IJERT-A Secure Transaction Scheme with Certificateless Cryptographic Primitives Based Mobile Payments (original) (raw)
Related papers
A lightweight and private mobile payment protocol by using mobile network operator
2008 International Conference on Computer and Communication Engineering, 2008
Mobile commerce is undoubtedly become an omnipresent and active area in electronic payments. It allows mobile user to purchase things, pay bills or make a bet via mobile phone when on the move, anywhere and at any time. Unfortunately, several challenges in accountability and privacy properties have emerged with the widespread of m-commerce in recent years. Consequently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are not suitable for mobile network. In this paper, we propose a secure mobile payment protocol which involves mobile network operators (MNO) by employing symmetric key operations. The symmetric cryptographic technique applied to our proposed protocol not only minimizes the computational operations and communication passes between the involved parties, but also has achieves a completely privacy protection for the payer and satisfies all the criteria of end-to-end security property and party's requirement including non-repudiation. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.
Secure and Optimized Mobile Based Merchant Payment Protocol using Signcryption
International Journal of Information Security and Privacy, 2012
The authors propose a Secure and Optimized Mobile based Merchant Payment (SOMMP) Protocol using Signcryption scheme with Forward Secrecy (SFS) based on elliptic curve which consumes less computational and communication cost. In SOMMP client sends message in the form of TransCertC (Transaction Certificate) which is a X.509 SLC (X.509 Short Lived Certificate) thereby reducing the client interactions with the engaging parties thereby reducing the consumption of resources (from Client’s perspective) which are very scarce in Resource Constrained Devices like Mobile Phones. In SOMMP protocol WSLC (WPKI Short Lived Certificate) eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. Their proposed SOMMP ensures Authentication, Integrity, Confidentiality and Non Repudiation, achieves Identity protection from merchant and Eavesdropper, achieves Transaction privacy from Eavesdropper and Payment Gat...
A SECURED MOBILE PAYMENT TRANSACTION PROTOCOL FOR ANDROID SYSTEMS
The smart-phone industry has witnessed tremendous growth in recent history simply because of the emergence of the android operating system. It is now easier to make payments on our mobile phones but one major hindrance lies in transaction security. The objective of this paper is to develop a secure transaction protocol for an android based mobile payment system using quick response code technology and a hybrid cryptographic scheme. To achieve a better security in the system, we implemented symmetric, asymmetric cryptography alongside hashing and message authentication codes simultaneously in the system protocol. The results obtained depict a secure mobile payment system which makes use of dual authentication mechanism by two distinct entities
A new mobile payment system with formal verification
International Journal of Internet Technology and Secured Transactions, 2012
In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the realm of mobile commerce. This payment instrument provides the merits of both e-cash and e-check, i.e., MTC can be used freely as an e-cash and it is as secure as an e-check. We present the mobile payment protocol based on MTC which uses elliptic curve digital signature algorithm (ECDSA) for generating and verifying digital signatures and DES for encrypting and decrypting the messages which are suitable for resource constrained devices like mobile phones. We use 'extended BAN' logic (Abadi et al., 1993) to provide a concise and clear understanding of this secure payment instrument (MTC). We formalise and verify the interactions and trust relationships among engaging entities.
Privacy in new mobile payment protocol
2008
The increasing development of wireless networks and the widespread popularity of handheld devices such as Personal Digital Assistants (PDAs), mobile phones and wireless tablets represents an incredible opportunity to enable mobile devices as a universal payment method, involving daily financial transactions. Unfortunately, some issues hampering the widespread acceptance of mobile payment such as accountability properties, privacy protection, limitation of wireless network and mobile device. Recently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are unsuitable for mobile network. Moreover, these protocols were designed to preserve traditional flow of payment data, which is vulnerable to attack and increase the user's risk. In this paper, we propose a private mobile payment protocol which based on client centric model and by employing symmetric key operations. The proposed mobile payment protocol not only minimizes the computational operations and communication passes between the engaging parties, but also achieves a completely privacy protection for the payer. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.
