Alternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours



Similar documents
Apache, SSL and Digital Signatures Using FreeBSD

Lukasz Pater CMMS Administrator and Developer

Apache Security with SSL Using Ubuntu

Savitribai Phule Pune University

Apache Security with SSL Using Linux

Overview. SSL Cryptography Overview CHAPTER 1

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CRYPTOGRAPHY IN NETWORK SECURITY

Frequently Asked Questions

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

SecuritySpy Setting Up SecuritySpy Over SSL

Understanding digital certificates

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Securing the OpenAdmin Tool for Informix web server with HTTPS

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

SSL/TLS: The Ugly Truth

Properties of Secure Network Communication

Angel Dichev RIG, SAP Labs

Security Policy Revision Date: 23 April 2009

Enabling SSL and Client Certificates on the SAP J2EE Engine

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Implementing Secure Sockets Layer on iseries

E-commerce Shopping Carts Digital Cert. Merchants

ELECTRONIC COMMERCE WORKED EXAMPLES

[SMO-SFO-ICO-PE-046-GU-

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Setting Up SSL on IIS6 for MEGA Advisor

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

How to set up the HotSpot module with SmartConnect. Panda GateDefender 5.0

Securing your Online Data Transfer with SSL

Electronic Commerce and E-wallet

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Cornerstones of Security

2014 IBM Corporation

CSCE 465 Computer & Network Security

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For


Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Securing Your Apache Web Server With a Thawte Digital Certificate

>copy openssl.cfg openssl.conf (use the example configuration to create a new configuration)

Web Security: Encryption & Authentication

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Protect your CollabNet TeamForge site

Chapter 17. Transport-Level Security

White Paper. Securing and Integrating File Transfers Over the Internet

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

E-Commerce: Designing And Creating An Online Store

Software Tool for Implementing RSA Algorithm

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Security Digital Certificate Manager

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

SSL Certificates HOWTO

Security Goals Services

A: This will depend on a number of factors. Things to consider and discuss with a member of our ANZ Merchant Services team are:

ERserver. iseries. Secure Sockets Layer (SSL)

Criteria for web application security check. Version

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Lecture 9: Application of Cryptography

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Transport Layer Security Protocols

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

COMP 3704 Computer Security

Computer Networks. Secure Systems

SSL A discussion of the Secure Socket Layer

AS DNB banka. DNB Link specification (B2B functional description)

Security Digital Certificate Manager

White Paper. Enhancing Website Security with Algorithm Agility

Internet Privacy Options

mod_ssl Cryptographic Techniques

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Integrated SSL Scanning

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Authorize.net modules for oscommerce Online Merchant.

Alliance Key Manager A Solution Brief for Technical Implementers

WS_FTP Professional 12. Security Guide

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Enterprise SSL Support

Two Factor Authentication in SonicOS

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Dashlane Security Whitepaper

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

ShareFile Security Overview

Understanding SSL/TLS

Building a Secure RedHat Apache Server HOWTO

Network Security Protocols

Key Management (Distribution and Certification) (1)

Transcription:

Alternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours ABSTRACT With the rapid growth of Information and Communication Technology (ICT), e-commerce and online transactions are gaining more popularity in the western world. But in the third world countries like Bangladesh, the scenario is different; e-commerce or electronic payment is of no use excepting a few exceptions. Technical laggings, dearth of infrastructure and infeasibility of the existing frameworks are the main reasons behind this. There are several alternative ways of e-commerce and online transaction. But the establishment and maintenance overheads associated with them are not viable for the developing countries like Bangladesh. In this paper, we analyzed the existing systems from the aspect of developing countries, focused on their limitations and presented alternative frameworks for e-commerce and electronic payments, which may be convincingly suitable for the third world countries Keywords E-commerce, Electronic payment, Online transaction, Framework. 1. INTRODUCTION Electronic commerce is one of the most common business terms in use as we embark on 2 1 st century. E- commerce is developing day-by-day and spreading all over the world. Now it is very much popular in the First world country. People are purchasing product through e-commerce using credit card payment system. However, in the developing country like ours it is not popular or developed yet. The underlying reason behind this is the complexity and problems associated with the credit card processing. Because credit card processing by third party or establishing merchant account is costly and cumbersome task. Transaction by this way will increase product price and in the developing country, people will not be attracted by such circumstance. By this procedure both have to make transaction through bank account which might not attract buyer for online

