Explain E-payment Security Schemes
Following are the e-payment security schemes
1) Encryption 2) Certificates & Certificates Authority (CA) 3) Digital Signature
4) Digital Envelop 5) Message Digest 6) Transaction Certificates and Time Stamp
Encryption refers to changing a message into unreadable form. Later the encrypted message can be converted into readable form by Decryption.
There are two types of Encryption
(A) Secret Key Encryption/Private Key Encryption
In this scheme, same key called secret key is used by sender and receiver for Encryption (Making message unreadable) & Decryption (Getting original message).
(B) Public Key Cryptography
It is Also known as asymmetric Encryption. It uses two different keys (1) Private Key (2) Public Key. The receiver sends his public key to sender. The sender encrypts message with this public key. Then Message is sent to receiver. Now Receiver uses his private key to decrypt message.
2. Certificates & Certificates Authority (CA)
A certificate represents and identifying certificate issued by a trusted third party called Certificate of Authority. A certificate includes records such as series number name of Owner, Name of CA & Digital signature of CA.
(VeriSign is a most popular pioneering CA. Established in 1999).
3. Digital Signature
Digital signature is a phrase (like Ahmed, Saeed Malik). It Is Encrypted by Sender’s private key. Digital signature is attached with the encrypted message and sent to receiver. Digital signature ensures that sender is verified. Receiver will use sender’s public key to decrypt message.
4. Digital Envelope
Is another encryption scheme. It is used to encrypt a secret key with the receiver’s public key. Now encrypted message & key is sent to receiver. Receiver will open the key first and then he will decrypt the message with this key.
5. Message Digest
It helps to verify that a message is not changed in its way from sender to receiver. Message digest is a bit string. It is unique for each message. A special formula is called hash function is used to calculate message digest of a message. The encrypted message with message digest is sent to receiver. Now if message is changed in the way then its message digest will not match.
6. Transaction Certificates and Time Stamp
A transaction certificate attests to some fact about the conduct of a transaction. It can be used to prevent repudiation (denial). Similarly a time stamp ensures that a document was present at a particular time.
Basics of eCommerce
Ecommerce Payment Systems/ ePayment