Post on 07-Jul-2015
description
GLOBAL E-PAYMENT SYSTEM
Done by
● Muhammed Hafis PC (10104101)
● Naveed Enudeen (10104118)
● Rashid Mohammed Basheer (10104133)
● Salman Khaja (10104143)
● Vijith Venugopalan (10104163)
INTRODUCTION
There are a lot of people in our society who can’t access or afford current e-
payment facilities due to lack of resources or finance required.
In developing countries, Especially in rural areas a large number of peoples in are
unable access Internet banking and costly credit card services.
In this project we are building a simple and low cost electronic payment system
which is accessible to public.
In this e-payment system the user do not need smartphone, computer or internet
connection.
The user can access various e-payment services through a ATM like public kiosk.
This system enables users to use most of internet based e-payment services through a
public kiosk.
SYSTEM OVERVIEW
This system uses concept of virtual money and smartcard for e-payment.
When a user register on this system, he/she will get:
● A VIRTUAL ACCOUNT: In which they have to deposit money for e-payment transactions.
● A UNIQUE USER ID CARD : For identification.
● A PASSWORD : For authentication.
The system consist of network of Central units connected to a central Server.
The Central Unit provides an ATM like electronic interface to the user, that is placed in public places.
By using the ID card and password provided, users can access their account and perform various payments (like prepaid mobile recharge, electricity bill payments etc.) through the Central Unit.
The money used for each payment will be deducted from respective users virtual account in the server.
The Central Units will be installed throughout the country so any registered user can use the system anywhere.
BLOCK DIAGRAM
SMS
GATEWAY
USER
DATABASE,
CONTROL &
MONITORING
SYSTEM
VARIOUS
PAYMENT
GATEWAYS
RFID CARDRFID
MODULE
LCD
DISPLAY
KEYPAD
A
R
D
U
I
N
O
GSM
MODULE
RADIO LINK
GSM
NETWORK
COMPONENTS
● RFID card: Stores user identification data
● RFID module: For reading data from RFID card and transfer to Micro controller unit
● LCD display : For giving instructions to user and displaying various menus
● Keypad : Numeric keypad used for entering passwords, amounts and selecting various options in menus.
● Micro controller unit : Used for data processing and interfacing.
● GSM module : For sending and receiving data between Central Unit and server through Short Messaging service (SMS).
● Server : For storing user data like account details, connecting to third-party payment gateways. It sends and receives encrypted data to and from central unit through SMS gateway.
WORKING● The central unit gets activated and a fresh session will be started when user shows
RFID card near transceiver of RFID module.
● The microcontroller reads the unique user identification number from RFID card and
generate it’s hash
● And sends the hash code to the server in the following format.
Hashed user dataMessage TypeDevice ModeDevice ID
Field Function
Device ID Represents of unique ID of central unit
Device Mode Represents the mode in with central unit is working
Message Type Represents the content of message
Hashed user data Contains hashed user ID data
WORKING
● The server responds by sending back encrypted account details of the user
corresponding to that RFID card in following format.
● During this time the central unit prompts the user to enter his/her password.
● The password entered by user through keypad is used to decrypt the user's details
received from server.
Username Balance User Status
Field Function
Username Consist of name of current user
Balance Consist of balance amount in user account
User Status Represents status of user account (blocked, good etc.)
WORKING● Then the user will be provided with various menus for checking account balance,
selecting different payment for services, choosing service plans, entering amount
etc.
● If the amount user entered for transaction is available in balance, An encrypted
message containing details about menus selected and values entered by user for
payment of different services is send back to the server.
Field Function
Message type Represents the content of message
Menu1 Represents ID of 1st menu selected by user.
Menu2 Represents ID of 2nd menu (inside first menu) selected by
user.
Service ID Contain detail about the user’s identification number of
that server user selected for payment.
Example: Mobile number, Electricity consumer number etc
Amount Contains amount entered by user for selected service
Message type Menu1 Menu2 Service ID Amount
WORKING
● The server receives and decrypt the encrypted message.
● Then server perform various e-payment procedures as mentioned in the message
send by central unit, though different e-payment gateways.
● Server updates the database of current user with a new balance.
Arduino Program AlgorithmSTART
READ RFID DATA
GENERATE SHA-1 HASH OF RFID DATA
SENT HASHED DATA TO SERVER
WAIT FOR SERVER REPLY
PROMPTS TO ENTER PASSWORD
DECRYPT RECEIVED DATA
PURSE RECEIVED DATA
DISPLAY NAME, BALANCE AND STATUS OF USER
IS STATUS IS GOOD?
