1 / 13

A Fair Biometric Enabled M-Payment Solution with Anonymity Support

A Fair Biometric Enabled M-Payment Solution with Anonymity Support. Presented by: Șoșu Liviu. Introduction. Mobile commerce Security issues: ► non-repudiation (malicious merchants/customers). Proposals. Biometric Authentication Fair Exchange Anonymity Support. Participants.

tannar
Download Presentation

A Fair Biometric Enabled M-Payment Solution with Anonymity Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Fair Biometric Enabled M-Payment Solution withAnonymity Support Presented by: Șoșu Liviu

  2. Introduction • Mobile commerce • Security issues: ► non-repudiation (malicious merchants/customers)

  3. Proposals • Biometric Authentication • Fair Exchange • Anonymity Support

  4. Participants

  5. Assumptions 1. The customer has purchased a pre-paid SIM card from the Mobile Operator without revealing his/her identity. The Mobile Operator holds the list of currency accounts corresponding with every SIM card and every authorized merchant. 2. The Mobile Operator has issued an asymmetric key pair for every SIM card and authorized merchants. 3. An on-line trusted Third Party exists. It generates a public/private key pair, (PTP, STP), and its public key PTP is stored in the customer’s Mobile Phone and the merchant also holds it.

  6. Assumptions 4. The fingerprint sensor is embedded in the handset and the customer has stored his/her fingerprint template data inside SIM card. 5. The Mobile Operator provides methods for customer to top up his/her SIM card’s currency account. 6. The customer has stored his/her Delivery Cabinet address information in the Mobile Phone.

  7. Assumptions 7. The Mobile Phone and the Payment Applet share a symmetric encryption session key Kpay for data flow’s exchange between them. 8. The Mobile Phone and Bio-Applet share a symmetric encryption session key Kbio for every data flow’s exchanged between them. 9. Secure channels are set up between parties during the process of transaction. All the communications keep anonymous over these secure channels if the parities do not reveal identities on their own.

  8. Protocol Phases Phase 1: The Customer Triggers the Transaction Message 1: MA → MP: Invoice || PMA Phase 2: The Authentication of the Mobile Phone Message 2: MP → BA: TMP || eK bio(BIO_DATA) Message 3: BA → MP: TBA || eK bio (BIO_RESULT)

  9. Protocol Phases Phase 3: The Payment Applet Sends the Encrypted Payment Message 4: MP →PA: eKpay (Payment Request || Invoice || PMA || PTP) Message 5: PA → MP → MA: zPMA { zEk (ρ )|| sSPA (purchase-order) || PPA }

  10. Protocol Phases Message 6: PA → MP → TP: zK1 (ρ) || zPTP (K1−1 || M ) Phase 4: The Payment is held temporarily Message 7: TP: zPMA {sSTP { amount || zK1 (ρ)}} Phase 5: Verification of the payment Message 8 MA MP: sSMA { sSPA (purchase order)}

  11. Phase 6: Transfer of the Encryption Key

  12. Protocol Schema

  13. System Analysis • Analysis of Fair Exchange • Anonymity and Privacy • Security • Eficiency

More Related