ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Mobile Payment Based on Transaction Certificate Using Cloud Self-Proxy Server

  • Sung, Soonhwa (Department of Computer Science and Engineering, Software Research Center, Chungnam National University) ;
  • Kong, Eunbae (Department of Computer Science and Engineering, Software Research Center, Chungnam National University) ;
  • Youn, Cheong (Department of Computer Science and Engineering, Software Research Center, Chungnam National University)
  • Received : 2016.08.28
  • Accepted : 2016.11.29
  • Published : 2017.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.

Keywords

References

  1. E. Valcourt, J.M. Robert, and F. Beaulieu, "Investigating Mobile Payment: Supporting Technologies, Methods, and Use," IEEE Int. Conf. Wireless Mobile Comput., Netw, Commun., Montreal, Canada, Aug. 22-24, 2005, pp. 29-36.
  2. S. Kungpisdan, B. Srinivasan, and P.D. Le, "A Practical Framework for MobileSET Payment," IADIS Int. Conf. e-Soc., Lisbon, Portugal, June 3-6, 2003, pp. 321-328.
  3. M. Ding and C. Unnithan, Mobile Payments (mPayments) - an Exploratory Study of Emerging Issues and Future Trends, Deakin University, 2003. Accessed May 2016. http://www.idea-group.com
  4. K. Pousttchi, "Conditions for Acceptance and Usage of Mobile Payment Procedures," Proc. M-Business Conf., Vienna, Austria, June 2003, pp. 201-210.
  5. J.T. Isaac and J.S. Camara, "An Anonymous Account-Based Mobile Payment Protocol for a Restricted Connectivity Scenario," Int. Workshop Database Expert Syst. Appl., Regensburg, Germany, Sept. 3-7, 2007, pp. 688-692.
  6. S. Kungpisdan, B. Srinivasan, and P.D. Le, "A Secure Account-Based Mobile Payment Protocol," Proc. Int. Conf. Inform. Technol.: Coding Comput., Las Vegas, NV, USA, Apr. 5-7, 2004, pp. 35-39.
  7. L. Tommi and P. Mika, "Mobile Banking Innovators and Early Adopters: How They Differ from Other Online Users?," J. Financial Service Marketing, vol. 13, no. 2, Sept. 2008, pp. 86-94. https://doi.org/10.1057/palgrave.fsm.4760077
  8. M.R. Rieback, B. Crispo, and A. Tanenbaum, "Is Your Cat Infected with a Computer Virus?," Annu. IEEE Int. Conf. Pervasive Comput. Commun., Pisa, Italy, Mar. 13-17, 2006.
  9. S. Kamouskos, "Mobile Payment: a Journey through Existing Procedures and Standardization Initiatives," IEEE Commun. Surveys Tutorials, vol. 6, no. 4, 2004, pp. 44-66.
  10. J.T. Isaac and J.S. Camara, "Anonymous Payment in a Client Centric Model for Digital Ecosystem," IEEE Dig. EcoSyst. Technol. Conf., Cairns, Australia, Feb. 21-23, 2007, pp. 422-427.
  11. S. Nambiar, C.T. Lu, and L.R. Liang, "Analysis of Payment Transaction Security in Mobile Commerce," Proc. IEEE Int. Conf. Inform. Reuse Integr., Las Vegas, NV, USA, Nov. 8-10, 2004, pp. 475-480.
  12. H. Sun et al., "A Novel Remote User Authentication and Agreement Scheme for Mobile Client-Server Environment," Int. J. Appl. Math. Inform. Sci., vol. 7, no. 4, 2013, pp. 1365-1374. https://doi.org/10.12785/amis/070414
  13. B. Jenkins, "Developing Mobile Money Ecosystems," International Finance Corporation and Harvard Kennedy School, Washington, DC, USA, 2008.
  14. J. Ondrus and Y. Pigneur, "Towards a Holistic Analysis of Mobile Payments: a Multiple Perspective Approach," Electron. Commerce Res. Applicat., vol. 5, no. 3, 2006, pp. 246-257. https://doi.org/10.1016/j.elerap.2005.09.003
  15. N. Mallat, "Exploring Consumer Adoption of Mobile Payment-A Qualitative Study," J. Strategic Inform. Syst., vol. 16, no. 4, Dec. 2007, pp. 413-432. https://doi.org/10.1016/j.jsis.2007.08.001
  16. S. Hillman et al., "Soft Trust and mCommerce Shopping Behaviors," Proc. Int. Conf. Human-Comput. Interaction Mobile Devices Service, San Francisco, CA, USA, Sept. 21-24, 2012, pp. 113-122.
  17. L. Nguyen, "The Missing Link: Human Interactive Security Protocols in Mobile Payment," Proc. Int. Workshop Security, Kobe, Japan, Nov. 22-24, 2010.
  18. S.M. Shedid, M. El-Hennawy, and M. Kouta, "Modified SET Protocol for Mobile Payment: An Empirical Analysis," Int. J. Comput. Sci. Netw. Security, vol. 10, no. 7, 2010, pp. 289-295.
