Resuscitating privacy-preserving mobile payment with customer in complete control

Authors:
Divyan Munirathnam Konidala;Made Harta Dwijaksara;Kwangjo Kim;Dongman Lee;Byoungcheon Lee;Daeyoung Kim;Soontae Kim
Affiliations:
Department of Information and Communications Engineering, Korea Advanced Institute of Science and Technology (KAIST), Daejeon, Republic of Korea;Department of Computer Science, KAIST, Daejeon, Republic of Korea;Department of Computer Science, KAIST, Daejeon, Republic of Korea;Department of Computer Science, KAIST, Daejeon, Republic of Korea;Department of Information Security, Joongbu University, Chungnam, Republic of Korea;Department of Computer Science, KAIST, Daejeon, Republic of Korea;Department of Computer Science, KAIST, Daejeon, Republic of Korea
Venue:
Personal and Ubiquitous Computing
Year:
2012

Citing 6
Cited 1

Provably Secure Partially Blind Signatures

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Untraceable Electronic Cash

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Untraceable Off-line Cash in Wallets with Observers (Extended Abstract)

CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Where's that phone?: geolocating IP addresses on 3G networks

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Vulnerabilities in first-generation RFID-enabled credit cards

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Strategy: Data lost, not found

Infosecurity

Ecosystem scenarios for cloud-based NFC payments

Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Credit/debit card payment transactions do not protect the privacy of the customer. Once the card is handed over to the merchant for payment processing, customers are "no longer in control" on how their card details and money are handled. This leads to card fraud, identity theft, and customer profiling. Therefore, for those customers who value their privacy and security of their payment transactions, this paper proposes a choice--an alternate mobile payment model called "Pre-Paid Mobile HTTPS-based Payment model". In our proposed payment model, the customer obtains the merchant's bank account information and then instructs his/her bank to transfer the money to the merchant's bank account. We utilize near field communication (NFC) protocol to obtain the merchant's bank account information into the customer's NFC-enabled smartphone. We also use partially blind signature scheme to hide the customers' identity from the bank. As a result, our payment model provides the customer with complete control on his/her payments and privacy protection from both the bank and the merchant. We emulated our proposed mobile payment model using Android SDK 2.1 platform and analyzed its execution time.