A secure on-line credit card transaction method based on Kerberos authentication protocol.

摘要

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.;In this thesis, we present a new secure card payment system called NNCC (No Number Credit Card) that significantly reduces the possibility of credit card frauds. This scheme is primarily designed for on-line shopping. NNCC is based on the Kerberos cryptographic framework that has been proven to be secure after being used in real world for decades. In this proposed system, instead of card numbers, only the payment tokens are exchanged between the buyers and merchants. The token is generated based on the payment amount, the client information, and merchant information. However it does not contain the credit card number, so the merchant cannot acquire and illegally use the credit card number. A token is cryptographically secure and valid only for the designated merchant, so it is robust against eavesdropping.;This thesis describes the underlying cryptographic schemes, the operating principles, and the system design. It explains the concept of Kerberos and the background in Cryptography. Then it discusses the new proposed system and the associated payment processes. We have implemented a proof-of-concept prototype comprised of ecommerce web sites, client modules, payment server, and database. We show the architecture and protocol of the system, and discuss the performance.