Top

Computing

Published in:

01-07-2014

Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model

Authors: Jesús Téllez Isaac, Sherali Zeadally

Published in: Computing | Issue 7/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Many mobile payment systems have emerged in the last few years which allow payments for services and goods from mobile devices. However, most of them have been based on a scenario where all the entities are directly connected to each other (formally called the full connectivity scenario) and do not consider those situations where the client cannot directly communicate with the merchant. We present the design and the implementation of an anonymous secure payment protocol based on the payment gateway centric scenario for mobile environments where the client cannot communicate directly with the merchant to process the payment request. Our proposed payment protocol uses symmetric-key operations because of their low computational requirements. We present a performance evaluation of the proposed payment protocol in a real environment. Performance results obtained with the implemented protocol demonstrate that our protocol achieves a small execution time (11.68 s) for a payment transaction using a mobile phone and a restricted scenario which causes only a slight increase in the number of the steps necessary to complete a payment transaction as a result of the lack of direct communication between the client and the merchant.

previous article Energy efficiency on location based applications in mobile cloud computing: a survey

next article Privacy preserving and transactional advertising for mobile services

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

The BigInteger class is a library available in JAVA which allows the representation of very large numbers.

Asokan N, Janson PA, Steiner M, Waidner M (1997) The state of the art in electronic payment systems. IEEE Comput 30(9):28–35CrossRef

Yu HC, Hsi KH, Kuo PJ (2002) Electronic payment systems: an analysis and comparison of types. Technol Soc 24(3):331–347CrossRef

Kungpisdan S (2005) Design and analysis of secure mobile payment systems. PhD thesis, Monash University

González JAO (2006) Multi-party non-repudation protocols and applications. PhD thesis, University of Malaga (Campus de Teatinos)

Leavitt N (2010) Payment applications make e-commerce mobile. Computer 43(12):19–22CrossRef

Antovski L, Gusev M (2003) M-payments. In: 25th international conference on informafion technology inferfaces (ITI’2003), pp 16–19

Siau K, Sheng H, Nah FFH (2004) The value of mobile commerce to customers. Third annual workshop on HCI research in MIS, pp 65–69

Song X (2001) Mobile payment and security. Helsinki University of Technology Telecommunications Software and Multimedia Laboratory. http://www.tml.tkk.fi/Studies/T-110.501/2001/papers/xing.song.pdf

Kshetri N (2012) Mobile payments in emerging markets. IT Prof 14(4):9–13CrossRef

10.

Chita Kiran N, Kumar GN (2011) Building robust m-commerce payment system on offline wireless network. In: IEEE 5th international conference on advanced networks and telecommunication systems (ANTS’ 2011), pp 1–3

11.

Hu ZY, Liu YW, Hu X, Li JH (2004) Anonymous micropayments authentication (ama) in mobile data network. In: 23rd annual joint conference of the IEEE computer and communications societies (INFOCOM’2004), pp 46–53

12.

Hwang RJ, Shiau SH, Jan DF (2007) A new mobile payment scheme for roaming services. Electron Commer Res Appl 6(2):184–191CrossRef

13.

Martinez-Pelaez R, Rico-Novella FJ, Satizabal C (2010) Study of mobile payment protocols and its performance evaluation on mobile devices. Int J Inf Technol Manag 9(3):337–356

14.

Chari S, Kermani P, Smith S, Tassiulas L (2001) Security issues in m-commerce: a usage-based taxonomy. E-commerce agents, marketplace solutions, security issues, and supply and demand, pp 264–282

15.

Hall J, Kilbank S, Barbeau M, Kranakis E (2001) Wpp A secure payment protocol for supporting credit-and debit-card transactions over wireless networks. In: International conference on telecommunications (ICT’2001)

16.

Hong Wang EK (2003) Secure wireless payment protocol. International conference on wireless networks, pp 576–582

17.

Lei Y, Chen D, Jiang Z (2004) Generating digital signatures on mobile devices. In: 8th international conference on advanced information networking and applications (AINA’2004), pp 532–535

18.

