Award Date

Spring 2010

Degree Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

Advisor 1

Yoohwan Kim, Committee Chair

First Committee Member

Ajoy K. Datta

Second Committee Member

Laximi Gewali

Graduate Faculty Representative

Ju-Yeon Jo

Number of Pages

61

Abstract

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.

In this thesis, we present a new secure card payment system called NNCC (No Number Credit Card) that significantly reduces the possibility of credit card frauds. This scheme is primarily designed for on-line shopping. NNCC is based on the Kerberos cryptographic framework that has been proven to be secure after being used in real world for decades. In this proposed system, instead of card numbers, only the payment tokens are exchanged between the buyers and merchants. The token is generated based on the payment amount, the client information, and merchant information. However it does not contain the credit card number, so the merchant cannot acquire and illegally use the credit card number. A token is cryptographically secure and valid only for the designated merchant, so it is robust against eavesdropping.

This thesis describes the underlying cryptographic schemes, the operating principles, and the system design. It explains the concept of Kerberos and the background in Cryptography. Then it discusses the new proposed system and the associated payment processes. We have implemented a proof-of-concept prototype comprised of ecommerce web sites, client modules, payment server, and database. We show the architecture and protocol of the system, and discuss the performance.

Keywords

Credit cards; Credit card fraud; Cryptography; Debit cards; Electronic payments; Identity theft; Internet security; Kerberos cryptographic framework; No Number Credit Card (NNCC); Online payments; Payment system; Secure on-line credit card transactions; Security

Disciplines

Computer Sciences | Digital Communications and Networking | E-Commerce

Language

English


Share

COinS