Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

Published byLenard Francis Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24."— Presentation transcript:

1 1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24

2 2 Outline Introduction Motivation Scheme Security analysis Performance evaluation Advantage vs. weakness Comment

3 3 Introduction Credit cards based payment system Entity: customer, merchant, credit card issuer and bank. Credit card: credit card number, Card Verification Value (CVV). Transaction: billing digest, information about the customer.

4 4 Introduction Secure Socket Layer (SSL) – Establish a trusted connection between two parties. HTTPS (Secure HTTP) – Send messages securely using SSL. Both two need public keys and certificates, besides, the operations process are complex.

5 5 Motivation SSL and HTTPS are complex because they involve key-management, user credentials and certificates. Smart cards require extra infrastructure like smart card reader and middleware. This paper want to let the transaction become more simpler and easy to achieve security.

6 6 Scheme (ex. customer credit card data) Credit card confidentially Common key K BMi

7 7 Scheme UI1: customer related non critical data. UI2: importance to the merchant data. h = H CVV (UI1, UCI, T, CVV) T: time stamp. UCI : customer critical information. CVV: Card Verifier Value. T ID : transaction id. r c and r m : response values generated by the issuer. T ID = H(h,UI1,T) 1.Request phase 2.Verification phase 3.Authentication Phase 4.Response Phase

8 8 Scheme Authentication Phase – Issuer has a database containing customer credit card data. A1 Retrieve CVV and UCI from database. A2 Compute hash value h1. A3 Comparing h and h1 consistency. A4 Generate response values A5 Send acknowledgement to bank. Reject: Accept: : common key between the bank and the merchant i.

9 9 Security analysis Replay Attack Forgery Attack Man-in-the-Middle Attack Guessing Attack

10 10 Performance evaluation Complexity Comparison Request phase: exor operation, hash operation (bank). Verification phase: hash operation (merchant), intersection operation (issuer). Authentication phase: exor operations (issuer).

11 11 Advantage vs. weakness Advantage – Can resist 4 type important attack. – No need complex computing. – No need extra overhead like smart card, reader and middleware. – Just use hash function and a common key. – just use a one round protocol. Weakness – Common key may be weak.

Download ppt "1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Internet payment systems

Internet payment systems
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009)

Privacy-preserving e-payments using one-time payment details Author:Mafruz Zaman Ashrafi and See Kiong Ng Source: Computer Standards & Interfaces 31 (2009)
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Supporting Technologies III: Security 11/16 Lecture Notes.

Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google