Like all really interesting ideas I come up with and want to follow up on, this one happened last thing on a Sunday night when I'm at my sleepiest. Basic tenet is that transmitting credit card information across the internet for offsite processing is a huge security concern. The fix is, don't send it at all, but send a one way hash of information from point A to point B.
Click on “Read More” for the particulars.
At point A, all of the client information is concatenated together and is hashed together in a one way function (in this instance, I picked sha512, which should be fine as an example). Once that information is hashed together and converted to base64 encoding, the hash is cryptographically signed by a merchant's public key and transmitted.
On the receiving end, the signature is validated. If OK, then the base64 is decoded back and a lookup is performed on the hash information itself at the credit card company's end. Response is sent back to the merchant.
I'm sure there's a lot I'm not thinking of, but it's getting late for me (was up until 0600 this morning mucking with a MythTV setup) and I think it's better to get it out there before I forget everything.
I've also written up a script that will inject 10 million base64 hashes into a MySQL database. It was only after I started down the road on this thought exercise that I was unsure of the latency of trying to perform a SQL select on 173 character strings on a database might cause. More on that later once my generation script finishes.
It's also another reason for me to mess around with Python some more ;)
more later.
tom
import hashlib, string, base64
# Define all our standard variables here.
_first = “jim”
_last = “jones”
_address = “1313 Mockingbird Lane”
_city = “Kansas City”
_state = “Missouri”
_zip = “64119″
_country = “usa”
_ccard = “6011601160116611″
_expiration = “100909″
_cvv = “0210″
# concatenate all input strings
_input = _first + _last + _address + _city + _state + _zip + _country + _ccard + _expiration + _cvv
# take the above and remove all spaces and switch to lower case.
_input1 = str(_input).replace(” “,”").lower()
# create a new hash for the above and then encode to base64 for transmission
print base64.b64encode(hashlib.sha512(_input1).hexdigest())
# Program output is something like (all on one line):
# ODVjYmYyMmQzYTc4NjhhNzk5ODdlNGQxMzAwMTc1ZjYyY2E3NjljYmJiOTZiYjNkNGI1YzRlNmQyMDhkMDViZGNh
# MGFhZjkwYzc5YzRkNDQwZmYyNGI0OTQ0NDdhODVhODE5MTA5ZTc3YzcwNGFiNjY0N2RmMDM5YTA2ODRmMWU=
Comments are closed.