An Open, PKI-Based Mobile Payment System

  • Marko Hassinen
  • Konstantin Hyppönen
  • Keijo Haataja
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


Most mobile commerce applications require a secure mobile payment solution for performing financial transactions. However, it is difficult to strongly authenticate users remotely and provide non-repudiation of transactions. In this paper, we present a novel mobile payment scheme which supports both virtual point-of-sale (POS) and real POS transactions. For user authentication, our scheme uses PKI-SIM cards. In virtual POS payments, the mobile phone communicates with a service provider through SMS messaging or IP-based data transfer (e.g. GPRS). In real POS payments, Bluetooth is used as the communication channel. Communication with a bank is done using either SMS messaging or IP-based data transfer. The system is open to any mobile network operator, any merchant, and any financial institution.


Mobile Phone Short Message Service Near Field Communication Mobile Network Operator Mobile Payment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    GSM Association statistics, Q3 (2005),
  2. 2.
    Karnouskos, S.: Mobile Payment: A Journey through Existing Procedures and Standardization Initiatives. IEEE Communications Surveys & Tutorials 6(4) (October 2004)Google Scholar
  3. 3.
    Risks and Threats Analysis and Security Best Practices. Mobile Payment Forum (May 2003),
  4. 4.
    Hassinen, M., Hyppönen, K.: Strong Mobile Authentication. In: Proceedings of the 2nd International Symposium on Wireless Communication Systems, pp. 96–100 (September 2005)Google Scholar
  5. 5.
    Finnish Population Register Centre: FINEID S1 Electronic ID Application,
  6. 6.
    Bluetooth SIG: Bluetooth specifications 1.0, 1.1, 1.2 and 2.0+EDR. Technical specifications (1999–2004),
  7. 7.
    Sun Microsystems, Inc.: Java 2 Platform, Micro Edition (J2ME),
  8. 8.
    Java Community Process: JSR-000177 Security and Trust Services API for J2ME,
  9. 9.
    ISO/IEC 7816-4:1995. Integrated circuits cards with contacts. Part 4: Interindustry commands for interchangeGoogle Scholar
  10. 10.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (June 1999)Google Scholar
  11. 11.
    Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC 3379 (September 2002)Google Scholar
  12. 12.
    Bellare, M., Garay, J., Hauser, R., Herberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP – a family of secure electronic payment protocols. In: Proceedings of the 1st USENIX Workshop on Electronic Commerce (July 1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Marko Hassinen
    • 1
  • Konstantin Hyppönen
    • 1
  • Keijo Haataja
    • 1
  1. 1.Department of Computer ScienceUniversity of KuopioKuopioFinland

Personalised recommendations