CHECK FOR RFID CARD
IS CARD AVAILABLE DISPLAY MENUS TO SELECT SERVICES AND
FIELDS TO ENTER USER ID OF RESPETIVE SERVICES AND AMOUNTS.
IS ENTERED AMOUNT IS LESS THAN BALANCE
AVAILABLE
SEND ENCRYPTED DATA TO SERVER
DISPLAY MENUS TO SELECT SERVICES AND FIELDS TO ENTER USER ID OF RESPETIVE
SERVICES AND AMOUNTS.
ENCRYPTED USER ENTERED DATAS
STOP
CONTACT CUSTOMER CARE
TRY AGAIN
NO
NO
NO
YES
YES
YES
Server Program AlgorithmSTART
CHECK FOR 1st MESSAGE
IS NEW MESSAGE
RECEIVED?
SEARCH FOR USER CORRESPONDING TO RECEIVED DATA IN RECEIVED
MESSAGE IN DATABASE
ENCRYPT CORRESPONDING USER’S DATA
SENT ENCYPTED DATA TO CENTRAL UNIT
CHECK FOR 2nd MESSAGE
IS NEW MESSAGE
RECEIVED?
DECRYPT THE MESSAGE
PURSE DECRYPTED MESSAGE
SENT DETAILS ABOUT PAYMENT IN RECEIVED
MASSAGE TO CORRESPONDING PAYMENT
GATEWAY
UPDATE BALANCE CORRESPONDING
STOP
NO
NO
YES
YES
CONVERTING CIPHER FROM UNSIGNED BYTE INTO ASCII
CONVERTING DATA FROM ASCII UNSIGNED BYTE
CRYPTOGRAPHY
Since this is a system that deals with money we needs more security.
It is necessary to hide all data exchanges in this system from any unauthorized third
party.
We need to secure the identification key inside user ID cards and all communications
between the server and central unit.
Because if any unauthorized person got the code inside user ID card he can clone it
and access corresponding users account.
Also if a intruder gets access to our communication channel, he can intercept and
alter the data exchanged in his favor.
These may leads to frauds and failure of system.
So we needs to use cryptography in order to prevent these problems.
Cryptography enables to store or transmit sensitive information across insecure
networks so that it cannot be read by anyone except the intended recipient.
ALGORITHM SELECTION
For encryption and decryption of data we choose symmetric key algorithm.
Because here both ends knows the key to encrypt and decrypt.
Among different symmetric key algorithms we choose Advanced
Encryption Standard (AES) .
AES is fast in both software and hardware, is relatively easy to implement,
and requires little memory and computing power.
It is more suitable embedded environments like Arduino.
For hashing we used SHA-1 algorithm over because MD5 is bad due to
collision problems and need less computation power.
SHA-1 HASH FUNCTION
Designed by the NSA, following the structure of MD4 and MD5.
Stands for Secure Hash Algorithm
Maps strings of any length to strings of 160 bit.
In this project we use SHA-1 generate hash of user identification code inside the user
ID card.
And we only sent this unique hash corresponding to that user ID card to the server via
GSM network.
So third parties can’t get the real identification code inside user ID card.
Server knows the SHA-1 hash corresponding to each user, so it can identify the user
behind that hash.
This will prevent the cloning of user ID card.
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government in late 90’s
AES is requires less computation power and it cannot cracked practically using any of current cryptanalysis methods.
Here we are using AES-128, that uses 128 bit key for encryption.
Cipher Detail:
Key sizes: 128 bits
Plane text block size: 128 bits
Cypher text block size: 128 bits
In our project we use AES to encrypt and decrypt data exchanged between Central
unit and server as SMS through GSM network.
Password given to user is used as the key for AES algorithm.
So that no third party can access or modify the original data.
This provides confidentiality and prevent men in middle attacks.
MERITS & DEMERITS
MERITS :
Low cost implementation.
Accessible to public 24x7 hours
Maximum security.
No need of internet.
Users do not need any high cost equipment or services for e-payment.
No need for bank account.
Centralized.
Low power consumption
No problem of exact change tender
DEMERITS :
Communication using SMS is slow when compared to TCP/IP methods.
Future works
Can be used at toll booths for collecting toll.
Can be interfaced with vending machines.
Can be also interfaced with taxi meter.
Can be used for payments in public transport.
THE END