Misra SK, Wickramasinghe N (2004) Security of a mobile transaction: a trust model. Electron Commer Res 4(4):359–372CrossRef

19.

Hassinen M, Hyppönen K, Haataja K (2006) An open, pki-based mobile payment system. In: International conference emerging trends in information and communication security (ETRICS’2006), pp 86–100

20.

Kumar SBR, Rabara SA (2010) Mpcs: secure account-based mobile payment system. Int J Inf Process Manag 1(1):59–69

21.

Alizadeh MV, Moghaddam RA, Momenebellah S (2011) New mobile payment protocol: mobile pay center protocol (mpcp). In: 3rd international conference on electronics computer technology (ICECT)’2011), pp 74–78

22.

Brahma M, Patra GK, Thangavelu RP, Kumar VA (2011) Mobile based payment model for hpc clouds. In: International conference on recent trends in information technology (ICRTIT’ 2011), pp 189–193

23.

Buccafurri F, Lax G (2011) Implementing disposable credit card numbers by mobile phones. Electron Commer Res 11(3):271–296CrossRefMATH

24.

Launiainen T (2009) A comparison of mobile authentication methods. http://www.cse.tkk.fi/en/publications/B/5/papers/Launiainen_final.pdf

25.

Shuai F, You J, Zhensong L (2010) Research on symmetric key-based mobile payment protocol security. In: IEEE international conference on information theory and information, security (ICITIS’2010), pp 340–344

26.

Bellare M, Rogaway P (1993) Entity authentication and key distribution. In: Advances in cryptology (CRYPTO’1993), pp 232–249

27.

Kohl J, Neuman BC (1993) The kerberos network authentication service (version 5). Technical report, IETF RFC1510

28.

Neuman BC, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38CrossRef

29.

Ford W (1995) Advances in public-key certificate standards. ACM SIGSAC Rev 13(3):9–15CrossRef

30.

Housley R, Ford W, Polk W, Solo D (1999) Internet x.509 public key infrastructure certificateand crl profile. Technical report, IETF RFC2459

31.

Bakhtiari S, Baraani A, Khayyambashi MR (2009) Mobicash: A new anonymous mobile payment system implemented by elliptic curve cryptography. World Congress on computer science and information engineering, pp 286–290

32.

Vincent OR, Folorunso O, Akinde A (2010) Improving e-payment security using elliptic curve cryptosystem. Electron Commer Res 10(1):27–41CrossRefMATH

33.

Wu X, Dandash O, Le PD, Srinivasan B (2006) The design and implementation of a wireless payment system. In: First international conference on communication system software and middleware (Comsware’2006), pp 1–5

34.

Torres J, Carbonell M, Téllez J, Sierra JM (2008) Application of network smart cards to citizens identification systems. In: Smart card research and advanced applications, 8th IFIP WG 8.8/11.2 international conference (CARDIS’2008), pp 241–254

35.

Gao J, Kulkarni V, Ranavat H, Chang L (2009) A 2d barcode-based mobile payment system. In: Third international conference on multimedia and ubiquitous, engineering (MUE’2009), pp 320–329

36.

Lee J, Cho CH, Jun MS (2011) Secure quick response-payment(qr-pay) system using mobile device. In: 13th international conference on advanced communication technology (ICACT’2011), pp 1424–1427

37.

Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634CrossRef

38.

Xi K, Ahmad T, Han F, Hu J (2010) A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Secur Commun Netw 4(5):487–499

39.

Asokan N (1994) Anonymity in mobile computing environment. In: First workshop on mobile computing systems and applications (WMCSA’1994), pp 200–204

40.

Isaac JT, Camara JS, Manzanares AI, Márquez JT (2006) Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices. J. Theor. Appl. Electron. Commer. Res. 1(2):1–11

41.

