• Journal of Computing Science and Engineering
• /
• 제5권1호
• /
• pp.51-70
• /
• 2011

This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

• 정보보호학회논문지
• /
• 제25권5호
• /
• pp.1175-1186
• /
• 2015

신용카드사용이 증가하는 만큼 금융사고 또한 증가하고 있다. 자기 띠 카드 방식은 신용카드 정보가 평문으로 노출되고 사용자 인증 또한 허술한 취약점으로 인해 향상된 보안성을 제공하는 스마트카드 방식으로 전환되는 추세에 있다. 또한 최근에는 IT와 금융상품을 접목한 핀테크 (FinTech) 열풍이 불면서 대면거래환경에서도 카드가 아닌 모바일 기기들을 기반으로 하는 결제 기법들이 많이 제안되고 있다. 본 논문에서는 카드 소지자 모바일기기를 기반으로 카드 소지자의 공개키를 이용해 생성하는 가상카드번호를 카드사에 사전 등록함으로써 대면거래환경에서 PKI와 인증서 없이 효율적으로 사용자를 인증하여 편의성을 증가시키면서도 신용카드 정보에 대한 보안성을 제공하는 가상카드번호 결제 기법을 제안하고 대면거래환경에서 보안성을 제공하는 대표적인 신용카드 결제 방식인 EMV 기법과 비교 분석 해 보도록 한다.

• 중소기업융합학회논문지
• /
• 제5권2호
• /
• pp.33-38
• /
• 2015

공개키 기반의 ISP 안전결제 서비스가 온라인 금융결제 시스템에 사용되면서 보안 피해가 점점 증가하고 있다. ISP 안전결제 측면에서 보안 기술은 특별한 문제는 없으나, 결제시스템의 간편성으로 인하여 발생되는 보안 피해가 문제가 되고 있다. 본 논문에서는 결제시스템의 간편성으로 인하여 발생되는 보안 피해를 최소화하기 위한 ISP 안전결제 서비스에 대한 대응 방안을 제안한다. 제안 방안은 안전결제, 온라인 결제, 모바일 결제, 신용카드 등 다양한 결제시스템에 적용할 수 있으며, 새로운 결제 시스템의 기능을 안정적으로 지원할 수 있는 것이 특징이다. 또한, 제안 방안은 금융권의 결제 서비스로 인하여 발생되는 다양한 보안 위협을 분석하고 대응방안에 대해서 기술하고 있다.

• 한국정보과학회논문지:정보통신
• /
• 제33권2호
• /
• pp.149-155
• /
• 2006

현재 이동 애드혹 네트워크(mobile ad hoc network; MANET)의 라우팅 프로토콜들은 모든 노드들이 자발적으로 다른 노드들로부터의 패킷을 포워딩하는데 참석한다고 가정하고 있다. 그러나 하나의 MANET이 여러 관리 기구에 속한 노드들로 구성될 경우, 이동 노드가 자신의 에너지를 절약하기 위해서 다른 노드들로부터의 패킷을 고의적으로 포워딩하지 않을 수도 있으며 이로 인해 네트워크 성능이 저하될 수 있다. 본 논문에서는 노드가 자발적으로 패킷 포워딩에 참여하도록 하는 PIFA(Protocol-Independent Fairness Algorithm)라는 크레딧 지불(credit payment) 기법을 제안한다 DSR과 같은 소스 라우팅 (source routing) 방식에서만 사용할 수 있었던 기존 방법들과는 달리 PIFA는 기반이 되는 라우팅 프로토콜의 종류와 무관하게 사용될 수 있다. 시뮬레이션을 통해, PIFA가 이기적인(selfish) 노드로 하여금 패킷 포워딩에 참여하게 함으로써 네트워크 성능이 저하되지 않게 함을 알았다.

