15,000 words: understanding "payment security" in one article

Payments are a very large and specialized field, and payment security has always been very important because of the money involved. Through 15,000 words, the author of this article has systematically sorted out the entire framework of payment security for us, which can be collected and studied by relevant students.

In the trillion-dollar market of electronic payments, security is undoubtedly the core of the core. Most people know that payment security is very important, but what exactly does payment security include, the problems it faces, and what specific technologies or solutions are there to deal with, including veteran payers who have been in the payment industry for many years, but they may not have a clear and comprehensive understanding.

Today, I try to explain the payment security system from the main security problems faced by online payment, common technical means such as encryption and decryption, signature verification, security certificates, etc.

In this article, you can learn about the following:

1. The main security concerns faced by online payments.
2. Common encryption and decryption techniques.
3. Common signature verification techniques.
4. Secure identity authentication system.
5. Common security protocols.
6. Key storage and unified security services.
7. Frequently asked questions in engineering applications.

1. The main security issues faced by online payment

The main security issues faced by online payments include:

1) Sensitive information such as account number or password is stolen.

The user's account number and password can be obtained by hackers, resulting in the theft of personal funds. This situation is a security problem that users generally perceive strongly, and it is common in the case of password leakage leading to the loss of funds.

2) Transaction information is tampered with.

This is less perceived by ordinary users, and it is common that the payment amount is tampered with, such as the actual payment amount is less than the payable amount, or the collection account or amount at the time of transfer is tampered with.

I have encountered a real case before, the hacker first attacked the banking system, and then initiated a recharge of 20,000 US dollars on the payment platform, and then modified the bank deduction order to deduct 1 US dollar, and the bank deducted 1 US dollar successfully, and notified the payment platform that the deduction was successful, and the payment only verified the status, but did not verify the amount, causing the payment platform to recharge 20,000 US dollars for the user's balance, and then the hacker withdrew 20,000 US dollars on the payment platform. In the end, it will cause huge losses to the payment platform.

In other cases, when the transfer request is intercepted by hackers, the original receiving account is modified to another account and then sent to the payment platform. If the payment platform does not have security measures in place, it is possible to transfer money to the wrong account.

3) The transaction information is repudiated.

This one is relatively rare. For example, the payment platform requests the bank to deduct 200 yuan, and the bank actually fails to deduct the payment, but the payment platform is notified successfully, and the payment platform also notifies the merchant that the goods have been shipped. However, the bank said that the deduction they returned to the payment platform was a failure, and the information that the deduction was successful was not sent by the bank. This behavior is denial.

4) Fraudulent Transactions

This includes illegal transactions such as cash-out and money laundering, as well as theft due to the leakage of user information.

5) Service Unavailability Attack.

The frequency of this occurrence is very high, but the average person does not feel it. If you are interested, you can search for Distributed Denial of Service (DDoS), in which attackers occupy the resources of the payment system through a large amount of malicious traffic, making it impossible for legitimate users to access the payment platform normally, thus affecting the user's transaction experience and even causing financial losses.

2. Core concerns of payment security

Payment security is a big area, but we generally only need to focus on the following core points:

1) Sensitive information is stored securely.

Secure storage of sensitive personal and business/channel information.

Sensitive personal information includes ID card information, payment card plaintext data and passwords, while sensitive information of merchants/channels involves merchant login/operation passwords, channel certificate keys, etc.

2) Secure transmission of transaction information.

Ensure the security of data transmission between the client and the payment system server, between the merchant system and the payment system, between the internal server of the payment system and the server, and between the payment system and the bank. This includes measures such as the use of encryption technology to ensure the security of data transmission.

3) Anti-tampering and anti-repudiation of transaction information.

Ensure the integrity and authenticity of transaction information, and prevent transaction information from being tampered with or repudiated. A typical transaction usually involves four parties: the user, the merchant, the payment institution, and the bank, to ensure that the information sent by all parties has not been tampered with and cannot be repudiated.

4) Fraud Transaction Prevention.

Identify and prevent fraudulent transactions, including illegal operations such as cash-out and money laundering, and protect the security of user assets by identifying user information leaks and suspicious transactions. This aspect is usually taken care of by the payment risk control system.

5) Service Availability.

Defend against DDoS attacks and ensure the stable operation and service availability of the payment system. Through the deployment of firewalls, intrusion detection systems and other technical means, we can detect and respond to possible DDoS attacks in a timely manner to ensure the normal operation of payment services.

3. Minimalist payment security picture

Payment security is a comprehensive system engineering, in addition to technical means, it also needs to establish a sound security system and compliance system, and the latter two are usually ignored by most people.

The following diagram is a simplified version of the large picture of payment security, which contains the core points that need to be considered for payment security.

1) The system is the foundation

The system is clear in which scenarios encryption and storage are required, what algorithm is required for encryption, how many bits are required for the minimum key length, and in which scenarios signature verification is required. The system is usually divided into an industrial system and an internal security system. Industry systems are usually laws and regulations formulated at the national level, such as the Cybersecurity Law, the Measures for the Administration of Payment Business, etc. An internal security system is usually established by a company based on its own business and capabilities, and a small company may not have it.

2) Technical means

There are four main goals:

1) Sensitive data is stored securely.

2) Secure transmission of transactions.

3) Integrity and authenticity of the transaction.

4) Legitimacy of the transaction (no fraud).

The corresponding technical means are:

• Secure storage of sensitive information: Encryption technology is used to encrypt and store sensitive information of individuals and merchants/channels, restrict access to sensitive information, and prevent unauthorized access and leakage.
• Secure transmission of transaction information: Encryption technologies such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) are used to ensure the confidentiality and integrity of data during transmission.
• Integrity and authenticity of transactions: Digital signature technology and identity authentication technology are used to ensure the integrity and authenticity of transaction information, record and audit transaction information, and establish traceable transaction logs to deal with possible transaction tampering or denial.
• Prevent fraudulent transactions: Identify and prevent suspicious transactions in a timely manner through the payment risk control system.
• Service availability: Deploy traffic cleaning equipment and intrusion detection systems to detect and block malicious traffic in a timely manner, ensure the stable operation and service availability of the payment system, and defend against DDoS attacks.

