• Title/Summary/Keyword: Payment Protocols

Search Result 21, Processing Time 0.018 seconds

Simple Credit Card Payment Protocols Based on SSL and Passwords (SSL과 패스워드 기반의 신용카드 간편결제 프로토콜)

  • Kim, Seon Beom;Kim, Min Gyu;Park, Jong Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.563-572
    • /
    • 2016
  • Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

Design and implementation of Mobile Electronic Payment Gateway System based on M-Commerce Security Platform (M-Commerce 보안 플랫폼상의 무선 전자지불시스템 설계 및 구현)

  • 김성한;이강찬;민재홍
    • The Journal of Society for e-Business Studies
    • /
    • v.7 no.1
    • /
    • pp.35-50
    • /
    • 2002
  • Recently, payment method is one of the most hot issues for transaction of contents in mobile and internet markets. Many kinds of mobile contents services are rapidly growing with the combination of internet application services. Payment method algorithms are demanded for the stable transaction between producer and consumer. Security protocol algorithms are widely adapted for mobile Platform terminals. In this Paper, we described security mechanism for the current wireless internet services and compared with the performance result. There are security protocols that based on java machine platform or WAP protocols. The system is based on J2ME technology for the java mobile platform. Based on this technology, a security system is proposed for the service of mobile commerce electronic payment. The system is designed for the stability of transaction so that it enables to apply into many kinds of internet payment system.

  • PDF

A Credit Card based Payment Protocol Assuring End-to-End Security in Wireless Internet (무선인터넷에서의 종단간 보안을 제공하는 신용카드 기반의 지불 프로토콜)

  • 임수철;강상승;이병래;김태윤
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.6
    • /
    • pp.645-653
    • /
    • 2002
  • The WPP payment protocol uses the WAP protocol to enable credit card payment on the wireless internet. Since the security of the WAP protocol is based on the WTLS security protocol, there exists an end-to-end security weakness for the WPP payment protocol. This paper is suggesting a payment protocol, which is making use of the Public-Key Cryptosystem and the Mobile Gateway, so assuring end-to-end security independently of specific protocols. As the on-line certification authority is participating on the authentication process of the payment protocol, the suggested payment protocol enables wireless devices to get services from service providers on other domains.

Extention of Kailar Accountability Logic for Symmetric Key Digital Signature and Accountavility Analysis of an Electronic Payment Potocol (대칭키 전자서명을 위한 Kailar 책임 로직 (Accountability Logic)의 확장 및 전자지불 프로토콜의 책임분석)

  • Kim, Yeong-Dal;Han, Seon-Yeong
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.11
    • /
    • pp.3046-3059
    • /
    • 1999
  • Kailar Accountability Logic proposed for the accountability analysis of communication protocols that require accountability and use asymmetric key digital signature is extended for protocols that use symmetric key digital signature. A proposed electronic micropayment protocol that uses symmetric key digital signature is analyzed to illustrate the use of the extend logic in detecting its lack f accountability and suggesting changes to enhance its accountability.

  • PDF

A Critical Analysis of Buyer Authenticated Credit Card Payment Programs: The Online Merchant′s Perspective

  • Ally, Mustafa A.;Toleman, Mark
    • Proceedings of the CALSEC Conference
    • /
    • 2004.02a
    • /
    • pp.75-82
    • /
    • 2004
  • Recently introduced by the major credit card associations as replacements for the decommissioned SET and 3DSET protocols, the new payment models, 3DSecure and UCAF/SPA, have been designed to provide online merchants with a solution to an existing problem in online credit card transactions - the lack of an effective and efficient means of authenticating cardholders. The expected benefits arising from this added level of security from the merchant′s perspective are increased consumer confidence, significant reduction in the levels of fraud and charge backs and "liability shift". Using data gleaned from preliminary interviews, discussion forums and promotional material, we present a critical analysis of the potential barriers and facilitators that will impact on the widespread traction of these programs in the marketplace in the coming years.

