Master of Science (MS)
Yoohwan Kim, Committee Chair
First Committee Member
Ajoy K. Datta
Second Committee Member
Graduate Faculty Representative
Number of Pages
Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.
In this thesis, we present a new secure card payment system called NNCC (No Number Credit Card) that significantly reduces the possibility of credit card frauds. This scheme is primarily designed for on-line shopping. NNCC is based on the Kerberos cryptographic framework that has been proven to be secure after being used in real world for decades. In this proposed system, instead of card numbers, only the payment tokens are exchanged between the buyers and merchants. The token is generated based on the payment amount, the client information, and merchant information. However it does not contain the credit card number, so the merchant cannot acquire and illegally use the credit card number. A token is cryptographically secure and valid only for the designated merchant, so it is robust against eavesdropping.
This thesis describes the underlying cryptographic schemes, the operating principles, and the system design. It explains the concept of Kerberos and the background in Cryptography. Then it discusses the new proposed system and the associated payment processes. We have implemented a proof-of-concept prototype comprised of ecommerce web sites, client modules, payment server, and database. We show the architecture and protocol of the system, and discuss the performance.
Credit cards; Credit card fraud; Cryptography; Debit cards; Electronic payments; Identity theft; Internet security; Kerberos cryptographic framework; No Number Credit Card (NNCC); Online payments; Payment system; Secure on-line credit card transactions; Security
Computer Sciences | Digital Communications and Networking | E-Commerce
Kim, Jung Eun, "A Secure on-line credit card transaction method based on Kerberos Authentication protocol" (2010). UNLV Theses, Dissertations, Professional Papers, and Capstones. 7.