Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

decrypts authentication

advertisement 
O.C.E.A.N. Project
CAS (Central Accounting Server) Component Specification:
This document is to be maintained as the official reference for the CAS (Central
Accounting Server) component of the OCEAN system.
Component’s Role in O.C.E.A.N. System Architecture:
[This section briefly describes the context of the component; how it relates to the system
architecture of the OCEAN system as a whole.]
There are only a small number of these nodes, and they are operated by the administrators
of the entire OCEAN network. The purpose of these nodes is to maintain OCEAN
account information (e.g. balances, transaction records) in a secure location that is
physically controlled by a trusted party (the OCEAN administrators). It also provides a
connection point between the OCEAN network and financial networks. In exchange for
operatoring the server, OCEAN (a company started for this purpose) may collect a small
fee on each transaction that is conducted. This CAS mainly communicates with the
security and communication mechanism and financial network.
After security layer performs security operations on Data and send it to communication
mechanism, the communication system passes that data to CAS for further operation.
CAS decrypts the data and according to the further requirements it calls Database
Interface.
Top to Down
Security Layer
Communication Layer
CAS
(Central Accounting
System)
Financial network
Naming
Functional Needs:
[This is a more formal statement of who the component’s “customers” are, and what
needs of the customer the component is intended to help fulfill.]
The CAS’s primary customers are Security and Communication layer and Financial
networks.
Services provided by the CAS security layer:
Communication between CAS and CA:




Authentication and verification of signatures of the node involved in transaction
after the contract is finalized.
To get the public key of the node to which it communicates.
Support for SSL & TLS.
Support for Encryption and decryption of certificates.
Communication between CAS and Financial Networks:




Provide confidentiality of Data
Provide Authentication of the cardholder account
Integrity of the Data which is the payment information
CAS means merchant authentication
Communication between CAS and Ocean Node:




Register the node & store information in Database.
Get the contract information from the node when the negotiation is done.
As per the operation and requirements of the node the updation of the account
information regarding the transaction
It provides the transaction history from the database and contract information in
case of failure occurs.
Exceptions:
If signature or the payment information do not match during the verification than:





CA informs CAS
In the case of the financial payment information if Cardholder will not be a
legitimate user than FN sends the message to CAS.
CAS makes changes in the database for the transaction history.
CAS sends contract information and transaction history to the security layer of the
node.
This node gets down in the trust level.
1. Needs of the Financial Network:
a) The financial networks needs to get the account details and make operations on
the account balance.
b) It needs the secure mechanism through which the information can not be altered
or stolen during the communication between Financial networks and CAS.
c) Confidentiality is ensured by the use of the message encryption.
d) Payment information integrity can be ensured by the use of digital signature.
e) Cardholder account authentication is ensured by digital signature and his
keycertificates.
2. Needs of the security and communication Layer:
a) The security and communication layer needs to get the data in the encrypted form
by CAS. CAS decrypts data and performs further operation.
b) Security and communication layer needs to get the data from CAS in the
encrypted form and destination path means to which layer the data needs to be
sent.
c) It also needs to inform about the error notification to be sent to the related node if
in case error occurs during transaction.
Functional Requirements:
[ This section takes the broad needs of the customers, and translates them into more
detailed and specific requirements of the components.]
There should be 2 sub-systems in the CAS internally which handles the security and
communication part. One is security system which takes care of decrypting the data
which comes from security and communication layer and send data to the security and
communication layer of the ocean node in the encrypted form. The other is
Communication system which takes care of passing this data in a proper way to proper
function from Database Interface.
Now there are mainly below issues:




Communication between security and communication Layer and CAS
Communication Between CAS and Financial Network
Internal communication in CAS
Communication with CA
1. From Security and Communication layer (Node) to CAS :
Security and
Communication
layer
CAS
Encrypted Data
Financial
Network
Security Layer
Decrypted Data
Communication
Layer
Database
Systems
At the security part there are below main features that the CAS should support:
Key generation (At the time of registration)
Distribution of Keys by CA
Storage of keys
Encryption and decryption with the use of keys


Security layer passes the data and destination information or operation to be
performed to the CAS which is in the encrypted form which was encrypted by
CAS’s public key.
CAS’s security mechanism decrypts the data sent by the security and
communication layer using it’s private key and perform further operation.

After decrypting data the CAS security mechanism passes the information to
communication layer and it than communicate with database interface.
For the decryption of data from security and communication layer of the node there are
below requirements:



Data to be decrypted
Primary key of CAS which it gets when it register with CA
Destination path so that it can call proper database interface function
There will be a general interface for CAS security mechanism as it receives data and
destination path from security and communication layer.
From CAS to Security and communication layer:
Security and
Communication
layer
CAS
Encrypted Data
Financial
Network
Security Layer
Data
Communication
Layer
Database
Systems
2. Communication Between CAS and Financial Network:
Buyer_ID +
CreditCard + Debit
Amount/Transaction
amount
CAS







Financial
Institution
When the user register itself it provides Creditcard information as it is needed
when the transaction occurs.
When the transaction occurs this creditcard information with transaction
information is passed to Financial Institution.
The data is encrypted by Financial Institution’s public key and send to the
financial network.
FN than decrypts the information using it’s private key and perform account
updation on that creditcard account.
FN encrypts the Creditcard Number and new Account balance related to that
account using CAS’s public key and sends to the CAS security system.
CAS security system decrypts it using it’s private key and update balance related
to that credit card account and Buyer_ID.
To get the public key of Financial Network, CAS needs to ask to CA for that.
Because when each node is created it needs to register with CA and CA assigns
the public and private keys to the node using the session keys generated at the
node. So CA maintains the details about the public keys of all members and so
each node or a member of CA can get the public key of other member by
communicating with CA.
The requirements at the CAS part are: (for communication between CAS and FN)





