kth.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Security for Mobile Payment Transaction
KTH, Skolan för informations- och kommunikationsteknik (ICT).
2012 (Engelska)Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)
Abstract [en]

The advancement of ICT in a variety of sectors helped in improving the time consuming and rigid service into fast and flexible service that is closer to the reach of individuals. For instance, mobile applications have evolved in different sectors such as healthcare patient support, geographic mapping and positioning, banking, e-commerce payment services and others. This study focuses on one of the most sensitive applications, which is mobile payment.

Mobile payment system being one of the widely expanding mobile services, it has security concerns that prevented its wide acceptance. Some of the main security services given prior attention in mobile payment are issues of privacy, authentication and confidentiality. The research concentrates on the strong authentication of a mobile client to its server, securing the credit card* information and use of mobile card reader while making payments that enable customers to protect privacy of financial credentials.

The strong authentication mechanism mainly follows the NIST standard publications namely, FIPS PUB 201 and FIPS 196; which are standards on Entity Authentication using public key cryptography and PKI credential storage Personal Identity Verification (PIV) card respectively. The proposed secure Credit Card Information (CCI) storage is in a secure element in order to prevent tampering of stored data. The secure element options are microSD, UICC, Smartcard (together with digital certificate and service ticket). During making payments, the payment information encrypted using a shared key is securely sent to payment server.

A demo mobile application as proof of concept was implemented in a simulated lab (KTH SecLab), which has all the necessary infrastructure setup (servers, card reader) for testing the proposed solution. The paper was able to proof the concept of secure payment by enhancing the authentication, confidentiality and privacy of payment information. However, the demo for Strong Authentication did not completely succeed as expected due to unexpected bugs in the early version of card reader SDK.

Ort, förlag, år, upplaga, sidor
2012. , s. 46
Serie
Trita-ICT-EX ; 2012:303
Nyckelord [en]
Strong Authentication, mobile security, PIV, mobile PKI, payment privacy, EMV security
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
URN: urn:nbn:se:kth:diva-116690OAI: oai:DiVA.org:kth-116690DiVA, id: diva2:600353
Utbildningsprogram
Teknologie masterexamen - Informations- och kommunikationssäkerhet
Uppsök
teknik
Examinatorer
Tillgänglig från: 2013-04-03 Skapad: 2013-01-24 Senast uppdaterad: 2022-06-24Bibliografiskt granskad

Open Access i DiVA

fulltext(1678 kB)1712 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1678 kBChecksumma SHA-512
6af85634fd26addd56286ba4f1b00a963e62b4d49aed4b95eb7bf05991df21e08f7264d0185d3b2bff2ac3c58bd7f90d80cba0ff7690d76688e111c774ca55b5
Typ fulltextMimetyp application/pdf

Av organisationen
Skolan för informations- och kommunikationsteknik (ICT)
Teknik och teknologier

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 1808 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 1858 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf