Abstract
Most mobile commerce applications require a secure mobile payment solution for performing financial transactions. However, it is difficult to strongly authenticate users remotely and provide non-repudiation of transactions. In this paper, we present a novel mobile payment scheme which supports both virtual point-of-sale (POS) and real POS transactions. For user authentication, our scheme uses PKI-SIM cards. In virtual POS payments, the mobile phone communicates with a service provider through SMS messaging or IP-based data transfer (e.g. GPRS). In real POS payments, Bluetooth is used as the communication channel. Communication with a bank is done using either SMS messaging or IP-based data transfer. The system is open to any mobile network operator, any merchant, and any financial institution.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
GSM Association statistics, Q3 (2005), http://www.gsmworld.com
Karnouskos, S.: Mobile Payment: A Journey through Existing Procedures and Standardization Initiatives. IEEE Communications Surveys & Tutorials 6(4) (October 2004)
Risks and Threats Analysis and Security Best Practices. Mobile Payment Forum (May 2003), http://www.mobilepaymentforum.org/pdfs/MPF_Security_Best_Practices.pdf
Hassinen, M., Hyppönen, K.: Strong Mobile Authentication. In: Proceedings of the 2nd International Symposium on Wireless Communication Systems, pp. 96–100 (September 2005)
Finnish Population Register Centre: FINEID S1 Electronic ID Application, http://www.fineid.fi
Bluetooth SIG: Bluetooth specifications 1.0, 1.1, 1.2 and 2.0+EDR. Technical specifications (1999–2004), http://www.bluetooth.org
Sun Microsystems, Inc.: Java 2 Platform, Micro Edition (J2ME), http://java.sun.com/j2me/
Java Community Process: JSR-000177 Security and Trust Services API for J2ME, http://jcp.org/aboutJava/communityprocess/final/jsr177/
ISO/IEC 7816-4:1995. Integrated circuits cards with contacts. Part 4: Interindustry commands for interchange
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (June 1999)
Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC 3379 (September 2002)
Bellare, M., Garay, J., Hauser, R., Herberg, A., Krawczyk, H., Steiner, M., Tsudik, G., Waidner, M.: iKP – a family of secure electronic payment protocols. In: Proceedings of the 1st USENIX Workshop on Electronic Commerce (July 1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hassinen, M., Hyppönen, K., Haataja, K. (2006). An Open, PKI-Based Mobile Payment System. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_7
Download citation
DOI: https://doi.org/10.1007/11766155_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)