Creditcard Number
Buyer_ID
Debit/Transaction amount
Primary key of its own
Public key of FN
If CreditCard does not a sufficient amount than FN informs the CAS. CAS informs the
particular node about that by passing his account balance with his ID and message
indicating the error. CAS encrypts this data an sends it to a security and communication
layer to pass it to particular node.
Buyer_ID +
CreditCard + Account
Balance
OR
Indication of
insufficient Balance or
credit limit
CAS
Financial
Institution
3. Communication between CAS and CA:
CAS needs to be registered with CA as it needs public-private key pairs to communicate
with node, Security and communication layer and FN.
For this communication there are below requirements:
 At first time it should generate session keys for communication with CA to get its
Public Private keys.
 CAS encrypts its session keys using CA’s public keys and send the data to CA.
 CA in turn decrypts it using its own private keys and generate public-private key
pairs for CAS.
 It than decrypts it using CAS’s session key and send it back to CAS.
When CAS needs to communicate with particular node or Financial network it needs
their public keys so that it can decrypt data to be sent to them. So in this case it needs to
inquire about this to CA.



It sends request to get FN or Node’s public key to CA in the encrypted form
(Encrypted by CA’s public key).
CA in turn decrypts this request using its Private key. It fetches information about
FN or Node from its key database and encrypts it using CAS’s public key and
sends it to CAS.
CAS decrypts it using its private key and gets the public key of FN or Node.
Interface Specification:
[ In this section , we describe in detail what the external interface to the component is
going to look like. ]
Note: As I don’t have the database interface I could not develop communication with
database interface. The details in this specification may change as further need arises.
This specification still needs some work on it.
Interface to communicate with CA:
Class EncryptedObj
This class contains the encrypted data and other information related to that like which
algorithm is used, the length etc. This object can be used to transfer data in encrypted
form to FN or to the particular node’s security layer. This class includes:
Encrypted data
Certificate
Data Length
Algorithm details which is used for encryption
Key
Class CAS_Security:
Many of the functions the CAS security layer provides are almost same as security layer of the
node.
Public receiveEncryptData (OCEANName name, EncryptedObj obj)
This method will be called by the security layer of the node to send the encrypted data to CAS.
Boolean verifySignature ( OCEANNAme CAName, OceanNodeName name, byte[] sig)
This method is used to verify the digital signature of the node from where the payment
information comes.
Public EncryptedObj encodeObj ( OceanTask obj, Key privatekey, String algo)
Method to perform encryption using the private key and according to algorithm.
Private Object getDecryptedObj ( EncryptedObj obj, key publicKey, String algo)
This method is used to decrypt the data which is received from security layer of the node.
Byte[] getKeys ( OCEANName CAName, OceanNodeName name):
It is a method to obtain key pairs/certificates of a particular node from the CA and to
communicate with security and communication layer of the node.
Boolean verifyCertificate (OCEANName CAName, OceanNodeName node, byte[] certificate):
This method is used to verify the certificate of the particular node. The verification is done by the
Certified Authority.
Private generateKeys():
This method is used to generate private and public key pairs for encryption and decryption
purpose for further communication .
Void sendKeys (OCEANName CAName, OceanNodeName name, byte[] certificate)
Interface for communication with Financial Network:
Class AuthorizationReq
This class contains information of the Authorization request which contains information
about the Amount to be authorized, the transaction identifier from the contract
information.
Private generateRandomKey():
This method is used to generate a random symmetric key which is used to perform
further communication with FN.
Private EncryptedObj EncryptCC ( int CCNumber, String TransactionID, Key
publickeyFN)
This method is used to encrypt the CCNumber and transaction identifier using FN’s
public key.
Private EncryptedObj EncodeAuthorizationReq( AuthorizationReq req, Key key, String
algo)
This method is used to encrypt the authorization request using the generated random
symmetric key.
Private EncryptedObj EncryptRandomKey( Key key, Key publickeyFN )
This method is used to encrypt the random key itself.
Private sendFN ( EncryptedObj CCNumber, EncryptedObj Authorizationreq,
EncryptedObj randomKey )
This method is used to send the encrypted data to Financial Network.
Private DecryptReceivedAuthResponse ( EncryptedObj obj )
This method is used to decrypt the authorization response sent from the FN which
includes Issuer’s response, FN’s certificate and Payment Capture token.
Private ReqPayment ( EncryptedObj encryptedObj , int captureToken )
This method is used to request a payment to the financial institution.
[More to be added]
Related documents
Community Schools, the Director - Coalition for Community Schools
Community Schools, the Director - Coalition for Community Schools
NZ Tracked Chemicals Check
NZ Tracked Chemicals Check
CAS Funding Assistance Program (FAP)
CAS Funding Assistance Program (FAP)
KENT GRADUATES/ALUMNI FEEDBACK FORM
KENT GRADUATES/ALUMNI FEEDBACK FORM
CAS for parents-1
CAS for parents-1
Propose a CAS Research 2015 Fellowship Project
Propose a CAS Research 2015 Fellowship Project
Pourite MSDS (Microsoft Word)
Pourite MSDS (Microsoft Word)
Preparing for the IB Diploma Program
Preparing for the IB Diploma Program
PowerPoint: Implementing CAS Standards at
PowerPoint: Implementing CAS Standards at
FileNewTemplate - Primary Computing
FileNewTemplate - Primary Computing
Download
advertisement