C.2 Realization of security services

Previous page
Table of content
Next page

C.2 Realization of security services

Referring to a generic communication protocol stack, like the one outlined in Figure C.1, the realization of the security services can be localized at either of the two levels [2].

  1. Secure channel : The communication subsystem provides the sender and receiver applications with the necessary means for information exchange. The choice of implementing security services into the communication subsystem leads to a solution where a secure communication channel is made available to the applications.

    • This solution was adopted by the SIM Toolkit Application designers who foresaw the realization of confidentiality, data authentication, timeliness, and non- repudiation services at the level of the short message service point-to-point (SMS-PP) transportation layer [3, 4].

    • A similar approach was adopted by Netscape Communications, which designed and proposed the SSL as a transport layer security protocol for the Internet [5]. This security layer is interleaved between the communicating applications and the TCP/IP protocol stack, which is used for the Internet connections. Starting from the SSL protocol, the IETF working group proposed the TLS [6]. The security services provided by this protocol are confidentiality, entity authentication, and key establishment [7].

  2. Secure communication over insecure channel : Here the communication subsystem provides the sender/receiver applications with a communication link, which initially in itself is not secure. Realizing the security services at the application level leads to the situation where the application itself builds a secure link over the insecure communication channel. The following payment standards implement security at the application level:

    • EMV ¢ debit/credit application both in the chip card and card accepting device terminal [8 “11], as detailed in Chapter 6.

    • Common Electronic Purse Specification (CEPS) [12] application both in the chip card and card accepting purchase or loading device .

    • SET [13] application in the consumer's PC, merchant's Web server, and payment gateway of the acquirer, as is outlined in Chapter 8.

click to expand
Figure C.1: Generic communication protocol stack.


Previous page
Table of content
Next page
Implementing Electronic Card Payment Systems
Implementing Electronic Card Payment Systems (Artech House Computer Security Series)
ISBN: 1580533051
EAN: 2147483647
Year: 2003
Pages: 131
Authors: Cristian Radu
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy