Abstract
Regarding the development of mobile technology, it seems essential to have a payment protocol which provides the required security features along with an acceptable efficiency in mobile environment. This article introduces an anonymous payment protocol based on secure wireless payment protocol (SWPP). Contrary to SWPP, this protocol manages to provide anonymity and privacy of the customer. This protocol uses a blindly signed pseudo digital certificate and anonymous bank account in order to protect the customer’s identity. The proposed protocol was simulated, and then its security and efficiency features were compared to those of other protocols. The comparison proves that this protocol covers all security features required by a secure payment system. Moreover, it is more efficient than other protocols.
Similar content being viewed by others
Notes
National Institute of Standard and Information.
References
Argyroudis, P., Verma, R., Tewari, H., & O’Mahony, D. (2004). Performance analysis of cryptographic protocols on handheld devices. In Proceedings of the third I EEE international symposium on Network Computing and Applications (NCA’04) (pp. 169–174).
Asokan, N. (1994). Anonymity in mobile computing environment. In First Workshop on Mobile Computing Systems and Applications (WMCSA) (pp. 200–204).
Bakhtiari, S., Baraani, A., & Khayyambashi, M. R. (2009). MobiCash: A new anonymous mobile payment system implemented by elliptic curve cryptography. In WRI world congress: Computer science and information engineering (pp. 286–290).
Bellare, M., Garay, J., Hauser, R., Herzberg, A., Steiner, M., Tsudik, G., et al. (2000). Design, implementation, and deployment of the iKP secure electronic payment system. IEEE Journal of Selected Areas in Communications, 18(4), 611–627.
Chang, C., Chang, S., & Lee, J. (2009). An on-line electronic check system with mutual authentication. Computers & Electrical Engineering, 35(5), 757–763.
Chen, Y., Chou, J., Sun, H., & Cho, M. (2011). A novel electronic cash system with trustee-based anonymity revocation from pairing. Electronic Commerce Research and Applications, 10(6), 673–682.
Choi, Y., Crowgey, R., Price, J., & VanPelt, J. (2006). The state of the art of mobile payment architecture and emerging issues. International Journal of Electronic Finance, 1(1), 94–103.
Dahlberg, T., Mallat, N., Ondrus, J., & Zmijewska, A. (2008). Past, present and future of mobile payments research: A literature review. Electronic Commerce Research and Applications, 7(2), 165–181.
Dahlberg, T., & Oorni, A. (2007). Understanding changes in consumer payment habits—Do mobile payments attract consumers? In 40th Annual Hawaii International Conference onSystem Sciences (HICSS 2007).
Dizaj, M. V. A., Moghaddam, R.A., & Momenebellah, S. (2011). New mobile payment protocol: Mobile pay center protocol (MPCP). In 3rd International Conference on Electronics Computer Technology (ICECT) (pp. 74–78).
Fun, T. S., Beng, L. Y., Likoh, J., & Roslan, R. (2008).A lightweight and private mobile payment protocol by using mobile network operator. In International conference on computer and communication engineering (pp. 162–166).
Gao, J., Kulkarni, V., Ranavat, H., & Chang, L. (2009). A 2d barcode-based mobile payment system. In Third international conference on multimedia and ubiquitous engineering (pp. 320–329).
Giannakis, A., & Lynn, B. (2011). E-commerce: Protecting purchaser privacy to enforce trust. Electronic Commerce Research, 11(4), 421–456.
Gu, J., Park, S., Song, O., Lee, J., Nah, J., & Sohn, S. (2003). Mobile PKI: A PKI-based authentication framework for the next generation mobile communications. Lecture Notes in Computer Science, 2727, 180–191.
Haddad, E., & King, B. (2007). A simple secure M-commerce protocol SSMCP. IJCSNS International Journal of Computer Science and Network Security, 7(3), 220–229
Hall, J., Killbank, S., Barbeau, M., & Kranakis, E. (2001). WPP: A secure payment protocol for supporting credit and debit card transactions over wireless networks. In Proceedings of ICT 2001 international conference on telecommunications (pp. 4–7).
