论文信息 - Off-Line Generation of Limited-Use Credit Card Numbers

Off-Line Generation of Limited-Use Credit Card Numbers

Recently, some credit card companies have introduced limited-use credit card numbers--for example, American Express's single-use card numbers and Visa's gift cards. Such limited-use credit cards limit the exposure of a traditional long-term credit card number, particularly in Internet transactions. These offerings employ an on-line solution, in that a credit card holder must interact with the credit card issuer in order to derive a limited-use token. In this paper, we describe a method for cryptographic off-line generation of limited-use credit card numbers. This has several advantages over the on-line schemes, and it has applications to calling cards as well. We show that there are several trade-offs between security and maintaining the current infrastructure.

Rebecca N. Wright | Aviel D. Rubin

[1] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[2] Aviel D. Rubin,et al. Risks of the Passport single signon protocol , 2000, Comput. Networks.

[3] 권태경,et al. SSL Protocol 기반의 서버인증 , 2003 .

[4] Mihir Bellare. Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[5] Adi Shamir. SecureClick: A Web Payment System with Disposable Credit Card Numbers , 2001, Financial Cryptography.

[6] Dan S. Wallach,et al. Web Spoofing: An Internet Con Game , 1997 .

[7] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[8] John Black,et al. Ciphers with Arbitrary Finite Domains , 2002, CT-RSA.

[9] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[10] Daniel Bleichenbacher,et al. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[11] Chanathip Namprempre,et al. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, ASIACRYPT.