While I haven’t finished converting my RBAC implementation for MySQL to conform to the SQL standard (I wish we had thought of this originally), there has been some interest so I placed my code online. You can find my RBAC in MySQL page here.
Category Archives: Research
I’m Published
Filed under Conferences, Research
On December 11th, I received my first acceptance (and my second rejection). Ninghui Li, Jiangtao Li and I submitted the paper “Dynamic Virtual Credit Card Numbers” to the Eleventh Financial Cryptography and Data Security Conference to be held in Lowlands, Scarborough, Trinidad/Tobago, February 12-15. Yes, yes, I know, it’s going to be hard going to Tobago in February but I’ll be strong. I’m a survivor.
Several people I met at CCS mentioned they too had submitted papers to FC’07, so it will be interesting to see if they’ll be there. That will make things easier, and I’m sure each conference the idle chat and hobnobbing comes more naturally as you begin to make friends with research around the world who work in similar areas.
For those who are interested, here’s the abstract for the paper:
Abstract: Theft of stored credit card information is an increasing threat to e-commerce. We propose a dynamic virtual credit card number scheme that reduces the damage caused by stolen credit card numbers. A user can use an existing credit card account to generate multiple virtual credit card numbers that are either usable for a single transaction or are tied with a particular merchant. We call the scheme dynamic because the virtual credit card numbers can be generated without online contact with the credit card issuers. These numbers can be processed without changing any of the infrastructure currently in place; the only changes will be at the end points, namely, the card users and the card issuers. We analyze the security requirements for dynamic virtual credit card numbers, discuss the design space, propose a scheme using HMAC, and prove its security under the assumption that HMAC is a PRF.
