SETNR/A: An Agent-Based Secure Payment Protocol for Mobile Commerce
Non-repudiation of a mobile payment transaction ensures that when a buyer (B) sends some messages to a seller (S), neither B nor S can deny having participated in this transaction. An evidence of a transaction is generated by wireless PKI mechanism such t
- PDF / 394,853 Bytes
- 10 Pages / 430 x 660 pts Page_size
- 86 Downloads / 187 Views
Department of Information Management Kainan University, Luchu 338, Taiwan [email protected] 2 Department of Electrical Engineering Hsiuping Institute of Technology, Taichung 412, Taiwan [email protected]
Abstract. Non-repudiation of a mobile payment transaction ensures that when a buyer (B) sends some messages to a seller (S), neither B nor S can deny having participated in this transaction. An evidence of a transaction is generated by wireless PKI mechanism such that B and S cannot repudiate sending and receiving the purchase order respectively. SETNR/A protocol is proposed to improve the weakness of lacking non-repudiation mechanism from SET and SET/A for credit card-based transactions; on the other hand, agent-based protocol is ideal for complicated payment system. Broker generates a mobile agent for B which carries encrypted purchase order to S. A trusted third party (TTP) acts as a lightweight notary for evidence generations. One advantage of this agent-based payment protocol is to reduce inconvenience for mobile clients such as connection time and search for suitable merchant servers, etc.; it also provides necessary security mechanisms for mobile payment transactions.
1 Introduction The security of credit card-based payment system has been a concerned issue for a long time. For example, credit card frauds which are performed by hackers’ eavesdropping over transacting connections; on the other hands, dispute of a transaction could also jeopardize the mobile commerce [1]. In order to protect user’s credit card information while transacting with payment systems, VISA and MasterCard, in association with major software and cryptography companies, developed SET (Secure Electronic Transaction) protocol [2]. One major advantage of SET is the separation of information disclosure, namely, ordering information and payment information. Merchant never knows credit card information; and financial institutes, which authorizes payment transaction, never knows ordering information. Payment by credit cards is an attractive and efficient mobile payment; comparing to other cash-based and check-based payment systems, it is more consumer-based and suitable for mobile transactions [3]. However, for mobile payment systems, SET may be too demanding for limited computational capacity, slower connection speeds such N.T. Nguyen et al. (Eds.): KES-AMSTA 2008, LNAI 4953, pp. 574–583, 2008. © Springer-Verlag Berlin Heidelberg 2008
SETNR/A: An Agent-Based Secure Payment Protocol for Mobile Commerce
575
as mobile handsets. This investigation leads to the research of agent-based applications. The digital signature-based authentication proves to be implemented efficiently within 3G communications [4]. One feasible idea is that mobile device simply sends purchase order out; it needs not to connect to base station afterwards. Later on, a message will be sent back to mobile device as a completion of purchasing. For example, Ramao and Silva [5] improved the SET protocol and proposed the agent-based SET/A protocol guided by SET rules
Data Loading...
