SECURING PAYMENT TRANSACTION QR CODE BASED WITH MUTUAL AUTHENTICATION USING PUBLIC KEY INFRASTRUCTURE
<p align="justify">QR code can be used in mobile commerce transactions because QR code stores more information than other barcode types. On the other hand, attackers can commit fraud against users of QR code-based payment systems. Fraud is done by creating a fake QR code and the orig...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/25885 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | <p align="justify">QR code can be used in mobile commerce transactions because QR code stores more information than other barcode types. On the other hand, attackers can commit fraud against users of QR code-based payment systems. Fraud is done by creating a fake QR code and the original QR code is replaced with a fake QR code so the buyer sends the balance of money to the attacker, not to the seller. This study aims to build a payment system based on QR code that can mutually authenticate buyer and seller identity by using Public Key Infrastructure. <br />
<br />
<br />
<br />
<br />
Information on ordered goods are secured in QR code. To maintain the confidentiality of the QR code, the data content is encrypted using symmetric keys and the symmetric key is wrapped by using public key. Digital signature of information on ordered goods is also included. The authentication stage is performed by unwrapping the symmetric key by using private key. The decrypted data is then checked by the server to find out whether the ordered item is eligible to be paid or not. Then, the digital signature is verified using the public key. The mutual authenication stage is mutually done by buyers and sellers. <br />
<br />
<br />
<br />
<br />
System testing was done with two types of testing namely functional testing and scenario testing. QR code-based payment system could implement Public Key Infrastructure (PKI) to provide mutual authentication stage and secure QR code data content. The system could also check whether the QR code, displayed by the buyer or seller, was fake or not. The system can also prevent customers from making payment confirmations of items ordering that are not valid due to failed authentication stages or the ordering goods itself has been previously paid.<p align="justify"> |
|---|