User authentication using mobile phones for mobile payment

Mobile authentication systems for mobile payment often use either the Web or mobile channel individually to confirm the identity request of a remote user. Most common activity in mobile commerce is done through mobile phones. The mobile phones are vulnerable to numerous security threats due to involvement of valuable financial and personal information.To provide secure Web transactions using mobile phones, multifactorial authentication techniques are preferred. In former study, user authentication software technology using mobile phones, one of the multifactorial authentication techniques, can potentially be copied to another device. For the solution of the problem, this paper proposes Transaction Certificate Mode (TCM), a software token, which supports mutual authentication considering stolen, borrowed, and infected mobile phones for mobile payments. It uses a novel approach based on TCM to enforce a lightweight mobile security and provides a highly secure environment that is simple to use and deploy.

[1]  Roland M. van Rijswijk,et al.  Tiqr: A Novel Take on Two-Factor Authentication , 2011, LISA.

[2]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .

[3]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[4]  Eun-Jun Yoon,et al.  Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[5]  Jesús Téllez Isaac,et al.  Anonymous Payment in a Client Centric Model for Digital Ecosystems , 2007, 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference.

[6]  Leau Yu Beng,et al.  A lightweight and private mobile payment protocol by using mobile network operator , 2008, 2008 International Conference on Computer and Communication Engineering.

[7]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[8]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[9]  Bala Srinivasan,et al.  Lightweight Mobile Credit-Card Payment Protocol , 2003, INDOCRYPT.

[10]  Minh-Triet Tran,et al.  Improvement of the More Efficient and Secure ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[11]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[12]  Kirstie Hawkey,et al.  A Two-factor Authentication Mechanism Using Mobile Phones , 2008 .

[13]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[14]  Tomáö Rosa The Decline and Dawn of Two-Factor Authentication on Smart Phones , 2012 .

[15]  Sherali Zeadally,et al.  An Anonymous Secure Payment Protocol in a Payment Gateway Centric Model , 2012, ANT/MobiWIS.

[16]  Hua Zhang,et al.  A novel remote user authentication and key agreement scheme for mobile client-server environment , 2013 .

[17]  Min-Shiang Hwang,et al.  A modified remote user authentication scheme using smart cards , 2003, IEEE Trans. Consumer Electron..

[19]  Eun-Jun Yoon,et al.  Robust Remote User Authentication Scheme , 2004, ICOIN.

[20]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).