Hassinen, M., Hyppönen, K., & Haataja, K. (2006)., An open, pki-based mobile payment system. In Emerging Trends in Information and Communication Security, International Conference (ETRICS’06) (pp. 86–100).
Heijden, H. (2002). Factors affecting the successful introduction of mobile payment system. In Proceedings ofthe 15th bled electronic commerce conference eReality: Constructing the eEconomy, Slovenia (pp. 430–443).
Hoffstein, J., Pipher, J., & Silverman, J. (1998). NTRU: A ring based public key cryptosystem, Algorithmic Number Theory (ANTS III ). Lecture Notes in Computer Science, 1423, 267–288.
Hwang, R. J., Shiau, S. H., & Jan, D. F. (2007). A new mobile payment scheme for roaming services. Electronic Commerce Research and Applications, 6(2), 184–191.
Isaac, J. T., & Camara, J. S. (2007). Anonymous payment in a client centric model for digital ecosystem. In Digital EcoSystems and Technologies Conference (DEST ’07) (pp. 422–427).
Isaac, J. T., & Camara, J. S. (2007). A secure payment protocol for restricted connectivity scenarios in m-commerce. In 8th International Conference on E-Commerce and Web Technologies (EC-Web’07) (pp. 1–10).
Isaac, J. T., & Zeadally, S. (2012). An Anonymous secure payment protocol in a payment gateway centric model. In The 9th international conference on Mobile Web Information Systems (MobiWIS) (pp. 758–765).
Karnouskos, S. (2004). Mobile payment: A journey through existing procedures and standardization initiatives. IEEE Communications Surveys, 6(4), 44–66.
Misra, S. K., & Wickamasinghe, N. (2004). Security of a mobile transaction: A trust model. Electronic Commerce Research, 4(4), 359–372.
Kungpisdan, S., Srinivasan, B., & Phu Dung, L. (2003). A practical framework for mobileSET payment. In Proceedings of international E-Society conference (pp. 321–328).
Kungpisdan, S., & Srinivasan, B. (2003). Lightweight mobile credit-card payment protocol. Lecture Notes in Computer Science, 2904, 295–308.
Kungpisdan S., Srinivasan B., & Phu Dung, L. (2004). A secure account-based mobile payment protocol. In Proceedings of the international conference on information technology: Coding and computing (pp. 35–39). Las Vegas.
Camenish, J. L., Piveteau, J., & Stadler, M. A. (1994). An efficient electronic payment system protecting privacy. Lecture Notes in Computer Science, 875, 205–215.
Li, W., Wen, Q., Su, Q., & ping, Z. (2012). An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Computer Communications, 35(2), 95–188.
Lu, S., & Smolka, S.A. (1999). Model checking the secure electronic transaction (SET) protocol. In Proceedings of the 7th international symposium on modeling, analysis and simulation of computer and telecommunication systems (pp. 358–364).
Mallat, N. (2007). Exploring consumer adoption of mobile payments—A qualitative study. Journal of Strategic Information Systems, 16, 413–432.
Martinez-Pelaez, R., Rico-Novella, F. J., & Satizabal, C. (2010). Study of mobile payment protocols and its performance evaluation on mobile devices. International Journal of Information Technology and Management, 9(3), 337–356.
Shedid, S. M., El-Hennawy, M & Kouta, M.(2010). Modified SET protocol for mobile payment: An empirical analysis. IJCSNS International Journal of Computer Science and Network Security, 10(7), 289–295.
ÓMahony, D., Peirce, M., & Tewari, H. (2003). Electronic payment systems for e-commerce (2nd ed.). London: LLP.
Ozok, A., & Wei, J. (2010). An empirical comparison of consumer usability preferences in online shopping using stationary and mobile devices: results from a college student population. Electron Commerce Research, 10, 111–137.
