Abstract
Recently, some credit card companies have introduced limited-use credit card numbers—for example, American Express’s single-use card numbers and Visa’s gift cards. Such limited-use credit cards limit the exposure of a traditional long-term credit card number, particularly in Internet transactions. These offerings employ an on-line solution, in that a credit card holder must interact with the credit card issuer in order to derive a limited-use token. In this paper, we describe a method for cryptographic off-line generation of limited-use credit card numbers. This has several advantages over the on-line schemes, and it has applications to calling cards as well. We show that there are several trade-offs between security and maintaining the current infrastructure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mihir Bellare and Chanathip Namprempre. Authenticated encryption: Relations among notations and analysis of the generic composition paradigm. In Advances in Cryptology-Asiacrypt 2000, LNCS vol. 1976. Springer-Verlag, 2000.
John Black and Phillip Rogaway, Ciphers with Arbitrary Finite Domains. In Proceedings of RSA Security 2002 Cryptographer’s Track, Springer-Verlag 2002.
Daniel Bleichenbacher. Chosen ciphertext attacks against protocols based on RSA encryption standard PKCS #1. In Advances in Cryptology-CRYPTO’98, LNCS vol. 1462, pages 1–12. Springer-Verlag, 1998.
Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Web spoofing: An Internet con game. In Proc. 20th National Information Systems Security Conference, 1997.
Kipp E.B. Hickman and Taher Elgamal. The SSL protocol. Internet draft draft-hickman-netscape-ssl-01.txt, 1995.
D. Kormann and A. Rubin. Risks of the Passport single signon protocol. In Proceedings of 9th International World Wide Web Conference, May 2000.
Pay Pal. http://www.paypal.com, 2000.
Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. Practical network support for ip traceback. In Proceedings of the 2000 ACM SIGCOMM Conference, pages 295–306, 2000.
Adi Shamir. SecureClick: A Web payment system with disposable credit card numbers. In these proceedings, 2001.
Bob Tedeschi. Technology: Real-time challenges, in Cyberspace and on the ground. The New York Times on the Web, January 1, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rubin, A.D., Wright, R.N. (2002). Off-Line Generation of Limited-Use Credit Card Numbers. In: Syverson, P. (eds) Financial Cryptography. FC 2001. Lecture Notes in Computer Science, vol 2339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46088-8_18
Download citation
DOI: https://doi.org/10.1007/3-540-46088-8_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44079-6
Online ISBN: 978-3-540-46088-6
eBook Packages: Springer Book Archive