dc.description.abstract | One of the main problems facing the builders of 'Information & Communication
Technologies', for utilities is how to charge and collect for goods and/or services. The
high cost of running conventional billing systems suggests that prepayment systems
could play a vital role in the solution. Yet how does one go about making an electronic
prepayment system or indeed any kind of payment system robust? This research
project describes the successful introduction of cryptology into pre-payment billing
systems. Credit transfer techniques using cryptology can protect prepayment systems
from token fraud. Prepayment systems are used by a number of utilities in different
countries world-wide e.g. U.S.A, Europe, South America, Asia, South Africa etc.
For several decades, vendors have used prepayment systems as a means to guarantee
payment before providing services to their customers. Recently computerized and
automatic prepayment systems have been introduced. The project has explored the
security of such systems and their viability in the African and Kenyan context in
particular. It has analysed the use of cryptology as a credit transfer technique that
protects prepayment system from token fraud.
Prepayment systems can be viewed as nodes, in a computer network, needing to
communicate or transfer messages securely between each other. The token, such as
air time receipt, can be seen as the message. The consumers themselves can be
thought of as reliable but insecure communication channel. Using this model, security
requirements normally applied to analyse the level of security in a network or internetwork
environment can be applied to the prepayment system. These security
properties are confidentiality, authentication, integrity, non-repudiation, access
control and availability. These can be used to separately analyse each of the three
components i.e. token distributing point (point of sale), token and dispenser.
Various token technologies are available ranging from older magnetic-striped plastic
cards to the so-called "smart cards". The main purpose of the token is to protect the
instruction and/or messages as it is being transferred between the distributing point and
the dispenser. To achieve this encryption has been used. In some cases, physical or
hardware level protection have been employed e.g. a smart card. This combination
provides a sufficient level of security.
Different methodologies were used in conducting the research including interviews, site
visits, system analysis and literature reviews. Literature reviews provided a lot of insight
as an introduction to the concept of prepayment system. Sampling was based on
companies that have carried out a prepayment implementation such as Kenya Power
Company (KPC) and Nairobi Water Company (NWC) who also use a post-paid system.
Interviews with the technology experts that have implemented pre-paid and post-paid
systems were carried out. This was done to compare the viability of the two
technologies. A substantial part of the expert information was gathered through reading
journals, papers, through the internet and occasionally from local presentations by
international firms. Site visits were under-taken at the NWC and KPC.
Tools such as E-Mail were used to conduct correspondence with experts in far out
companies. Microsoft Visio 2000 was used in preparing DFD, ERD and flow diagrams.
Microsoft Word was used to capture, prepare, chart and document all the information
coming from the different sources.
The project successfully demonstrated how cryptology enhances credit transfer
techniques and how it protects prepayment system from token fraud. The developed
prototype successfully applied cryptography to securely transfer tokens from the source
to the destination. The strength of cryptography lies in the choice (and management) of
the keys. Longer keys will resist attack better than shorter keys. Keys that are changed
frequently are more difficult to attack. The key pairs are unique for each pair of
communicating entities i.e. the Utility and agent as well as the utility and the meter.
This combination of a secure and tokenless prepayment system based on a wireless
network is bound to gain popularity and is sure to be used extensively because of the
convenience and security it offers over other technologies.
The project has been able to demonstrate that it is possible to use existing technology
to securely transmit tokenless tokens from server to meter in real time. Instead of using
an IC card, scratch cards or receipts, this proposal has successfully used tokenless
tokens (virtual token that are sent by SMS) to top-up a simulated prepaid meter. This is
more convenient to the customer since they can purchase credit in real-time and at any
time and "in any quantity" as per their budget. The tokenless tokens are purchased from
the comfort of the customer's home or office using their cell phone or via the internet.
This is made possible through the sudden proliferation of mobile phones throughout the
country. It is therefore clear that this method is one of the best, fastest and most
convenient methods of transacting. Customers' queuing in banking halls or kiosks is
also eliminated. It is also friendly to the environment since it does not require additional
accessories such as printers, card readers, IC cards or paper receipts among others.
A tokenless token solution is economically viable since it is cheaper for the utility to
implement and maintain because they do not need to invest in additional accessories
such as card readers and writers, token printing machines and maintaining of these
devices. Since it relies on an already established network the investment cost to a utility
for the communication infrastructure is not so daunting. This demonstrates that
tokenless token is more viable in today's industry than Keypad or Card based
technologies. | en |