William Song,Deren Chen,Jen-Yao Chung

DOI: https://doi.org/10.1007/978-3-540-30209-4_16

2004-01-01

Abstract:E-commerce development and applications have been bringing the Internet to business and marketing and reforming our current business styles and processes. As Business to Business (B2B) has been a main stream of the e-commerce activities for a decade, business to customer (B2C) is still a new area to explore. Among the business to customer activities, a strong impact is security, i.e., how to protect secrets of various parties in business transactions. Different security methods apply to different businesses and meet different customers' needs. The methods with low cost and easy to implement may be less secure, whereas the methods providing high level security can be unaffordable to many small enterprises and individuals. In particular, people, while browsing or surfing on the Web, wish to pay a very small amount and "buy" (perhaps just download) an interesting item from the Web. The "click-and-pay" or "click-and-buy" does not require high security protection and should be convenient to use (buy and pay). Micro-payment issue emerges from the context to meet the need of applicability of low secure and cost in e-purchase. Payments of small amounts may enable many exciting applications on the Internet, such as selling information, small software and services. Users are willing to pay a small amount of money for the information, software and services. While the payment is small, expensive security protection is unnecessary. What users require may include negligible delay, rapid click-through, and automatic billing. Micro-payment is a service intensive activity, where many payment tasks involve different forms of services, such as payment method selection for buyers, security support software, product price comparison, etc. In this paper, we intend to investigate and analyze various aspects of micro-payment system using the web service technology. We will discuss business patterns for micro-payment systems using Web Services approaches.

Haifeng Wu,Xuan Li,Weihui Dai,Weidong Zhao

2010-01-01

Abstract:With the development of mobile network technology and mobile commerce application, mobile payment is becoming more and more important to assist mobile users to participate in the mobile commerce. Service reliability, security authtification, payment mobility is the core improblem, which should be solve with some flexible and secure measures. After deep studying traditional payment methods in electronic commerce and some technologies in 3G network, this paper introduces a new and integrated mobile payment framework, which is combined with IC chip, mobile phone and mobile internet, and then gives some improvement measures for current settlement mechanism, which is entirely around payment channel, payment carrier, security authentication. In this way, the real time processing of information flow, capital flow and logistics can be easily achieved, forming a reliable business operation for mobile users, which can bring some great convenience and profound influence for payment industry in mobile environment.

Qi Li,Xinwen Zhang,Jean-Pierre Seifer,Hulin Zhong

DOI: https://doi.org/10.1109/aptc.2008.24

2008-01-01

Abstract:Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.

Hosam Alamleh,Ali Abdullah S. AlQahtani,Baker Al Smadi

DOI: https://doi.org/10.48550/arXiv.2304.09468

2023-04-19

Cryptography and Security

Abstract:The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers.

Weihui Dai,Xiang Cai,Haifeng Wu,Weidong Zhao,Xuan Li

DOI: https://doi.org/10.4304/jnw.6.9.1329-1336

2011-01-01

Abstract:Along with globally approaching of the 3G era, the progress of mobile communication technology and the development of mobile terminal devices will rapidly promote the mobilization development of traditional E-commerce. In order to ensure it to achieve further development, secure, flexible and reliable mobile payment system is becoming more and more important. Compared with the payment pattern of ordinary commerce, there will be profound changes in the mobile payment, such as special payment channel, payment carrier and etc. After deep studying about previous payment methods and future 3G communication technology, this paper introduces a new mobile payment model by combining with IC chip, mobile phone and mobile internet, and then gives some improvement measures for current settlement mechanisms in the network transaction, which is entirely around payment channel, payment carrier, security authentication and other key issues in 3G environment. The real time processing of information flow, capital flow and logistics in mobile environment can be easily achieved, forming a complete and reliable business operation for mobile users, which can bring some great conveniences and profound influences for mobile payment industry.

ZHANG Fei,CHEN Zi-chen,XIONG Li

DOI: https://doi.org/10.3969/j.issn.1006-5911.2006.10.012

2006-01-01

Abstract:To improve the performance and network security of collaborative commerce chain system and to deal with shortcomings of existing solution to electronic commerce,Mobile Agent technology was introduced into the modeling of network-based collaborative commerce chain system.Based on Mobile Agent properties,problems of security and network security confronted with Mobile Agent in the transaction process of network-based collaborative commerce chain were analyzed.Finally,a prototype system between the customer Agent and the supplier Agent was used to expatiate security negotiation bargain procedure based on Mobile Agent under the public key infrastructure and certification authority.Research results showed that Agent's submission permit to the supplier server during authentication process could enhance the network bargain security of the collaborative commerce chain system.

