A proposed architecture for secure two-party mobile payment

The evolution of wireless networks and mobile devices has resulted in increased concerns about performance and security of mobile payment systems. In this paper we propose a new secured architecture for two-party mobile payments, e.g. mobile banking. The proposed architecture employs a lightweight cryptography system that combines public key and symmetric key cryptography systems (ECDSA and AES), as well as a multi-factor authentication mechanism. These are coupled with a transaction log strategy to satisfy the properties of confidentiality, authentication, integrity and non-repudiation. Compared to some existing mobile payment platforms the proposed architecture is a lightweight secured mechanism that is more suitable for two-party banking transactions over resource-limited mobile devices.

[1]  J. Gao,et al.  P2P-Paid: A Peer-to-Peer Wireless Payment System , 2005, Second IEEE International Workshop on Mobile Commerce and Services.

[2]  Hugo Krawczyk,et al.  Design, implementation, and deployment of the iKP secure electronic payment system , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Key Pousttchi,et al.  Security issues in mobile payment from the customer viewpoint , 2006, ECIS.

[4]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[5]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[6]  Xu Zhong,et al.  An efficient ECDSA-based signature scheme for wireless networks , 2006, Wuhan University Journal of Natural Sciences.

[7]  Upkar Varshney,et al.  Mobile and Wireless Networks , 2000 .

[8]  J. Gao,et al.  A wireless payment system , 2005, Second International Conference on Embedded Software and Systems (ICESS'05).

[9]  P. Deans,et al.  E-Commerce and M-Commerce Technologies , 2004 .

[10]  A. D. Fernandes ELLIPTIC-CURVE CRYPTOGRAPHY , 1999 .

[11]  Eric Maiwald Fundamentals of network security , 2003 .

[12]  Ayman I. Kayssi,et al.  J2ME application-layer end-to-end security for m-commerce , 2004, J. Netw. Comput. Appl..

[13]  Ming Gu,et al.  Lightweight security for mobile commerce transactions , 2003, Comput. Commun..