The following is a detailed explanation of each technical means.

4. Data security: encryption and decryption technology

Encryption and decryption technology is the foundation of data security, and encryption and decryption technology is required in one of the core technologies of payment security technology, whether it is the communication between the payment platform and the bank, or the storage of sensitive data within the payment platform.

I try to avoid the advanced digital knowledge behind the encryption and decryption technology.

1. What is encryption and decryption

In digital communication

Encryption is the process of converting plaintext into unrecognizable ciphertext through a certain algorithm and key. In this way, even if the data is intercepted, unauthorized third parties cannot understand its contents. For example, change the plaintext "123" to "aexyeffidfdfwsd".

Decryption is the reverse process of encryption, which converts ciphertext into plaintext through certain algorithms and keys. For example, change the ciphertext "aexyeffidfdfwsd" to "123".

2. Symmetric encryption algorithm

Symmetric encryption is the use of the same key, known as a symmetric key, for encryption and decryption. This means that the sender and receiver must share the same key before communicating. Symmetric cryptography algorithms are simple and efficient to use, but key distribution and management is one of their main challenges.

Here are some common symmetric encryption algorithms, features, and application scenarios:

AES（Advanced Encryption Standard，高级加密标准）：

Features: High security, fast speed, variable key length.

Application scenario: Widely used in network communication, file encryption, database encryption and other fields. It is also the mainstream symmetric encryption algorithm used in the payment industry.

DES（Data Encryption Standard，数据加密标准）：

Features: Relatively old, short key length (56 bits), relatively weak security.

Application Scenario: Once widely used to protect data transmission and storage, it has been largely replaced by AES due to short key lengths and weak security.

3DES(Triple DES,三重数据加密标准):

Features: Enhanced security by using the DES algorithm to encrypt the data three times, but it is slower.

Application scenario: It was widely used to replace DES, but due to its slow speed, it has been basically replaced by AES.

RC4（Rivest Cipher 4）：

Features: Fast speed, simple and easy to use.

Application scenario: It used to be used to protect network communication and encryption in SSL/TLS protocols, but it is no longer recommended due to security issues.

IDEA（International Data Encryption Algorithm）：

Features: Fast speed and high security.

Application Scenario: It used to be used for network communication and file encryption, but due to patent restrictions and the emergence of more advanced algorithms, the application is gradually decreasing.

AES is currently considered to be the most secure and commonly used symmetric encryption algorithm and is recommended for use in the payments industry. It is recommended to use a key length of 256 bits or more.

Some banks require the entire packet to be encrypted, and AES 256 is usually used to encrypt the packet.

3. Asymmetric encryption algorithms

Asymmetric encryption algorithms use a pair of keys (public and private) for encryption and decryption. The two keys are related, but not identical. The public key is used to encrypt the data, and the private key is used to decrypt the data, and it must not be the other way around, because everyone has the public key, and if the private key is used to encrypt and the public key is decrypted, everyone can decrypt it, and there is no security at all. This type of encryption is characterized by key separation, that is, the public key can be distributed publicly, while the private key is kept secret.

In addition, asymmetric encryption algorithms are also used for signature verification, signing with the private key, and verifying the public key (not the other way around).

Here are some common asymmetric encryption algorithms, features, and application scenarios:

RSA（Rivest-Shamir-Adleman）：

Features: high safety, strong reliability, wide application.

Application scenarios: Used in various security fields such as encrypted communication, digital signature, and key exchange. The payments industry uses it a lot.

DSA（Digital Signature Algorithm）：

Features: Used for digital signatures, fast verification speed.

Application scenario: It is mainly used for authentication and digital signatures, such as SSL/TLS for website authentication.

ECC（Elliptic Curve Cryptography）：

Features: short key length, high security, high encryption efficiency.

Application scenarios: Suitable for mobile devices and resource-constrained environments, such as smartphones and IoT devices.

DH（Diffie-Hellman）：

Features: Used for key exchange to achieve secure key negotiation.

Application scenario: It is used for key negotiation in secure communication, such as the key exchange stage in SSL/TLS.

RSA is currently the most widely used algorithm in the payments industry, and ECC is emerging as the algorithm of choice for mobile and IoT devices, favoring it for its efficient performance in resource-constrained environments. RSA recommends a key length of 2048 bits or more, and ECC recommends a key length of 256 bits or more.

4. Digital envelope encryption algorithms

The digital envelope encryption algorithm combines a variety of encryption technologies such as symmetric encryption, asymmetric encryption, digital signature and signature verification to protect the security and integrity of data in network communication. The transmitted data is like being placed inside an envelope, and only the recipient can open the envelope to view the plaintext, so it is figuratively called digital envelope encryption.

Its principle is to use a symmetric encryption algorithm to encrypt the data to be transmitted, then use the receiver's public key to encrypt the symmetric key, then use its own private key to sign, and finally send the encrypted symmetric key and the encrypted data to the receiver together. The receiver first uses the other party's public key to verify the signature, then uses the private key to decrypt the symmetric key, and finally uses the symmetric key to decrypt the data.

However, what you hear more about is PGP (Pretty Good Privacy). PGP is a cryptographic software suite used to protect the security and privacy of electronic communications. It was created by Philip Zimmermann in 1991 and became a standard encryption tool, initially used to protect emails and later widely used to protect file transfers, such as between payment platforms and banks.

RSA 2048 is commonly recommended for PGP, with the former for encrypting symmetric keys and signatures, and AES 256 for encrypting large chunks.

The following figure shows the complete process of the digital envelope encryption and decryption algorithm:

Nowadays, many banks require PGP encryption in their payment files because they contain sensitive data such as card numbers.

