Post on 01-Nov-2014
description
transcript
E-commerce transaction validationby service providers
Dominique Sandraz+, Paul Serra+, Antoni Drudis+,Claude Florin*
Hewlett-Packard
+ publication authors, * presenter at ICIN 07 conference
2October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Web e-commerce transactions
• Context − Credit card and web clearing-house are widely adopted by e-commerce consumers and
merchants − Mobile payment initiatives and services, using NFC, SMS, WAP, applications and IVRs
• Investigation of possible improvements for IMS subscribers :− Stronger authentication to prevent identity theft− Enhanced privacy of buyer’s identity− Support of anonymous transactions− Enhanced fraud protection
BuyersPayment
Shipment
Merchant
3October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Improving e-commerce security
− Trusted party to validate buyers and merchants transactions • Enhances validation for specific applications using speech processing• Protects from denial of service attacks, reduce order repudiation
− Protection of buyer’s privacy • ID management• Anonymous transactions
− Complement clearing house payment services• Micro-payments, pre-paid debits, mobile 2.0 group split-billing• Clearing-house, credit-card interface aggregation, reporting
BuyersPayment
Shipment
Merchant
Validation service
4October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
IMS Architecture - mobile
Mw/dd
Cx/16
ISC/12SIP
Sh/11
Mr/24
Diameter
RfSIP
Mw/ddGm/hh
Visiteddomain
Homedomain
P-CSCF I-CSCF S-CSCF
Applicationserver
OSA AS
User interaction
UE /
ISIM
2G SCP
Leveraging IMS for Web transactionsPayment
Transaction validation
PLMN
HSSAuC
Buyers identity
Note : simplified view
MRF
Charging OCS
Merchant / clearing service
HTTPS
Parlay XWSDL
SfNETANNMSCML
CCXMLVXML
Web
AKA
5October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Payment validation
Buyer interaction
2-3G
Service provider
Transactionvalidation service
HSSValidation request
SMS / voiceConfirmation
SMS / DTMF
Validationrequest
WSL
Validationresponse
WSL
DTMFASRTTS
SMS
IP Merchant service
ASDB
Order XML HTTP Request
Confirmation XML HTTP Response
Merchant
Paymentservice
AS
Clearing
OK
Web browser
6October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
User authentication
2-3G
IP Merchant service
ASDB
Order XML HTTP Request
Validation request
SMS / voiceConfirmation
SMS / DTMF
Confirmation XML HTTP Response
Merchant
Ordering key request - response
SMS / DTMF
Ord
erin
g ke
y
PIN
Service provider
Transactionvalidation service
HSS
Validationrequest
WSL
Validationresponse
WSL
DTMFASRTTS
SMS
Paymentservice
AS
ClearingWeb browser
7October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Transaction micro-payment
Service provider
IP Merchant service
ASDB
Order XML HTTP Request
Validation request
WSL
Validation response
WSL
Confirmation XML HTTP Response
Merchant
Clearing
Buyer interaction
2-3GTransactionvalidation service
HSSValidation request
SMS / voiceConfirmation
SMS / DTMFDTMFASRTTS
SMS
Prepaid
Debit
CD
R
Com
mun
ities
Note : many users may be sharing the order in a community using split-billing
OK
Web browser
8October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Mobile clearing house validation
Buyer interaction
2-3G
Service provider
Transactionvalidation service
HSSPayment request
SMS / voiceConfirmation
SMS / DTMF
Payment
request
WSL
Payment
response
WSL
DTMFASRTTS
SMS
IP Merchant service
ASDB
Order XML HTTP Request
Confirmation XML HTTP Response
Merchant
Paymentservice
AS
Clearing
OK
Web browser
9October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Anonymous user validationHiding billing and shipment addresses
2-3G
Service provider
IP
Transactionvalidation service
HSS
Merchant service
ASDB
Order XML HTTP Request
Validation request
SMS / voiceConfirmation
SMS / DTMF
Validation request
WSL
Validation response
WSL
Confirmation XML HTTP Response
Merchant
DTMFASRTTS
SMS
Shipmentservice
AS
Warehouse
Ordering key request - response
SMS / DTMF
Ord
erin
g ke
y
Address
WSL
Shippingnum
ber
WSL
Note : user is anonymous to the merchant
PIN
Web browser
10October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Telecom service providers added-value• Ubiquitous service access : ~2.5 *109 mobile
users−Voice interaction with low literacy consumers −SMS, WAP, …
• Micro-billing and credit : > 500 *109 € / year−Users < 18 years old, with low credit, P2P and C2B−3rd party billing for value-added services (premium SMS
and voice)−Mobile commerce revenue 2006 > 25 *109 €−Split billing to mobile 2.0 communities (games, sharing)
• Strong user authentication−SIM / USIM authentication
11October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Investigation results :• An application layer to validate e-commerce
transactions can be deployed over an IMS architecture
• Telecom service providers can add value in specific use cases to grow Web e-commerce :−Trust, authentication−Micro-payment−Mobile clearing house validation−Anonymous transactions−Ubiquitous access
Thank youhttp://www.hp.com/go/opencall
13October 8, 2007 E-commerce transaction validation - claude.florin@hp.com
Context : mobile payment services• Discontinued initiatives −Simpay (20 countries)−Paybox (< 1M users)
• Current mobile payment players−Paypal mobile (26 B$ in 2006)−Obopay, Kushcash, Paybytext, Firethorn, Clairmail,
mFoundry, mobileLime, PHIRE, Cyphermint, C-Sam, Lending Club, Billeo, Yodlee, Firethorn, Monitise, Clairmail, mShift, mFoundry, iPay
−GSMA • MasterCard global hub for migrant workers remittances• Pay-Buy Mobile initiative