Abstract
Many current mobile payment systems rely on mobile network operators for authentication, and lack adequate nonrepudiation. In this work we describe a mobile payment system that uses a governmentally administered public-key infrastructure, namely, the Finnish Electronic Identity. FINEID cards store user credentials and private keys for authentication and digital signature, and upon user request can be issued as an application on a PKI-enabled SIM card which is used as a trusted module in our application. Using FINEID, our system authenticates persons, not customers of a certain bank, mobile network operator, or payment service provider. It also ensures non-repudiation, integrity and confidentiality of the messages related to the payment transactions. As the administration of the PKI system is the responsibility of the government, the system is very economical for both the service providers and the users. Fhe proof-of-concept implementation, a system for purchasing train tickets, is done using freely available development tools and platforms. Implementing an open payment system based on a nation-wide PKI has proven to be feasible.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ellis, J., Young, M.: J2ME Web Services 1.0. Sun Microsystems, Inc., Santa Clara, CA, USA, 2003. http://www.jcp.Org/en/jsr/detail?id=172
Hassinen, Marko, Hypponen, Konstantin, Trichina, Elena: Utilizing Public Key Infrastructure in Mobile Payment Systems. In: Electron. Comm. Res. Appl. (2007). Available on-line at www.sciencedirect.com
3rd Generation Partnership Project, 3GPPTS 11.14: Specification of the SIM Application Toolkit (SAT) for Subscriber Identity Module — Mobile Equipment (SIM-ME) Interface, V8.17.0, Valbonne, France, 2004, http://www.3gpp.Org/ftp/Specs/html-info/l 114.htm
Java Community Process, Security and Trust Services API (SATSA) for Java 2 Platform, Micro Edi-tion, v. 1.0, Sun Microsystems, Inc., Santa Clara, USA, 2004, http://www.jcp.org/en/jsr/detail?id=177
Karnouskos, Stamats: Mobile Payment: A Journey Through Existing Procedures and Standardization Initiatives, IEEE Communication Surveys, Vol. 6, No. 4, 2004, p. 44–66.
Kreyer, Nina, Pousttchi Key, and Turowski, Klaus: Characteristics of Mobile Payment Procedures. M-Services, 2002.http://SunSITE.Informatik.RWTH-Aachen.DE/Publications/CEUR-WS/Vol-ö I/pa-per 1.pdf
Linck, K., Poutsttchi, K., Wiedemann, D.G.: Security Issues in Mobile Payment from the Customer View Point. In: Proc. 14th Int. European Conf. on Information Systems (ECIS), Goeteborg, Sweden, 2006.
Mallat, N., and Tuunainen, V K.: Merchant Adoption of Mobile Payment Systems. In: Proc. Int. Conf. on Mobile Business (ICMB’05), IEEE Computer Society, Washington DC, USA, 2005, p. 347–353.
MeT Core Specification V.l.2, Mobile Electronic Transactions Ltd, 12-11-2002, http://www.mobile-transaction.org
Mobey Forum White Paper on Mobile Financial Services, V 1.1, Mobey Forum 2003, http://www. mobeyforum.org
Mobile Payment Forum: Risks and Threads Analysis and Security Best Practices. Mobile 2-Way Mes-saging Systems, 2003. http://www.mobilepaymentforum.org
Myers, M, Malpani, A., Galperin, S., Adams, C: X.509 Internet Public Key Infrastructure Online Cer-tificate Status Protocol — OSCP. Network Working Group, Request for Comments 2560, 1999, http:// tools.ietf.org/html/rfc2560
Nambiar, Seema, Lu, Chang-Tien, Liang, Lily R.: Analysis of Payment Transaction Security in Mobile Commerce. In: Proc. IEEE, 2004. p. 475–480.
Ondrus, Jan and Pigneur, Yves: A Disruption Analysis in the Mobile Payment Market, In Proc. 38th Hawaii Int. Conf. on System Sciences, IEEE, 2005, p. 1–10.
Population Register Center of Finland: FINEID SI — Electronic ID Application, v. 2.1, Helsinki, Fin-land, 2004, http://www.fineid.fi
Misra Santosh K., Wickamasinghe, Nilmini: Security of a Mobile Commerce: ATrust Model. In: Elec-tron. Comm. Research, 4, 2004, p. 359–372.
Schneier, Bruce: Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second ed., John Wiley & Sons, NY, 1996.
Vilmos, A, and Karnouskos, Stamatis: SEMOPS: Design of aNew Payment Service. In: Proc. 14th Int. Conf. on Database and Expert Systems Applications, LNCS, vol. 2736, Springer, 2003, p. 865–869.
WAP Architecture Specification, WAP Forum, 07-12-2001, http://www.wapforum.org
Wireless Identity Module Specification, WAP Forum, 12-07-2001, http://www.wapforum.org
Wireless Application Protocol Public Key Infrastructure Definition, WAP Forum, 24–04-2001, http:// www.wapforum.org
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2007 Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Trichina, E., Hyppönen, K., Hassinen, M. (2007). SIM-enabled Open Mobile Payment System Based on Nation-wide PKI. In: ISSE/SECURE 2007 Securing Electronic Business Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9418-2_38
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9418-2_38
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0346-7
Online ISBN: 978-3-8348-9418-2
eBook Packages: Computer ScienceComputer Science (R0)