Privacy in New Mobile Payment Protocol

The increasing development of wireless networks and the widespread popularity of handheld devices such as Personal Digital Assistants (PDAs), mobile phones and wireless tablets represents an incredible opportunity to enable mobile devices as a universal payment method, involving daily financial transactions. Unfortunately, some issues hampering the widespread acceptance of mobile payment such as accountability properties, privacy protection, limitation of wireless network and mobile device. Recently, many public-key cryptography based mobile payment protocol have been proposed. However, limited capabilities of mobile devices and wireless networks make these protocols are unsuitable for mobile network. Moreover, these protocols were designed to preserve traditional flow of payment data, which is vulnerable to attack and increase the user-s risk. In this paper, we propose a private mobile payment protocol which based on client centric model and by employing symmetric key operations. The proposed mobile payment protocol not only minimizes the computational operations and communication passes between the engaging parties, but also achieves a completely privacy protection for the payer. The future work will concentrate on improving the verification solution to support mobile user authentication and authorization for mobile payment transactions.

Authors:

• Tan Soo Fun
• Leau Yu Beng
• Rozaini Roslan
• Habeeb Saleh Habeeb

Keywords:

• Mobile Network Operator
• Mobile payment protocol
• Privacy
• Symmetric key.

References:

[1] Abad-Peiro J. L., Asokan N., Steiner M. & Waidner M, "Designing a
generic payment service", IBM System Research Journal, Vol.37(1),
1998, Pp. 72-88.
[2] Bellare, M., Garay, J., Hauser, R., Herzberg, A., Steiner, M., Tsudik, G.,
Van Herreweghen, E., and Waidner, M, "Design,Implementation, and
Deployment of the iKP Secure Electronic Payment system", IEEE
Journal of Selected Areas in Communications, 2000, pp. 611-627.
[3] C. Wang & H-f. Leung, "A Private and Efficient Mobile Payment
Protocol", London: Springer-Verlag, LNAI, 2005, pp.1030-1035.
[4] http://www.setco.org/set_specifications.html
[5] Jun Liu, Jianxin Liao, Xiaomin Zhu, "A System Model and Protocol for
Mobile Payment", Proceedings of the IEEE International Conference on
e-Business Engineering (ICEBE-05), 2005.
[6] Krueger, M, The future of M-Payments-business options and policy
issues, Seville. Spain, 2001.
[7] Kungpisdan, S., Srinivasan, B., and Phu Dung, L, "Lightweight Mobile
Credit-Card Payment Protocol", Berlin Heidelberg: Springer -Verlag,
2003a, pp. 295-308.
[8] Kungpisdan, S., Srinivasan, B., and Phu Dung, L., "A Practical
Framework for MobileSET Payment", Proceedings of International ESociety
Conference, 2003b, pp. 321-328.
[9] Kungpisdan S., Srinivasan B., and Phu Dung Le, "A Secure Accountbased
Mobile Payment Protocol", Proceedings of the International
Conference on Information Technology: Coding and Computing, Vol. 1,
Las Vegas, USA, 2004a, pp. 35-39.
[10] M. Ding and C. Unnithan, Mobile Payments (mPayments) -An
Exploratory Study of Emerging Issues and Future Trends, Deakin
University, 2002.
[11] Mohony D.O., Peirce M. and Tewari Histesh, Electronic Payment
Systems for E-Commerce, Artech House, United States of America,
2001.
[12] Panko R. R, Corporate Computer and Network Security, Prentice Hall,
Upper Saddle River, New Jersey, 2004.
[13] Pousttchi, K, "Conditions for Acceptance and Usage of Mobile Payment
Procedures", Proceedings of the M-Business Conference, 2003.
[14] Tellez J. & Sierra J, "Anonymous Payment in a Client Centric Model for
Digital Ecosystem", IEEE DEST, 2007, pp. 422-427.
[15] Tiwari, A., Sanyal, S., Abraham, A., Knapskog, J. S. & Sanyal, S., "A
Multi-factor Security Protocol for Wireless Payment-Secure Web
Authentication Using Mobile Devices", IADIS International Conference
Applied Computing, pp.160-167, 2007.