18-08-2012, 10:55 AM
Development of an E-commerce Site with Smartcard Payment Mechanism
[attachment=31961]
Introduction
Context
The explosive growth of the Internet has caused a revolution in the manner in which businesses and consumers conduct commercial exchanges. E-Commerce is currently a major growth industry, and the number of transactions carried out online is escalating exponentially.
The advantages provided by Internet commerce are self-evident, and explain the enthusiasm shared by companies and customers for trading in this manner. For the supplier, there is greater potential to compete on a global scale, and cost savings can be attained in terms of staff and real estate by removing the need for public-facing premises. For the consumer, a means is provided to browse
and search for products, and compare the prices of different suppliers, more quickly and easily than was previously possible.
However, some problems have arisen with respect to business-to-consumer (“B2C”) systems, which to this day have prevented them from realising their full potential.
Applicability of Smartcard Technology
Smartcards have two fundamental capabilities - that of data storage and processing power. In terms of the former, they provide advantages in terms of their portability and - more uniquely - the fact that the data stored upon them can be made tamper-proof. Physical security of the cards provides good protection against attempts to read or modify the contents of memory by external means. Data can therefore only be accessed via the interface defined by the program resident on the card, meaning that a system could be created whereby information is not released from the card unless a correct PIN is entered beforehand, for example.
The processing power of the card is of particular use for cryptographic and other sensitive operations, where - for example - digital signatures can be generated and validated without a user’s private key ever leaving the card.
Smartcards’ tamper-proof data storage, and their capability to perform cryptographic operations, therefore appeared to provide a feasible means for addressing the problems previously described: firstly, by allowing user profile information to be stored and quickly transferred by insertion of the card into a smartcard reader; secondly, by providing a secure means for value to be stored and transferred by means of a trusted applet resident on the card.
Server-Side Design Issues
Choice of Web Server
Different permutations of operating system and web server software were assessed, and in many cases evaluated through installation, test, and review of their accompanying documentation.
UNIX servers tend to be highly regarded for their reliability and stability, hence initially appeared to be an attractive option for deployment. However, at the time when this assessment of alternatives was being conducted, Mondex was intended to be the means by which payments would be made within the site, and it was therefore assumed that a smartcard reader would be needed on the server in order to facilitate card-to-card value transfers. The majority of such devices are supplied only with Windows drivers - UNIX alternatives are generally slow to materialise and are usually unsupported - and as such the decision was made to select Windows NT Server as the platform upon which the web server should run.
Database
There was a clear need for the existence of a database on the server, which would contain information relating to the products or services available for sale on the site (e.g. description, price and stock information).
In addition, it was believed to be desirable for the database to be the location in which the contents of users’ “shopping baskets” was held. It would be possible for the session cookie created on the client’s machine to retain this information; however, because cookie data is transmitted with every page request, use of a server-side database minimises the amount of data being transferred, and thus the speed of response. Additionally, it permits the contents of baskets to be remembered indefinitely (i.e. between visits).
A large number of different database products are available, all with their own particular advantages and disadvantages. Assessment of which was the most suitable for an E commerce site would be dependent upon factors such as the expected server load, and a detailed evaluation of alternatives was not considered to be within the scope or budget of this project. Use of a standard query language and abstraction layer to connect to the database (specifically, SQL via an ODBC connection) was therefore deemed essential, so that the underlying engine could be replaced should it become necessary (easing migration to a heavy-duty Oracle database should server load escalate, for example).
Digital Certificates
In order for asymmetric cryptography to be used effectively, it is necessary for the holder of a public key to be certain that the key is in fact associated with the private key owned by the intended recipient. Using techniques such as IP spoofing, it might be possible to masquerade under the identity of another user or server and supply a different public key which would allow unauthorised access to information encrypted with it.
In order for the true owner of a public key to be determined, Certification Authorities (CA’s) such as Verisign and Thawte have been established to act as trusted third parties which will verify the identity of a person or organisation before providing them with a digital certificate. Such certificates are wrappers containing textual information concerning the owner’s identity, together with the actual public key. The wrapper itself is signed using the CA’s private key which gives anyone proof of its authenticity. The CAs’ public keys, required to verify certificates as being valid, are supplied as standard within all common web browsers and web server software.
SSL and Certificate Authentication
SSL is a standard technique used for secure data exchange on the Internet and on private networks. Typically, a web server will present a browser with its digital certificate which will act as proof of its identity, and contain its public key using which data sent to it can be encoded.
As Internet Information Server and the majority of mainstream browsers support SSL, the decision was made to apply for a suitable digital certificate from a known CA, and to make use of SSL for the transmission of address and credit card information to the server.
Server Implementation
Please refer to the accompanying CD-ROM to view the commented code and other files created to implement the system (‘Web’ directory for ASP code, ‘Server’ directory for Access database and Java application source).