• 통상정보연구
• /
• 제9권1호
• /
• pp.149-168
• /
• 2007

e-Trade Payment system has been transformed by quickly and effectively. The e-trade Payment system such as TradeCard System, Bolero Surf, Identrus Eleanor and e-Escrow and e-letter of Credit issued by SWIFT System enable partly sellers, buyers and service providers. This paper studies for SWIFT, Surf, TradeCard, Eleanor, e-Escrow as international trade payment, As reason following : The First, Bolero is a neutral secure platform enabling paperless trading between exporter, importer, and their logistics service and bank partners, insurance company. The Second, TradeCard is to manage procurement-to-payment worldwide, that is exporter, importer and connected partners, paperless platform. The Third, Identrus is the global leader in trusted identity solutions, recognized by global financial institutions, commercial organizations and bank partners around the world. The Forth, Escrow payment have effect to L/C issue and enter into electronic contracts in internet bank. Trader practice use Escrow Bank as the same bank that rules to Issuing Bank and Advising Bank and payment, acceptance. This paper of these electronic payment have studies new international trade payment to approach such as eUCP rules and TradeCard System, Surf of bolero, eleanor of Identrus, SWIFT.

• International Journal of Internet, Broadcasting and Communication
• /
• 제8권1호
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권2호
• /
• pp.1180-1200
• /
• 2017

Currently, automated payment services provide intuitive user interfaces by adapting various wireless communication devices with mobile services. For example, companies like Samsung, Google, and Apple have selected the NFC payment method to service payments of existing credit cards. An electronic payment standard has been released for NFC activation within Korea and will strengthen the safety of payment service communications. However, there are various security risks regarding the NFC-based electronic payment method. In particular, the NFC payment service using the recently released lightweight devices cannot provide the cryptographic strength that is supported by many financial transaction services. This is largely due to its computational complexity and large storage resource requirements. The chaotic map introduced in this study can generate a highly complicated code as it is sensitive to the initial conditions. As the lightweight study using the chaotic map has been actively carried out in recent years, associated authentication techniques of the lightweight environment have been released. If applied with a chaotic map, a high level of cryptographic strength can be achieved that can provide more functions than simple XOR operations or HASH functions. Further, this technique can be used by financial transaction services. This study proposes a mutual authentication technique for NFC-PCM to support an NFC payment service environment based on the chaotic map.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• 통상정보연구
• /
• 제6권2호
• /
• pp.243-263
• /
• 2004

Recently, International electronic commerce has been rapidly increasing. Over the past decade, e-commerce on the business foundation of the Internet compound has entered extensive areas of international trade and social activity. This paper focuses on the system establishment of customs duties of import goods in Global e-Commerce. Today, USA, EU and some major countries, International Organization insisted to Tariff-free woe in customs duty. This study also will discuss the effect of imposition of import duties. In order to impose customs duties, it needs to establish a system scheme, especially, because international payment of BtoC Commerce occur by the Credit Card. This study deals with Customs duties of import goods in Global e-Commerce.

• 정보보호학회논문지
• /
• 제13권5호
• /
• pp.129-136
• /
• 2003

대표적인 지불브로커 시스템인 SET의 서명 방식 중 이중 전자서명 방식은 사용자의 지불 정보(신용카드 번호 등)는 상점에 노출되지 않고, 사용자의 주문 정보는 은행에 노출되지 않게하여 사용자의 프라이버시를 지켜주는 것이다. 이러한 서명 방식은 전자상거래의 활성화로 그 필요성이 대두되었다. 하지만, SET의 이중 서명 방식은 계산량과 통신량이 많아 무선 환경에서 사용되기에는 적합하지 않다. 본 논문에서는 통신량을 줄이고자 상점의 주문 정보와 은행의 지불 정보 이용하여 다항식을 생성하는 signcryption 방식을 제안하였다. 기존의 signcryption방식과 이중 서명 방식을 분석하여 문제점을 도출하여 효율적인 전자서명 방식을 제안하고, 그 안전성을 분석한다.