Ensuring privacy in smartcard-based payment systems: a case study of public metro transit systems
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Hi-index | 0.00 |
Security and privacy are central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Public Key Infrastructure and X.509 certificates have been established as the most trustworthy methods for assuring security in online transactions. This paper proposes a new approach for increasing security by avoiding privacy violation using X.509 version 3 certificate private extensions and storing the certificate and its corresponding private key in the smartcard. The private key never leaves the smartcard and can be used for decryption and signing only after successful personalidentification number presentation. The proposed approach is compared with Secure Electronic Transaction (SET) protocol.