Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.3.9

One-Time Virtual Card Number Generation & Transaction Protocol using Integrated Authentication Center  

Seo, Seung-Hyun (Korea Internet & Security Agency)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.3, 2010 , pp. 9-21 More about this Journal
Abstract
Recently, famous online shopping websites were hit by hacking attack, and many users' personal information such as ID, password, account number, personal number, credit card number etc. were compromised. Hackers are continuing to attack online shopping websites, and the number of victims of these hacking is increasing. Especially, the exposure of credit card numbers is dangerous, because hackers maliciously use disclosed card numbers to gain money. In 2007 Financial Cryptography Conference, Ian Molly et al. firstly proposed dynamic card number generator, but it doesn't meet reuse resistant. In this paper, we analyzed security weaknesses of Ian Molly's scheme, and we proposed a new one-time virtual card number generator using a mobile device which meets security requirements of one-time virtual card numbers. Then, we propose one-time credit card number generation and transaction protocol using Integrated Authentication Center for user convenience and security enhancement.
Keywords
One Time Password; Virtual card generation; One-way hash function;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 M. Bellare, R. Canetti, and H. Krawczyk, "Keying hash functions for message authentication," CRYPTO'96, LNCS 1109, pp.1-15, 1996.
2 I. Molly, Jiangtao, and N. Li, "Dynamic Virtual Credit Card Numbers," Financial Cryptography and Data Security, 11th International Conference, FC 2007, LNCS 4886, pp. 208-223, 2007.
3 PayPal, PayPal Virtual Debit Card, http://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/account/VDCFrequentlyAsked, Questions-outsid
4 연합뉴스, "1천만명 정보유출," 2008년 9월.
5 Citigroup, Citi identity theft solutions: Virtual account numbers, http://www.citibank.com/us/cards/cardserv/advice/van.htm
6 Discover Bank, Discover card: Secure online account numbers, http://www.discovercard.com
7 ShopSafe, ShopSafe Service: Safe Online Shopping from Bank of America, http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_shopsafe
8 세계일보, "신용카드 일련번호 규칙성 뚫렸다," 2007년 4월.
9 아시아경제, "옥션 해킹 피해자, 1081만명에 달해," 2008년 4월.
10 위키백과, "신용카드," http://ko.wikipedia.org/wiki/%EC%8B%A0%EC%9A%A9%EC%B9%B4%EB%93%9C
11 한국경제신문, "씨티銀 인터넷 뱅킹 해킹 사고..카드 결제대행 보안 시스템 뚫어 '충격'," 2007년 2월.
12 서승현, 강우진, "OTP 기술현황 및 국내 금융권 OTP 도입사례," 정보보호학회지, 17(3), pp. 18-25, 2007년 6월.   과학기술학회마을