Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

A Credit Card based Authentication and Key Exchange Protocol for Mobile Internet

무선 인터넷을 위한 신용카드 기반의 인증 및 키 교환 프로토콜

  • 이현주 (충북대학교 전자계산학과) ;
  • 이충세 (충북대학교 전기전자 및 컴퓨터공학부)
  • Published : 2003.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

WPP protocol based a Credit card payment in mobile Internet uses WTLS which is security protocol of WAP. WTLS can't provide End­to­End security in network. In this paper, we propose a protocol both independent in mobile Internet platform and allow a security between user and VASP using Mobile Gateway in AIP. In particular, our proposed protocol is suitable in mobile Internet, since session key for authentication and initial payment process is generated using Weil Diffie­Hellman key exchange method that use additive group algorithm on elliptic curve.

무선 인터넷에서 신용카드 지불을 수행하는 WPP 프로토콜은 WAP의 보안 프로토콜인 WTLS를 사용한다. WTLS의 사용은 종단간 보안을 제공하지 못하는 문제점을 가지고 있다. 본 논문에서는 AIP 프로토콜에서 Mobile Gateway를 사용함으로서 무선 인터넷 플랫폼에 독립적이며 사용자와 VASP간에 보안이 제공되는 프로토콜을 제안한다. 또한, 타원곡선상에서 덧셈군 알고리즘인 Weil Diffie­Hellman 키 교환을 적용하여 인증과 지불 초기화 과정에 사용될 세션키를 생성함으로써 이동성이 많은 무선 인터넷 환경에 적합한 프로토콜을 제안한다.

Keywords

References

  1. i-mode, 'DoCoMo i-mode', NTT, November 1999
  2. Alan O.Freier, Philip Karlton, Paul C. Kocher, 'The SSL Protocol version 3.0, Internet-Draft,' 1996, http://home.netscape.com/eng/ssl3/
  3. WAP Fourm, 'Wireless Application Prot-ocol Wireless Transport Layer Security Spectification version 18-FEB-2000,'2000
  4. WAP Fourm, 'Wireless Application Protocol' WAP2.0, Technical White Paper, January 2002. T. Dierks, C. Allen, 'The TLS Protocol,' January 1999, http://www.ietf.org/rfc/rfc2246.txt
  5. VISA & Mastercard, 'SET Electronic Transaction Specification,' 1997
  6. J. Hall, S. Kilbank, M. Barbeau, and E. Kranakis, 'WPP: A Secure Payment Protocol for Supporting Credit-card and Debit-card Transactions Over Wireless Networks,' IEEE International Conference on Telecommunications(ICT), Bucharest, June, 2001
  7. Eun-Kyeong Kwon; Yong-Gu Cho; Ki-Joon Chae, 'Integrated transport layer security: end-to-end security model between WTLS and TLS, 'Information Networking, 2001. Proceedings. 15th International Conference on, pp. 65-71, 2001
  8. Gunter Horn, Bart Preneel, 'Authentication and Payment in Future Mobile Systems, ' ESORICS, LNCS 1485,pp.277-293, 1998
  9. K. M. Martin, B. Preneel, C. J. Mitchell, H. J. Hitz, G. Horn, A. Polickova, P.Howard, 'Secure Billing for Mobile Information Services in UMTS,' LNCS 1430, Springer-Verlag, IS$N May. 1998
  10. A. Freier, P. Karlton, P. Kocher, 'The SSL Protocol version 3.0,' Internet Draft, Nov.1996
  11. ACTS AC095, 'ASPeCT Deliverable D20, Project final report and results of trials,' Dec. 1998
  12. A. Menezes, P. van Oorschot, S. Vanstone, 'Handbook of Applied Cryptography,' CRC Press, Boca Raton, 1997
  13. Divya Nalla, and KC.Reddy, 'ID-based tripartite Authenticated Key Agreement Protocols from pairings' 2002
  14. N.P.Smart, 'An Identity based authenticated Key Agreement Protocol based on the Weil Pairing', Cryptology ePrint Archive, Report 2001/111,2001.http://eprint.iacr.org/
  15. D.Boneh and M.Franklin. Identity-based encryption from the Weil Pairing. In Advances in Cryptology-CRYPTO2001, Springer-Verlag LNCS 2139, 213-229, 2001
  16. T. Dierks, C. Allen, 'The TLS Protocol versionl.0,' IETF RFC 2246,Jan.1996