11-02-2013, 02:23 PM
Online Scheme Towards Secured Inter Banking Fund Transfer
[attachment=50501]
ABSTRACT
On-line fund transfer is becoming an important constituent of today’s business need. However, most of the existing frameworks for on-line money transfer require sharing of some private information among involved parties and consequently tempts potentially high risks. Implementation of these schemes also requires significant overhaul of the existing infrastructure. In this paper, we propose a reliable scheme for secured online interoperable fund transfer among banking institutions. In our approach, we facilitate minimal sharing of individual user’s private data among banking institutions and eliminate the urge of complete overhaul of any existing framework for its implementation. The proposed scheme is based on loosely coupled service orientation using SOAP and web services with exchange of documents of open standards like XML. The approach has inherent capability of providing authenticity and higher security with protection of confidentiality of information involved in the transfer at an affordable computational time.
INTRODUCTION
Electronic Fund Transfer among banks for individual consumer or corporate business need is of utmost importance today. Sophistication in software technologies with associated advanced heterogeneous computing architecture and framework demands for seamless integration with interoperability and greater security. Southerd et al [18] presented that customer demands are forcing banks to provide online services. While predicting the future of e-banking, they emphasized that the largest banks would continue to innovate in service bundling with newer ways and adoption of newer technologies. In near future, online banking, as it has started already, as it has started already, would become ubiquitous in nature.
OBJECTIVE AND MOTIVATION
Online fund Transfer is a very sensitive transaction that may take place over unsecured public medium like the Internet. Any sort of security loophole may compromise the security of the underlying transaction by exposing the transacting data to the public realm. Acts of counterfeit and illegal attacks are extremely likely. Study of existing frameworks reveals that such fund transfers are usually done through third party reliable service providers and the banks (falls back to customers as service levy) have to incur a high cost for the transfer and may take prolonged time for verification and validation. The participating banking organizations in the transfer process also have to agree on a particular set of protocols for availing online fund transfer facilities provided both the parties involved in the transfer must have an account with either of the banks.
BACKGROUND AND RELATED WORK
In today’s economy, money (fund, in more generic term) has evolved to electronic or digital form in addition to its physical form as token or paper form. Schoter et al [16] presented an overview of existing systems that implement money in digital forms. They elaborated Internet based payment protocols, net-cash, net-cheque, micro-payments while addressing the security concerns with the necessity of efficiency and speed in digital fund transfers. Providing acceptable form of security with heavy-duty encryption adoption and protecting confidentiality are of paramount necessity. Panurach [14] talked about the emerging digital cash, electronic fund transfers, e-cash and state-of-the-art electronic payment systems as faster and convenient modes of digital fund transfer with increased flexibility. Digital fund transfer estranges paper usage and also delineates chances of bounced cheques. Anonymity and ambiguity still exist and the risks are vested in the hands of the user. Moreover implementations of heavy-duty encryption algorithms are bound to increase computational cost [14]. A proper compromise between security, flexibility and computing time must be reached in order to gain the customer trust with the institution within acceptable time boundaries.
SECURITY
The proposed security and authentication scheme has been derived from the use of public key signatures [19]. Public key signatures involve the use of both private and public key pairs for encryption and decryption purposes, thus assuring authentication as well as secrecy. Security comes with some additional cost but the benefits are worth adopting the increased cost. We propose a mechanism whereby the computational cost can be reduced by the use of a random shared secret key encryption mechanism. Thus, our proposed mechanism operates in two phases. One, in which authentication is verified and then, secrecy of transfer is achieved. While initiating a transfer, once the consortium has verified the authenticity of the banks that wish to participate in the transfer.
CONCLUSION AND FUTURE WORK
Security has been implemented in a way that provides both authenticity and confidentiality of information involved in the transfer at an affordable computational time. This adds to the novelty of the system over existing ones. The solution is also cost effective. Some of the key objectives of the system have been achieved including Model Money Transfer Solution for all banks with easy yet robust registration process, extensible, as transfer is based on XML using SOAP, platform independent. Thus, no existing change of infrastructure is required for any bank that wishes to use the service. There is no need to expose any bank’s personal/private data over the Internet. Transfer details are kept as highly abstract as possible and are also encrypted. We achieve portability and quick Transfer with immediate transaction status and tracking. XML can be validated using Schema and DTD for a Valid/Invalid Transaction format. Additional layers of security for authentication and secrecy of transferred information.
