Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.5.1175

Public Key based Virtual Credit Card Number Payment System for Efficient Authentication in Card Present Transaction  

Park, Chan-ho (Dankook University)
Park, Chang-seop (Dankook University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.5, 2015 , pp. 1175-1186 More about this Journal
Abstract
Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.
Keywords
Card Present Transaction; Virtual Credit Card Number; Authentication; EMV; FinTech;
Citations & Related Records
연도 인용수 순위
  • Reference
1 EMV Spec. V4.3 Book1, Application Independence for ICC to Terminal Interface Requirements, Nov. 2011.
2 EMV Spec. V4.3 Book2, Security and Key Management, Nov. 2011.
3 EMV Spec. V4.3 Book3, Application Specification, Nov. 2011.
4 EMV Spec. V4.3 Book4, Cardholder, Attendant, and Acquirer Interface Requirements, Nov. 2011.
5 ISO 7816, Identification Cards - Integrated Circuit(s) Cards with Contacts Part 1-15.
6 ISO 14443, Identification Cards - Contactless Integrated Circuit Cards - Proximity Cards Part 1-4.
7 Hak-Beom Kim, "Financial IC Card Security and EMV Certification," Review of KIISC, 16(5), p. 84-93, Oct. 2006.
8 Els Van Herreweghen, Uta Wille, "Using EMV Smartcards for Internet Payments," Proceedings of the 8th ECIS, p. 901-908, Jul. 2000.
9 Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, "Chip and PIN is Broken," Proceedings of the IEEE Symposium on Security and Privacy, p. 433-446, May. 2010.
10 Ross Anderson, Mike Bond and Steven J. Murdoch, "Chip and Spin," Computer Security Journal, vol. 22, no. 2, p. 1-6, Mar. 2006.
11 Ross Anderson and Steven J. Murdoch, "EMV:Why Payment System Fail," Communications of the ACM, vol. 57, no. 6, p. 24-28, Jun. 2014.   DOI
12 Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov and Ross Anderson, "Chip and Skim: cloning EMV cards with the pre-play attack," Proceedings of the 2014 IEEE Symposium on Security and Privacy, p. 49-64, May. 2014.
13 Steven J. Murdoch, Ross Anderson, "Security Protocols and Evidence: Where Many Payment Systems Fail," Proceedings of the 18th International Conference on Financial Cryptography and Data Security, p. 21-32, Mar. 2014.
14 EMV Spec. V1.0, EMV Payment Tokenisation Specification - Technical Framework, Mar. 2014.
15 PCI Data Security Standard V2.0, Information Supplement:PCI DSS Tokenization Guidelines, Aug. 2011.