Feng Wang,Ge Bao Shan,Yong Chen,Xianrong Zheng,Hong Wang,Sun Mingwei,Li Haihua

DOI: https://doi.org/10.4018/jgim.2020010110

2020-01-01

Journal of Global Information Management

Abstract:Mobile payment is a new payment method offering users mobility, reachability, compatibility, and convenience. But mobile payment involves great uncertainty and risk given its electronic and wireless nature. Therefore, biometric authentication has been adopted widely in mobile payment in recent years. However, although technology requirements for secure mobile payment have been met, standards and consistent requirements of user authentication in mobile payment are not available. The flow management of user authentication in mobile payment is still at its early stage. Accordingly, this paper proposes an anonymous authentication and management flow for mobile payment to support secure transaction to prevent the disclosure of users' information and to reduce identity theft. The proposed management flow integrates transaction key generation, encryption and decryption, and matching to process users' personal information and biometric characteristics based on mobile equipment authentication carrier.

information science & library science

Xiaolin Zheng,Deren Chen

DOI: https://doi.org/10.1109/COEC.2003.1210227

2003-01-01

Abstract:Mobile payment is the killer application in mobile commerce. We classify the payment methods according to several standards, analyze and point out the merits and drawbacks of each method. To enable future applications and technologies handle mobile payment, we provide a general layered framework and a new process for mobile payment. The framework is composed of load-bearing layer, network interface and core application platform layer, business layer, and decision-making layer. And it can be extended and improved by the developers. Then a pre-pay and account-based payment process is described. Our method has the advantages of low cost and technical requirement, high scalability and security.

Jun Li,Jing Wang,Shanyong Wang,Yu Zhou

DOI: https://doi.org/10.1109/access.2019.2902905

IF: 3.9

2019-01-01

IEEE Access

Abstract:In recent years, mobile payment as an innovative payment method has triggered a payment revolution in China. Understanding and investigating the psychological elements and influence paths that affect the user's willingness to use mobile payment are of great importance. The main purpose of this study is to investigate the effects of a user's risk perception, perceived ease of use, perceived usefulness, and attitude on a user's willingness to use Alipay, by using an extended version of the technology acceptance model (TAM). The model was tested with the use of structural equation modeling (SEM), and the data was collected from 491 users in China. The results show that perceived ease of use and perceived usefulness has a significant effect on users' attitudes and intentions to use Alipay, and the risk perception has a negative effect on perceived ease of use and perceived usefulness. Meanwhile, risk perception also has a direct effect on users' attitudes and intentions to use Alipay. These results suggested that when users perceived that the risks of using Alipay are higher, they will hold a negative attitude using Alipay and less likely to use Alipay. Based on these results, the possible implications have been identified.

Jianbing Ni,Man Ho Au,Wei Wu,Xiapu Luo,Xiaodong Lin,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tmc.2021.3135301

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile devices have become near-ubiquitous tools in our daily lives. Following this trend, mobile commence is developed rapidly which in turns stimulates interests in mobile payment. Some prominent examples include Googles Wallet, WeChat Pay, and Apple Pay. Most of these technologies, however, are designed for users to be able to pay conveniently to the business. In other words, they are designed with the business to user model in mind. Besides, an active network connection with an external payment server is required either from payer or payee during transaction. Our work intends to supplement existing solutions, which allows payment to be made in an off-line and dual-anonymous manner. In doing so, a dual-anonymous off-line electronic cash scheme is proposed by utilizing BBS+ signature. The feature of our scheme is dual-anonymous payment, which means that both the payer and the payee in any transaction cannot be identified even all other users and the payment server collude. Through security proof and performance analysis, we also demonstrate that the security of the proposed scheme can be reduced to standard assumptions and it is suitable for applications in mobile commerce.

computer science, information systems,telecommunications

Changwu Wang,Xiuxian Zheng,Yali Si,Wenyuan Liu

2011-01-01

Abstract:Mobile agent is identified as a programming paradigm that allows exible structuring of distributed computation. However, their adoption is largely hampered by the security issues. In this paper, by using environmental key propagation and execution tracing technology, an enhanced-security fair payment protocol based on mobile agent is proposed. This protocol can protect the confidentiality of sensitive payment information carried by mobile agent better than existing ones. At the same time, by ameliorating the using of the theory of cross validation, mobile agent is able to avoid malicious merchant's attack when it validates the product. So the security is enhanced. Moreover, the trusted third patty is offline unless someone is misbehaving or prematurely aborting. © 2011 ISSN 1881-803X.