5. Encryption algorithm and key length selection

In cryptographic applications, the algorithm and key length have important impacts on security (difficulty to crack) and performance (speed of operation):

Safety:

1. Asymmetric encryption algorithms are generally more secure than symmetric encryption algorithms. For example, RSA (asymmetric encryption) is better than AES (symmetric encryption).
2. The new algorithm is usually more secure than the old algorithm. For example, AES and DES are both symmetric encryption algorithms, but AES is more secure than DES.
3. For the same algorithm, the longer the key, the more secure it is, because the longer the key, the larger the keyspace, and the more difficult it is to crack. For example, AES 256 (key length) is more secure than AES 128 (key length).

Performance:

1. Symmetric cryptography is usually faster than asymmetric cryptography. For example, AES (symmetric encryption) is better than RSA (asymmetric encryption).
2. For the same algorithm, the longer the key, the slower the operation and the worse the performance. For example, AES 256 (key length) is slower than AES 128 (key length). Because the key length increases the complexity and computation of encryption operations, more computing resources and time are required to perform encryption and decryption operations.

Therefore, when choosing an encryption algorithm and key length, it is necessary to consider the balance between security and performance. In general, you should choose an encryption algorithm with high security and select a key of appropriate length based on the application scenario and performance requirements.

The current algorithm and key length recommended by the payment industry are as follows:

Algorithm selection: Symmetric encryption algorithms (such as AES) are suitable for fast encryption and decryption of large amounts of data, while asymmetric encryption algorithms (such as RSA) are suitable for key exchange and digital signatures.

Key Length: AES recommends 256 bits or more. RSA recommends 2048 bits or more.

6. Recommendation of common encryption and decryption algorithms

Earlier, we introduced symmetric encryption and asymmetric encryption algorithms, which have different use scenarios, and the recommended algorithms in the payment industry are as follows:

AES: The most widely used symmetric encryption algorithm, which is fast and suitable for encrypting large amounts of data at high speed. The recommended key length is 256 bits or more.

RSA: A widely used asymmetric encryption algorithm that is more secure than AES, but the encryption speed is slower, and it is suitable for small amounts of data or used as a digital signature. The recommended key length is 2048 bits or more.

In some scenarios, it is necessary to use a combination of AES and RSA at the same time, for example, AES is used for big data encryption, and the AES key is encrypted and transmitted through RSA and signed by RSA, which not only solves the problem of security but also encryption speed.

In particular, don't invent a "private" algorithm and apply it to production. Because the security of these algorithms recommended by the industry has been demonstrated by a large number of digital scientists and computer scientists, and has also been continuously verified by the industry.

In addition to the AES and RSA recommended above, various countries have some special encryption algorithms based on special security considerations, which have also been demonstrated by a large number of digital scientists and computer scientists, but there is a certain threshold for use.

7. Typical application scenarios

As a very secure system, the payment system plays an extremely important role in encryption and decryption technology.

Generally, the following core application scenarios will use encryption and decryption technology:

1) Transmission encryption; 2) Storage encryption.

Transmission encryption: Protects the security of transaction data during transmission over the Internet, preventing data from being eavesdropped or tampered with.

There are usually two implementations:

1) Channel encryption: For example, use HTTPS, VPN, leased line, etc., to achieve end-to-end encryption of data transmission.

2) Packet data encryption: Some fields are encrypted separately, such as key information such as card numbers, and then sent out. The entire packet is encrypted separately, and the entire packet is encrypted and then sent out.

Storage encryption: Sensitive data, such as credit card information, user ID card information, and passwords, need to be encrypted and stored in the database to prevent data leakage.

There are usually two types of implementations:

1) Direct encryption: The original information is directly encrypted. It is usually used to encrypt regular data such as credit cards and physical certificates.

2) Add salt value (SALT) and then encrypt: The original message is added with salt value first, and then encrypted. Commonly used for password management. The so-called salt value is a string of randomly generated strings, such as: 329713kud3s, 9ds9jd9sj3es.

8. Special Handling of Login and Payment Passwords

The transmission and storage of login and payment passwords are special and worth talking about separately.

4.8.1 Special Handling of Login and Payment Password Transmission

Both login and payment passwords are entered by the user, how to ensure that they are not stolen when entered? How to ensure the security of transmission?

There are generally security controls when input, and the input is obtained directly, and other applications cannot steal the input. Then, the public key is used for encryption, and after transmission to the backend, the private key is used to decrypt it, and then it is decrypted, and then it is re-encrypted, and finally saved to the DB, or compared with the password of the DB.

4.8.2. Special handling of login and payment password storage

In the previous section, it was mentioned that the login or payment password needs to be salted before being encrypted and stored. So why do you need to use salt for password management? To improve password security.

1. Prevent rainbow table attacks. A rainbow table is a pre-computed dataset of hashes that attackers can use to find and decipher unsalted passwords. By salting each user, even if the same password is the same, the encrypted ciphertext will be different due to different salt values.
2. Protect users with the same password. If multiple users use the same password, if there is no salt value, one can be cracked and other users with the same password can be found. Each user has a different salt value, ensuring that the generated ciphertext is different.
3. Increases the difficulty of cracking. In particular, weak passwords can significantly increase the difficulty for attackers.

When implementing, you need to pay attention to the salting strategy:

1. Random and unique: Each user is random and unique.
2. Store salts: Each user's password and salt need to be stored pairwise. Because when the encryption key is updated, it needs to be decrypted and then re-encrypted with the salt value.
3. Long enough salt: Increases complexity, at least 128 bits is recommended.

9. PCI

If you want to save the user's card plaintext data (such as user name and card number), you must be certified by the Payment Card Industry (PCI), and the domain within the scope of PCI certification is called the PCI domain.

PCI Security Standards (PCI DSS) is a set of security standards developed and managed by the PCI Security Standards Council (PCI SSC) to protect the security and confidentiality of cardholder data.

To put it simply, the PC specifies a separate area (referred to as the PCI domain) that can process the user's card plaintext data, including encrypted storage, or using plaintext, and the network security deployment, data access control, data encryption, log printing, security policies, etc. in this area are all regulated by the PCI DSS and are regularly reviewed by the relevant certification organizations.