[attachment=31961]
Introduction
Context
The explosive growth of the Internet has caused a revolution in the manner in which businesses and consumers conduct commercial exchanges. E-Commerce is currently a major growth industry, and the number of transactions carried out online is escalating exponentially.
The advantages provided by Internet commerce are self-evident, and explain the enthusiasm shared by companies and customers for trading in this manner. For the supplier, there is greater potential to compete on a global scale, and cost savings can be attained in terms of staff and real estate by removing the need for public-facing premises. For the consumer, a means is provided to browse
and search for products, and compare the prices of different suppliers, more quickly and easily than was previously possible.
However, some problems have arisen with respect to business-to-consumer (“B2C”) systems, which to this day have prevented them from realising their full potential.
Applicability of Smartcard Technology
Smartcards have two fundamental capabilities - that of data storage and processing power. In terms of the former, they provide advantages in terms of their portability and - more uniquely - the fact that the data stored upon them can be made tamper-proof. Physical security of the cards provides good protection against attempts to read or modify the contents of memory by external means. Data can therefore only be accessed via the interface defined by the program resident on the card, meaning that a system could be created whereby information is not released from the card unless a correct PIN is entered beforehand, for example.
The processing power of the card is of particular use for cryptographic and other sensitive operations, where - for example - digital signatures can be generated and validated without a user’s private key ever leaving the card.
Smartcards’ tamper-proof data storage, and their capability to perform cryptographic operations, therefore appeared to provide a feasible means for addressing the problems previously described: firstly, by allowing user profile information to be stored and quickly transferred by insertion of the card into a smartcard reader; secondly, by providing a secure means for value to be stored and transferred by means of a trusted applet resident on the card.
Server-Side Design Issues
Choice of Web Server
Different permutations of operating system and web server software were assessed, and in many cases evaluated through installation, test, and review of their accompanying documentation.
UNIX servers tend to be highly regarded for their reliability and stability, hence initially appeared to be an attractive option for deployment. However, at the time when this assessment of alternatives was being conducted, Mondex was intended to be the means by which payments would be made within the site, and it was therefore assumed that a smartcard reader would be needed on the server in order to facilitate card-to-card value transfers. The majority of such devices are supplied only with Windows drivers - UNIX alternatives are generally slow to materialise and are usually unsupported - and as such the decision was made to select Windows NT Server as the platform upon which the web server should run.
Database
There was a clear need for the existence of a database on the server, which would contain information relating to the products or services available for sale on the site (e.g. description, price and stock information).
In addition, it was believed to be desirable for the database to be the location in which the contents of users’ “shopping baskets” was held. It would be possible for the session cookie created on the client’s machine to retain this information; however, because cookie data is transmitted with every page request, use of a server-side database minimises the amount of data being transferred, and thus the speed of response. Additionally, it permits the contents of baskets to be remembered indefinitely (i.e. between visits).
A large number of different database products are available, all with their own particular advantages and disadvantages. Assessment of which was the most suitable for an E commerce site would be dependent upon factors such as the expected server load, and a detailed evaluation of alternatives was not considered to be within the scope or budget of this project. Use of a standard query language and abstraction layer to connect to the database (specifically, SQL via an ODBC connection) was therefore deemed essential, so that the underlying engine could be replaced should it become necessary (easing migration to a heavy-duty Oracle database should server load escalate, for example).
Digital Certificates
In order for asymmetric cryptography to be used effectively, it is necessary for the holder of a public key to be certain that the key is in fact associated with the private key owned by the intended recipient. Using techniques such as IP spoofing, it might be possible to masquerade under the identity of another user or server and supply a different public key which would allow unauthorised access to information encrypted with it.
In order for the true owner of a public key to be determined, Certification Authorities (CA’s) such as Verisign and Thawte have been established to act as trusted third parties which will verify the identity of a person or organisation before providing them with a digital certificate. Such certificates are wrappers containing textual information concerning the owner’s identity, together with the actual public key. The wrapper itself is signed using the CA’s private key which gives anyone proof of its authenticity. The CAs’ public keys, required to verify certificates as being valid, are supplied as standard within all common web browsers and web server software.
SSL and Certificate Authentication
SSL is a standard technique used for secure data exchange on the Internet and on private networks. Typically, a web server will present a browser with its digital certificate which will act as proof of its identity, and contain its public key using which data sent to it can be encoded.
As Internet Information Server and the majority of mainstream browsers support SSL, the decision was made to apply for a suitable digital certificate from a known CA, and to make use of SSL for the transmission of address and credit card information to the server.
Server Implementation
Please refer to the accompanying CD-ROM to view the commented code and other files created to implement the system (‘Web’ directory for ASP code, ‘Server’ directory for Access database and Java application source).