Increasing user privacy in online transactions with X.509 v3 certificate private extensions and smartcards

Abstract

Security and privacy are central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Public key infrastructure and X.509 certificates have been established as the most trustworthy methods for assuring security in online transactions. This paper proposes a new approach for increasing security by avoiding privacy violation using X.509 version 3 certificate private extensions and storing the certificate and its corresponding private key in the smartcard. The private key never leaves the smartcard and can be used for decryption and signing only after successful personal identification number presentation. The proposed approach is compared with secure electronic transaction (SET) protocol.