Improving authentication of remote card transactions with mobile personal trusted devices

Computer Communications

Volumn 30, Issue 8, 2007, Pages 1697-1712

  Bottoni, Andrea ^a   Dini, Gianluca ^a  

^a UNIVERSITY OF PISA   (Italy)

Author keywords

Authentication; e Payment; Security; Trusted device

Indexed keywords

AUTHENTICATION; CUSTOMER SATISFACTION; LAWS AND LEGISLATION; MOBILE DEVICES; RISKS; SMART CARDS;

CREDIT CARD TRANSACTIONS; E-PAYMENT; SECURITY PROPERTIES; TRUSTED DEVICES;

ELECTRONIC COMMERCE;

EID: 34247614109     PISSN: 01403664     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comcom.2007.02.006     Document Type: Article

References (54)

1. Abadi M., Burrows M., Kaufman C., and Lampson B. Authentication and delegation with smart-cards. Science of Computer Programming 21 (1993) 93-113
2. Asokan N., Janson P.A., Steiner M., and Waidner M. The state of the art in electronic payment systems. IEEE Computer (1997) 28-35
3. Axalto. Cyberflex Access. Available from: .
4. Axalto. Cyberflex Access SDK. Available from: .
5. Feng Bao, L. Anantharaman, R. Deng, Design of portable mobile devices based e-payment system and e-ticketing system with digital signature, in: Proceedings of the International Conference on Info-tech and Info-net (ICII 2001), vol. 6, Beijing, China, October 29-November 1 2001, pp. 7-12.
6. Bellare M., Garay J., Hauser R., Herzberg A., Krawczyk H., Steiner M., Tsudik G., Herreweghen E.V., and Waidner M. Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications 18 4 (2000) 611-627
7. Bohm N., Brown I., and Gladman B. Electronic commerce: Who carries the risk of fraud?. The Journal of Information and Law Technology (2000) 31-34
8. Mike Bond, Jolyon Clulow, Extending security protocol analysis: New challenges, in: Proceedings of the First Workshop on Automated Reasoning for Security Analysis (ARSPA), Cork, Ireland, July 4 2004, pp. 13-24.
9. Burrows M., Abadi M., and Needham R. A logic of authentication. ACM Transactions on Computer Systems 8 1 (1990) 18-36
10. Claessens J., Preenel B., and Vandewalle J. Combining world wide web and wireless security. In: Decker B.D., Piessens F., Smits J., and Herreweghen E.V. (Eds). Proceedings of IFIP I-NetSec 2001. Advances of Network and Distributed Systems Security (2001), International Federation for Information Processing, Kluwer Academic Publishers, Leuven, Belgium 153-171
11. Mika Cohen, Mads Dam, A completeness result for ban logic, in: Proceedings of the 4th International Workshop on Methods for Modalities (M4M-4), Berlin - Adlershof, Germany, December 1-2 2005.
12. Yuanjun Dai, Lihe Zhang. A security payment scheme of mobile e-commerce, in: Proceedings of the International Conference on Communication Technology (ICCT 2003), Beijing, China, April 9-11 2003, pp. 949-952.
13. T. Dierks, C. Allen. The TLS protocol version 1.0. The Internet Engineering Task Force (IETF), RFC 2246, January 1999.
14. England P., Lampson B., Manferdelli J., Peinado M., and Willman B. A trusted open platform. IEEE Computer 36 7 (2003) 55-63
15. European Telecommunications Standards Institute. Digital cellular telecommunication system (Phase 2+); Technical realization of the Short Message Service (SMS) Point-to-Point (PP). ETSI TS 100 559 (3GPP TS 04.11).
16. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2); Security aspects. ETS 300 506 (GSM 02.09).
17. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Security Mechanisms for the SIM application toolkit; Stage 2. ETSI TS 101 181 (GSM 03.48).
18. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Security mechanisms for the SIM Application Toolkit;Stage 1. ETSI TS 101 180 (GSM 02.48).
19. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Specification of the SIM Application Toolkit for the Subscriber Identity Module-Mobile Equipment (SIM-ME) interface. ETSI TS 101 267 (GSM 11.14).
20. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface. ETSI TS 100 977 (3GPP TS 11.11).
21. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API); Service description; Stage 1. ETSI TS 101 413 (GSM 02.19).
22. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API); SIM API for Java Card; Stage 2. ETSI TS 101 476 (GSM 03.19).