Special attention is paid to the PCI standard requires that all domains cannot print sensitive user information, and all domains cannot store sensitive user information in plaintext, for example, the card can only print the first 6 and the last 4, and only applications within the PCI domain can use card plaintext data.

10. Common problems in engineering applications of encryption and decryption

Irregular key management: The key is encrypted and stored in the database, but the key used to encrypt the key is 123456.

Inappropriate algorithm selection: The extremely slow asymmetric RSA algorithm is used for large data selection.

The compatibility algorithm is incorrect: in particular, the mode and filling method directly affect the encryption and decryption results. For example, AES is still subdivided into: ECB, CBC, CFB, OFB, CTR, GCM and other modes, as well as PKCS7/PKCS5 filling, zero filling and other filling methods. For details, you can find cryptography related materials for reference.

Whimsically using a proprietary algorithm of his own making: thinking it is safe, but in fact it is too stupid and naïve.

The management mechanism is not perfect: there are no strict specifications, or some specifications are not strictly enforced, resulting in easy access to keys.

5. Anti-tampering and anti-repudiation: signature and signature verification technology

Anti-tamper and anti-repudiation are also commonly referred to as data integrity and authenticity verification issues, which are usually solved by signature verification technology.

1. What is a signature and verification?

Signature verification are two basic concepts in the field of digital cryptography.

Signature: The sender converts data into a unique ciphertext string, also known as a digital signature, through a specific algorithm and key, and sends it to the receiver along with the message information.

Verification: The receiver verifies the integrity of the data based on the received data and digital signatures to prove that the data has not been tampered with and that it is indeed from the purported sender. If the signature is successful, you can be confident that the data is intact and legitimate.

Here's a very simple math formula for signature verification.

假设被签名的数据（m），签名串（Σ），散列函数（H），私钥（Pr），公钥（Pu），加密算法（S），解密算法（S^），判断相等（eq）。

简化后的数学公式如下：签名：Σ=S[H(m), Pr]。

验签：f(v)=[H(m) eq S^(Σ, Pu)]。

The process is as follows:

Signature Process:

1. Hash Message: Apply a hash function (H) to the message (m) to generate a hash value (H).
2. Encrypt the hash: Encrypt the hash (h) with the sender's private key (Pr) to generate a signature (σ). Σ = S(h, Pr)

The digital signature (Σ) is sent to the receiver along with the original message (m).

Verification process:

1. Hash received message: Use the same hash function (H) to generate a hash value (h') for message (m). h’ = H(m)
2. Decrypt the signature: The signature (σ) is decrypted using the sender's public key (Pu) to obtain a hash value (h). h = S^(Σ, Pu)
3. Compare hash values: Compare whether the hash value (h') obtained by decryption is consistent with the hash (h') obtained by directly hashing the message (m). Validation success condition: h = h'.

If the two hashes are equal, then the signature is successful and the message (m) is considered complete and indeed from the purported sender. If there is a discrepancy, the signature verification has failed, the message may have been tampered with, or the signature has been forged.

In reality, the algorithms will be very complex, such as RSA, ECDSA, etc., and also involve filling schemes, random number generation, data encoding, etc.

2. Why does the payment system have to do signature verification?

How can the bank determine that the deduction request was sent from a confirmed payment platform and the data has not been tampered with? What should I do if the merchant does not admit that a transaction has been sent? This is all due to the signature verification technology.

Signature verification mainly solves three problems:

1) Authentication: Confirm that the payment information is sent by the real sender to prevent impersonation.

If you can't do identity verification, Alipay will not be able to know whether the request to deduct 99 yuan from your account is really sent by your downstairs commissary, or if I pretended to deduct the money.

2) Integrity verification: Confirm that the payment information has not been tampered with during transmission, and each transaction is complete and accurate.

If the integrity cannot be verified, then I install a free WIFI in a public scene, then intercept your WeChat transfer request, modify the recipient to my account, and then forward it to WeChat, and WeChat may transfer the money to my account.

3) Anti-repudiation: avoid any party that has otherwise carried out transactions, and provide legal evidence to support.

For example, WeChat Pay called the bank to deduct 100 yuan, the bank returned successfully, and the merchant also shipped the goods to the user, and a few days later the bank said that the news of the successful deduction was not returned by them, and they did not deduct the money. And the signature verification can make it impossible for the bank to deny.

Procedure:

1. The two parties exchange keys first, which can be exchanged through offline email or through an online self-service platform.
2. The requester signs the transaction packet with its own private key before sending the packet, and the receiver verifies the signature after receiving the packet, and then processes the transaction after the signature verification is passed.
3. After the receiver completes the service, it uses its private key to sign the packet, and the requester verifies the return packet after receiving it, and then processes the service after the signature is passed.

3. Common digital signature algorithms and recommendation algorithms

Common digital signature algorithms include:

1. RSA (Rivest-Shamir-Adleman): RSA is an asymmetric encryption algorithm based on the problem of large prime factorization, which is widely used in digital signatures and key exchange.
2. DSA (Digital Signature Algorithm:D SA is a digital signature algorithm based on discrete logarithmic problems, which is mainly used in the field of digital signatures.
3. ECDSA（Elliptic Curve Digital Signature Algorithm）：ECDSA是一种基于椭圆曲线离散对数问题的数字签名算法，具有比RSA更短的密钥长度和更高的安全性。
4. EdDSA（Edwards-curve Digital Signature Algorithm）：EdDSA是一种基于扭曲爱德华斯曲线的数字签名算法，具有高效性和安全性，被广泛用于加密货币等领域。

At present, the mainstream digital signature algorithms are RSA and ECDSA. RSA was introduced earlier and has sufficient security to be widely used today. Due to its short key length and higher security, ECDSA has gradually become an emerging digital signature algorithm, especially suitable for scenarios such as resource-constrained environments and mobile devices.

In terms of payment scenarios, RSA is the most widely used, and the recommended key length is 2048 bits. RSA1024 used to use it a lot, but it is no longer recommended because of the short key length and insufficient security.

