Design and accountability analysis of a secure SMS-based mobile payment protocol

Nowadays, most of mobile payment transactions are made through Short Message Service (or SMS). A number of SMS-based mobile payment protocols have been proposed but still lack of necessary security properties. This paper introduces a new SMS-based operator-assisted mobile payment protocol called SOMP. The proposed protocol offers clients the ability to perform payment transactions directly to the mobile operator itself or to merchants through the mobile operator. We perform accountability analysis to show that SOMP satisfies necessary security properties. Moreover, SOMP is easy to use and compatible with existing SMS infrastructure.

[1]  Mahmoud Reza Hashemi,et al.  A Secure m-Payment Protocol for Mobile Devices , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[2]  Supakorn Kungpisdan,et al.  Securing micropayment transactions over Session Initiation Protocol , 2009, 2009 9th International Symposium on Communications and Information Technology.

[3]  Pavan Soni M-Payment Between Banks Using SMS , 2010 .

[4]  Yingjiu Li,et al.  A security-enhanced one-time payment scheme for credit card , 2004, 14th International Workshop Research Issues on Data Engineering: Web Services for e-Commerce and e-Government Applications, 2004. Proceedings..

[5]  Supakorn Kungpisdan Accountability of Centralized Payment Systems: Formal Reasoning, Protocol Design and Analysis , 2010 .

[6]  Mohsen Toorani,et al.  SSMS - A secure SMS messaging protocol for the m-payment systems , 2008, 2008 IEEE Symposium on Computers and Communications.

[7]  Bala Srinivasan,et al.  Lightweight Mobile Credit-Card Payment Protocol , 2003, INDOCRYPT.

[8]  Rebecca N. Wright,et al.  Off-Line Generation of Limited-Use Credit Card Numbers , 2001, Financial Cryptography.

[9]  Bala Srinivasan,et al.  A Limited-Used Key Generation Scheme for Internet Transactions , 2004, WISA.

[10]  H. Harb,et al.  SecureSMSPay: Secure SMS Mobile Payment model , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[11]  Ben J Hicks,et al.  World Multiconference on Systemics, Cybernetics and Informatics , 2000 .

[12]  Bala Srinivasan,et al.  Fraudulent Internet Banking Payments Prevention using Dynamic Key , 2008, J. Networks.

[13]  Pavan Soni M-Payment Between Banks Using SMS [Point of View] , 2010, Proc. IEEE.

[14]  Supakorn KUNGPISDAN,et al.  A Secure Offline Key Generation With Protection Against Key Compromise , 2008 .