23. European Telecommunications Standards Institute. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); USIM/SIM Application Toolkit (USAT/SAT); Service description; Stage 1. ETSI TS 122 038 (3GPP TS 22.038).
24. Wireless Application Protocol Forum. Wireless Datagram Protocol Specification, 14 June 2001. Available from: .
25. Wireless Application Protocol Forum. Wireless profiled TCP Specification, 31 March 2001. Available from: .
26. Alia Fourati, Hella Kaffel Ben Ayed, Farouk Kamoun, A bdelmalek Benzekri. A set approach to secure the payment in mobile commerce, in: Proceedings of the 27th Annual IEEE Conference on Local Computer Networks (LCN02), Tampa, Florida (USA), 6-8 November 2002, pp. 136-137.
27. A. Freier, P. Kariton, P. Kocher, The SSL protocol: Version 3.0. Netscape Communication, Inc., Mountain View, CA, March 1996. Available from: .
28. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh, Terra: a virtual machine-based platform for trusted computing, in: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA, October 19-22 2003, pp. 193-206.
29. Ghosh A.K. Security and Privacy for E-Business (2001), Wiley, New York (USA)
30. Ghosh A.K., and Swaminatha T.M. Software security and privacy risks in mobile e-commerce. Communications of the ACM 44 2 (2001) 51-57
31. Gray J., and Reuter A. Transaction Processing: Concepts and Techniques (Morgan Kaufmann Series in Data Management Systems). first ed. (1993), Morgan Kaufmann
32. Härder T., and Reuter A. Principles of transaction-oriented database recovery. ACM Computing Survey 15 4 (1983) 287-317
33. Herzberg A. Payments and banking with mobile personal devices. Communications of the ACM 46 5 (2003) 53-58
34. Jin L., Feng L., and Hua G.Z. Research on wap clients supports set payment protocol. IEEE Wireless Communications 9 1 (2002) 90-95
35. Vorapranee Khu-smith, Chris J. Mitchell, Using gsm to enhance e-commerce security, in: Proceedings of the Second ACM International Workshop on Mobile Commerce, Atlanta, Georgia, USA, September 28-28 2002, pp. 75-81.
36. Kim W. Highly available systems for database applications. ACM Computing Survey 16 1 (1984) 71-98
37. Menezes A.J., van Oorschot P.C., and Vanstone S.A. Handbook of Applied Cryptography (1996), CRC Press
38. Oberthur Card System. SIMphonIC™. Available from: .
39. Pearson S. Trusted Computing Platforms-TCPA Technology in Context (2003), Hewlett-Packard Company, Prentice Hall PTR
40. Pfitzmann A., Pfitzmann B., Schunter M., and Waidner M. Trustworthy user devices. In: Müller G., and Rannenberg K. (Eds). Multilateral Security in Communications (1999), Addison-Wesley 137-156
41. Rubin A.D. Security considerations for remote electronic voting. Communications of the ACM 45 12 (2002) 39-44
42. Schneier B. Applied Cryptography: Protocols, Algorithms, and Source Code in C. second ed. (1996), Wiley
43. Bruce Schneier. Why digital signatures are not signatures. In Crypto-Gram Newsletter. November 2000. Available from: .
44. Schwiderski-Grosche S., and Knospe H. Secure mobile commerce. Electronics & Communication Engineering Journal 14 5 (2002) 228-238
45. Secure Electronic Transaction LLC. Secure Electronic Transaction Specification. Available from: .
46. Senn J.A. The emergence of m-commerce. IEEE Computer 33 12 (2000) 148-150
47. SUN. Java Card 2.1 API Specification. Java card Specification.
48. SUN. Java Card 2.1 Runtime Environment Specification. Java card Specification.
49. Do Van Thanh, Security issues in mobile ecommerce, in: Proceedings of the 11th IEEE International Workshop on Database and Expert Systems Applications, London, UK, August 4-8 2000, pp. 412-425.
50. Varshney U. Mobile payments. IEEE Computer 35 12 (2002) 120-121
51. WAP Forum. Wireless Identity Module. Part: Security. WAP-260-WIM-20010712-a.
52. WAP Forum. Wireless application protocol - architecture specification. WAP-210-WAPArch-20010712, July 2001.
53. Wireless Application Protocol Forum. WAP Transport Layer End-to-end Security, 2001. WAP-187-TransportE2ESec-20010628-a.
54. Wrona K., Schuba M., and Zavagli G. Mobile payments - state of the art and open problems. In: Fiege L., Mühl G., and Willhelm U. (Eds). WELCOM 2001. Lecture Notes in Computer Science, LNCS 2232 (2001), Springer, Berlin Heidelberg 88-100