论文信息 - Authorization mechanisms for mobile commerce implementations in enhanced prepaid solutions

Authorization mechanisms for mobile commerce implementations in enhanced prepaid solutions

Mobile commerce (m-commerce) provides an exciting set of new capabilities that service providers can leverage to grow their revenue base while attracting new services that enhance the end-user experience. With these new opportunities the risk of new security threats that need to be addressed also arises. In this paper, security issues — in particular, those dealing with service and subscriber authorizations — in enhanced prepaid implementations for m-commerce — are discussed. These products typically provide an enriched rating engine and a highly configurable feature set for service and content charging in wireless networks. Client application and subscriber-level authentication and authorization are key mechanisms that serve to regulate access to, and usage of, content-based transactions in m-commerce. Solution architectures and a discussion of authorization criteria are presented.

[1] Carl Rigney. RADIUS Accounting , 1997, RFC.

[2] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[3] Roy T. Fielding,et al. Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[4] T. Dierks,et al. The TLS protocol , 1999 .

[5] Jari Arkko,et al. Diameter Base Protocol , 2003, RFC.

[6] Bruce Schneier,et al. Analysis of the SSL 3.0 protocol , 1996 .

[7] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[8] Allan C. Rubens,et al. Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[9] Bruce Schneier,et al. Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[10] Alan O. Freier,et al. The SSL Protocol Version 3.0 , 1996 .