4. Some tamper-related technologies

5.4.1. Numerical summary

Data summarization is a technique used to verify the integrity and consistency of data by performing computations (also known as hashes, summaries, hash calculations) to produce a unique, fixed-length string of data (often referred to as summaries or hashes). Data summaries are often used to verify that data has not changed during transmission or storage.

There is a flaw on it, that is, during the transmission process, the packet is intercepted by the hacker, and then the 1 million word article and summary message are all replaced, which cannot be found by the server. This flaw is addressed in the following HMAC algorithm.

Common data summarization algorithms include:

1. MD5 (Message Digest Algorithm 5): MD5 is a commonly used hashing algorithm that generates a 128-bit hash value. However, due to the serious security shortcomings of MD5, it is no longer recommended for scenarios with high security requirements.
2. SHA-1 (Secure Hash Algorithm 1): SHA-1 is a relatively secure hashing algorithm that generates a 160-bit hash value. However, SHA-1 is also not recommended in some scenarios with high security requirements, due to some security issues, such as collision attacks.
3. SHA-256, SHA-384, SHA-512: These are the successors to SHA-1 and produce hashes of 256-bit, 384-bit, and 512-bit, respectively. They provide greater security and are often used to summarize data with high security requirements.
4. RIPEMD（RACE Integrity Primitives Evaluation Message Digest）：RIPEMD系列是一组与MD4和MD5相似的哈希算法，产生128位、160位、256位和320位的哈希值。 虽然不如SHA系列算法流行，但在某些场景下仍然有用。
5. BLAKE, Keccak, Whirlpool, etc.: These are some of the emerging hashing algorithms that are designed to be more secure and efficient, and are widely used in areas such as cryptography and blockchain.

The current recommended summary algorithm in the payments industry is SHA256.

It should be noted that digital signatures require the use of digital digest algorithms, but digital digest algorithms cannot replace digital signatures. Because the numerical summary can only prove whether the data is complete, it cannot prove that the data must have been issued by a certain person or an organization. However, many foreign payment institutions still use MD5 or SHA256 as a summary algorithm instead of name verification.

5.4.2. HMAC Algorithms

HMAC（Hash-based Message Authentication Code）是一种基于哈希函数（摘要）和密钥的消息认证码算法，通常用于验证消息的完整性和真实性。

The HMAC algorithm combines a hash function and a key to generate a unique digest by hashing the message and using the key to encrypt it. This digest is the authentication code of the message, which is used to verify the integrity and authenticity of the message.

HMAC is a simple and effective option in many scenarios because it uses digest algorithms and symmetric encryption to perform simple and fast operations, and is also used for message integrity protection and authentication. Therefore, in the payment scenario, it is also often used for signature verification.

However, it should be noted that HMAC solves part of the problem of the pure digest algorithm, but it is still not a digital signature algorithm in the strict sense, because HMAC uses a symmetric key owned by both parties, and it cannot be proved that the message must have been sent by the other party, because it may also be forged by one party.

5.4.3. Numeric timestamps

A digital timestamp is a digital signature or hash used to determine the time when a specific event occurred, usually issued by a digital time-stamp service (DTS). A digital timestamp binds the time information of a particular event to a digital signature or hash value to ensure that the event existed before a specific time, thus preventing subsequent tampering or forgery.

For example, if two scientists claim to have completed a proof or experiment before the other, the problem can be easily solved if both parties digitally timestamp the relevant material through a digital timestamp service.

The application scenarios of digital timestamps are mainly in document proof, email, digital certificates, etc., such as legal documents, contracts, intellectual property rights, certificates, etc., to prove that the document existed before a certain time.

However, in payment systems, digital timestamps are rarely used at the moment.

5.4.4. Dual Digital Signatures

双重数字签名是安全电子交易协议 (Secure Electronic Transaction, 简称SET协议)中引入一个概念。 因为SET协议过于复杂，且互联网出现了新的更简便的安全协议，比如SSL（Secure Sockets Layer）/TLS（Transport Layer Security）/HTTPS（Hypertext Transfer Protocol Secure），SET实际没有大规模应用。 所在当代支付系统中，目前比较少见双重数字签名。

The principle of dual digital signatures is a bit round, and I try to make it clear:

Illustrate:

1. Users, merchants, and banks apply for certificates from CAs respectively, which has been omitted in the figure.
2. After the user buys, he first generates a summary of the order information, then generates a summary of the payment information, splices the two summaries together to create a new summary, and finally signs with his own private key, that is, the double-signature information.
3. The user sends the "order information + payment information summary + double signature string" to the merchant, and the merchant generates a summary according to the order information, splices it with the payment information summary, and then uses the user's public key to verify the signature.
4. The user sends the "payment information ciphertext + merchant information summary + double signature string" to the bank (or through the merchant), and the bank first uses its own private key to decrypt the plaintext of the payment information, generate a summary, and then splices it with the order information summary, and then uses the user's public key to verify the signature.
5. In the above process, the merchant does not know the user's payment information, such as the card number, etc., and the bank does not know the user's order information, such as what was bought, but the merchant and the bank can judge that the other party is genuine.

6. Judgment of identity legitimacy: identity authentication technology

How do you prove that you are you in Internet Payment? This is identity technology. The following certificates, CA, PKI, etc. are relatively professional concepts, here is only an introductory introduction, interested students can find professional articles for in-depth study, basically each module can write a book.

1. What is authentication?

In the field of payment security, identity authentication is the confirmation of whether the participants in a payment transaction are who they claim to be. To put it simply, it's to prove that you are you. The most important aspects of this feature are, of course, to protect the security of user accounts, to reduce fraudulent transactions or fraudulent transactions, and to comply with compliance requirements.

2. Common authentication methods

Identity authentication is usually divided into personal identity authentication and enterprise/organization identity authentication.

