all kinds of online business, the main use of Virtual PIN at the time was for buying and selling pornography. Virtual PIN tried to disassociate itself from this market. Eventually the company abandoned the Virtual PIN and became specialized in sending promotional e-mail.
DigiCash (or E-cash)
DigiCash (also known as E-cash) is an electronic payment system developed by Dr. David Chaum, who is widely regarded as an inventor of digital cash. The system was based on digital tokens called digital coins. DigiCash operated as follows:
A customer establishes an account with the bank or other organization that could mint and receive digital coins. The customer's account was backed by real money in some form, for instance it could be linked to the customer's checking account.
The customer also needs to download and install a software called electronic wallet.
To obtain DigiCash, the customer uses the electronic wallet to create digital coins. The coins are sent to the bank to sign. When the coins are signed, the equivalent amount of money is withdrawn from the customer's account.
In the proposed protocol the customer also had an option of "blinding" the coins. To blind a coin, the customer multiplies it by a random number r before sending it to the bank to sign. The bank signs the data. After the data and its digital signature are sent to the customer, the customer computes the digital signature of the original (non-multiplied) coin by dividing the bank's signature by r. This way the bank doesn't know the coin, but the customer, who knows r, can trace his/her payments. Blind signatures have not been implemented.
To find out why blind signatures work, read the article Cryptography and Number Theory for Digital Cash by Orlin Grabbe. This article explains mathematics behind blind signatures. This material is optional.
When the customer wants to make a purchase, he/she sends signed digital coins to the merchant. The merchant verifies the bank's signature and deposits the coins to the bank, where they are credited to the merchant's account.
The DigiCash (or E-cash), produced by the company DigiCash BV based in Amsterdam, has never created a market. The company eventually declared bankruptcy. However, the algorithms used in DigiCash are considered fundamental in development of digital money.
CyberCash/CyberCoin
CyberCash is a system that allows customers to pay by a credit card without revealing the credit card number to the merchant. To achieve this, a credit card number is sent to the merchant in an encrypted form.
To enroll, a customer installs a software called CyberCash wallet on their computer. At the time of the installment the wallet generated a pair of a public and a private key. The wallet was protected by a passphrase, and a backup key was stored encrypted on a floppy disk. A CyberCash account was linked to the customer's credit card. A variation of this scheme called CyberCoin was linked to the customer's checking account.
A purchase was conducted the following way:
When the purchase was initiated, the CyberCash wallet displayed the amount, the merchant's name, and other information. After the customer approved the transaction, an encrypted payment order was sent to the merchant.
The merchant could decrypt some of the information in the order, such as the product list, the address, etc., but not the other (such as the credit card information). The merchant's software would add its own payment information to the order, digitally sign it, and then send it to the CyberCash gateway.
The CyberCash gateway would decrypt the information. The order would be checked for duplicate requests. The gateway would verify that the customer's and the merchant's order information match (i.e. no fraud was committed on either side). Then it would perform the money transfer and send the approval message to the merchant.
The main point of this scheme was to prevent merchant's fraud, and thus allow customers to do business with more merchants without fear of scam. However, CyberCash and CyberCoin were not able to find the market. The main reasons for the failure were the large size of customer's software and the fact that very few merchants would accept CyberCash payment. The company was eventually bought by VeriSign.
SET (Secure Electronic Transactions)
SET is the Secure Electronic Transaction protocol for sending money over Internet. It has been developed jointly by MasterCard, Visa, and several computer companies.
SET uses mechanisms similar to CyberCash. However, being a standard protocol, it is built into a wide variety of commercial products.
In SET the order information consists of two parts: the part which is private between the customer and the merchant (such as the items being ordered) and information which is private between the customer and the bank (such as the customer's account number). SET allows both kinds of information to be included in a single signed transaction: the part private between the customer and the merchant is encrypted using the merchant's private key, and the part private between the customer and the bank is encrypted using the bank's public key.
To prrevent changing the order information, the customer computes message digests of each part of the message separately, then takes the message digest of the two message digests, and then signs the resulting message digest. This mechanism, called a dual signature, allows either the merchant or the bank to read and validate the signature on its half of the purchase request without having to decrypt the other half.
The reason why SET never became popular was pretty much the same as for CyberCash: the trouble of getting a digital wallet software and setting it up for each credit card was not worth it for a customer, because very few merchants would accept SET payments.
PayPal
PayPal is an electronic payment system which can transfer money between its accounts. In order to use PayPal, one has to obtain a PayPal account, which is associated either with the customer's credit card or with their regular bank account. The validity of a credit card is checked by the usual ways. The validity of a checking account is checked as follows: the customer gives PayPal their account number, PayPal makes two small-amount (less than $1) deposits to the account. If the customer is able to tell PayPal the value of these deposits, then the customer is assumed to be a legitimate user of the account.
PayPal provides easy interface to send money to anyone by giving the person's e-mail account. In order for the person to retrieve the money, they must have a PayPal account. To avoid fraud, PayPal sends an e-mail message to both the initiator and the recipient of the transaction.
PayPal is used to settle online auctions, such as eBay auctions. The ease of use and the fact that no credit card is required to use it makes PayPal increasingly popular.
Smart cards
Smart cards are cards that look like credit cards, but store information on a microprocessor chip instead of magnetic strips. A microchip can hold significantly more information than a magnetic strip. Because of this capacity, a single smart card can be used for many different purposes.
Unlike magnetic strip cards which can be read by any magnetic reader, and are therefore vulnerable to loss or theft, a smart card can be password-protected to guarantee that it's only used by the owner.
Smart cards can run RSA encryption and can be programmed to generate a pair of public/private keys. The public key is made publicly readable, but the private key is be stored on the card without anyone being able to copy it. Therefore, to use the private key, the user must physically possess the card.

首页上一页 1 2 下一页尾页 2/2/2