Securing micropayment transactions over Session Initiation Protocol

Session Initiation Protocol (SIP) is gaining more acceptability as a standard for Voice over IP (VoIP). Several payment protocols were proposed for SIP. However, they lack necessary security properties and have poor performance due to cryptographic operations chosen. In this paper, we introduce SIPTOP, a SIP TOken-based micropayment Protocol that operates well in SIP environment. Moreover, we propose a new authentication protocol for SIP. SIPTOP was analyzed to guarantee its security properties and acceptable transaction performance.

[1]  Bo Meng,et al.  Research on accountability in electronic transaction , 2005, Proceedings of the Ninth International Conference on Computer Supported Cooperative Work in Design, 2005..

[2]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[3]  Christoph Meinel,et al.  SIMPA: A SIP-Based Mobile Payment Architecture , 2008, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008).

[4]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[5]  Bala Srinivasan,et al.  Accountability logic for mobile payment protocols , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[6]  Hannes Tschofenig,et al.  Making SIP Make Cents , 2007, ACM Queue.

[7]  Antonio F. Gómez-Skarmeta,et al.  SIP extensions to support (micro)payments , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[8]  Sung-Ming Yen PayFair: a prepaid internet micropayment scheme ensuring customer fairness , 2001 .

[9]  Yang Xiao Accountability for wireless LANs, ad hoc networks, and wireless mesh networks , 2008, IEEE Communications Magazine.

[10]  Yiqi Dai,et al.  A Real-Time Payment Scheme for SIP Service Based on Hash Chain , 2008, 2008 IEEE International Conference on e-Business Engineering.

[11]  Bo Meng,et al.  SOCPT: a secure online card payment protocol , 2004, 8th International Conference on Computer Supported Cooperative Work in Design.

[12]  S. El Sawda,et al.  Non Repudiation for SIP Protocol; SIP Sign , 2008, 2008 3rd International Conference on Information and Communication Technologies: From Theory to Applications.

[13]  Christoph Meinel,et al.  Towards Secure Mobile Payment Based on SIP , 2008, 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008).

[14]  Tomi Dahlberg,et al.  Past, present and future of mobile payments research: A literature review , 2008, Electron. Commer. Res. Appl..

[15]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[16]  Chang-Tien Lu,et al.  Analysis of payment transaction security in mobile commerce , 2004, Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, 2004. IRI 2004..

[17]  Christian Huitema,et al.  Session Initiation Protocol (SIP) Extension for Instant Messaging , 2002, RFC.

[18]  Ed Dawson,et al.  Micropayments for Wireless Communications , 2000, ICISC.