Xi Li,Wei Zhu,Mingxing He

DOI: https://doi.org/10.1109/3CA.2010.5533752

2010-01-01

Abstract:Emerging electronic commerce becomes popular together with the considerable increase of mobile device. Since mobile payments will become one of the most important mobile services. However, most people do not have a fancy for remote mobile payment, or only is limited to micro-payment. The most important problem they worry about is the security of the mobile devices and the applications along with the complexity of payment process. The paper presents a secure remote payment architecture based on smart card in mobile devices that simplifies the payment process and takes a finance measure to permit a more fairly allocation of risks between merchants and consumers. Furthermore, security policies between the security properties of the payment application and the resource limitations are defined. It not only provides strong security but also makes the system open to common payment. Finally, ID-based signature mechanism has advantages over the others based on CA in terms of key distribution and scalability of increasing security level for remote mobile payment service.

Xi Li,Hanping Hu,Yì Wáng,Maocai Wang

2008-01-01

Abstract:At present the security of mobile services cannot be satisfied with the special requirements of mobile payment. Then the paper proposes a mobile terminal using the payment protocol and the security scheme to construct the mobile payment. With the character of generating keys from identity itself, furthermore, the scheme uses the efficient identity-based signature from tate pairings in smart card instead of digital certificate mechanism because the distribution and the management of digital certificate are not easy in wireless networks. The proposed signature scheme is simple, efficient so that it will be suitable for an environment of finite bandwidth of wireless networks and low-capability equipment. Security and performance analysis show that the proposed mobile terminal not only protects the data security but also reduces the time consuming and the costs.

Hosam Alamleh,Ali Abdullah S. AlQahtani,Baker Al Smadi

DOI: https://doi.org/10.48550/arXiv.2304.09468

2023-04-19

Cryptography and Security

Abstract:The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers.

Tao Feng,Nicholas DeSalvo,Lei Xu,Xi Zhao,Xi Wang,Weidong Shi

DOI: https://doi.org/10.4108/icst.mobicase.2014.257767

2014-01-01

Abstract:With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet increasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peeping. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user identities, and TrustZone. This framework is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.

Wenzheng Liu,Xiaofeng Wang,Wei Peng

DOI: https://doi.org/10.1109/access.2019.2963480

IF: 3.9

2020-01-01

IEEE Access

Abstract:With mobile payments popular around the world, payers can conduct a payment anytime and anywhere. While providing great convenience, mobile payment also brings many payment security issues. This paper is the first comprehensive review of secure mobile payment. We classify the mobile payment into TPC (third-party payment company)-led mobile payment and Bank-led mobile payment, and based on this, summarize the system structure of mobile payment. Then we discuss the mobile payment security technology framework from Tokenization, PAN (bank card primary account number) binding, and Secure Payment Authentication, respectively. Besides, this paper introduces secure technologies(hardware and software) used in these procedures, discusses and analyzes the security issues that they have been encountered, summarise open issues, and proposes future development directions. In the end, we give the discussion and comparison of popular and representative mobile payment applications, including Alipay, Wechat Pay, Apple Pay, Samsung Pay, and Google Pay.

Haifeng Wu,Xuan Li,Weihui Dai,Weidong Zhao

2010-01-01

Abstract:With the development of mobile network technology and mobile commerce application, mobile payment is becoming more and more important to assist mobile users to participate in the mobile commerce. Service reliability, security authtification, payment mobility is the core improblem, which should be solve with some flexible and secure measures. After deep studying traditional payment methods in electronic commerce and some technologies in 3G network, this paper introduces a new and integrated mobile payment framework, which is combined with IC chip, mobile phone and mobile internet, and then gives some improvement measures for current settlement mechanism, which is entirely around payment channel, payment carrier, security authentication. In this way, the real time processing of information flow, capital flow and logistics can be easily achieved, forming a reliable business operation for mobile users, which can bring some great convenience and profound influence for payment industry in mobile environment.

Xinfang Zhang

2011-01-01

Abstract:By considering the privacy issues occurred in mobile payment with the NFC (Near Field Communication) devices, a NFC authentication model is proposed. This model can implement mutual authentication between the mobile platform and the service provide by using the anonymous authentication scheme. By issuing the qualification certificate and certificating the service provider, the proposed model can prevent the attacks from malicious service providers. Meanwhile, this model can achieve trusted authentication without leaking the configuration information and the identity information of the platform. Moreover, this scheme can identify the user’s account with the help of the issuer in case of the user’s anonymity.

