Trusted integration of cloud-based NFC transaction players

Near Field Communication (NFC) is a short range wireless technology that provides contactless transmission of data between devices. With an NFC enabled device, users can exchange information from one device to another, make payments and use their NFC enabled device as their identity. As the main payment ecosystem players such as service providers and secure element issuers have crucial roles in a multi-application mobile environment similar to NFC, managing such an environment has become very challenging. One of the technologies that can be used to ensure secure NFC transaction is cloud computing which offers wide range of advantages compare to the use of a Secure Element (SE) as a single entity in an NFC enabled phone. This approach provides a comprehensive leadership of the cloud provider towards managing and controlling customer's information where it allows the SE which is stored within an NFC phone to deal with authentication mechanisms rather than storing and managing sensitive transaction information. This paper discusses the NFC cloud Wallet model which has been proposed by us previously [1] and introduces a different insight that defines a new integrated framework based on a trusted relationship between the vendor and the Mobile Network Operator (MNO). We then carry out an analysis of such a relationship to investigate different possibilities that arise from this approach

Mobile transactions over NFC and GSM

Dynamic relationships between Near Field Communication (NFC) ecosystem players in a monetary transaction make them partners in a way that they sometimes require to share access permission to applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing. This offers a wider range of advantages than the use of only a Secure Element (SE) in an NFC enabled mobile phone. In this paper, we propose a protocol for NFC mobile payments over NFC using Global System for Mobile Communications (GSM) authentication. In our protocol, the SE in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). The proposed protocol eliminates the requirement for a shared secret between the Point of Sale (PoS) and the MNO before execution of the protocol, a mandatory requirement in the earlier version of this protocol. This elimination makes the protocol more practicable and user friendly. A detailed analysis of the protocol discusses multiple attack scenarios

Surveys on Electronic Money

This paper investigates the views of electronic money operators and innovators on the possibilities and implications of e-money, especially with respect to replacing central bank money as well as technical issues regarding e-money, its implications for the financial industry and central banking. This has been done using surveys of major e-money innovators and operators, based on the assumption that these operators and innovators are likely to shape the future framework for e-money schemes. It seems that innovators and operators are quite confident about the future of e-money – despite problems and obstacles surrounding current testing – and that central banks’ monopoly of the issuance of money as a medium of exchange will no longer be unchallenged.electronic money; financial regulation; central banks; financial innovation

Smart cards: State-of-the-art to future directions

The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present

TechNews digests: Jan - Nov 2008

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

© The Author(s) 2018 Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.Peer reviewe

Application of NFC Technology for Cashless Payment System in Canteen

In a campus community, mostly is younger people andstay in University hostel without cooking facilities then have to getfrom canteen for foods and beverages. In office hour with limitedbreak time either breakfast or lunch everyone is rushing to get foodand crowded situation are happen. One of the issues is paymentsystem use manually (cash) and queue at the cashier to pay foods,sometime need to wait a few minute until to get the turn. Cashlesspayment such as token or credit system is implementing in some ofrestaurant and food courts but does not applicable in Universitycanteen that most of customers are students with small transaction,only a few dollars and cents. Nowadays, mobile phone or smartphone is not a luxury thing and most of student carries it for phonecall, message, email, or browsing internet. Most of smart phone alsoembedded with Near Field Communication (NFC) reader inside thephone, thus by using this phone with NFC enable to do paymentsystem at the canteen. The credit is deducted from mobile phonebalance for pre-paid system or billed in monthly for postpaid andthis system have working together to the cellular phone operator.Confirmation on payment system is shows whether customerapprove payment or not then a notification is sent to user.With thissystem be able to overcome several issues such as queue at cashierfor payment and risk of student to carry cash money while buyingfoods

Analysis of the latest trends in mobile commerce using the NFC technology

The aim of this research is to propose new mobile commerce proximity payment architecture, based on the analysis of existing solutions and current and future market needs. The idea is to change a Mobile Device into a reliable and secure payment tool, available to everyone and with possibility to securely and easily perform purchases and proximity paymentsThe research leading to these results has received funding by the ARTEMISA project TIN2009-14378-C02-02 within the Spanish "Plan Nacional de I+D+I", and the Madrid regional community projects S2009/TIC-1650 and CCG10-UC3M/TIC-4992