Ensuring Privacy in Smartcard-Based Payment Systems: A Case Study of Public Metro Transit Systems

The advances in technology have enabled us to share information, process data transactions, and enhance collaborations with relevant entities effectively. Its unparalleled adoption in both the public and private sectors is raising heightened concerns, particularly in the areas of the collection and management of personal information. The use of personal information can provide great benefits, including improved services for customers and increased revenues and decreased costs for businesses. However, it has also raised important issues such as the misuse of their personal information and loss of privacy. In this paper, we propose a framework to preserve privacy in new Public Metro Transit Systems that incorporates smartcard-based payment systems. The proposed framework leverages cryptographic protocols and an innovative privacy model to ensure the protection of privacy information of the cardholders. We also overview our system architecture for the proposed framework including case learned.

[1]  Sushil Jajodia,et al.  An authorization model for a public key management service , 2001, TSEC.

[2]  Blerim Rexha,et al.  Increasing user privacy in online transactions with X.509 v3 certificate private extensions and smartcards , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[3]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[4]  Min Liu,et al.  Study on security based on PKI for e-commerce of statistics information system , 2005, ICEC '05.

[5]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  Robert H. Deng,et al.  A smart-card-enabled privacy preserving E-prescription system , 2004, IEEE Transactions on Information Technology in Biomedicine.

[8]  Anna Lysyanskaya,et al.  Adaptive Security in the Threshold Setting: From Cryptosystems to Signature Schemes , 2001, ASIACRYPT.

[9]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[10]  Christoph Meinel,et al.  A security improved OpenSST prototype combining with smart card , 2003, 2003 International Conference on Computer Networks and Mobile Computing, 2003. ICCNMC 2003..

[11]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[12]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .