Page 93 - Intelligent Communication Systems
P. 93

76       INTELLIGENT COMMUNICATION  SYSTEMS
        7.9.2.1  Customer Procedure
        First, a customer gets the certificate of the merchant, the certificate of the card com-
        pany, as well as information about the goods and purchase  order by accessing the
        merchants  server  over the network. The  customer extracts  the public  key of the
        merchant and the public key of the company. The certificates verify the merchant's
        identity and the company's identity. The customer fills out a purchase  order and
        payment information. The purchase  order  includes the name and number of the
        goods. Payment information includes the customer's  name, street  address,  age,
        e-mail address, card ID and expiration date, and the costs of the goods. Next the hash
        values of the purchase order and payment information are calculated and the values
        are defined as POh and Plh, respectively. Then POh and Plh are linked and the hash
        value of the combination calculated and defined as POPIh. Then POPIh is enc-
        rypted via the private key of the customer, and the scrambled  value is defined as
        the digital  signature POPID. The customer then encrypts PO, Plh, and POPID by
        means of the public key of the card company. The scrambled  values of PO, PDi and
        POPID are placed in the digital envelope CE. CE is sent to the card company. Then
        the customer encrypts PO, Plh, POPID, and CE by means of the merchant's public
        key and gets the scrambled values of PO, Plh, POPID,  and CE, respectively. They
        are put in the digital envelope  ME. Then ME is sent to the  merchant.


        7.9.2.2 Merchant  Procedure
        When the merchant receives ME from the customer, he or she decrypts it by means
        of his or her private key and gets PO, Plh, POPID, and CE. First, the merchant cal-
        culates the hash value POh of PO and links POh and  PDi and calculates  the hash
        value POPIh 1 of the combination of POh and Plh. Next, he or she decrypts  POPID
        by  means of the customer's public key and gets POPIh2. If POPDil  and POPIh2
        are the same,  this confirms that the information  transmitted  via the network  has
        not been changed illegally and verifies the customer's identity. Then the merchant
        sends CE to the credit card company and asks the company to verify the  customer's
        identity for an online purchase and to ensure that the credit card is not being used
        fraudulently by the customer. This procedure enables the merchant to see the cus-
        tomer's purchase order but not the customer's payment information.

        7.9.2.3 Credit  Card Company  Procedure
        When the credit card company receives the digital envelope  CE, the company de-
        crypts it by means of the company's private key and gets PI, POh,  and POPID. It
        calculates the hash value PDi of PI and the hash value POPIh 1 of the combination
        of POh and Plh. Then  it decrypts  POPID  via the customer's  public  key and gets
        POPIh2. If POPDil  and POPIh2 are the same, this confirms that the information has
        been transmitted securely and verifies that the customer is an authorized  customer.
        The company checks whether the customer has a bank account and whether he or
        she can make a purchase by using the customer's PI. The result is sent back to the
   88   89   90   91   92   93   94   95   96   97   98