Potlapally, N., Ravi, S., & Raghunathan, A. (2003). Analyzing the energy consumption of security protocols. In Proceedings of the 2003 international symposium on low power electronics and design.
Potlapally, N., Ravi, S., & Raghunathan, A. (2006). A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing, 5(2), 128–143.
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614–634.
Ray, I., & Ray, I. (2002). Fair fxchange in e-commerce. ACM SIGecom Exchange, 3(2), 9–17.
Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., & Hutchison, D. (2004). Towards pseudonymous e-commerce. Electronic Commerce Research, 4(1–2), 83–111.
Schierz, P., Schilke, O., & Wirtz, B. (2010). Understanding consumer acceptance of mobile payment services: An empirical analysis. Electronic Commerce Research and Applications. doi:10.1016/j.elerap.2009.07.005.
Sekhar, V. C., & Sarvabhatla, M. (2012). A secure account-based mobile payment protocol with public key cryptography. ACEEE International Journal on Network Security, 3(1), 5–9.
Shaikh, R., & Devane, S. (2010). Formal verification of payment protocol using AVISPA. International Journal for Infonomics, 3(3), 326–337.
Smith, R., & Shao, J. (2007). Privacy and e-commerce: A consumer-centric perspective. Electronic Commerce Research, 7(2), 89–116.
Soriano, M., & Ponce, D. (2002). A security and usability proposal for mobile electronic commerce. Communications Magazine, 40(8), 62–67.
Sun, H., Wen, Q., Zhang, H., & Jin, Z. (2012). A novel remote user authentication and key agreement scheme for mobile client-server environment. Applied Mathematics & Information Sciences. doi:10.12785/amis/070414.
Isaac, J. T., Zeadally, S., & Camara, J. (2010). Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electronic Commerce Research, 10(2), 209–233.
Tiwari, A., Sanyal, S., Abraham, A., Knapskog, J. S. & Sanyal, S. (2007). A multi-factor security protocol for wireless payment-secure web authentication using mobile devices. In IADIS international conference on applied computing (pp. 160–167).
Vincent, O. R., Folorunso, O., & Akinde, A. (2010). Improving e-payment security using elliptic curve cryptosystem. Electronic Commerce Research, 10(1), 27–41.
Wang, C., & Chang, C. (2002). A new micro-payment system using general payword chain. Electronic Commerce Research, 2, 1–2.
Wang, C., & Leung, H. F. (2005). A Private and efficient mobile payment protocol. Lecture Notes in Computer Science, 3802, 1030–1035.
Wang, H., & Kranakis, E. (2003). Secure wireless payment protocol. In Proceedings of the international conference on wireless networks, Las Vegas, NV.
Wang, R. C., Juang, W. S., & Lei, C. (2011). Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 77(4), 790–798.
Wang, R. C., Juang, W. S., & Lei, C. (2011). Robust authentication and key agreement scheme preserving the privacy of secret key. Journal of Computer Communications, 34(3), 274–280.
Wibowo, A., & Lam, K. (2000). Loyalty program scheme for anonymous payment systems. Lecture Notes in Computer Science, 1875, 253–265.
Wohlmacher, P. (2000). Digital certificates: a survey of revocation methods. In Proceedings of the 2000 ACM workshops on Multimedia (pp. 111–114).
Wrona, K., Schuba, M., & Zavagli, G. (2001). Mobile payments—State of the art and open problems. In Proceedings of the 2nd international workshop on electronic commerce (pp. 88–100).
Acknowledgments
I would like to thank Fatemeh Layeghian Javan for providing me with a lot of language help during translating this article to English.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Layeghian Javan, S., Ghaemi Bafghi, A. An anonymous mobile payment protocol based on SWPP. Electron Commer Res 14, 635–660 (2014). https://doi.org/10.1007/s10660-014-9151-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-014-9151-6