Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
A modular test platform for evaluation of security protocols in NFC applications
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Using NFC phones for proving credentials
MMB'12/DFT'12 Proceedings of the 16th international GI/ITG conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A Survey on Near Field Communication (NFC) Technology
Wireless Personal Communications: An International Journal
Ecosystem scenarios for cloud-based NFC payments
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
Hi-index | 0.00 |
In this paper a practical offline payment system based on digital vouchers using Near Field Communication (NFC) in mobile phones is presented. This work was performed within the scope of the IBBT NFC-Voucher project. The goal of the project is to assess the feasibility of such a system, from a technical and security perspective, using tangible NFC devices such as the Nokia 6131 NFC mobile phone. This involved an in-depth technical and security analysis of all actors in the system and a rigorous elaboration of the practical security requirements and assumptions. In the architecture implementing and connecting all the different actors of this voucher payment system, no compromises regarding security were made. At device level all sensitive data is stored in a Secure Element (SE) with limited access for non-authorised users. The backbone and voucher transfer system uses a classical Public Key Infrastructure (PKI), such that only trusted and registered parties can handle and transfer vouchers. After having implemented this system, we conclude that it is possible to build an off-line payment system for mobile phones without compromising security, but that it remains quite challenging, given the current limitations on speed, available memory and security functionality.