Offline NFC payments with electronic vouchers

Authors:
Gauthier Van Damme;Karel M. Wouters;Hakan Karahan;Bart Preneel
Affiliations:
Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium;Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium;Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium;Katholieke Universiteit Leuven, Heverlee-Leuven, Belgium
Venue:
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
Year:
2009

Citing 1
Cited 5

Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques

Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems

A modular test platform for evaluation of security protocols in NFC applications

CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Using NFC phones for proving credentials

MMB'12/DFT'12 Proceedings of the 16th international GI/ITG conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance
SmartTokens: delegable access control with NFC-Enabled smartphones

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A Survey on Near Field Communication (NFC) Technology

Wireless Personal Communications: An International Journal
Ecosystem scenarios for cloud-based NFC payments

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper a practical offline payment system based on digital vouchers using Near Field Communication (NFC) in mobile phones is presented. This work was performed within the scope of the IBBT NFC-Voucher project. The goal of the project is to assess the feasibility of such a system, from a technical and security perspective, using tangible NFC devices such as the Nokia 6131 NFC mobile phone. This involved an in-depth technical and security analysis of all actors in the system and a rigorous elaboration of the practical security requirements and assumptions. In the architecture implementing and connecting all the different actors of this voucher payment system, no compromises regarding security were made. At device level all sensitive data is stored in a Secure Element (SE) with limited access for non-authorised users. The backbone and voucher transfer system uses a classical Public Key Infrastructure (PKI), such that only trusted and registered parties can handle and transfer vouchers. After having implemented this system, we conclude that it is possible to build an off-line payment system for mobile phones without compromising security, but that it remains quite challenging, given the current limitations on speed, available memory and security functionality.