Common methods of personal identification include the following:

1. Username and password authentication. There is nothing to say about this, the most common way of identity authentication, but the security is relatively low, and it is vulnerable to attacks such as password guessing and password leakage.
2. Multi-factor authentication (MFA). It requires users to use two methods to verify their identity at the same time, including password, SMS verification code, fingerprint recognition, face recognition, hardware token, etc. Generally, this will only be done when the risk is identified by the rear risk control. It is also often referred to as a risk control challenge.
3. Biometric authentication. Use an individual's biometrics (e.g., fingerprints, iris, voiceprints, faces, etc.) to authenticate. This type of authentication usually requires specialized hardware devices to capture biometrics and use algorithms to compare them.
4. Single Sign-On (SSO) vs. Oauth. Users only need to log in to one system to authorize access to other systems. For example, you can use WeChat or Alipay to log in to Weibo, Xiaohongshu, etc.
5. Digital certificates. It is rare for a CA to issue a personal digital certificate.

When it comes to identity authentication between enterprises or organizations, common methods include the use of digital certificates and mutual TLS authentication (also known as client certificate authentication). For details about digital certificates, see Digital Certificates, and for mutual TLS authentication, see TLS.

3. Digital certificates

A digital certificate is a security technology used for authentication and data encryption in network communications. It is an electronic document issued by a trusted entity known as a Certificate Authority (CA) that attests to the identity and public key of an entity, such as a website, person, or organization.

A digital certificate contains the following key information:

1. Public key: A digital certificate contains the public key of an entity that is used to encrypt and decrypt communication data.
2. Holder information: A digital certificate contains the identity information of the certificate holder, such as name and email address.
3. Issuer information: A digital certificate contains information about the certificate authority that issued the certificate, including the name of the certificate and contact information.
4. Expiration date: A digital certificate contains the validity period of the certificate, that is, the effective date and expiration date of the certificate.
5. Digital signature: A digital certificate contains the issuer's digital signature on the content of the certificate, which is used to verify the authenticity and integrity of the certificate.

In network communication, when a client establishes a secure connection to the server, the server sends its own digital certificate to the client. After the client receives the server's digital certificate, it uses the public key in the certificate to verify the server's identity and the authenticity of the certificate. If the authentication is successful, the client can encrypt the communication data with the server's public key and send the encrypted data to the server.

For example, if you visit a website that starts with https, the browser will verify the certificate of the website service provider.

In the payment system, some banks will require two-way certificate authentication when interconnecting.

4. Digital Certificate Authority CA

How can we believe that a certificate is credible? That's what CA proves. So why should we trust a CA? Credit endorsements are usually made by the government or a coalition of large organizations.

In the field of digital certificates, CA stands for Certificate Authority. A CA is a trusted third-party authority that issues, is, and verifies digital certificates to ensure their legitimacy and trustworthiness.

The main responsibilities of a CA include:

1. Issuance of digital certificates: The CA issues digital certificates to certificate applicants and ensures the validity and authenticity of the certificates. Before issuing a digital certificate, the CA authenticates the certificate applicant to ensure the legitimacy of their identity.
2. Certificate management: A CA is responsible for managing the issued digital certificates, including renewing, revoking, and finding certificates. The CA periodically checks the validity of digital certificates and revokes expired or invalid certificates.
3. Certificate validation: CAs provide the verification service of digital certificates to verify the authenticity and integrity of digital certificates. By verifying the signature and certificate chain of a digital certificate, you can ensure the legitimacy of the digital certificate and confirm the identity of the certificate holder.
4. Chain of trust management: The CA maintains a chain of trust that is used to establish the trust relationship of digital certificates. The chain of trust includes the root certificate, intermediate certificate, and terminal certificate, each of which is signed by the parent certificate up to the root certificate, ensuring the trust reliability of the digital certificate.

Common CAs include global CAs, such as VeriSign, GeoTrust, DigiCert, etc., as well as national or regional CAs, such as China Electronic Authentication Service (CFCA), China Internet Network Information Center (CNNIC), etc. These CAs follow international standards and industry norms to provide trusted digital certificate services to ensure the security and trustworthiness of network communications.

There is a chain of trust management mentioned above, which is an important concept. It is not possible for a top-level certificate authority to provide services to all users, but it can issue certificates to sub-authorities, who in turn issue certificates to end users. If you want to verify the validity of the certificate, you only need to verify the issuing CA in turn.

5. PKI

The theoretical basis for the digital certificates mentioned above is the Public Key Infrastructure (PKI), which is a framework and architecture for managing and verifying public keys. PKI provides a standardized set of methods for generating, storing, distributing, and revoking public keys to ensure secure network communication and authentication.

The PKI architecture consists of the following main components:

1. Digital certificates: PKIs use digital certificates to prove the identity of an entity, which contains the public key of the entity and other relevant information, such as the issuer and expiration date of the certificate. Digital certificates are issued by a Certificate Authority (CA) and are digitally signed to guarantee their authenticity and integrity.
2. Certificate Authority (CA): A CA is a trusted authority responsible for issuing, managing, and validating digital certificates. The CA signs the digital certificate through a digital signature to prove the authenticity of the certificate and provides a certificate revocation service (CRL or OCSP) to revoke the invalid certificate.
3. Registration Authority (RA): The RA is a secondary authority to the CA and is responsible for user authentication and application processing for digital certificates. The RA typically collects the user's identity information and submits it to the CA for approval and issuance of digital certificates.
4. Certificate repositories: Certificate repositories are used to store and manage issued digital certificates for users and applications to retrieve and validate certificates.
5. Key management: PKI provides key generation, distribution, and management, including the generation, storage, and exchange of public and private keys.

PKI is an important infrastructure to ensure the security of network communication through digital certificate and public key encryption technology to achieve secure authentication, data encryption and digital signature. It is also an important infrastructure for the payment security system.

Certificates, CAs, PKIs, etc. are all based on the theory of public and private keys, and interested students can have an in-depth understanding of the theory of public and private keys and the digital knowledge behind them.

7. Data transmission security: common transmission security protocols

On the Internet, all data is transmitted through the network, and the security of online payment cannot be bypassed the security of data transmission. Here's a quick look at the various common security protocols.