Tao Feng,Nicholas DeSalvo,Lei Xu,Xi Zhao,Xi Wang,Weidong Shi

DOI: https://doi.org/10.4108/icst.mobicase.2014.257767

2014-01-01

Abstract:With the rise of Internet connected mobile devices, applications have migrated from PCs to mobile computing platforms. An important aspect, payment processing, faces new security challenges from these developments. Inasmuch, these advancements demand efforts from researchers and industry to meet increasing security needs. Threats can ensue from data loss, theft from lost, stolen, or decommissioned devices, information-stealing malware, and password peeping. We propose a secure framework for sensitive session driven applications which combines biometric-based continuous and implicit tracking of user identities, and TrustZone. This framework is accomplished through monitoring fingerprint authentication logs as well as detecting events when the phone has left the user's hands, all while in TrustZone, a platform for secure computation and storage on mobile devices. This solution leverages multiple onboard sensors as well as the ARM architecture to accomplish these feats. We conducted two user-studies acquiring smartphone users' usage statistics to investigate security and usability needs of our identity-tracking solution. To monitor these subtle gestures in real-world uncontrolled environments, multi-session data collection has been conducted to iteratively improve system performance. The evaluation results have demonstrated the feasibility of this framework as a secure session-based payment system.

J. Chen,X. Peng

DOI: https://doi.org/10.4028/www.scientific.net/AMM.443.561

2013-10-01

Abstract:The payment system of wireless communication is a whole of the various types of software used by the wireless communication network, wireless payment terminals and payment terminals, which together constitute the user applications. Compared to traditional network, wireless communication network is an more open system. According to this, users personal is easier to be stolen in the transfer process and the type of attack has become more diverse and innovative. The article introduces two types attack and solutions. Fishing Wifi is a common means of attack in the wireless network nowadays. Mobile banking is a typical example too. It involves the security of payment in mobile banking which becomes the new problem within e-commerce.

Business,Computer Science

Doyel Pal,Praveenkumar Khethavath,Tingting Chen,Yuan Zhang

DOI: https://doi.org/10.1002/dac.3293

2017-01-01

International Journal of Communication Systems

Abstract:Payment methods using mobile devices instead of using traditional methods (cash, credit card, etc) has been gaining popularity all over the world. The ubiquitous nature of smartphones and tablets has widened the ambit for using these devices for payments and other daily life activities. Recent advancements in mobile technology along with the convenience of mobile devices made these applications possible. Despite the worldwide user adoption of mobile applications, security is the key challenge in mobile banking and payments system. Mobile payments systems need to be very efficient and provide utmost security endlessly. State‐of‐the‐art mobile payment systems need the physical presence of a merchant agent to make a payment. In this article, we had described in detail about the design and implementation of a mobile payments application, used to make in‐store purchases and make secure payments without any physical presence of a cashier or a merchant agent. We proposed a novel privacy‐preserving and secure authentication algorithm to make mobile payments using biometrics. The analysis and experimental results show the reliability and efficiency of our proposed solution.

KY Lam,SL Chung,M Gu,JG Sun

DOI: https://doi.org/10.1016/s0140-3664(03)00188-9

IF: 5.047

2003-01-01

Computer Communications

Abstract:This paper describes a lightweight security mechanism for protecting electronic transactions conducted over the mobile platform. In a typical mobile computing environment, one or more of the transacting parties are based on some wireless handheld devices. Electronic transactions conducted over the mobile platform are gaining popularity and it is widely accepted that mobile computing is a natural extension of the wired Internet computing world. However, security over the mobile platform is more critical due to the open nature of wireless networks. Furthermore, security is more difficult to implement on the mobile platform because of the resource limitation of mobile handheld devices. Therefore, security mechanisms for protecting traditional computer communications need to be revisited so as to ensure that electronic transactions involving mobile devices can be secured and implemented in an effective manner. This research is part of our effort in designing security infrastructure for electronic commerce systems, which extend from the wired to the wireless Internet. A lightweight mechanism was designed to meet the security needs in face of the resource constraints. The proposed mechanism is proven to be practical in real deployment environment.

