A new architecture for secure two-party mobile payment transactions
Loading...
Date
2010
Authors
Zhu, Yunpu
University of Lethbridge. Faculty of Arts and Science
Journal Title
Journal ISSN
Volume Title
Publisher
Lethbridge, Alta. : University of Lethbridge, Dept. of Mathematics and Computer Science, c2010
Abstract
The evolution of wireless networks and mobile device technologies has increased concerns
about performance and security of mobile systems. We propose a new secured applicationlevel
architecture for a two-party mobile payment transaction that is carried out between a
resource-limited mobile device and a resource-rich computer server over wireless networks.
As an example of such transactions, the mobile banking transaction is focused on throughout
this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography
scheme (combining both a Public-key cryptography algorithm (ECDSA) and a
Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism,
and a transaction log strategy. The proposed architecture is designed to satisfy the four
properties of confidentiality, authentication, integrity and non-repudiation that are required
by any secure system. The architecture can be implemented on a Java ME enabled mobile
device. The security API library can be reused in implementing other two-party mobile
applications. The present study shows that SA2pMP is a unique lightweight security architecture
providing comprehensive security for two-party mobile payment transactions. In
addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile
devices as a downloadable software application. The main contribution of the thesis is to
suggest a design for a security architecture for two-party mobile payment transactions, for
example, mobile banking. It suggests a four-layer model of mobile payment participants,
based on Karnouskos (2004). This model clarifies how participants are involved in a mobile
payment transaction. In addition, an improved model is suggested to guide security
aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, &
Koong, 2006).
Description
xi, 229 leaves : ill. ; 29 cm
Keywords
Mobile commerce , Banks and banking, Mobile , Wireless communication systems -- Security measures , Dissertations, Academic