shopping. Considering these issues, we design a system where we omitted the third party and instead of using credit card, we offer a prepaid card which is maintained by the prepaid card company. And this card company removes extra complexity associated with the third party. Because here processing levels decrease and no extra charge is needed to pay by customer and merchant. And the system is designed with considering various aspects of security and firewalls related to processing. 2 THIRD PARTY PROCESSOR AND CREDIT CARDS Third party credit card processor is a company that can accept credit card orders on behalf of the customers or his company and charge an amount for every transaction. Here processing, consumers register with a third party on the Internet to verify electronic micro transactions. It is known as on-line third-party processor (OTPPs). OTPPs have created a six-step process that they believe it will be a fast and efficient way to buy information online: 1. The consumer acquires an OTPP account number by filling out a registration form. 2. To purchase an article, software, or other information online, the consumer request the item from the merchant by quoting her OTPP account number. The purchase can take place in one of the two ways: The consumer can automatically authorize the merchant via browser settings to access her OTPP account and bill her, or she can type in the account information. 3. The merchant contacts the OTPP payment server with the customer s account number. 4. The OTPP payment server verifies the customer s account number for the vendor and checks for sufficient funds.

5. The OTPP payment server sends an electronic message to the buyer. This message could be an automatic WWW form that is sent by the OTPP server or could be a simple e-mail. The buyer responds to the form or e- mail in one of the three ways: Yes, I agree to pay; No, I will not pay; Fraud, I never asked for this. 6. If the OTPP server gets a Yes from the customer, the merchant is informed and the customer is allowed to purchase the item. 7. The OTPP will not debit the buyer s account until it receives confirmation of purchase completion. 3. MERCHANT ACCOUNT This is the most professional method for accepting credit cards online. A merchant account is an account with a bank (sometimes arranged through an authorized agent) which allows us to accept charge cards as payment for products and services. The account is set up in merchant s business name and approved based on his business credit standing. 4. PROBLEM WITH THIRD PARTY/ MERCHANT ACCOUNT a)problems with current structure: Current structure of e-commerce includes credit cards, where many of the users of developing countries are not experienced with credit cards. And at that situation clients cannot make e-commerce transaction. b) Additional fees: Third parties take a charge for every transaction from both the buyer and seller. This will indirectly increase the price of the product, which will discourage buyer to buy the product. d) Micro-transactions face problem:

As the merchants/sellers need to pay some charge for every product, for this, sellers don t get profit by selling low price products. So they don t keep low-price products in their catalog. As a result, the buyers can not buy low-price products and thus the benefit of e-commerce shrinks. e)problem with processing steps: Most third party processors will redirect a customer to their own site to make payment on orders.. Thus, the involvement of third party makes the processing steps of an online marketing more longer than it should be. As for every transaction both buyer and seller go through third party verification processes, this includes the additional sequences. To maintain these additional steps during transaction is quite cumbersome task for the user and it also increases the time duration of online marketing. 5. OUR PROPOSED SYSTEM INFRASTRUCTURE 5.1Consideration In our proposed framework, we are considering that the Government will inaugurate permission for some e- commerce sites and prepaid card companies conform with some reliabilities. The components of our system include: Vendors E-commerce site Prepaid card company 5.1.1 E-commerce site We are considering that there will be some e-commerce sites facilitating on-line shopping. A user can interact with these sites where the user can buy the products according to his need. When the user finishes his shopping, a bill voucher and the prepaid cards varieties are provided to the user. The user selects one prepaid card company, then merchant s site s function is to redirect the user to the card company server, at the same time the

bill is encrypted with the shop s private key and the card company s public key. It is encrypted with the shop s private key, which ensures that the bill is only redirected by the shop only. Moreover, it is encrypted with the public key of Card Company because only Card Company can decrypt the bill and only that company can watch the bill. 5.1.2Pre Paid Card Company Three things must be associated with the prepaid card company Decryption Query user account Redirect 5.1.2.1Decryption When the pre paid card company receives the encrypted bill its first task is to decrypt it with the public key of the shop and then by the private key of the prepaid card company. Then it gets the original information. 5.1.2.2Query user account When a user buys a card from the market, user s first task is to register himself with the prepaid card company. At that time, a login name and password is given to the user. Then when the user is redirected to the card company, then user s first task is to log on to the card company. Then the company shows the bill information that is redirected from the shop. If the user accepts the bill then the corresponding amount is deducted from the user account. 5.1.2.3 Redirect One acknowledgement is redirected to the e-shop that bill is paid, so the shop now can deliver the product and at the same time, a confirmation is sent to the user by a transaction number that he can take/receive the product from the shop. 5.1.2.4 Actions in case of disruption