Liang Hu,Ling Chi,Hong-tu Li,Wei Yuan,Yuyu Sun,Jian-feng Chu

DOI: https://doi.org/10.3837/tiis.2012.01.008

2012-01-01

KSII Transactions on Internet and Information Systems

Abstract:As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

Jianwei LIU,Dongxu CHENG,Yan LI

DOI: https://doi.org/10.3969/j.issn.1009-6868.2015.03.004

2015-01-01

Abstract:Aiming at the increasing growth of high security level business requirements for mobile terminal, a high security, trusted computing platform architecture for mobile terminal based on trusted platform module (TPM) trusted chip is proposed. Based on the analysis of expanded architecture for trusted function of a wide variety of current mobile terminals, a software and hardware integration scheme is given. In this scheme, the TPM chip plays a key role in the trusted link of mobile terminal. Furthermore, a prototype platform integrated TPM chip has been designed and used for principle verification of highly secure and trusted attribute of mobile <br> terminal. A key point analysis has been done for this trusted computing platform.

Deli Yang,Hongxin Wang,Yawei Ren,JianJun Wang

DOI: https://doi.org/10.1109/ICMB-GMR.2010.60

2010-01-01

Abstract:With the fast development of mobile business, mobile payment is becoming widely available. Although there is a wealth of academic literature examining mobile payment, the existing mobile payment processes are lack of trust mechanisms, and there are no unified standards for physical and virtual mobile payments. Furthermore, in current mobile payment pattern, applications are difficult to be connected with banks. To solve this problem, this paper gives a general framework of online mobile payment and presents a new mobile payment pattern which advocates stratified extension and cascading agent based on stable and credible platform group. It also proposes a cross-bank unified payment platform to solve the difficulties of connection to banks. As a result, we can get regular, effective and monitoring payment process which is of great maneuverability. The mobile payment process will be more reasonable and the transaction will be more secure.

Zhen Qin,Jianfei Sun,Abubaker Wahaballa,Wentao Zheng,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.1016/j.csi.2016.11.012

IF: 3.721

2017-01-01

Computer Standards & Interfaces

Abstract:Mobile wallet, also known as mobile payment, is becoming one of the most frequently used approach to provide payment services under financial regulation via mobile device and may redefine our lifestyle with the rapid popularity of mobile Internet. In this paper, we address the security of the mobile wallet by providing a detailed threat analysis and identifying some unique design requirements in terms of security and privacy protection for mobile wallet. We then provide a novel approach to secure the mobile wallet and protect the privacy of the mobile user by incorporating the digital signature and pseudo-identity techniques. In view of several advantages of cloud computing, the computation task on the client side, which is usually featured with limited computation resources, is outsourced to the untrusted cloud server securely. The performance of our approach is evaluated via both theoretic analysis and experimental simulations. Also, the security analysis demonstrate that our approach can achieve desirable security properties of mobile wallet.

Kai Fan,Hui Li,Wei Jiang,Chengsheng Xiao,Yintang Yang

DOI: https://doi.org/10.1145/3063955.3063982

2017-01-01

Abstract:With the increasing popularity of the fintech, the e-commerce market has grown rapidly in last decade, and now the mobile devices are unprecedented popular and playing an ever-increasing role in the e-commerce field, especially the mobile payment. However, it is hard for online authentication technology based on traditional mode to maintain the healthy and stable development of mobile payment. Besides that, it can't meet the security demand of user's privacy or some sensitive information else. In this paper, we propose a secure mutual authentication protocol (SMAP) based on U2F for mobile payment. In this system, the asymmetric cryptosystem is used for mutual authentication between server and client to guarantee a reliable service, which is based on the architecture of U2F. It can resist disguise and dispose counterfeit user. Compared to the current existing modes, the proposed protocol strengthens the security of user's account information as well as individual privacy in whole transaction process with mobile payment. The practice proves that the proposed protocol is secure and convenient.

Wei Feng,Yu Qin,Dengguo Feng

DOI: https://doi.org/10.1007/s11235-018-0456-y

2018-01-01

Abstract:This paper presents a new method to enhance the trust of traditional computing device by using the popular mobile phone. We first propose a formal method to analyze the platform trust establishment process based on trusted computing technology, and the formal results reveal possible attack and suggest potential solutions. Then, we design an improved solution, in which the mobile phone is extended to support three trusted computing functions: using mobile phone as a root of trust instead of Trusted Platform Module, as a local investigator to obtain evidences from the local computing platform, and as a trusted agent to build a secure communication channel with an external entity in the remote attestation applications. Finally, to describe the feasibility and efficiency, a prototype of the trusted mobile phone is implemented and evaluated based on an ARM development board.

Tao Li,Aiqun Hu

DOI: https://doi.org/10.3969/j.issn.1001-0505.2011.03.016

2011-01-01

Abstract:Based on the theory of trusted computing and by adding mobile trusted module, security service provider and security software to the existing mobile network, the unified security protection system is established to provide security services to users. This scheme efficiently utilizes the functions of operating system, and makes combination of role-based access control with trust authentication. So the trusted chain transmission is accomplished efficiently. Software and courses without legal certificates are unable to run in the protected system so as to ensure the system security. The certificate is totally managed by security service provider and software provider. Experiments of files reading and writing and network access indicate that the scheme may cause a system performance decrease of 6% to 16%. The scheme can be applied in building a high efficiency holistic security system for mobile communications.

