A new architecture for secure two-party mobile payment transactions

Thumbnail Image
Date
2010
Authors
Zhu, Yunpu
University of Lethbridge. Faculty of Arts and Science
Journal Title
Journal ISSN
Volume Title
Publisher
Lethbridge, Alta. : University of Lethbridge, Dept. of Mathematics and Computer Science, c2010
Abstract
The evolution of wireless networks and mobile device technologies has increased concerns about performance and security of mobile systems. We propose a new secured applicationlevel architecture for a two-party mobile payment transaction that is carried out between a resource-limited mobile device and a resource-rich computer server over wireless networks. As an example of such transactions, the mobile banking transaction is focused on throughout this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography scheme (combining both a Public-key cryptography algorithm (ECDSA) and a Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism, and a transaction log strategy. The proposed architecture is designed to satisfy the four properties of confidentiality, authentication, integrity and non-repudiation that are required by any secure system. The architecture can be implemented on a Java ME enabled mobile device. The security API library can be reused in implementing other two-party mobile applications. The present study shows that SA2pMP is a unique lightweight security architecture providing comprehensive security for two-party mobile payment transactions. In addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile devices as a downloadable software application. The main contribution of the thesis is to suggest a design for a security architecture for two-party mobile payment transactions, for example, mobile banking. It suggests a four-layer model of mobile payment participants, based on Karnouskos (2004). This model clarifies how participants are involved in a mobile payment transaction. In addition, an improved model is suggested to guide security aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, & Koong, 2006).
Description
xi, 229 leaves : ill. ; 29 cm
Keywords
Mobile commerce , Banks and banking, Mobile , Wireless communication systems -- Security measures , Dissertations, Academic
Citation