Abstract
Trusted third-party (TTP) based transaction authentication is traditionally applied to authenticate mobile commerce transactions. However, several issues can arise with this, including seller fraud, TTP performance bottlenecks, and the risk of operations being interrupted. A peer-to-peer mobile commerce transaction authentication platform (MCTAP) with a semi-offline transaction authentication mechanism is proposed in this work. In this, both buyer and seller mutually authenticate and sign the digital receipt for each other. The trusted transaction authentication center thus no longer needs to operate online transaction verification processes, and only has to deal with consumer disputes. MCTAP can raise the efficiency of transaction authentication and provide solutions for the one-way transaction notification systems adopted by most online shopping sites that may encounter seller fraud. The proposed solution is compared to other TTP-based and secure electronic transaction based transaction authentication mechanisms, and the results indicate that the MCTAP has the advantages of efficiency and a higher security level.
Similar content being viewed by others
References
State of Mobile Commerce Q1. (2015). Criteo. http://www.criteo.com/resources/mobile-commerce-q1-2015/. Accessed 27 April 2016.
Chang, C. C., Yang, J. H., Chang, & K. J. (2012). An efficient and flexible mobile payment protocol. In 2012 Sixth international conference on genetic and evolutionary computing (ICGEC), 25–28 Aug 2012 (pp. 63–66). doi:10.1109/ICGEC.2012.43.
Lee, J.-S., & Lin, K.-S. (2012). A robust e-commerce service: Light-weight secure mail-order mechanism. Electronic Commerce Research and Applications, 11(4), 388–396. doi:10.1016/j.elerap.2012.04.001.
Maheshwari, A. (2012). Two way authentication protocol for mobile payment system. International Journal of Engineering Research and Applications, 2(4), 2003–2007. http://www.ijera.com/papers/Vol2_issue4/MB2420032007.pdf.
Rehman, S., & Coughlan, J. (2012). Building trust for online shopping and their adoption of e-commerce. In 2012 International conference on information society (i-Society), 25–28 June 2012 (pp. 456–460).
MasterCard Visa. (1997). SET Secure Electronic Transaction Specification. http://www.maithean.com/docs/set_bk1.pdf. Accessed 16 Mar 2017.
Merkow, M. S. (2004). Secure electronic transactions (SET). In The internet encyclopedia. Wiley. doi:10.1002/047148296X.tie157.
Lu, S., & Smolka, S. A. (1999). Model checking the secure electronic transaction (SET) protocol. In Proceedings of 7th international symposium on modeling, analysis and simulation of computer and telecommunication systems, 1999 (pp 358–364). doi:10.1109/MASCOT.1999.805074.
Xu, Y,, & Liu, J. (2010). Electronic payment system design based on SET and TTP. In 2010 International conference on E-business and E-government (ICEE), 7–9 May 2010 (pp. 275–278). doi:10.1109/ICEE.2010.77.
Abdel-Hamid, A., Badawy, O., & Bahaa, S. (2012). PA-SET: Privacy-aware SET protocol. In 2012 22nd international conference on computer theory and applications (ICCTA), 13–15 Oct 2012 (pp. 15–22). doi:10.1109/ICCTA.2012.6523541.
Host-Based Card Emulation. Android developer. https://developer.android.com/guide/topics/connectivity/nfc/hce.html#SecureElement. Accessed 01 Aug 2016.
Fun, T. S., Beng, L. Y., Roslan, R., & Habeeb, S. H. (2008) Privacy in new mobile payment protocol. International Journal of Computer and Information Science and Engineering, 2(11), 198–202. http://waset.org/publications/12886/privacy-in-new-mobile-payment-protocol.
Shedid, S. M., & Kouta, M. (2010). Modified SET protocol for mobile payment: An empirical analysis. In 2010 2nd international conference on software technology and engineering (ICSTE), 3–5 Oct 2010 (pp. V1-350–V1-355). doi:10.1109/ICSTE.2010.5608856.
Acknowledgements
This work was partially supported by the Telecommunication Lab. of Chung-Hwa Telecom Co. Ltd. under Grant TL-104-6202.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
.
Notation | Meaning |
---|---|
B | Buyer |
S | Seller |
MCTAP | Mobile-Commerce Transaction Authentication Platform |
MTAP | Mobile Transaction Authentication Protocol |
TTAC | Trusted Transaction Authentication Center |
BT | Buyer Transaction |
ST | Seller Transaction |
STC | Seller Transaction Content |
BTC | Buyer Transaction Content |
BTAC | Buyer Transaction Authentication Content |
STAC | Seller Transaction Authentication Content |
BTVC | Buyer Transaction Verification Content |
STVC | Seller Transaction Verification Content |
PK b | Buyer Public Key |
SK b | Buyer Private Key |
PK s | Seller Public Key |
SK s | Seller Private Key |
PK t | TTAC Public Key |
SK t | TTAC Private Key |
Enc key (content) | Encryptkey (content) |
Dec key (content) | Decryptkey (content) |
MAC | Message Authentication Code |
Rights and permissions
About this article
Cite this article
Lee, WH., Miou, CS., Kuan, YF. et al. A peer-to-peer transaction authentication platform for mobile commerce with semi-offline architecture. Electron Commer Res 18, 413–431 (2018). https://doi.org/10.1007/s10660-017-9254-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-017-9254-y