论文信息 - Using GSM to enhance e-commerce security

Using GSM to enhance e-commerce security

Today, an e-commerce transaction is typically protected using SSL/TLS@. However, there remain some risks in such use of SSL/TLS@. These include that of information being stored in clear at the end point of the communication link and lack of user authentication. Although SSL/TLS does offer the latter, the security service is optional and usually omitted. This is because of the fact that users typically do not have the necessary asymmetric key pair. Since SSL/TLS protects data only while it is being transmitted, the merchant has access to sensitive information such as the debit/credit card number. The storage of unencrypted debit/credit card information at the merchant server therefore represents a risk that is not currently addressed by the use of SSL/TLS to secure electronic payment transactions.In this paper, we propose a payment protocol in which the risk of having debit/credit card details stored at a merchant server is eliminated. User authentication is also provided. This is achieved by utilising the GSM data confidentiality service to encrypt sensitive information. The GSM security service is also used to provide user identity authentication. The additional security is realised in such a way that no management overhead is imposed on the user.

Chris J. Mitchell | Vorapranee Khu-smith

[1] D. O'Mahony,et al. Electronic payment systems for e-commerce , 2001 .

[2] Stephen Thomas. SSL and TLS Essentials: Securing the Web , 2000 .

[3] Klaus Vedder. GSM: Security, Services, and the SIM , 1997, State of the Art in Applied Cryptography.

[4] Stephen A. Thomas. SSL and TLS Essentials: Securing the Web with CD-ROM , 2000 .

[5] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[6] S. Garfinkel,et al. Web security & commerce , 1997 .

[7] Hitesh Tewari,et al. Electronic payment systems , 1997 .

[8] Dieter Gollmann. E-commerce security , 2000 .

[9] Vincent Rijmen,et al. State of the Art in Applied Cryptography: Course on Computer Security and Industrial Cryptography, Leuven, Belgium, June 3-6, 1997 Revised Lectures , 1998 .

[10] Vesna Hassler,et al. Security Fundamentals for E-Commerce , 2000 .

[11] Gerhard Goos,et al. State of the Art in Applied Cryptography , 1998, Lecture Notes in Computer Science.

[12] Joos Vandewalle,et al. Combining World Wide Web and wireless security , 2001, Informatica.

[13] Lincoln D. Stein. Web Security: A Step-by-Step Reference Guide , 1998 .