Secure Mobile Payment via Trusted Computing
Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.
Qi Li Xinwen Zhang Jean-Pierre Seifert Hulin Zhong
Dept.of Computer Science, Tsinghua University, Beijing, China Samsung Information Systems America, San Jose, CA, USA Lutong Network Technologies Co., Ltd., Shenzhen, China
国际会议
Third Asia-Pacific Trusted Infrastructure Technologies Conference(第三届亚太地区可信基础架构技术大会)(APTC 2008)
武汉
英文
98-112
2008-10-14(万方平台首次上网日期,不代表论文的发表时间)