Upload
william-masterson-shah
View
220
Download
0
Embed Size (px)
Citation preview
8/11/2019 04 Software Architecture
1/13
8/11/2019 04 Software Architecture
2/13
e-Banking is defined as the automated delivery ofnew and traditional banking products and servicesdirectly to customers through electronic,interactive communication channels.
Internet banking has made it easy to carry out thepersonal or business financial transaction withoutgoing to bank and at any suitable time.
However, in order to maintain privacy and to avoidany misuse of transactions, it is necessary to followa secured architecture model which ensures theprivacy and integrity of the transactions andprovides confidence on internet banking is stable.
2 / 99
8/11/2019 04 Software Architecture
3/13
Security is a crucial requirement of an e-commercesystem due to the fact that the sensitive financial
information that these systems transmit travel overuntrusted/public networks where it is essentially fairgame for anyone with local or even remote access toany part of the path followed.
The security is required for dual purposes. They are,
i) to protect customers' privacy
ii) to protect against fraud.
Any Internet banking system must solve the issues ofauthentication, confidentiality, integrity, andnonrepudiation, which means it, must ensure thatonly qualified people can access an Internet bankingaccount.
8/11/2019 04 Software Architecture
4/13
Sam le Internet Bankin Architecture
More and more banks are coming to realize that internet is a part of banks'
alternative delivery channel strategies activities concentrated in the business-
to-consumer segment, focused on retaining clients
In Internet banking, security is a primary concern. Security concerns have
been addressed from every angle within the architecture of the Internet
banking application.
8/11/2019 04 Software Architecture
5/13
8/11/2019 04 Software Architecture
6/13
Client:
There are two clients for the application. One is a
web-based user-friendly client called bank customers. The other is
for administration purposes. Clients / Administrators request is
sent over the network in an encrypted data format. Also, to
Client:
,
hash algorithm. In addition to that, the client / administrator have
to decrypt the response data sent by the application server which
is in the encrypted format and also verifies the integrity of the
received data. The above encryption and decryption process isdone using hyperelliptic curve cryptographic technique and the
integrity of the data is ensured using MD5 hash algorithm.
8/11/2019 04 Software Architecture
7/13
2. Application Server: It takes care of the server
application, tests for the ODBC connectivity for mappingthe database in order to fulfill clients andadministrators request. HECC system in the serverdecrypts the clients / administrators request andverifies the integrity of the request and finally it
communicates with the database to perform the request.Subsequently, the reply from the database is encryptedas well as it is subjected to MD5 to ensure integrity andis sent back to the client / administrator.
3.Database:Database Server will store customers detailsand bank data.
8/11/2019 04 Software Architecture
8/13
User/Administrator Authentication: This specificmethod is used to authenticate whether the logged in
client/administrator is the right person or not. Whilelogging in, the client/administrator enters their useridentification and password. The entered data areencrypted using banks public key and is sent to theapplication server for verification. After receiving the
encrypted data, the application server decrypts it with . ,
server compares this user identification and passwordwith the corresponding user identification and passwordin the database. If both are identical, the application
server allows the user to enter into the next screen,otherwise displays an error message.
8/11/2019 04 Software Architecture
9/13
8/11/2019 04 Software Architecture
10/13
In the above process flow diagram, the bank customersrequest is transferred securely over the insecure
communication channel like internet using hyperellipticcurve cryptosystem and MD5. The global parameters neededare hyperelliptic curve. The encryption is done with the helpof the receivers (banks) public-key.
The message digest of the request (MD) is created using MD5
algorithm. After the transaction details and the messageges are encryp e , e encryp e a a s rans erre o e
server through the insecure e-commerce channel for furtherprocessing. The same encryption and integrity processes areperformed on the administrators request.
8/11/2019 04 Software Architecture
11/13
Message Digest Creation / Verification: Message
digest verification is the process which is done at thereceivers side to validate or compare the two messagedigests. One is computed at the receivers side and theother one is transmitted from the senders side. If bothare equal, the integrity of the transmitted message is
passed otherwise, it is failed.
8/11/2019 04 Software Architecture
12/13
Key (Private key and Public key) generation:This method is mainly implemented for generating
user (bank customer) keys. There are two keysgenerated which are referred to as the private key andthe public key. Each customer receives one private keyand one public key and the same is stored in theUser_Keys. Private key is kept secret and the public
key is known to everyone. Private and public keys aregenerated and maintained for the bank also. Thismethod is executed by the banks administrator togenerate the keys.
Encryption & Decryption
8/11/2019 04 Software Architecture
13/13
Information about financial institutions, theircustomers, and their transactions are, by necessity,
extremely sensitive; thus, doing business via a publicnetwork introduces new challenges for security andtrustworthiness.
The above hybrid architecture model is implemented
with the hyperelliptic curve cryptosystem and it
efficient way.
The main objective of this model is to consider andinclude the hyperelliptic curve cryptosystem and MD5in the internet banking environment to enrich theprivacy and integrity of the sensitive data transmitted
between the clients and the application server.
13 / 99