LI BEIJIN,ZHANG LI

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.06.003

2008-01-01

Abstract:The popularity of WAP-based Mobile Internethas brought new opportunities and challenges to e-commerce. The security of WAP-based electronic payment is a key problem to be solved. This paper introduces the technical characteristics of WAP,analyzes the security problems and solutions of Internet-based electronic payment,then concludes new security problems of WAP-based electronic payment,and provides corresponding solutions.

Ms. Deepika Dhamija,Dr. Anu Bharti,,

DOI: https://doi.org/10.35940/ijeat.b3791.129219

2019-12-30

International Journal of Engineering and Advanced Technology

Abstract:The recent advancements in Information Technology have brought considerable changes in the way tasks are accomplished across the globe. The world has become a more connected place and a major impact as well as reason of this can be attributed to the steep rise in the usage of mobile devices. Mobile devices are being used for online payments in the form of shopping, money transfers, bill payments and what not. The majority of monetary transactions on the Internet now take place through mobile devices and therefore, mobile payment systems being wireless systems calls for an even more secure protocols and payment environment. Although the various security protocols available today boast of implementing the security requirements i.e. data confidentiality, integrity, non-repudiation, authentication and authorization, still the security of m-commerce transactions remain a major concern for mobile payment users. A number of m-commerce security techniques, models and protocols have been proposed by authors in recent past. This paper presents the recent advancements of the models and techniques authors proposed and the technologies and protocols used in these models. The paper also highlights the open areas of research in the field.

Tianqi Wang,Ting Liu,Huimin Zhu

DOI: https://doi.org/10.56397/ist.2024.01.07

2024-01-01

Abstract:As the mobile payment landscape continues to evolve rapidly, this paper examines the emerging threats and future challenges facing Alipay and the broader industry. The analysis encompasses cybersecurity innovations, regulatory landscape changes, user privacy concerns, integration with emerging technologies, global expansion challenges, competition and market saturation, technological infrastructure scalability, consumer education and trust, geopolitical risks, and social and ethical considerations. With the aim of fostering a comprehensive understanding, the paper explores how Alipay can strategically adapt to these challenges through continuous innovation, regulatory compliance, user-centric approaches, and global collaboration. The insights derived from this exploration contribute to a holistic perspective on the dynamic future of mobile payments.

Chai Hongfeng

2013-01-01

Abstract:With the development of communication technology and the popularity of smart mobile devices,e-commerce is advancing toward the mode of suppliers on the move.Online and offline modes mutually penetrate,impact and turn to integrate with each other.Traditional bankcards and banknotes have become more and more insufficient to the demands of O2O.The thesis makes an elaboration on the basic conception,designing and implementation of the modern electronic money,on the basis of the necessity of the development of mobile electronic money,the building of payment application framework and its development.The thesis proposes the solutions and trends of the future electronic payment.

Liming Fang,Minghui Li,Zhe Liu,Changting Lin,Shouling Ji,Anni Zhou,Willy Susilo,Chunpeng Ge

DOI: https://doi.org/10.1109/tdsc.2021.3102099

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Mobile payment system has been expected to provide more efficient and convenient payment methods. However, compared to traditional payments, mobile payment issues related to the security of electronic accounts and payment apps present serious challenges. In this paper, we find the potential security risks by analyzing the commonly used tokenized mobile payment method and put forward the corresponding off-site attack strategy. In this scenario, the attackers are not only limited to malicious third parties but also can be illegal merchants. To address the off-site attack, especially the potential attackers who may be malicious merchants, we also propose SALP, a secure and authenticated payment protocol, using time and position as necessary conditions for the payment confirmation. Furthermore, we leverage identity-based signature (IBS) to prevent altering the information and reduce the overhead of the third-party authentication. We conduct case studies to demonstrate that the SALP can effectively prevent the off-site payment attack without a trusted hardware environment. In particular, we finally argue that SALP does not bring additional system overhead without degrading the convenience of mobile payment.