Security fundamentals for e-commerce
Security fundamentals for e-commerce
Practical Cryptography
Secure Internet Banking Authentication
IEEE Security and Privacy
| Hi-index | 0.00 |
Today, a web transaction is typically protected by using SSL/TLS. SSL/TLS without compulsion for a client's public key certificate, which is the typical usage, is not able to fulfill the security requirements for web transactions. The main remaining threats for this use are client authentication and non-repudiation. This paper presents a scheme to address SSL/TLS security holes, when it is used for web transaction security. The focus is only on transaction that is carried out by using credit/debit cards. The scheme uses wireless public key infrastructure (WPKI) in the client's mobile phone to generate a digital signature for the client. Thus we obtain client authentication and nonrepudiation. At the same time, no overhead is imposed on the client, there is no need for any change to the actual system when performing the transaction, and no connection, by using the mobile phone, is required to perform the transaction.