After the transaction is completed, it is the responsibility of e-shop to deliver the product and the e-shop will take a receipt from the customer. In case of any disruption the customer will be able to contact with the prepaid card company with the transaction number and will query the e-shop to provide receipt of the customer. In case Fig 1: Our proposed system infrastructur of failure to show the receipt, the amount be again balanced from both sites. 5.2 ADVANTAGES OF THE PROPOSED SYSTEM Our system overcome the problem of Third Party and its functionality is convenient than the third party and the overall operation of the system is very much simple and easy to implement. Several advantages are listed below 1) No extra charge from customers: Our proposed system does not charge any amount from the customer, where in other credit card systems vendors need to pay some extra charge over the cost price of the items. 2) No monthly statement:

In credit card based payment system, users need to have a monthly statement of all transactions. And after that users have to pay their bill to the bank account, but here in our proposed system the users don t need to face this type of bill statement, all transactions are current. 3) Micro-transaction is possible: As the merchants need to pay a little percentage to the card company, so that merchants will also get profit by selling products of low prices.as a result, they will include low-price product s in their product catalog and buyers will be benefited. 4) Less processing time: Here processing time is lower than current e-commerce transaction policies. No extra verification is considered like credit-card based payment system. 5) Commerce with local currency: All the transactions performed now a day are by foreign currency. Therefore, it s quite cumbersome task to determine the price of product according to foreign currency like dollars. However, in our proposed system all the transactions are by local currency. It will encourage both buyers and merchants. 5.3 SECURITY ISSUE FOR OUR PROPOSED FRAMEWORK As the internet became mainstream and the number of companies, individuals, and government agencies using it grew, so did the number of and type of transactions that needed protection. Three requirements are necessary to carry on secure communication on the internet: confidentiality, integrity and authentication. There are three different techniques that we have imposed for our security issue. They are as follows: 1)RSA 2)SSL

5.4 RSA ALGORITHM RSA is named after its inventors, Rivest, Shamir, and Adleman.It is a public key cryptographic algorithm that does encryption as well as decryption. The key length is variable. Anyone using RSA can choose a long key for enhanc First we need to generate a public key and a corresponding private key. Choose two large primes p and q (probably around 256 bits each).multiply them together and call the result n.the factors p and q will remain secret. To generate our public key, choose a number e that is relatively prime to Φ (n).since we know p and q,we know Φ(n)- its (p-1)(q-1).our public key is (e,n). To generate our private key, find the number d that is the multiplicative inverse of e mod Φ(n).(d,n) is our private key. To encrypt a message m (<n), someone using our public key should compute cipher text c=m e mod n.only we will be able to decrypt c, using our private key to compute m=c d mod n. 5.4.1 How does RSA work? RSA does arithmetic mod n,where n=pq.we know that Φ(n)=(p-1)(q-1).We have chosen d and e such that de=1 mod Φ(n).Therefore for any x,x de =x mod n.an RSA encryption consists of of taking x and raising it to e.if we take the result and raise it to the d(perform RSA decryption),we will get (x e ) d,which equals x ed.which is the same as x.so we see decryption reverses the encryption. 5.4.2 Why is RSA Secure? We don t know for sure that RSA is secure. We can only depend on the Fundamental Tenet of Cryptography-lots of smart people are trying to figure out to break RSA and they haven t come up with anything yet. The real premise behind RSA s security is the assumption that factoring a big number is hard. The best known factoring methods are really slow. To factor a 512 bit number with the best known techniques would take about thirty thousand MIPS-year. 5.5 SSL(SECURE SOCKETS LAYER) SSL stands for Secure Sockets Layer. It is a family of protocols that is originally designed to provide security for HTTP transactions, but that also can be used for a variety of other Internet protocols such as IMAP and NNTP.HTTP

