JCSE, vol. 5, no. 1, pp.51-70, 2011

DOI: 10.5626/JCSE.2011.5.1.051/

A Secure Credit Card Transaction Method Based on Kerberos

Jung Eun Kim, Yoohwan Kim
Microsoft Corporation, Redmond, WA, USA University of Nevada, Las Vegas, Las Vegas, NV, USA

Abstract: This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis.

Keyword: Network Security, Network Protocol, Computer Security, Cryptography, Authentication

Full Paper:   151 Downloads, 2461 View