  • PDF

Privacy-Preserving NFC-Based Authentication Protocol for Mobile Payment System

  • Ali M. Allam
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.5
    • /
    • pp.1471-1483
    • /
    • 2023
  • One of the fastest-growing mobile services accessible today is mobile payments. For the safety of this service, the Near Field Communication (NFC) technology is used. However, NFC standard protocol has prioritized transmission rate over authentication feature due to the proximity of communicated devices. Unfortunately, an adversary can exploit this vulnerability with an antenna that can eavesdrop or alter the exchanged messages between NFC-enabled devices. Many researchers have proposed authentication methods for NFC connections to mitigate this challenge. However, the security and privacy of payment transactions remain insufficient. We offer a privacy-preserving, anonymity-based, safe, and efficient authentication protocol to protect users from tracking and replay attacks to guarantee secure transactions. To improve transaction security and, more importantly, to make our protocol lightweight while ensuring privacy, the proposed protocol employs a secure offline session key generation mechanism. Formal security verification is performed to assess the proposed protocol's security strength. When comparing the performance of current protocols, the suggested protocol outperforms the others.

Designing an Efficient and Secure Credit Card-based Payment System with Web Services Based on the ANSI X9.59-2006

  • Cheong, Chi Po;Fong, Simon;Lei, Pouwan;Chatwin, Chris;Young, Rupert
    • Journal of Information Processing Systems
    • /
    • v.8 no.3
    • /
    • pp.495-520
    • /
    • 2012
  • A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

Implementation of Offline Payment Solution using USIM in IMT-2000 (IMT-2000 단말기용 USIM상에서의 오프라인 지불 솔루션 탑재에 관한 연구)

  • 백장미;하남수;홍인식
    • Journal of Korea Multimedia Society
    • /
    • v.6 no.5
    • /
    • pp.849-860
    • /
    • 2003
  • As mobile device is becoming more popular, E-Commerce changes into M-Commerce. Especially, IMT-2000 (International Mobile Telecommunication 2000) service is prepared for M-Commerce and this has USIM (Universal Subscriber Identity Module) as a core of certification of individuality and transactions. As a result, the area of mobile service going to expand by USIM. But, mobile services using USIM leave much to be desired, and developed application don't variety. In this paper, for the efficient design of USIM, the structure of USIM and protocol is analyzed, and secure payment solution in USIM is proposed. Specially, offline payment system is proposed for the verification of proposed protocols including security, saving, and calculation of balance. finally, the simulation of proposed payment system on USIM is performed using Java Card.

  • PDF

A Routing Independent Selfish Node Management Scheme for Mobile Ad Hoc Networks (이동 애드혹 네트워크에서 라우팅 방식과 무관한 이기적인 노드 관리 방안)

  • Ahn, Sang-Hyun;Yoo, Young-Hwan;Lee, Jae-Woon
    • Journal of KIISE:Information Networking
    • /
    • v.33 no.2
    • /
    • pp.149-155
    • /
    • 2006
  • Existing routing protocols for mobile ad hoc networks (MANETs) have assumed that all nodes voluntarily participate in forwarding others' packets. In the case when a MANET consists of nodes belonging to multiple organizations, mobile nodes may deliberately avoid packet forwarding to save their own energy, resulting in network performance degradation. In this paper, to make nodes volunteer in packet forwarding, a credit payment scheme called Protocol-Independent Fairness Algorithm (PIFA) is proposed. PIFA can be utilized irrespective of the type of basic routing protocols, while previous methods are compatible only with source routing mechanisms like DSR. According to simulation results, we can know that PIFA can prevent network performance degradation by inducing selfish nodes to participate in packet forwarding.

Banknote Open Platform Security Vulnerability Analysis and Security Measures (은행권 오픈플랫폼 보안취약성 분석과 보안대책)

  • Kim, Sanggeun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.4
    • /
    • pp.107-113
    • /
    • 2017
  • Open platform technology in the banking industry is anticipated to impact the market very positively together with the activation of Fin Tech services. The domestic environment of payment services has been rapidly changing into the mobiles and multiple new payment services have been introduced from a variety of vendors. However, the convenience of payment always causes worsening the security, and the accidents on the security have been continued to occur such as leakage of personal information, hacking and so on upon the expansion of the industry and the market size. This study aims to analyze the status of Fin Tech open platforms and various problems of the related standard technologies, and to suggest the possible solutions. Upon the analysis results, it was confirmed that multiple solutions were required to improve the main security protocols of open platforms and to process the security functions diversely. In conclusion, the results of this study will be helpful to determine the direction of the solution on the security issues in the open platform environment of the current industry.