Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Mobile Commerce

Published byAlicia Darleen Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Mobile Commerce"— Presentation transcript:

1 Secure Mobile Commerce
Source: Electronics & Communication Engineering Journal, Vol. 14, No. 5, pp , Oct. 2002 Author: S. Schwiderski-Grosche & H. Knospe Presenter: Jung-wen Lo(駱榮問) Date: 2004/12/16

2 Outline Introduction M-commerce Security of Network Technologies
M-payment Conclusion Comment

3 Introduction M-commerce Goal Main area to discuss
Mobile devices are used to do business on the Internet Goal Identify the special characteristics of m-commerce Consider some important security issues Main area to discuss Network technology M-payment

4 Mobile Device Kinds of devices Characteristics Mobile phone
Personal Digital Assistant Smart phone Laptop computer Earpiece Characteristics Size & colour of display Input device Memory & CPU processing power Network connectivity, bandwidth capacity Support operating system Availability of internal smartcard reader

5 Advantages of M-commerce
Ubiquity Accessibility Security Localisation Convenience Personalisation

6 Disadvantages of M-commerce
Limited capability The heterogeneity of devices, operating systems, and network technologies is a challenge for a uniform end user platform. Mobile devices are more prone to theft and destruction. Communication over the air interface introduces additional security threats

7 Security Challenges Mobile device Radio interface
Confidential user data Radio interface Protection of transmitted data Network operator infrastructure Security mechanism M-commerce application Payment system Mobile device Confidential user data should be protected from unauthorised use Radio interface Require the protetcion of transmitted data in terms of confidentiality, integrity and authenticity Network operator infrastructure Security mechanism M-commerce application Payment system

8 Security of Network Technologies (1/2)
GSM (Global System for Mobile Communication) Authentication is one way Encryption is optional False base station perform a “man-in-middle” attack UMTS (Universal Mobile Telecommunication System) Authentication is mutual Encryption is mandatory unless the mobile station and the network agree on an unciphered connection. Integrity protection is always mandatory and protects against replay or modification of signaling messages.

9 Security of Network Technologies (2/2)
WLAN (Wireless Local Area Network) Not provide any security in default Attacker can modify data and CRC WEP (Wired Equivalent Privacy) key can be recovery 802.1x port-based adopted Bluetooth Provide link layer security No privacy requirement Unique Bluetooth device address allows the tracing of personal devices

10 Transport Layer Security
SSL/TLS (Secure Socket Layer) HTTPS (HTTP over SSL) KSSL by Sun Not offer client-side authentication Only implements certain commonly used cipher suites Has a very small footprint and runs on small devices WTLS (WAP Transport Layer Security) No real end-to-end security is provided WAP gateway needs to be trusted

11 Service Security (1/2) Intelligent network
CAMEL (Customised Application for Mobile Enhanced network Logic1) The IN architecture for GSM Porlay/OSA (Open service Access) Provides gateway functionality M-commerce applications can then access network functionality Offers authentication and encryption on the application layer The security depends on the underlying network architecture SMS (Short Message Service) No end-to-end security, and the network operator Its infrastructure (e.g. SMSC, Short Message Service Centre) must be trusted

12 Service Security (2/2) USSD (GSM Unstructured Supplementary Service Data) No separate security property Relies on GSM/UMTS security mechanisms SIM/USIM application toolkit (Subscriber Identity Module) security mechanisms Authentication Message integrity Replay detection and sequence integrity Proof of receipt and proof of execution Message confidentiality Indication of the security mechanisms used

13 M-payment Background on payment systems
Categorisation of e-payment systems Categorisation of m-payment systems Examples of m-payment systems

14 Background on Payment Systems
Time of payment Relation between initial payment and actual payment Prepaid payment system Pay-now payment system post-payment system Payment amount Micropayments: Up to about 1 € Small payments: about 1 to 10 € Macropayment: more tha 10 € Anonymity issues Complete Paritial Security requirements Different on system Consider issues Integrity Authentication Authorisation Confidentiality Availability Reliability Online or offline validation Online Background payment servers Trusted third party Double spending Offline No trusted third party Additional communication overhead

15 Categorisation of E-payment Systems
Direct cash Cheque Credit card Bank transfer Debit advice

16 E-payment Systems Direct-cash-like Cheque-like Bank Transfer
Issuer Acquirer Issuer Acquirer Settlement Settlement 2.Authorisation and capture 1.Withdrawal 3.Deposit Indication Customer Merchant Customer Merchant 2.Payment 1.Payment Bank Transfer Issuer Acquirer 2.Settlement 1Transfer request Indication Customer Merchant

17 Categorisation of M-payment Systems
Software electronic coins $ stored on a mobile device ex. electronic coin Hardware electronic coins $ stored on a secure hardware token in the mobile device ex. smartcard Background account $ stored remotely on an account at a trusted third party

18 Examples of m-payment systems
Software electronic coins Potentially remain completely anonymous Example eCash E-commerce NetCash MilliCent Hardware electronic coins Implement an e-purse Electronic cash on a smartcard GeldKarte Mondex Background account Hold at a network operator The charged amount is transferred to the existmg billing solution and included in the customer bill. E. M-pay Bill service from Vodafone and Mobilepay Hold at a credit card institution The payment mechanism is secure transmission of credit card data to the credit card company Ex. Electronic Mobile Payment System by MeritaNordbanken, Nokia and Visa Hold at a bank The existing banking infrastructure and technology can be reused. Ex. Paybox and MobiPay by BBVA and Telefonica

19 Standardisation and forums
PayCircle ( MoSign ( Mobile Payment Forum ( forum.org) mSign ( mwif ( Radicchio ( Encorus ( Mobile electronic Transactions MeT (

20 Conclusion Discussed security issues relating to network and service technologies and m-payment Regarding m-payment, some systems are under development or already operational One of the main future challenges will be to unify payment solutions and provide the highest possible level of security

21 Comment Survey型paper

Download ppt "Secure Mobile Commerce"

Similar presentations

Internet payment systems

Internet payment systems
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
Cryptography and Network Security

Cryptography and Network Security
Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL: May,

Electronic Payment Systems Speaker: Jerry Gao Ph.D. San Jose State University URL: May,
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.

Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Mobile Payments Index: Introduction Technologies Payment methods

Mobile Payments Index: Introduction Technologies Payment methods
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 9 Micropayments I.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
“Electronic Payment System”

“Electronic Payment System”
Financial Transactions on Internet Financial transactions require the cooperation of more than two parties. Transaction must be very low cost so that small.

Financial Transactions on Internet Financial transactions require the cooperation of more than two parties. Transaction must be very low cost so that small.
E-commerce E-commerce, or electronic commerce, refers to systems that support electronically executed business transactions. In this section: E-commerce.

E-commerce E-commerce, or electronic commerce, refers to systems that support electronically executed business transactions. In this section: E-commerce.
Payment Systems for Electronic Commerce

Payment Systems for Electronic Commerce
Conceptual Design of an E- commerce System Min Ding Smeal College of Business Administration Pennsylvania State University.

Conceptual Design of an E- commerce System Min Ding Smeal College of Business Administration Pennsylvania State University.
Traditional and Electronic Payment Methods Chapter 3.

Traditional and Electronic Payment Methods Chapter 3.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall E-money.

Oz – Foundations of Electronic Commerce © 2002 Prentice Hall E-money.

Similar presentations

Ads by Google