Li Tao,Hu Aiqun

DOI: https://doi.org/10.1109/ncis.2011.129

2011-01-01

Abstract:Mobile services are pervasive in wireless network and are one of the crucial components needed for various applications and services. Security problems related to mobile phones directly influence credibility of these applications and services. Trusted Computing technology provides powerful support for the solution to security issues of mobile device in mobile network. This paper proposes a Holistic Security Service System for mobile network. It consists of a Security Service Provider, a Software Provider and a Mobile Trusted Terminal. A hardware and software solution of trusted mobile device is also proposed, and a trusted software running mechanism based on certificate access control is discussed. Our security analysis and experimental results prove that both the Holistic Security Service System and mobile trusted mechanism can be used in mobile networks.

Liangyin Chen,Zhishu Li,Xuwei Li,Xingshu Chen,Hong Zhu,Hu Jin,Feng Yin

DOI: https://doi.org/10.1109/icess.symposia.2008.74

2008-01-01

Abstract:Millions of people are enjoying the convenience of transferring money and shopping with mobile e-business, but at great risk. Because of the risk, security should be considered a fundamental aspect of e-business system design. Mobile wireless e-business system inherently possesses a higher degree of risk than wired e-business applications, and it requires greater level of security and trust. Special attention must be paid to the mobile e-business. With a well-established infrastructure of 3G system, and with the advent of trusted computing and gene identification technology, this kind of situation will be changed greatly. This paper introduces the trusted platform module, the gene theory and their possible application in the mobile e-business system. It proposes that gene identification (GI) module should be embedded in TPM (Trust Platform Module), 3GTT (3G Trusted Terminal) and TC PC (Trust Computing PC) to ensure the trust of each node in the 3G mobile e-business system. It is a theoretically effective method to present the possibility of solving these security and trust issues.

Yu Zheng,Dake He,Weichi Yu,Xiaohu Tang

DOI: https://doi.org/10.1109/PDCAT.2005.243

2005-01-01

Abstract:In this paper security requirements and security architecture for 4G systems are presented with the consideration of Trusted Computing (TC) for mobile equipment (ME). The security framework based on Trusted Mobile Platform (TMP) and PKI is proposed to provide a considerable robust platform for user’s access to sensitive service and data in the scenario of 4G systems. Over this framework, with the combination of password and biometric identification (BI) as well as public key-based identification, an efficient hybrid authentication and key agreement (HAKA) scheme is presented to resist the possible attacks, particularly the attacks on/from ME. Compared with 3G architecture and other security schemes for 4G mobile networks, our architecture and corresponding HAKA is more secure, scalable and convenient to support globe mobility and capable of being employed to handle the complicated security issues in 4G mobile networks.

KY Lam,SL Chung,M Gu,JG Sun

DOI: https://doi.org/10.1016/s0140-3664(03)00188-9

IF: 5.047

2003-01-01

Computer Communications

Abstract:This paper describes a lightweight security mechanism for protecting electronic transactions conducted over the mobile platform. In a typical mobile computing environment, one or more of the transacting parties are based on some wireless handheld devices. Electronic transactions conducted over the mobile platform are gaining popularity and it is widely accepted that mobile computing is a natural extension of the wired Internet computing world. However, security over the mobile platform is more critical due to the open nature of wireless networks. Furthermore, security is more difficult to implement on the mobile platform because of the resource limitation of mobile handheld devices. Therefore, security mechanisms for protecting traditional computer communications need to be revisited so as to ensure that electronic transactions involving mobile devices can be secured and implemented in an effective manner. This research is part of our effort in designing security infrastructure for electronic commerce systems, which extend from the wired to the wireless Internet. A lightweight mechanism was designed to meet the security needs in face of the resource constraints. The proposed mechanism is proven to be practical in real deployment environment.

Kai Fan,Hui Li,Wei Jiang,Chengsheng Xiao,Yintang Yang

DOI: https://doi.org/10.26599/TST.2018.9010031

2018-01-01

Abstract:With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever-increasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention. However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.

Feng Wang,Ge Bao Shan,Yong Chen,Xianrong Zheng,Hong Wang,Sun Mingwei,Li Haihua

DOI: https://doi.org/10.4018/jgim.2020010110

2020-01-01

Journal of Global Information Management

Abstract:Mobile payment is a new payment method offering users mobility, reachability, compatibility, and convenience. But mobile payment involves great uncertainty and risk given its electronic and wireless nature. Therefore, biometric authentication has been adopted widely in mobile payment in recent years. However, although technology requirements for secure mobile payment have been met, standards and consistent requirements of user authentication in mobile payment are not available. The flow management of user authentication in mobile payment is still at its early stage. Accordingly, this paper proposes an anonymous authentication and management flow for mobile payment to support secure transaction to prevent the disclosure of users' information and to reduce identity theft. The proposed management flow integrates transaction key generation, encryption and decryption, and matching to process users' personal information and biometric characteristics based on mobile equipment authentication carrier.

information science & library science