Advertisement

SIM-enabled Open Mobile Payment System Based on Nation-wide PKI

  • Elena Trichina
  • Konstantin Hyppönen
  • Marko Hassinen

Abstract

Many current mobile payment systems rely on mobile network operators for authentication, and lack adequate nonrepudiation. In this work we describe a mobile payment system that uses a governmentally administered public-key infrastructure, namely, the Finnish Electronic Identity. FINEID cards store user credentials and private keys for authentication and digital signature, and upon user request can be issued as an application on a PKI-enabled SIM card which is used as a trusted module in our application. Using FINEID, our system authenticates persons, not customers of a certain bank, mobile network operator, or payment service provider. It also ensures non-repudiation, integrity and confidentiality of the messages related to the payment transactions. As the administration of the PKI system is the responsibility of the government, the system is very economical for both the service providers and the users. Fhe proof-of-concept implementation, a system for purchasing train tickets, is done using freely available development tools and platforms. Implementing an open payment system based on a nation-wide PKI has proven to be feasible.

Keywords

Short Message Service Mobile Network Operator Mobile Payment Wireless Application Protocol Short Message Service Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ElYo03]
    Ellis, J., Young, M.: J2ME Web Services 1.0. Sun Microsystems, Inc., Santa Clara, CA, USA, 2003. http://www.jcp.Org/en/jsr/detail?id=172Google Scholar
  2. [HaHT07]
    Hassinen, Marko, Hypponen, Konstantin, Trichina, Elena: Utilizing Public Key Infrastructure in Mobile Payment Systems. In: Electron. Comm. Res. Appl. (2007). Available on-line at www.sciencedirect.comGoogle Scholar
  3. [3GPP04]
    3rd Generation Partnership Project, 3GPPTS 11.14: Specification of the SIM Application Toolkit (SAT) for Subscriber Identity Module — Mobile Equipment (SIM-ME) Interface, V8.17.0, Valbonne, France, 2004, http://www.3gpp.Org/ftp/Specs/html-info/l 114.htmGoogle Scholar
  4. [JaCP04]
    Java Community Process, Security and Trust Services API (SATSA) for Java 2 Platform, Micro Edi-tion, v. 1.0, Sun Microsystems, Inc., Santa Clara, USA, 2004, http://www.jcp.org/en/jsr/detail?id=177Google Scholar
  5. [Karn04]
    Karnouskos, Stamats: Mobile Payment: A Journey Through Existing Procedures and Standardization Initiatives, IEEE Communication Surveys, Vol. 6, No. 4, 2004, p. 44–66.CrossRefGoogle Scholar
  6. [KrPT02]
    Kreyer, Nina, Pousttchi Key, and Turowski, Klaus: Characteristics of Mobile Payment Procedures. M-Services, 2002.http://SunSITE.Informatik.RWTH-Aachen.DE/Publications/CEUR-WS/Vol-ö I/pa-per 1.pdfGoogle Scholar
  7. [LiPW06]
    Linck, K., Poutsttchi, K., Wiedemann, D.G.: Security Issues in Mobile Payment from the Customer View Point. In: Proc. 14th Int. European Conf. on Information Systems (ECIS), Goeteborg, Sweden, 2006.Google Scholar
  8. [MaTu05]
    Mallat, N., and Tuunainen, V K.: Merchant Adoption of Mobile Payment Systems. In: Proc. Int. Conf. on Mobile Business (ICMB’05), IEEE Computer Society, Washington DC, USA, 2005, p. 347–353.CrossRefGoogle Scholar
  9. [MeT02]
    MeT Core Specification V.l.2, Mobile Electronic Transactions Ltd, 12-11-2002, http://www.mobile-transaction.orgGoogle Scholar
  10. [MFS03]
    Mobey Forum White Paper on Mobile Financial Services, V 1.1, Mobey Forum 2003, http://www. mobeyforum.orgGoogle Scholar
  11. [MPF03]
    Mobile Payment Forum: Risks and Threads Analysis and Security Best Practices. Mobile 2-Way Mes-saging Systems, 2003. http://www.mobilepaymentforum.orgGoogle Scholar
  12. [MMGA99]
    Myers, M, Malpani, A., Galperin, S., Adams, C: X.509 Internet Public Key Infrastructure Online Cer-tificate Status Protocol — OSCP. Network Working Group, Request for Comments 2560, 1999, http:// tools.ietf.org/html/rfc2560Google Scholar
  13. [NLTL04]
    Nambiar, Seema, Lu, Chang-Tien, Liang, Lily R.: Analysis of Payment Transaction Security in Mobile Commerce. In: Proc. IEEE, 2004. p. 475–480.Google Scholar
  14. [OnPi05]
    Ondrus, Jan and Pigneur, Yves: A Disruption Analysis in the Mobile Payment Market, In Proc. 38th Hawaii Int. Conf. on System Sciences, IEEE, 2005, p. 1–10.Google Scholar
  15. [PRCF04]
    Population Register Center of Finland: FINEID SI — Electronic ID Application, v. 2.1, Helsinki, Fin-land, 2004, http://www.fineid.fiGoogle Scholar
  16. [SaWi04]
    Misra Santosh K., Wickamasinghe, Nilmini: Security of a Mobile Commerce: ATrust Model. In: Elec-tron. Comm. Research, 4, 2004, p. 359–372.CrossRefGoogle Scholar
  17. [Schn96]
    Schneier, Bruce: Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second ed., John Wiley & Sons, NY, 1996.MATHGoogle Scholar
  18. [ViKa03]
    Vilmos, A, and Karnouskos, Stamatis: SEMOPS: Design of aNew Payment Service. In: Proc. 14th Int. Conf. on Database and Expert Systems Applications, LNCS, vol. 2736, Springer, 2003, p. 865–869.CrossRefGoogle Scholar
  19. [WAP03]
    WAP Architecture Specification, WAP Forum, 07-12-2001, http://www.wapforum.orgGoogle Scholar
  20. [WIM01]
    Wireless Identity Module Specification, WAP Forum, 12-07-2001, http://www.wapforum.orgGoogle Scholar
  21. [WPKI01]
    Wireless Application Protocol Public Key Infrastructure Definition, WAP Forum, 24–04-2001, http:// www.wapforum.orgGoogle Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Elena Trichina
    • 1
  • Konstantin Hyppönen
    • 2
  • Marko Hassinen
    • 2
  1. 1.Spansion International Inc.Willi-Brandt-Allee 4MunichGermany
  2. 2.Department of Computer ScienceUniversity of KuopioKuopioFinland

Personalised recommendations