WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Aiming at the problems of the WPKI certificate verification schemes based on online certificate status protocol (OCSP), this paper proposes a WPKI certificate verification scheme based on the certificate digest signature-online certificate status protocol (CDS_OCSP). Compared with the existing schemes, the proposed scheme optimizes the number of communication connections between the communication entities and the network, reduces the consumption of the wireless network bandwidth in the certificate verification process, and uses the elliptic curves cipher- (ECC-) based encrypting/decrypting functions to sign and verify the certificate digest, which ensures the consistency of the verified certificates among the communication entities. The proposed scheme makes the certificate verification process more efficient and secure. The experimental results show that the proposed scheme effectively reduces the communication consumption of the wireless network and saves the storage space of the wireless entities

Analysis of Users' Behaviour and Adoption Trends of Social Media Payment Platforms

The recent proliferation of Electronic Commerce (E-commerce) has been further escalated by multifaceted emerging payment solutions such as cryptocurrencies, mobile, peer-to-peer (P2P) and social media payment platforms. While these technological advancements are gaining tremendous popularity, mostly for their ease of use, various impediments such as security and privacy concerns, societal and cultural norms etc. forbear the users' adoption trends to some extents. This article examines the current status of the social media payment platforms as well as the projection of future adoption trends. Our research underlines the motivations and obstacles to the adoption of social media platforms

A new architecture for secure two-party mobile payment transactions

xi, 229 leaves : ill. ; 29 cmThe evolution of wireless networks and mobile device technologies has increased concerns about performance and security of mobile systems. We propose a new secured applicationlevel architecture for a two-party mobile payment transaction that is carried out between a resource-limited mobile device and a resource-rich computer server over wireless networks. As an example of such transactions, the mobile banking transaction is focused on throughout this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography scheme (combining both a Public-key cryptography algorithm (ECDSA) and a Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism, and a transaction log strategy. The proposed architecture is designed to satisfy the four properties of confidentiality, authentication, integrity and non-repudiation that are required by any secure system. The architecture can be implemented on a Java ME enabled mobile device. The security API library can be reused in implementing other two-party mobile applications. The present study shows that SA2pMP is a unique lightweight security architecture providing comprehensive security for two-party mobile payment transactions. In addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile devices as a downloadable software application. The main contribution of the thesis is to suggest a design for a security architecture for two-party mobile payment transactions, for example, mobile banking. It suggests a four-layer model of mobile payment participants, based on Karnouskos (2004). This model clarifies how participants are involved in a mobile payment transaction. In addition, an improved model is suggested to guide security aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, & Koong, 2006)

A secure architecture enabling end-user privacy in the context of commercial wide-area location-enhanced web services

Mobile location-based services have raised privacy concerns amongst mobile phone users who may need to supply their identity and location information to untrustworthy third parties in order to access these applications. Widespread acceptance of such services may therefore depend on how privacy sensitive information will be handled in order to restore users’ confidence in what could become the “killer app” of 3G networks. The work reported in this thesis is part of a larger project to provide a secure architecture to enable the delivery of location-based services over the Internet. The security of transactions and in particular the privacy of the information transmitted has been the focus of our research. In order to protect mobile users’ identities, we have designed and implemented a proxy-based middleware called the Orient Platform together with its Orient Protocol, capable of translating their real identity into pseudonyms. In order to protect users’ privacy in terms of location information, we have designed and implemented a Location Blurring algorithm that intentionally downgrades the quality of location information to be used by location-based services. The algorithm takes into account a blurring factor set by the mobile user at her convenience and blurs her location by preventing real-time tracking by unauthorized entities. While it penalizes continuous location tracking, it returns accurate and reliable information in response to sporadic location queries. Finally, in order to protect the transactions and provide end-to-end security between all the entities involved, we have designed and implemented a Public Key Infrastructure based on a Security Mediator (SEM) architecture. The cryptographic algorithms used are identitybased, which makes digital certificate retrieval, path validation and revocation redundant in our environment. In particular we have designed and implemented a cryptographic scheme based on Hess’ work [108], which represents, to our knowledge, the first identity-based signature scheme in the SEM setting. A special private key generation process has also been developed in order to enable entities to use a single private key in conjunction with multiple pseudonyms, which significantly simplifies key management. We believe our approach satisfies the security requirements of mobile users and can help restore their confidence in location-based services

Mobile Business as Strategic Tools in the US Airline Industry

This thesis analyzes opportunities and threats of mobile business in the context of the US airline industry as s strategic tool to create a sustainable competitive advantage through the implementation of an effective mobile business model. The analysis is based on the assumption that mobile airline strategies have to create a strategic fit with the business environment seen from an airline perspective. Forces inherent in the global environment as well as in the micro-environment are analyzed using environmental scanning as systematic technique. Exploratory data obtained from a focus group interview is added to the analysis in order to assess opportunities and threats and to extract the key success factors for airline m-business, which is found to have tremendous impact on the way an airline creates value to its customers. Key success factors discussed in this thesis are user experience, the value contribution of mobile technology, and customer requirements. Crucial elements found for matching these factors are to expedite and facilitate processes, the ability to integrate systems into a mobile infrastructure, and using devices that yield quick and inexpensive results

Cooperating broadcast and cellular conditional access system for digital television

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria

Remote software upload techniques in future vehicles and their performance analysis

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle\u27s buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs

CONNECTING BNPL PROVIDERS AND ENSURING REPAYMENT

The present disclosure includes a system that is managed by a BNPL advisor which allows for BNPL providers to make an intelligent decision when approving loans requested by cardholder. The BNPL advisor consolidates borrowing and repayment behavior onto a database of every card holder from different BNPL providers. This proprietary database would update the borrowed amount & returned amount through installments through an asynchronous connection to each BNPL provider – updating the entry whenever a repayment or borrowing is made. Using this data along with BNPL advisors own transaction data, a score that indicates the probability of complete repayment is generated and passed to the BNPL provider. This system allows for various BNPL providers to communicate and update credit limit of a cardholder through the BNPL advisor. It also works in cross border lending and ensures that BNPL providers are protected against delinquency

The Impact Of Mobile Commerce In Kavala

The mobile commerce, as an integral and often dominant part of a broader technological, economic and social system, is closely linked to environmental conditions that affect; this affects their decisions and strategy implemented. Undoubtedly, in the current era, the competition is increased and dominant in the market, pushing their bodies and citizens to abandon traditional and time-consuming methods of business functions, practices and yet purchases. The purpose of this study, it is the presentation and the penetration of mobile commerce to the citizens of Kavala. In particular, how they use their mobile devices in making purchases. The survey conducted in 2015 on a random sample of 220 people with criterion that the respondents have a mobile equipment. It was studied the use of wireless technologies in conjunction with the recognition and use of electronic commerce by both consumers and business world. The questionnaire has 47 questions concerning the population distribution, the advanced technology of their mobile devices, the interest for products and services provided by m-commerce and the security they feel. Finally, the respondents were asked for the purchases made by their mobile equipments and whether they were satisfied. For the measurement of the research factors which appear in the conducted study, the method of multiple determinants variables were used. The data analysis was carried out with the use of the statistical program SPSS Statistics 19.0.The conclusions of the survey is that despite the cost of use, the connection speeds, and security and misuse of personal data problems, the mobile commerce is in constant development due to the critical mass of the users who immediately and practically use their mobile devices. Keywords: M-commerce, Impact, Kavala, questionnair