Mobile payment allows to perform payment transactions through their mobile devices. , it brings up many emerging issues regarding security and performance of mobile payment systems .It can be classified into two main problems. The first problem is the limitations of wireless environments that are primarily from mobile devices which have limited system resources and from wireless networks which have low bandwidth, high connection cost, and low reliability. A mobile user may not be able to efficiently performing highly secure transactions, which require high computational cryptographic operations, over the wireless network.
The second problem is the lack of sufficient security of existing mobile payment systems, mainly due to improper protocol design and the deployment of lightweight cryptographic operations which lead to the lack of important transaction security properties. Such problems have motivated the research conducted in this thesis.The rapid proliferation of portable devices and the world wide penetration of mobile cellular subscription. Using m-payment a person with a wireless device could pay for items in a store or settle a restaurant bill without interacting with any staff members According to orange Mobile Payment (Danish Company) the entire transaction should take not more than 10 seconds. In order to provide a secure and comprehensive m-payment, the payment scenario should be designed so that it performs fast and simple for the end-use, but secure and comprehensive for the provider. An efficient payment scenario takes efficient steps in performance.
With rising new smart phones available in markets, the facilities of smart mobile device could be exploited to develop an application to perform required m-commerce operations. The purpose of this thesis is to propose secure mobile payment. The results obtained from this thesis may serve as a basis for protocol designers and to analyze their existing mobile payment systems and system implementers to design and implement secure mobile payment systems.
The research conducted in this thesis focuses on three different levels of reasoning and securing mobile payment:, framework, protocol and formal model.We first propose a formal model for a practical and secure mobile paymentsystem. In this model, we formalize interactions among engaging parties and properties to be satisfied by the system including requirements for payment transactions, goals and transaction security properties, trust relationships among parties. We generalize transaction performance and define the trans- action performance which is acceptable by engaging parties. The proposed model can be seen as a guideline for designing and implementing protocols for both account-based and token-based payment and.
practical and secure mobile payment frameworks At the framework level, we investigate the problems of existing mobile pay ment frameworks. Then, we introduce a framework that not only overcomes the limitations of wireless environments, but also solves the problems of the existing frameworks. Particularly, a traditional fixed-network payment protocol is well operated in our framework, even more efficiently if a payment protocol specifically designed for wireless environments is applied.
In addition, we show that the proposed framework can be captured by the proposed formal model. At the protocol level, we propose a lightweight, yet secure cryptographic technique. This technique not only reduces the computation at engaging parties, especially at mobile users, but also satisfies the transaction security properties. We then introduce two account-based mobile payment protocols which deploy the proposed technique. We develop a prototype of one of the proposed protocols to demonstrate its practicability as a real world application. The results from the implementation show that the implemented protocol itself operates well in wireless environments.