<![CDATA[The rapid growth of digital payment systems and online transaction services has intensified the need for stronger mechanisms to protect sensitive user data from interception, leakage, and unauthorized access. Although Transport Layer Security (TLS) is widely adopted to secure communication channels, it primarily protects data during transmission and does not fully address risks arising from compromised servers or application-layer vulnerabilities. This study proposes and simulates an end-to-end secure channel architecture that integrates client-side encryption using the Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) with the TLS 1.3 protocol to provide layered security. A web-based simulation was developed using HTML, CSS, and JavaScript with the Web Crypto API to illustrate the complete workflow, including client-side key generation, application-layer encryption, TLS 1.3 handshake, secure channel establishment, transport-layer encryption, and server-side processing. The simulation also implements a zero-knowledge mode, ensuring that the server does not possess the client-side encryption key and therefore cannot decrypt sensitive data at the application layer. The experimental results indicate that separating cryptographic keys between the application layer and the transport layer significantly enhances confidentiality and minimizes the impact of key compromise or server-side breaches. Furthermore, the visualization provided by the simulation helps clarify the interaction between client-side encryption and TLS 1.3 mechanisms, making it a useful educational and analytical tool. Overall, this study demonstrates that combining AES-GCM-based client-side encryption with TLS 1.3 offers a robust and practical approach for securing digital payment systems and other applications requiring high levels of data protection.]]>
