Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security for Mobile Payment Transaction
KTH, School of Information and Communication Technology (ICT).
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The advancement of ICT in a variety of sectors helped in improving the time consuming and rigid service into fast and flexible service that is closer to the reach of individuals. For instance, mobile applications have evolved in different sectors such as healthcare patient support, geographic mapping and positioning, banking, e-commerce payment services and others. This study focuses on one of the most sensitive applications, which is mobile payment.

Mobile payment system being one of the widely expanding mobile services, it has security concerns that prevented its wide acceptance. Some of the main security services given prior attention in mobile payment are issues of privacy, authentication and confidentiality. The research concentrates on the strong authentication of a mobile client to its server, securing the credit card* information and use of mobile card reader while making payments that enable customers to protect privacy of financial credentials.

The strong authentication mechanism mainly follows the NIST standard publications namely, FIPS PUB 201 and FIPS 196; which are standards on Entity Authentication using public key cryptography and PKI credential storage Personal Identity Verification (PIV) card respectively. The proposed secure Credit Card Information (CCI) storage is in a secure element in order to prevent tampering of stored data. The secure element options are microSD, UICC, Smartcard (together with digital certificate and service ticket). During making payments, the payment information encrypted using a shared key is securely sent to payment server.

A demo mobile application as proof of concept was implemented in a simulated lab (KTH SecLab), which has all the necessary infrastructure setup (servers, card reader) for testing the proposed solution. The paper was able to proof the concept of secure payment by enhancing the authentication, confidentiality and privacy of payment information. However, the demo for Strong Authentication did not completely succeed as expected due to unexpected bugs in the early version of card reader SDK.

Place, publisher, year, edition, pages
2012. , 46 p.
Series
Trita-ICT-EX, 2012:303
Keyword [en]
Strong Authentication, mobile security, PIV, mobile PKI, payment privacy, EMV security
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:kth:diva-116690OAI: oai:DiVA.org:kth-116690DiVA: diva2:600353
Educational program
Master of Science - Information and Communication Systems Security
Uppsok
Technology
Examiners
Available from: 2013-04-03 Created: 2013-01-24 Last updated: 2013-04-03Bibliographically approved

Open Access in DiVA

fulltext(1678 kB)1035 downloads
File information
File name FULLTEXT01.pdfFile size 1678 kBChecksum SHA-512
6af85634fd26addd56286ba4f1b00a963e62b4d49aed4b95eb7bf05991df21e08f7264d0185d3b2bff2ac3c58bd7f90d80cba0ff7690d76688e111c774ca55b5
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 1035 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1407 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf