An Open, PKI-Based Mobile Payment System
Most mobile commerce applications require a secure mobile payment solution for performing financial transactions. However, it is difficult to strongly authenticate users remotely and provide non-repudiation of transactions. In this paper, we present a novel mobile payment scheme which supports both virtual point-of-sale (POS) and real POS transactions. For user authentication, our scheme uses PKI-SIM cards. In virtual POS payments, the mobile phone communicates with a service provider through SMS messaging or IP-based data transfer (e.g. GPRS). In real POS payments, Bluetooth is used as the communication channel. Communication with a bank is done using either SMS messaging or IP-based data transfer. The system is open to any mobile network operator, any merchant, and any financial institution.
KeywordsMobile Phone Short Message Service Near Field Communication Mobile Network Operator Mobile Payment
Unable to display preview. Download preview PDF.
- 1.GSM Association statistics, Q3 (2005), http://www.gsmworld.com
- 2.Karnouskos, S.: Mobile Payment: A Journey through Existing Procedures and Standardization Initiatives. IEEE Communications Surveys & Tutorials 6(4) (October 2004)Google Scholar
- 3.Risks and Threats Analysis and Security Best Practices. Mobile Payment Forum (May 2003), http://www.mobilepaymentforum.org/pdfs/MPF_Security_Best_Practices.pdf
- 4.Hassinen, M., Hyppönen, K.: Strong Mobile Authentication. In: Proceedings of the 2nd International Symposium on Wireless Communication Systems, pp. 96–100 (September 2005)Google Scholar
- 5.Finnish Population Register Centre: FINEID S1 Electronic ID Application, http://www.fineid.fi
- 6.Bluetooth SIG: Bluetooth specifications 1.0, 1.1, 1.2 and 2.0+EDR. Technical specifications (1999–2004), http://www.bluetooth.org
- 7.Sun Microsystems, Inc.: Java 2 Platform, Micro Edition (J2ME), http://java.sun.com/j2me/
- 8.Java Community Process: JSR-000177 Security and Trust Services API for J2ME, http://jcp.org/aboutJava/communityprocess/final/jsr177/
- 9.ISO/IEC 7816-4:1995. Integrated circuits cards with contacts. Part 4: Interindustry commands for interchangeGoogle Scholar
- 10.Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (June 1999)Google Scholar
- 11.Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC 3379 (September 2002)Google Scholar
- 12.Bellare, M., Garay, J., Hauser, R., Herberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP – a family of secure electronic payment protocols. In: Proceedings of the 1st USENIX Workshop on Electronic Commerce (July 1995)Google Scholar