Isaac JT, Cámara JS (2007) A secure payment protocol for restricted connectivity scenarios in m-commerce. In: 8th international conference E-commerce and web technologies (EC-Web’2007), pp 1–10

42.

Isaac JT, Zeadally S, Camara JS (2010) Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electron Commer Res 10(2):209–233CrossRefMATH

43.

Sekhar VC, Sarvabhatla M (2012) A secure kiosk centric mobile payment protocol using symmetric key techniques. In: 7th IEEE international conference on industrial and, information systems (ICIIS’2012), pp 1–6

44.

Li W, Wen Q, Su Q, Zhengping, (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188–195

45.

Isaac JT, Zeadally S, Camara JS (2012) A lightweight secure mobile payment protocol for vehicular ad-hoc networks (vanets). Electron Commer Res 12(1):97–123CrossRef

46.

Isaac JT, Zeadally S (2012) An anonymous secure payment protocol in a payment gateway centric model. Proc Comput Sci 10:758–765CrossRef

47.

Abad-peiro JL, Asokan N, Steiner M, Waidner M (1997) Designing a generic payment service. IBM Syst J 37(1):72–88CrossRef

48.

Kungpisdan S, Srinivasan B, Le PD (2003) Lightweight mobile credit-card payment protocol. In: 4th international conference on cryptology in India (Progress in Cryptology, INDOCRYPT’2003), pp 295–308

49.

Krawczyk H, Bellare M, Canetti R (1997) Hmac: keyed-hashing for message authentication (rfc 2104)

50.

Bellare M, Garay JA, Hauser R, Herzberg A, Krawczyk H, Steiner M, Tsudik G, Herreweghen EV, Waidner M (2000) Design, implementation, and deployment of the ikp secure electronic payment system. IEEE J Select Areas Commun 18(4):611–627CrossRef

51.

Mastercard Visa (1997) Set protocol specifications book, pp 1–3

52.

Toh BTS, Kungpisdan S, Le PD (2004) Ksl protocol: design and implementation. In: IEEE conference on cybernetics and intelligent systems, pp 544–549

53.

Sun Microsystem (2008) Java platform, micro edition (java me), api specification. http://java.sun.com/javame/index.jsp

54.

Fun TS, Beng LY, Likoh J, Roslan R (2008) A lightweight and private mobile payment protocol by using mobile network operator. International conference on computer and communication engineering, pp 162–166

55.

Sun Microsystem (2008) Java platform, micro edition (java se) v 1.6.0, api specification. http://java.sun.com/javase/index.jsp

56.

Zhao H, Muftic S (2011) The concept of secure mobile wallet. In: World congress on internet, security (WorldCIS’2011), pp 54–58

57.

The Legion of the Bouncy Castle (2008) The legion of the bouncy castle java cryptography apis version 1.4. http://www.bouncycastle.org

58.

NIST (2001) Fips pub 197 advance encryption standard (aes). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

59.

Sánchez-Avila C, Sánchez-Reillol R (2001) The rijndael block cipher (aes proposal): a comparison with des. In: 35th IEEE international Carnahan conference on security, technology, pp 229–234

60.

Menezes A, Oorschot PV, Vanstone S (1997) Handbook of applied cryptography. CRC Press Inc, Boca RatonMATH

61.

Yuan MJ (2003) Enterprise J2ME: developing mobile Java applications. PTR, Prentice Hall

Title: Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model
Authors: Jesús Téllez Isaac
Sherali Zeadally
Publication date: 01-07-2014
Publisher: Springer Vienna
Published in: Computing / Issue 7/2014
Print ISSN: 0010-485X
Electronic ISSN: 1436-5057
DOI: https://doi.org/10.1007/s00607-013-0306-4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 7/2014

XBridge-Mobile: efficient XML keyword search on mobile web data

Utilising semantic technologies for intelligent indexing and retrieval of digital images

Energy efficiency on location based applications in mobile cloud computing: a survey

Privacy preserving and transactional advertising for mobile services

Advances in mobile web information systems

Premium Partner