Increasing user privacy in online transactions with X.509 v3 certificate private extensions and smartcards

Author

Rexha, Blerim

Author_Institution

Program & Syst. Eng., Siemens AG, Vienna, Austria

fYear

2005

fDate

19-22 July 2005

Firstpage

293

Lastpage

300

Abstract

Security and privacy are central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Public key infrastructure and X.509 certificates have been established as the most trustworthy methods for assuring security in online transactions. This paper proposes a new approach for increasing security by avoiding privacy violation using X.509 version 3 certificate private extensions and storing the certificate and its corresponding private key in the smartcard. The private key never leaves the smartcard and can be used for decryption and signing only after successful personal identification number presentation. The proposed approach is compared with secure electronic transaction (SET) protocol.

Keywords

Internet; data privacy; digital signatures; public key cryptography; smart cards; transaction processing; Internet market; X.509 v3 certificate private extensions; digital signatures; online payment; online transactions; personal identification number; public key infrastructure; secure electronic transaction protocol; smartcards; user privacy; Communication channels; Credit cards; Cryptography; ISO standards; Identity-based encryption; Internet; Privacy; Protocols; Public key; Security; SET; X.509 v3 identity and attribute certificates; digital signature; encryption; non-repudiation; online transaction; privacy; security; smartcards;

fLanguage

English

Publisher

ieee

Conference_Titel

E-Commerce Technology, 2005. CEC 2005. Seventh IEEE International Conference on

Print_ISBN

0-7695-2277-7

Type

conf

DOI

10.1109/ICECT.2005.54

Filename

1524057