It is more troublesome to encrypt all the data and then transmit it, can it be simpler, we can directly encrypt the transmission pipe, and then transmit the plaintext data? Of course, there is no problem with the answer, such as SSL, TLS, HTTPS, leased lines, etc.

Most of this content is the focus of security engineers, and you just need to understand it.

1. SSL

SSL (Secure Sockets Layer) is a protocol used to secure network communications. It was originally developed by Netscape and first released in 1994. The SSL protocol provides encryption, integrity verification, and identity authentication by establishing a secure channel between the application layer and the transport layer to protect the security of network communications.

The main features of the SSL protocol include:

1. Encrypted communication: The SSL protocol uses an encryption algorithm to encrypt communication data to prevent eavesdroppers from stealing sensitive information. It supports a variety of encryption algorithms, including symmetric encryption algorithms (such as DES, 3DES, and AES) and asymmetric encryption algorithms (such as RSA, Diffie-Hellman).
2. Integrity verification: The SSL protocol uses a message authentication code (MAC) or digital signature to verify the integrity of communication data to prevent data tampering. The receiver can ensure that the received data has not been tampered with by verifying the MAC or digital signature.
3. Authentication: The SSL protocol supports authentication between the server and the client to ensure that the identities of both parties to the communication are legitimate. The server will typically provide a digital certificate to prove its identity, and the client can use the certificate to verify the server's identity. SSL also supports two-way authentication, which means that both the client and the server can authenticate their identity.
4. Session management: The SSL protocol supports session multiplexing to reduce the overhead of the handshake process and improve communication efficiency.

The SSL protocol was originally widely used for secure communication between web browsers and web servers to protect sensitive information transmitted by web pages, such as usernames, passwords, and credit card information. With the development and evolution of the SSL protocol, it was gradually replaced by the TLS protocol, but people still commonly refer to the TLS protocol collectively as SSL.

2. SLD

Transport Layer Security (TLS) is a protocol used to secure network communications. It is built on the SSL (Secure Sockets Layer) protocol and has been improved and expanded on the basis of SSL. TLS provides data encryption, integrity verification, and identity authentication to protect the security of network communications.

The main functions of the TLS protocol are the same as those of SSL. In addition, with the increasing number of cybersecurity threats, the TLS protocol is also evolving and improving to provide a more robust security protection mechanism.

3. HTTPS

Hypertext Transfer Protocol Secure (HTTPS) is a communication protocol for the secure transmission of hypertext. It is based on the HTTP protocol and adds SSL/TLS protocol for data encryption and authentication, which is used to protect the security of network communication.

The HTTPS protocol works as follows:

1. Establish a secure connection: When a client sends a connection request to the server, the server returns its own digital certificate that proves its identity and public key. After the client receives the server's digital certificate, it verifies the authenticity and validity of the certificate.
2. Negotiate encryption algorithms: The client and server negotiate the encryption algorithm and key length to use when establishing a connection to ensure the confidentiality and security of communication data.
3. Encrypted data transmission: The client uses the server's public key to encrypt the communication data and sends the encrypted data to the server. After receiving the encrypted data, the server decrypts the data with its own private key.
4. Authentication: When a connection is established, a digital certificate sent by the server can be used to verify the identity of the server. If the certificate is validated, the client can trust the server and continue to communicate securely.

To put it simply, HTTP is all plaintext transmission, HTTPS is built on SSL/TSL, and all transmitted data is encrypted.

In addition to HTTPS, there are other transmission protocols built on SSL/TSL, such as file transfer protocol FTP is a clear text transmission, and SFTP is also based on SSL/TSL for encrypted transmission.

4. Leased line

A dedicated line is a technology used to establish a secure and reliable network connection.

• A leased line is a physical connection, usually provided by a telecommunications provider, that establishes a private, private network connection between two or more locations.
• Leased lines can be fibers, cables, or other physical mediums, and typically have a fixed bandwidth and reliable connection quality.
• Private lines do not depend on public networks, so they generally have higher security and stability, and are suitable for application scenarios that require high reliability and low latency.

To put it simply, private lines are expensive and are more suitable for applications that require high bandwidth, low latency, and high security, such as data center interconnection and enterprise network internal connectivity.

For example, Alipay, UnionPay, and Netlink are connected through a dedicated line. In the past, when some large payment companies and large banks were directly connected, they were generally connected through special lines.

8. SET protocol: overly complex design

Products that require end-user participation must be as simple as possible, otherwise they will be eliminated by the times, such as the SET protocol.

The SET (Secure Electronic Transaction) protocol was proposed in 1996 by credit card organizations such as Visa and MasterCard, and supported by major companies such as IBM and Microsoft, with the aim of providing a more secure and trusted online payment experience.

The SET protocol is designed to solve the security risks of credit card transactions on traditional networks, such as credit card number theft, tampering, and replay attacks. In order to achieve this goal, the SET protocol introduces a number of security mechanisms and encryption technologies, including digital certificates, digital signatures, symmetric encryption, and public key encryption.

Key features of the SET protocol include:

1. Two-factor authentication: The SET protocol requires two-factor authentication between the merchant and the consumer to ensure that the identities of both parties are legitimate. Merchants need to provide digital certificates to credit card institutions to prove their identity, while consumers need to use digital certificates and PIN codes to verify their identity.
2. Encrypted communication: The SET protocol uses an encryption algorithm to encrypt communication data to prevent eavesdroppers from stealing sensitive information. It uses a combination of symmetric encryption and public key encryption to protect the security of transaction data.
3. Digital signatures: The SET protocol uses digital signatures to verify the integrity and authenticity of transactions and prevent transaction data from being tampered with. Merchants use their own private keys to sign when sending order information to consumers, and consumers can verify the merchant's signature to ensure the authenticity of the order when confirming the order.
4. Secure certificate management: The SET protocol uses digital certificates to verify the identities of transaction participants, ensuring their legitimacy and trustworthiness. Both merchants and consumers need to have a valid digital certificate and verify it with a trusted certificate authority (CA).