[attachment=50501]
ABSTRACT
On-line fund transfer is becoming an important constituent of today’s business need. However, most of the existing frameworks for on-line money transfer require sharing of some private information among involved parties and consequently tempts potentially high risks. Implementation of these schemes also requires significant overhaul of the existing infrastructure. In this paper, we propose a reliable scheme for secured online interoperable fund transfer among banking institutions. In our approach, we facilitate minimal sharing of individual user’s private data among banking institutions and eliminate the urge of complete overhaul of any existing framework for its implementation. The proposed scheme is based on loosely coupled service orientation using SOAP and web services with exchange of documents of open standards like XML. The approach has inherent capability of providing authenticity and higher security with protection of confidentiality of information involved in the transfer at an affordable computational time.
INTRODUCTION
Electronic Fund Transfer among banks for individual consumer or corporate business need is of utmost importance today. Sophistication in software technologies with associated advanced heterogeneous computing architecture and framework demands for seamless integration with interoperability and greater security. Southerd et al [18] presented that customer demands are forcing banks to provide online services. While predicting the future of e-banking, they emphasized that the largest banks would continue to innovate in service bundling with newer ways and adoption of newer technologies. In near future, online banking, as it has started already, as it has started already, would become ubiquitous in nature.
OBJECTIVE AND MOTIVATION
Online fund Transfer is a very sensitive transaction that may take place over unsecured public medium like the Internet. Any sort of security loophole may compromise the security of the underlying transaction by exposing the transacting data to the public realm. Acts of counterfeit and illegal attacks are extremely likely. Study of existing frameworks reveals that such fund transfers are usually done through third party reliable service providers and the banks (falls back to customers as service levy) have to incur a high cost for the transfer and may take prolonged time for verification and validation. The participating banking organizations in the transfer process also have to agree on a particular set of protocols for availing online fund transfer facilities provided both the parties involved in the transfer must have an account with either of the banks.
BACKGROUND AND RELATED WORK
In today’s economy, money (fund, in more generic term) has evolved to electronic or digital form in addition to its physical form as token or paper form. Schoter et al [16] presented an overview of existing systems that implement money in digital forms. They elaborated Internet based payment protocols, net-cash, net-cheque, micro-payments while addressing the security concerns with the necessity of efficiency and speed in digital fund transfers. Providing acceptable form of security with heavy-duty encryption adoption and protecting confidentiality are of paramount necessity. Panurach [14] talked about the emerging digital cash, electronic fund transfers, e-cash and state-of-the-art electronic payment systems as faster and convenient modes of digital fund transfer with increased flexibility. Digital fund transfer estranges paper usage and also delineates chances of bounced cheques. Anonymity and ambiguity still exist and the risks are vested in the hands of the user. Moreover implementations of heavy-duty encryption algorithms are bound to increase computational cost [14]. A proper compromise between security, flexibility and computing time must be reached in order to gain the customer trust with the institution within acceptable time boundaries.
SECURITY
The proposed security and authentication scheme has been derived from the use of public key signatures [19]. Public key signatures involve the use of both private and public key pairs for encryption and decryption purposes, thus assuring authentication as well as secrecy. Security comes with some additional cost but the benefits are worth adopting the increased cost. We propose a mechanism whereby the computational cost can be reduced by the use of a random shared secret key encryption mechanism. Thus, our proposed mechanism operates in two phases. One, in which authentication is verified and then, secrecy of transfer is achieved. While initiating a transfer, once the consortium has verified the authenticity of the banks that wish to participate in the transfer.
CONCLUSION AND FUTURE WORK
Security has been implemented in a way that provides both authenticity and confidentiality of information involved in the transfer at an affordable computational time. This adds to the novelty of the system over existing ones. The solution is also cost effective. Some of the key objectives of the system have been achieved including Model Money Transfer Solution for all banks with easy yet robust registration process, extensible, as transfer is based on XML using SOAP, platform independent. Thus, no existing change of infrastructure is required for any bank that wishes to use the service. There is no need to expose any bank’s personal/private data over the Internet. Transfer details are kept as highly abstract as possible and are also encrypted. We achieve portability and quick Transfer with immediate transaction status and tracking. XML can be validated using Schema and DTD for a Valid/Invalid Transaction format. Additional layers of security for authentication and secrecy of transferred information.