A Secure Mobile Banking Scheme based on Certificateless Cryptography in the Standard Security Model
International Journal of Computer Applications, 2013
Providing the security services (authenticity, integrity, confidentiality and non-repudiation) all together in mobile banking has remained a problematic issue for both banks and their customers. Both the public key infrastructure (PKI) and the identity-based public key cryptography (IB-PKC) which have been thought to provide solutions to these security services, have their own limitations. While the PKI suffers the scalability and certificate management problems, the identity-based cryptography suffers the key escrow problem. This paper proposes a secure web-based mobile banking scheme using certificateless public key cryptography. Within this scheme, the key generating center(KGC) has an offline connection with a public directory server. Both of the client and the bank's web-server use the identities of each other to obtain the public key of each from the KGC's public directory server. Then, each party computes an authenticated per-session shared secret symmetric key. By using this shared secret key the client can encrypt his username and password to access his banking account and carry out signed banking transactions. As a result, the proposed scheme is secure in the standard model and provides authentication, confidentiality, integrity and nonrepudiation. Moreover, the scheme is secure against known key attack, resilient against unknown key share and key-compromise impersonation, and secure against weak perfect forward secrecy.
A Secure and Optimized Proximity Mobile Payment Framework with Formal Verification
International Journal of E-Services and Mobile Applications, 2014
In this paper the authors propose a Secure and Optimized Proximity Mobile Payment (SOPMP) Framework using NFC (Near Field Communication) technology, WPKI (Wireless Public Key Infrastructure), UICC (Universal Integrated Circuit Card). The novelty of this proposed mobile payment framework is messages are exchanged in the form of Digital Signature with Message Recovery (DSMR) and merchant sends Invoice in the form of Digital Invoice Certificate (DIC) (which is digitally signed by the merchant). The communication link between mobile phone and merchant POS (Point Of Sale) is NFC. Digital Signature with Message Recovery based on ECDSA eliminates the need of adopting PKI cryptosystems thereby reducing the consumption of resources i.e. it consumes less computational and communication cost. DSMR eliminates the need of certificates validation and removes the hurdle of PKI thereby reducing storage space, communication cost and computational cost. The authors proposed protocol ensures Authentic...
Lightweight Certificateless and Provably-Secure Signcryptosystem for the Internet of Things
In this paper, we propose an elliptic curve-based signcryption scheme derived from the standardized signature KCDSA (Korean Certificate-based Digital Signature Algorithm) in the context of the Internet of Things. Our solution has several advantages. First, the scheme is provably secure in the random oracle model. Second, it provides the following security properties: outsider/insider confidentiality and unforgeability; non-repudiation and public verifiability, while being efficient in terms of communication and computation costs. Third, the scheme offers the certificateless feature, so certificates are not needed to verify the user’s public keys. For illustration, we conducted experimental evaluation based on a sensor Wismote platform and compared the performance of the proposed scheme to concurrent schemes.
Secure and efficient protocol for mobile payments
Proceedings of the 10th international conference on Electronic commerce - ICEC '08, 2008
Electronic Payments have gained tremendous popularity in the modern world. Credit/debit cards and online payments are in widespread use. Bringing electronic payments to the mobile world offers huge utility for mobile users. Lack of standardized protocols, interoperability and security are major roadblocks in developing a mobile payment infrastructure. A scheme called SEMOPS (Secure Mobile Payment Service) has already been proposed by A. Vilmos and S. Karnouskos. This proposed SEMOPS architecture addresses these problems. However, it will work inefficiently for micropayments due to a lot of computation and communication for every payment. Good micropayment support is extremely important for mobile payment systems to succeed. This work focusses on enabling efficient micropayment support in SEMOPS scheme. An analysis of the security and efficiency of the proposed method is given in this paper. Our new proposed method has been found to be very efficient for micropayments in SEMOPS.
Efficient certificate path validation and its application in mobile payment protocols
ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings, 2008
Certification path validation is a complex task that implies high computational cost. In this process is necessary to verify the binding between the owner of the certificate and his public key. In SET protocol, the customer and merchant require to verify the certification path of their certificates to trust each other. The customer and merchant carry out several cryptographic operations to complete SET protocol including the authentication process. Because mobile devices are limited in terms of processing and storage capacities, it is relevant to reduce the computational cost required by the cryptographic operations.