A Secure Cloud-based NFC Mobile Payment Protocol

Near Field Communication (NFC) is one the most recent technologies in the area of application development and service delivery via mobile phone. NFC enables the mobile phone to act as identification and a credit card for customers. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes they should share their access permissions on the applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compare to the use of a Secure Element (SE) as a single entity in an NFC enabled mobile phone. In this paper, we propose a protocol based on the concept of NFC mobile payments. Accordingly, we present an extended version of the NFC cloud Wallet model [14], in which, the Secure Element in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). In this circumstance, Mobile Network Operator plays the role of network carrier which is responsible for controlling all the credentials transferred to the end user. The proposed protocol eliminates the requirement of a shared secret between the Point-of-Sale (POS) and the Mobile Network Operator before execution of the protocol, a mandatory requirement in the earlier version of this protocol [16]. This makes it more practicable and user friendly. At the end, we provide a detailed analysis of the protocol where we discuss multiple attack scenarios.

[1]  Diane J. Janvrin,et al.  The effect of encryption on Internet purchase intent in multiple vendor and product risk settings , 2011, Electron. Commer. Res..

[2]  Olusegun Folorunso,et al.  Improving e-payment security using Elliptic Curve Cryptosystem , 2010, Electron. Commer. Res..

[3]  J.-H. Chiu,et al.  NFC Mobile Transactions and Authentication Based on GSM Network , 2010, 2010 Second International Workshop on Near Field Communication.

[4]  Aasha Bodhani New ways to pay [Communications Near Field] , 2013 .

[5]  George Ghinea,et al.  Managing NFC payment applications through cloud computing , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[6]  J. Langer,et al.  Applying relay attacks to Google Wallet , 2013, 2013 5th International Workshop on Near Field Communication (NFC).

[7]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[8]  George Ghinea,et al.  Ecosystem scenarios for cloud-based NFC payments , 2013, MEDES.

[9]  Tor-Morten Grønli,et al.  Towards NFC payments using a lightweight architecture for the Web of Things , 2015, Computing.

[10]  Marc Pasquet,et al.  Payment and privacy: A key for the development of NFC mobile , 2010, 2010 International Symposium on Collaborative Technologies and Systems.

[11]  Lynn Margaret Batten,et al.  E-commerce: protecting purchaser privacy to enforce trust , 2011, Electron. Commer. Res..

[12]  Sherali Zeadally,et al.  Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks , 2010, Electron. Commer. Res..

[13]  Gheorghita Ghinea,et al.  Mobile Transaction over NFC and GSM , 2013, IACR Cryptol. ePrint Arch..

[14]  George Ghinea,et al.  A Proposed NFC Payment Application , 2013, ArXiv.

[15]  Pascal Urien,et al.  Towards a secure Cloud of Secure Elements concepts and experiments with NFC mobiles , 2013, 2013 International Conference on Collaboration Technologies and Systems (CTS).

[16]  George Ghinea,et al.  Challenges of managing secure elements within the NFC ecosystem , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[17]  Francesco Buccafurri,et al.  Implementing disposable credit card numbers by mobile phones , 2011, Electron. Commer. Res..