Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A Credit Card based Payment Protocol Assuring End-to-End Security in Wireless Internet

무선인터넷에서의 종단간 보안을 제공하는 신용카드 기반의 지불 프로토콜

  • 임수철 (고려대학교 컴퓨터학과) ;
  • 강상승 (한국전자통신연구원 전자거래연구부) ;
  • 이병래 (삼성전자 CTO전략실 소프트웨어센터) ;
  • 김태윤 (고려대학교 컴퓨터학과)
  • Published : 2002.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

The WPP payment protocol uses the WAP protocol to enable credit card payment on the wireless internet. Since the security of the WAP protocol is based on the WTLS security protocol, there exists an end-to-end security weakness for the WPP payment protocol. This paper is suggesting a payment protocol, which is making use of the Public-Key Cryptosystem and the Mobile Gateway, so assuring end-to-end security independently of specific protocols. As the on-line certification authority is participating on the authentication process of the payment protocol, the suggested payment protocol enables wireless devices to get services from service providers on other domains.

WPP 지불 프로토콜은 WAP 프로토콜을 이용하여 무선인터넷에서 신용카드 지불을 수행한다. 그러나 WPP 지불 프로토콜은 WAP의 보안 프로토콜인 WTLS를 사용함으로써 종단간 보안을 제공하지 못하는 문제점을 가지고 있다. 본 논문에서는 공개키 암호 시스템과 Mobile Gateway를 사용하여 특정 무선인터넷 플랫폼과 독립적인, 종단간 보안이 제공되는 지불 프로토콜을 제안한다. 제안한 지불 프로토콜은 온라인 인증기관이 지불 프로토콜의 인증과정에 참석함으로써, 이동성이 많은 무선단말기가 다른 도메인에 존재하는 서비스 제공자에게도 서비스를 받을 수 있다.

Keywords

References

  1. Lyytinen, K., 'M-commerce - mobile commerce: a new frontier for E-business,' System Sciences, Proceedings of the 34th Annual Hawaii International Conference on, pp.3509-3509, 2001 https://doi.org/10.1109/HICSS.2001.927206
  2. VISA & Mastercard, 'SET Electronic Transaction Specification,' 1997
  3. J. Hall, S. Kilbank, M. Barbeau, and E. Kranakis, 'WPP: A Secure Payment Protocol for Supporting Credit- and Debit-card Transactions Over Wireless Networks,' IEEE International Conference on Telecommunications (ICT), Bucharest, June, 2001
  4. WAP Forum, 'WAP White Paper,' 2000
  5. WAP Fourm, 'Wireless Application Protocol Wireless Transport Layer Security Spectification version 18-FEB-2000,' 2000
  6. Eun-Kyeong Kwon: Yong-Gu Cho; Ki-Joon Chae, 'Integrated transport layer security: end-to-end security model between WTLS and TLS,' Information Networking, 2001. Proceedings. 15th International Conference on , pp.65-71, 2001 https://doi.org/10.1109/ICOIN.2001.905331
  7. Gunter Horn, Bart Preneel, 'Authentication and Payment in Future Mobile Systems,' ESORICS, LNCS 1485, pp.277-293, 1998 https://doi.org/10.1007/BFb0055870
  8. K. M. Martin, B. Preneel, C. J. Mitchell, H. J. Hitz, G. Horn, A. Polickova, P. Howard, 'Secure Billing for Mobile Information Services in UMTS,' LNCS 1430, Springer-Verlag, IS&N May. 1998 https://doi.org/10.1007/BFb0056997
  9. ACTS AC095, 'ASPeCT Deliverable D20, Project final report and results of trials,' Dec. 1998
  10. T. Dierks, C. Allen, 'The TLS Protocol version 1.0,' IETF RFC 2246, Jan. 1996
  11. A. Freier, P. Karlton, P. Kocher, 'The SSL Protocol version 3.0,' Internet Draft, Nov. 1996
  12. M. Aydos, B. Sunar, and C. K. Koc., 'An elliptic curve cryptography based authentication and key agreement protocol for wireless communication,' 2nd International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, Dallas, Texas, October 30, 1998
  13. A. Menezes, P. van Oorschot, S. Vanstone, 'Handbook of Applied Cryptography,' CRC Press, Boca Raton, 1997
  14. W. Diffie, M. Hellman, 'New directions in cryptography,' IEEE Transactions on Information Theory, Vol. IT-22, No.6, pp.472-492, Nov. 1976
  15. W. Rankl, W. Effing, 'Smart Card Handbook,' JOHN WILEY & SONS, LTD, 2000