An Extended Payment Model for M–Commerce with Fair Non–Repudiation Protocols

Tran Khanh DANG¹ and Thi Thanh Huyen PHAN²

¹ Faculty of Computer Science & Engineering, HCMC University of Technology, VNUHCM, Ho Chi Minh City, Vietnam (phone:+84–8–38647256, ext. 5841, e–mail: khanh@cse.hcmut.edu.vn).

² Faculty of Computer Science & Engineering, HCMC University of Technology, VNUHCM, Ho Chi Minh City, Vietnam (phone:+84–8–38647256, ext. 5842, e–mail: huyenttp@cse.hcmut.edu.vn).

Manuscript received June 29, 2009. ]]> Manuscript accepted for publication November 17, 2009.

Abstract

Non–repudiation in e–commerce has recently gained a lot of interest but its successor brother, non–repudiation in m–commerce, is still at the start. In this paper, we propose an extension of existing mobile payment models to introduce an extended mobile payment service (EMPS) model, which is based on assumptions about the cooperation between mobile network operators and financial institutions to deal with different payment amounts ranging from micro to macro payment. The novel model focuses on enhancement of non–repudiation problem. Fair non–repudiation protocols are developed for not only payment phase but also other phases in a typical m–commerce transaction, including price negotiation and content delivery. Joint signatures method is used in protocols to overcome the limitations in mobile handheld device capability and to reduce the trust dependence totally on the payment service. As with the proposed non–repudiation protocols, EMPS plays the role of a semi–trusted third party and is an indispensable factor for creating the fairness property. Non–repudiation analyses of these protocols are also conducted besides some guidelines for ensuring non–repudiation in m–commerce.

Key words: Communication system security, M–commerce security, non–repudiation, semi–trusted 3^rd party, payment model.

DESCARGAR ARTÍCULO EN FORMATO PDF

REFERENCES

[1] L. He and N. Zhang, "A New Signature Scheme: Joint Signature," in ACM Symposium on Applied Computing, 2004, pp. 807 – 812.         [ Links ]

[2] J. Liu, J. Liao, and X. Zhu, "A System Model and Protocol for Mobile Payment," in Proc. of IEEE International Conference on e–Business Engineering, 2005, pp. 638 – 641.         [ Links ]

[3] R. K. Tiwari, "Fair Non Repudiation in Mobile Communication using Joint Signatures," in Proc. of IEEE International Conference on Personal Wireless Communication, 2005, pp. 438 – 440.         [ Links ]

[4] L. He and N. Zhang, "An asymmetric authentication protocol for M–Commerce applications," in Proc. of IEEE International Symposium on Computers and Communication, Vol. 1, 2003, pp. 244 – 250.         [ Links ]

[5] C. Chen, H. Lin, Y. Chen, and J. Jan, "A Fair Transaction Model in Mobile Commerce," in Proc. of IEEE International Symposium on Signal Processing and Information Technology, 2006.         [ Links ]

[6] S. Kremer, O. Markowitch, and J. Zhou, "An Intensive Survey of Non–repudiation Protocols," Computer Communications, pp. 1606 – 1621, 2002.         [ Links ]

[7] Jianying Zhou, "Non–repudiation in Electronic Commerce," Artech House Computer Security Series, 2001.         [ Links ]

[8] S. Kungpisdan, B. Srinivasan, and P. D. Le, "A Secure Account–Based Mobile Payment Protocol," in Proc. of International Conference on Information Technology: Coding and Computing, 2004, pp. 35 – 39.         [ Links ]

[9] A. Vilmos and S. Karnouskos, "SEMOPS: Design of a New Payment Service," in Proc. of International Workshop on Database and Expert Systems Applications, 2003, pp. 865 – 869.         [ Links ]

[10] S. Nambiar and C.T. Lu, "M–Payment Solutions and M–Commerce Fraud Management," as Chapter IX of Book: Advances in Security and Payment Methods for Mobile Commerce, pp. 192 – 213, Idea Group Inc., 2005.         [ Links ]

[11] C. Lee, W. Hu, and J. Yeh, "A System Model for Mobile Commerce", in Proc. of International Conference on Distributed Computing Systems Workshops, 2003, pp. 634 – 639.         [ Links ]

[12] ISO/IEC 10181–4. Information Technology – Open Systems Interconnection – Security Frameworks in Open System – Part 4: Non–repudiation Framework, ISO/IEC, 1996.         [ Links ]

[13] S. Nambiar, C.T. Lu, and L.R. Liang, "Analysis of Payment Transaction Security in Mobile Commerce," in Proc. of IEEE International Conference on Information Reuse and Integration, 2004, pp. 475 – 480.         [ Links ]

NOTE

This work was supported in part by Advances in Security & Information Systems (ASIS) Lab, Faculty of Computer Science & Engineering, HCMUT, Vietnam.