Journal of Information Processing Systems

  • 제8권3호
  • /
  • Pages.495-520
  • /
  • 2012
  • /
  • 1976-913X(pISSN)
  • /
  • 2092-805X(eISSN)
한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

Designing an Efficient and Secure Credit Card-based Payment System with Web Services Based on the ANSI X9.59-2006

  • 투고 : 2012.01.31
  • 심사 : 2012.05.01
  • 발행 : 2012.09.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

키워드

참고문헌

  1. Jean-Michel SAHUT, "Internet Payment Solutions: Comparative evaluation and key factors of success", in Proceedings of the 2005 Symposium on Applications and the Internet Workshops (SAINTW' 05), 2005 IEEE.
  2. Francesco Buccafurri, Gianluca Lax, "Implementing disposable credit card numbers by mobile phones", Journal of Electronic Commerce Research, Volume 11 Issue 3, September, 2011, pp.271- 296. https://doi.org/10.1007/s10660-011-9078-0
  3. PayPal Merchant Services. Available at "http://www.cybercash.com/" retrieved on 17 Sepetmeber, 2007.
  4. Visa and MasterCard. SET Secure Electronic Transaction Specification Book 1: Business Description, May, 31, 1997.
  5. Mihir Bellare, Juan A. Garary, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steinerm Gene Tsudik, Michael Waidner, "iKP - A Family of Secure Electronic Payment Protocols", July 12, 1995.
  6. Visa Company. Verified by Visa. Available at "http://www.visaasia.com/ap/sea/merchants/productstech/vbv_implementvbv.shtml" retrieved on 17 September, 2007.
  7. Albert Levi and Cetin Kaya Koc, "CONSEPP: Convenient and Secure Electronic Payment Protocol Based on X9.59", in Proceedings 17th the Computer Security Application Conference, 2001, (ACSAC 2001) IEEE
  8. Anne & Lynn Wheeler, X9 Financial Standard Information, "http://www.garlic.com/-lynn/" retrieved on 17 September, 2007.
  9. American National Standard X9.59-2006, Electronic Commerce for the financial Services Industry: Account Based Secure Payment Objects, May, 24, 2006.
  10. Anne & Lynn Wheeler. Account Authority Digital Signature Model at "http://www.garlic.com/-lynn/aadsover.html" retrieved on 17 September, 2007.
  11. Burdett, D. Request for Comments: 2801- Internet Open Trading Protocol- IOTP Version 1.0., Networking Working Group, The Internet Society, 2000. Available at "http://www.rfc-editor.org/rfc/rfc2801.txt" retrieved on 17 September, 2007.
  12. Open Financial Exchange. Available at "http://www.ofx.net/ofx" retrieved on 17 September, 2007.
  13. R. Housley, W. Ford, W. Polk, D. Solo. Request for Comments: 2459 - Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Networking Working Group, The Internet Society 1999. Available at "http://www.ietf.org/rfc/rfc2459.txt" retrieved on 17 September, 2007.
  14. ISO 8583-1:2003 Financial transaction card originated messages - Interchange message specifications - Part 1: message, data elements and code values.
  15. Object Management Group OMG. Unified Modeling Language, UML Resource Page. Available at "www.uml.org" retrieved on 17 September, 2007.
  16. Bo Meng, Qianxing Xiong. "Research on Electronic Payment Model", in Proceedings of the IEEE International Conference on Computer Supported Cooperative Work in Design, Vol.1, 26-28 May, 2004, pp.597-602.
  17. Xiaoling Dai1, John Grundy, "Three Kinds of E-wallets for a NetPay Micro-Payment System", in Proceedings of 5th International Conference on Web Information Systems Engineering, Lecture Notes in Computer Science, Springer-Verlag, Brisbane, Australia, November 22-24, 2004, pp. 66-67
  18. M.Gudgin, M.Hadley, N.Mendelsohn, J.Moreau, H.F.Nielsen, A.Karmarkar & Y.Lafon, SOAP Version 1.2 Part 1: Message Framework W3C, 2007. Available at "http://www.w3.org/TR/soap12-part1/" retrieved on 17 September, 2007.
  19. Sun Microsystems, Inc.. Java(TM) Cryptography Extension (JCE) in J2SE [Online]. Available: "http://java.sun.com/products/jce/ retrieved on 17 September 2007".

피인용 문헌

  1. Twin-Schnorr: A Security Upgrade for the Schnorr Identity-Based Identification Scheme vol.2015, 2015, https://doi.org/10.1155/2015/237514
  2. Enhancing communication adaptability between payment card processing networks vol.53, pp.3, 2015, https://doi.org/10.1109/MCOM.2015.7060519
  3. Location based authentication scheme using BLE for high performance digital content management system vol.209, 2016, https://doi.org/10.1016/j.neucom.2015.05.142
  4. A histogram-based method for efficient detection of rewriting attacks in simple object access protocol messages vol.9, pp.6, 2016, https://doi.org/10.1002/sec.934
  5. Real-time adult authentication scheme for digital contents using X.509 certificate in ubiquitous Web environment 2016, https://doi.org/10.1007/s11554-016-0601-3
  6. Secure mobile device structure for trust IoT vol.74, pp.12, 2018, https://doi.org/10.1007/s11227-017-2155-y
  7. Mobile payment in Fintech environment: trends, security challenges, and services vol.8, pp.1, 2018, https://doi.org/10.1186/s13673-018-0155-4