  19. W. Chen et al., "NFC Mobile Transactions and Authentication Based on GSM Network," Int. Workshop Near Field Commun., IEEE Comput. Soc., Monaco, Apr. 20, 2010, pp. 83-89.
  20. P. Pourghomi and G. Ghinea, "Managing NFC Payments Applications Through Cloud Computing," Int. Conf Internet Technol. Secured Trans., London, UK, Dec. 10-12, 2012, pp. 772-777.
  21. P. Pourghomi, M.Q. Saeed, and G. Ghinea, "A Proposed NFC Payment Application," Int. J. Adv. Comput. Sci. Applicat., vol. 4, no. 8, Mar. 2013, pp. 173-181.
  22. P. Urien and S. Piramuthu, "Towards a Secure Cloud of Secure Elements Concepts and Experiments with NFC Mobiles," Int. Conf. Collaboration Technol. Syst., San Diego, CA, USA, May 20-24, 2013, pp. 166-173.
  23. G. Tor-Morten, P. Pourghomi, and G. Ghinea, "Towards NFC Payments Using a Lightweight Architecture for the Web of Things," Comput. J., vol. 97, no. 10, 2015, pp. 985-999. https://doi.org/10.1007/s00607-014-0397-6
  24. P. Pourghomi and G. Ghinea, "Ecosystem Scenarios for Cloud-Based NFC Payments," Int. Conf. Manag. Emergent Digit. EcoSyst., Neumunster Abbey, Luxembourg, Oct. 28-31, 2013, pp. 113-118.
  25. M.Q. Saeed et al., "Mobile Transactions over NFC and GSM," Int. Conf. Mobile Ubiquitous Comput., Syst., Services Technol., Siem Reap, Cambodia, Jan. 9-11, 2014, pp. 118-125.
  26. S. Sung et al., "User Authentication Using Mobile Phones for Mobile Payment," Int. Conf. Inform. Netw., Siem Reap, Cambodia, Jan. 12-14, 2015, pp. 51-56.
  27. K.K. Sathish, R. Sukumar, and M. Karthiyayini, "An Asymmetric Authentication Protocol for Mobile Hand Held Devices Using ECC Over Point Multiplication Method," Int. J. Adv. Res. Comput. Science Technol. vol. 2, no. Special 1, Jan. 2014, pp. 393-399.
  28. K.R.C. Pillai and M.P. Sebastian, "Elliptic Curve Based Authenticated Session Key Establishment Protocol for High Security Applications in Constrained Network Environment," Int. J. Netw. Security Its Applicat., vol. 2, no. 3, July 2010, pp. 144-156. https://doi.org/10.5121/ijnsa.2010.2310
  29. X. Li, F. Wen, and S. Cui, "A Strong Password-based Remote Mutual Authentication with Key Agreement Scheme on Elliptic Curve Cryptosystem for Portable Devices," Int. J. Appl. Math. Inform. Sci., vol. 6, no. 2, 2012, pp. 217-222.
  30. S.K. Nayak, S. Mohapatra, and B. Majhi, "An Improved Mutual Authentication Framework for Cloud Computing," Int. J. Comput. Applicat., vol. 52, no. 5, Aug. 2012, pp. 36-41.
  31. T.S. Fun et al., "A Lightweight and Private Mobile Payment Protocol by Using Mobile Network Operator," Int. Conf. Comput. Commun. Eng., Kuala Lumpur, Malaysia, May 13-15, 2008, pp. 162-166.
  32. J.T. Isaac and S. Zeadally, "An Anonymous Secure Payment Protocol in a Payment Gateway Centric Model," Procedia Comput. Sci., vol. 10, 2012, pp. 758-765. https://doi.org/10.1016/j.procs.2012.06.097
  33. S. Manav and T. Shashikala, "Software Tokens Based Two Factor Authentication Scheme," Int. J. Inform. Electron. Eng., vol. 2, no. 3, May 2012, pp. 383-386.
  34. P. Pourghomi, M.Q. Saeed, and G. Ghinea, "A Secure Cloud-Based NFC Mobile payment Protocol," Int. J. Adv. Comput. Sci. Applicat., vol. 5, no. 10, 2014, pp. 24-31.
  35. L. Guo, G. Shao, and S. Zhao, "Multi-Objective Task Assignment in Cloud Computing by Particle Swarm Optimization," Int. Conf. Wireless Commun., Netw. Mobile Comput., Shanghai, China, Sept. 21-23, 2012, pp. 1-4.
  36. S. Pandey et al., "A Particle Swarm Optimization-based Heuristic for Scheduling Workflow Applications in Cloud Computing Environments," IEEE Int. Conf. Adv. Inform. Netw. Applicat., Perth, Australia, Apr. 20-23, 2010, pp. 400-407.
  37. A. Verma and S. Kaushal, "Bi-Criteria Priority based Particle Swarm Optimization Workflow Scheduling Algorithm for Cloud," Pro. Recent Adv. Eng. Comput. Sci., Mar. 6-8, 2014, pp. 1-6.
  38. S. Selvarani and G.S. Sadhasivam, "Improved Cost-based Algorithm for Task Scheduling in Cloud Computing," Comput. Intell. Comput. Res., Tamilnadu, India, Dec. 28-29, 2010, pp. 1-5.