As mentioned earlier, despite the high starting point of the SET protocol, which was not only jointly launched by Visa and MasterCard, but also supported by giants such as IBM and Microsoft, and has a high level of security, due to its complexity and high cost, it still failed to be widely adopted, but was replaced by other secure payment solutions that emerged later, such as SSL/TLS protocol and 3D Secure. Of course, it still plays an important role in the development of online payment security technology, laying the foundation for the subsequent formulation and implementation of secure payment standards.

9. Network traffic security: firewall and intrusion detection

Network security and intrusion detection are an important part of securing computer networks and systems, and they involve a variety of technologies and tools, including firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), vulnerability scanners, and more.

These are usually the work of network engineers, system engineers, and security engineers, and are just a brief introduction:

1. Firewall: A firewall is a network security device that monitors and controls network traffic, blocking unauthorized access and malicious traffic from entering the network. It protects the network from attacks and intrusions by filtering and blocking traffic from the internet or internal network based on pre-defined security policies.
2. Intrusion Detection System (IDS): An intrusion detection system is a security device that monitors network traffic and system activity to detect and alert on possible security threats and intrusions. IDS can detect anomalous activity based on pre-defined rules or behavior patterns and generate alerts or take action against potential threats.
3. Intrusion Prevention System (IPS): An intrusion prevention system is a device that further strengthens network security by not only detecting and alerting on security threats, but also proactively blocking and defending against intrusions. IPS can automatically take action based on IDS alerts, such as blocking malicious traffic, updating firewall rules, etc., to strengthen network security.
4. Vulnerability Scanner: A vulnerability scanner is a tool used to detect security vulnerabilities and weaknesses in computer systems and networks. It automatically scans systems and networks, finds potential vulnerabilities, and provides recommendations and remedial actions to reduce the risk of attacks on systems.

These tools deal more with security from the dimension of packets. After the packet is processed, it will be assembled into business data and used for encryption and decryption, signature verification, etc.

10. Anti-fraud transactions: payment risk control

Payment risk control is a measure to manage and control risks in the payment system, aiming to reduce the risk of fraudulent transactions and financial losses.

The core and most valuable resource of the risk control system is the risk control strategy, because if you know the risk control strategy of a payment company, it means that you can find a way to bypass the risk control system of the payment system and carry out fraudulent transactions. Therefore, generally speaking, R&D engineers who develop risk control systems often do not know how to configure risk control strategies.

The following figure shows a simplified risk control system architecture diagram.

Although the risk control strategy is highly confidential, there are some public strategies that you can learn about, for example, the following are abnormal behaviors and are likely to be controlled by the risk:

1. You've been making micropayments in China and suddenly you're paying 20,000 abroad.
2. I usually use the IPHONE all the time (the risk control will save your device details), and suddenly use the Android machine to pay 2000 yuan.
3. Generally, it is 10 days to buy a product, but in fact, 50 payments are made within 10 minutes.

Modern risk control systems are not just about strategies, there are also many machine learning algorithms. But in general, it still revolves around: current payment behavior, historical transaction data, configured rule policies, rule engine, machine learning, etc.

11. Advanced Extension: Unified Key Storage and Security Services

1. Why do you need to store keys securely and unified?

The plaintext data is encrypted and stored safely, but what should I do with the key to encrypt the plaintext data?

How important are encryption keys? There is a formula that goes like this: the value of the key = the value of the ciphertext. For example, if the ciphertext you encrypt and store is worth 1 billion, the corresponding key is also worth 1 billion.

Key management involves four aspects: key storage, updating, backup and recovery, and revocation and destruction. If you want to manage these keys well, you need to build a unified key storage service, otherwise the keys are easy to be leaked.

Key Storage:

Secure storage environment: Keys are stored in a special security environment, including servers, network environments, hardware encryption machines, etc.

The principle of least privilege: The fewer people who manage the keys, the better.

The work key is used to encrypt and decrypt common business data, while the master key is used to encrypt and decrypt the working key.

Generally speaking, the master key should be stored in a special hardware security module (HSM), commonly known as a hardware encryption machine, which is extremely secure. However, the performance is relatively limited, and it is expensive and complex to manage.

The work key is generally encrypted by the master key and stored in the DB, and when needed, the master key is called to decrypt and cache in memory, and then encrypt and decrypt common business data.

Key update mechanism:

1. It needs to be updated regularly to reduce the risk of being cracked.
2. Automatic scheduled updates to reduce human error. ‘
3. Versioning and rollback: Have a version number and be able to roll back quickly.

2. Unified Key Platform system architecture

1. You need to use a hardware encryptor HSM to generate and save the master key.
2. The work key is encrypted by the master key and saved to the DB.
3. Each application calls the key management system to encrypt and decrypt and sign to ensure that the key is not read by the business application and reduce the risk of leakage.

XII. Concluding remarks

Payment security is a very large and very professional field, just take a encryption and decryption or signature verification algorithm can write a thick book, but for most of us, there is no need to master the knowledge of cryptography experts or professional security engineers, the knowledge points introduced in the article are enough to exceed 90% of the payment industry practitioners to understand payment security.

If you must concentrate the essence, you only need to remember the following 6 points:

1. Encryption and decryption of large data blocks: The symmetric encryption algorithm AES is used, and the key length is 256 bits, or AES256 for short.
2. Small data block and signature verification: uses the asymmetric encryption algorithm RSA, the key length is 2048, referred to as RSA2048.
3. Abstract algorithm: SHA256 is used. The summary algorithm is not recommended for scenarios that require signature verification.
4. Personal login/payment password: Be sure to add salt value to obfuscate.
5. Network transfer and file transfer: HTTPS and SFP need to be used to improve data transmission security.
6. The overall security requires the simultaneous use of symmetric encryption, asymmetric encryption, digital signatures, digital certificates and other technical means.

Author: Hidden Ink Xingchen

This article was written by Everyone is a Product Manager Author [Chen Tian Universe], WeChat public account: [Chen Tian Universe], original / authorized Published in Everyone is a product manager, without permission, it is forbidden to reprint.

Image from Unsplash, based on the CC0 license.