Ciphers with Arbitrary Finite Domains
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
SecureClick: A Web Payment System with Disposable Credit Card Numbers
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Off-Line Generation of Limited-Use Credit Card Numbers
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Proceedings of the 2002 workshop on New security paradigms
Proceedings of the 2003 workshop on New security paradigms
A Security-Enhanced One-Time Payment Scheme for Credit Card
RIDE '04 Proceedings of the 14th International Workshop on Research Issues on Data Engineering: Web Services for E-Commerce and E-Government Applications (RIDE'04)
Once collected, data isn't private
netWorker - Beyond file-sharing: collective intelligence
A statistical analysis of disclosed storage security breaches
Proceedings of the second ACM workshop on Storage security and survivability
Data security breach: seeking a prescription for adequate remedy
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Communications of the ACM - Urban sensing: out of the woods
SpySaver: using incentives to address spyware
Proceedings of the 3rd international workshop on Economics of networked systems
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Information protection via environmental data tethers
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Securing credit card transactions with one-time payment scheme
Electronic Commerce Research and Applications
Dynamic virtual credit card numbers
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Countering identity theft through digital uniqueness, location cross-checking, and funneling
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
Large-scale data breaches exposing sensitive personal information are becoming commonplace. For numerous reasons, conventional personal (identification) information leaks from databases that store online and/or on-site user transaction data. Collected ID numbers and supporting personal information enable malicious parties to commit large-scale identity fraud. Gates and Slonim (NSPW 2003) proposed the owner-controlled information paradigm to address privacy violations of personal information where users are expected to maintain all their information using a personal device. Rubin and Wright (FC 2001), Molloy et al. (FC 2007), and others explored the use of one-time numbers to address credit card fraud (mostly for online use). However, several other types of ID number are at least as sensitive as credit card numbers. Our fundamental assumption is that collected personal information will eventually be breached. To combat identity fraud under this new environmental attack paradigm, we introduce a more general approach involving localized or customized ID numbers for both card-present and card-not-present transactions. We also explore four variants of the general idea to spark more discussion and further research in this area.