running over SSL is referred to as secure HTTP. We want to connect to a server using SSL by replacing http with https in the protocol component of a URI. The default port for HTTP over SSL is 443. 5.5.1 SSL Protocol Summary: The Process to establish an SSL connection is the following: The user uses his browser to connect to the remote apache server. The handshake phase begins-the browser and server exchange keys and certificate information. The browser checks the validity of the server certificate, including that it has not expired, that it has been issued by trusted CA and so on. Optionally, the server can require the client to present a valid certificate as well. Server and client use each other s public key to securely agree on a symmetric key. The Handshake phase concludes and transmission continues using symmetric cryptography. 5.5.2 Obtaining and Installing SSL Tools: SSL support is provided by mod_ssl, an Apache module.this module requires the OpenSSL library-an open-source implementation of the SSL/TLS protocols and a variety of the other cryptographic algorithms. 5.5.3 OpenSSL: All files and instructions necessary for installing OpenSSL can be found at http://www.openssl.org/. Users of Linux/Unix will find the installation of the OpenSSL software to be familiar to installing other system tools. 5.5.4 For Linux/Unix Users: We are running a recent LINUX that s why OpenSSL is already be installed in our system. In the past, SSL extensions for Apache had to be distributed separately because of export restrictions.currently; mod_ssl is bundled with Apache 2.0, but only as part of the source distributions. While not an issue for Linux/Unix users, Windows users will find they must build Apache from source in order to build the mod_ssl module; mod_ssl is not distributed in the precompiled and distributed binaries.the mod_ssl module depends on the OpenSSL library, so a valid OpenSSL installation is required.

5.5.5 Managing Certificates: After installing and configuring OpenSSL and mod_ssl, the next step for a working SSL server implementation is to create a server certificate. We are using SSL for an e-commerce site, encryption prevents customer data from eavesdroppers, and the certificate enables customers to verify that we are who claim to be. We must have a public/private key pair before we can create a certificate request. Assume that the FQDN for the certificate we want to create is www.example.com then we can create the keys by using the following command: # /usr/local/ssl/bin/openssl genrsa des3 rand file1:file2:file3 \ -out www.example.com.key 1024 5.5.6 Example of SSL Configuration: We can add the following configuration snippet to our Apache Configuration file: Listen 443 <VirtualHost_default_:443> <ServerName www.example.com> SSLEngine on SSLCertificateFile \ /usr/local/ssl/openssl/certs/www.example.com.cert SSLCertificateKeyFile \ /usr/loca/ssl/openssl/certs/www.example.com.key </Virtual Host> 5.5.7 Starting the Server: Now we can stop the server if it is running, and start it again. If we compiled and installed Apache our self then we can see an <ifdefine SSL> block surrounds the SSL directives. That allows for conditional starting of the server in

SSL mode. Finally if we always want to start Apache with SSL support, we can just remove the <ifdefine> section and start Apache in the usual way. 6 CONCLUSION In this research we have depicted all the relative advantages and disadvantages of the existing hardware based transaction system and clarify the reasons behind choosing our proposed one. Its a great boon for developing country like us. We have considered different types of security measures so that it can deter any fraudulent access to our site and take necessary steps. Customer doesn t have to go a long way for purchasing. Surfing on to the respective site customer can get access onto the online shopping site and order as required. With proper prepaid card a valid customer is identified and make proceeded. Cards are available on the market and users have different options in money value. Websites are designed in such user-friendly that customers can see their way clear while accessing. All the daily necessary stuffs and house-hold appliances are available to be ordered. Customer s satisfactions are fulfilled by blaze of colorful designing. Sites are designed in such a way that they will entice people into purchasing the product very easily. After completion of purchasing, customers are assured of delivering by a confirmation email generated from the respective card companies to the authority of online shopping site. After all we wish our proposed works will be a commodity from our country s point of view. REFERENCES: [1]. Sharma & Sharma, Developing e-commerce Sites. [2] Ravi Kalakata, Andrew B Whinston, Frontiers of Electronic Commerce. [3] Macgregor, R.; Ezvan, C.; Liguori, L.; and Han, J. Secure Electronic Transaction Credit Card Payment on the web in theory and Practice. [4] Greenstein; Feinman: Electronic Commerce; security, risk management and Control [5] Christopher Negus Red Hat Linux 7.3 Bible [6] http://www.e-security-e-commerce-security.com/ [7] http://www.digicert.com/e-commerce-securitye.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information