A Privacy-Preserving Contactless Transport Service for NFC Smartphones

International audienceThe development of NFC-enabled smartphones has paved the way to new applications such as mobile payment (m-payment) and mobile ticketing (m-ticketing). However, often the privacy of users of such services is either not taken into account or based on simple pseudonyms, which does not offer strong privacy properties such as the unlinkability of transactions and minimal information leakage. In this paper, we introduce a lightweight privacy-preserving contactless transport service that uses the SIM card as a secure element. Our implementation of this service uses a group signature protocol in which costly cryptographic operations are delegated to the mobile phone

Mobile transactions over NFC and GSM

Dynamic relationships between Near Field Communication (NFC) ecosystem players in a monetary transaction make them partners in a way that they sometimes require to share access permission to applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing. This offers a wider range of advantages than the use of only a Secure Element (SE) in an NFC enabled mobile phone. In this paper, we propose a protocol for NFC mobile payments over NFC using Global System for Mobile Communications (GSM) authentication. In our protocol, the SE in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). The proposed protocol eliminates the requirement for a shared secret between the Point of Sale (PoS) and the MNO before execution of the protocol, a mandatory requirement in the earlier version of this protocol. This elimination makes the protocol more practicable and user friendly. A detailed analysis of the protocol discusses multiple attack scenarios

A multi-agent architecture for electronic payment

The Internet has brought about innumerable changes to the way enterprises do business. An essential problem to be solved before the widespread commercial use of the Internet is to provide a trustworthy solution for electronic payment. We propose a multi-agent mediated electronic payment architecture in this paper. It is aimed at providing an agent-based approach to accommodate multiple e-payment schemes. Through a layered design of the payment structure and a well-defined uniform payment interface, the architecture shows good scalability. When a new e-payment scheme or implementation is available, it can be plugged into the framework easily. In addition, we construct a framework allowing multiple agents to work cooperatively to realize automation of electronic payment. A prototype has been built to illustrate the functionality of this design. Finally we discuss the security issues

A proposed NFC payment application

This article has been made available through the Brunel Open Access Publishing Fund. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.Near Field Communication (NFC) technology is based on a short range radio communication channel which enables users to exchange data between devices. With NFC technology, mobile services establish a contactless transaction system to make the payment methods easier for people. Although NFC mobile services have great potential for growth, they have raised several issues which have concerned the researches and prevented the adoption of this technology within societies. Reorganizing and describing what is required for the success of this technology have motivated us to extend the current NFC ecosystem models to accelerate the development of this business area. In this paper, we introduce a new NFC payment application, which is based on our previous “NFC Cloud Wallet” model [1] to demonstrate a reliable structure of NFC ecosystem. We also describe the step by step execution of the proposed protocol in order to carefully analyse the payment application and our main focus will be on the Mobile Network Operator (MNO) as the main player within the ecosystem

A modularized electronic payment system for agent-based e-commerce

With the explosive growth of the Internet, electronic-commerce (e-commerce) is an increasingly important segment of commercial activities on the web. The Secure Agent Fabrication, Evolution & Roaming (SAFER) architecture was proposed to further facilitate e-commerce using agent technology. In this paper, the electronic payment aspect of SAFER will be explored. The Secure Electronic Transaction (SET) protocol and E-Cash were selected as the bases for the electronic payment system implementation. The various modules of the payment system and how they interface with each other are shown. An extensible implementation done using JavaTM will also be elaborated. This application incorporates agent roaming functionality and the ability to conduct e-commerce transactions and carry out intelligent e-payment procedures

Trusted integration of cloud-based NFC transaction players

Near Field Communication (NFC) is a short range wireless technology that provides contactless transmission of data between devices. With an NFC enabled device, users can exchange information from one device to another, make payments and use their NFC enabled device as their identity. As the main payment ecosystem players such as service providers and secure element issuers have crucial roles in a multi-application mobile environment similar to NFC, managing such an environment has become very challenging. One of the technologies that can be used to ensure secure NFC transaction is cloud computing which offers wide range of advantages compare to the use of a Secure Element (SE) as a single entity in an NFC enabled phone. This approach provides a comprehensive leadership of the cloud provider towards managing and controlling customer's information where it allows the SE which is stored within an NFC phone to deal with authentication mechanisms rather than storing and managing sensitive transaction information. This paper discusses the NFC cloud Wallet model which has been proposed by us previously [1] and introduces a different insight that defines a new integrated framework based on a trusted relationship between the vendor and the Mobile Network Operator (MNO). We then carry out an analysis of such a relationship to investigate different possibilities that arise from this approach