SlideShare a Scribd company logo

Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area

Download as PPTX, PDF
J
JuntaoGao

This slide was presented in the CSEC conference 2014 in Japan.

Mobile
1 of 28
Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area Ojetunde Babatunde Nara Institute of Science and Technology Division of Foundations of Software
Introduction (1/2) One of the major problems in disaster areas  People have no cash at hand to buy necessary amenities 2
Introduction (2/2)  Due to non-availability of network infrastructure  People have no access to  Their bank account  Electronic transaction  An infrastructureless Payment System is required 3
Many researches are conducted on Mobile Payment Systems Related Work on Payment System  Online service1  Computation overhead1  Privacy of users1  Compensate users2  Work without third party vendor2 [1] Hu, Z., Liu, Y., Hu, X., and Li, J.: Anonymous Micropayments Authentication (AMA) in Mobile Data Network, IEEE INFOCOM 2004, Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies Issue: 7 March (2004) [2] Chitra Kiran, N., and Kumar, G. N.: Implication of Secure Micropayment System Using Process Oriented Structural Design by Hash chain in Mobile Network, IJCSI International Journal of Computer Science, Issues, Vol. 9, Issue 1, No 2, January (2012)  No mobile payment system developed for disaster areas 4
Main Contributions to Mobile Payment System • Dynamic topology • Disconnected network • It takes two days to communicate with the bank MANETs Issues • Authentication issues • Impersonation • Double spending • Resetting phone Fraudulent Transactions • Money is deducted online real-time through direct access to bank No need for merchants to trust users  Mobile payment system for disaster areas  Need no connection to the bank to work  Avoid fraud  Users account balance is checked by surrounding mobile nodes  Guarantee payment of each transaction by endorsing Challenges Contributions 5
Customer Merchant Bank/MP Service provider Customer Merchant Send transaction order Forward payment information Deduct money from the customer’s account Supply the item to the customer Merchant and customer agree to start transaction 6 Normal Transaction Without Disaster (1/2)
Normal Transaction Without Disaster (2/2)  This method is not suitable in a disaster area due to the challenges mentioned above  We propose an endorsement based mobile payment system for disaster areas 7
 Introduction  Endorsement Based Mobile Payment System  Schemes to Prevent Attacks  Conclusion Outline 8
 All users are required to register with a Bank in advance  The Bank issues digital certificates to all users at registration  Merchant  Customer  Endorser  Bank  We assume that all users except the bank are in the disaster area Endorsement Based Mobile Payment System (1/8) Registration process 9
Endorsement Based Mobile Payment System (2/8) Merchant Customer A Send transaction order “ I want to buy an apple from you” Merchant Verify the customer using pre- digitally signed picture Customer A 10
How to check the Identity of a Customer  A user sends digitally signed picture to merchant  Merchant checks and compares digitally signed picture with customer’s appearance  Merchant confirms the digital signature of the bank  Another kind of biometric authentication can also be used for verification 11
Merchant Bank/MP Service provider Forwards the forms to the Bank “Apple cost $2”  It takes at least two days for a message to get to Bank  No means of confirming customer’s account balance  Network infrastructure is not available  Customer collects his/her money before the bank deducts money for items purchase  Bank will not have money to deduct from customer  Merchant will lose money Endorsement Based Mobile Payment System (3/8) Motivation for Endorsement 12
 To prevent this and allow transaction in a disaster area  We introduce endorsement Merchant Endorsers Create and forward Billing Form “Customer A wants to buy $2 apple. Do you guarantee the transaction?” Endorsement Based Mobile Payment System (4/8)  Merchant forwards the billing form to endorsers  To obtain guarantee that the transaction can be paid by endorsers in case customer fails to pay We assume that endorsers are available during transaction 13
 A person agrees to pay for another person, who fails to pay for an item.  The agreement is made before a disaster happens Endorsement 14
Many Challenges of Endorsement Based Payment System 1 Endorsers What Happen?  If endorsers are not available  Frequent change in topology of networks  Transaction cannot be successfully completed without an endorser  A customer can have more than one endorser  If one endorser is not available another endorser can endorse  Reduce endorser’s liability  Endorsers are rewarded for successful transaction 15
MerchantEndorsers Authenticate the Merchant and Create endorsement form “I guaranteed customer A purchase of $2 apple” Endorsement Based Mobile Payment System (5/8)  Endorsers send endorsement form back to the merchant 16
Merchant Bank/MP Service provider Forward the forms to the Bank “Customer A bought an apple at $2”  It takes at least two days for a message to get to Bank Endorsement Based Mobile Payment System (6/8) Send transaction confirmation to customer and endorsers Deliver items to customer Merchant Customer A Endorsers 17
Merchant Bank/MP Service provider Bank pays merchant “Pay merchant $2” Customer A Bank/MP Service provider Deduct responding money from customer’s account “Deduct $2 from customer A’s account”  The bank authenticates all users and checks for consistency of messages 18 Endorsement Based Mobile Payment System (7/8)
Bank/MP Service provider Endorsers Deduct money from endorsers “Deduct $2 from endorsers” Send acknowledgement to Merchant, Customer and Endorser Customer A Merchant  Endorser may have no money or collude with a customer  Mechanism to check endorser balance  We assume that some endorsers will pay  However, if there is no money in customer’s account 19 Endorsement Based Mobile Payment System (8/8)
 Introduction  Endorsement Based Mobile Payment System  Schemes to Prevent Attacks  Conclusion Outline 20
 Customer and endorsers may carry out  Reset and Recovery attacks  A reset and recovery is when a user,  Backups all data  Resets phone to default state  Recovers all data already used  Reset attack cannot be detected if there is no network connection  We assume that,  Most but not all users are trustable  Most of the users do not change location often Many Challenges of Endorsement Based Payment System 2 21 Reset and Recovery Attack
 Customer and endorsers can collude to do fraud  Customer A has no money  Endorsers have no money  There is no means of confirming endorsers account balance  Endorsers will endorse many transactions without paying 22 Many Challenges of Endorsement Based Payment System 3 Collusion Attack
Monitoring Based on Location Information • Proof user are in a particular location … One-time Session Token • Prevent user from using same message E-coin •Confirm amount in user account Blind Signature • Ensure anonymity of message Schemes to Prevent Attacks 23
Preventing Collusion and Checking Balance Bank creates unique tokens called e-coin Users account balance is divided into e- coins of same amount of money Customer ¥10,000 eT1, eT2, eT3, ….. eT10 E-coin is limited to endorsers  The e-coin contains  Customer ID  E-coin identifier  GPS coordinates  HELLO message interval  Monitoring customer signature  Only bank can encode the ID and identifier  Endorser attaches e-coin to endorsement  Bank deletes e-coin from endorser account if a customer defaults  If a customer does not default, the bank reissues e- coin with new identifier  Endorsement without e-coin is rejected E-coin 24
Preventing Reset Attack (1/2) User User Customer User User User User User Each user constantly exchanges HELLO message to show their respective location HELLO HELLO HELLO HELLO HELLO: Customer ID GPS Coordinates HELLO HELLO HELLO:  If a user stays in a location for a long time  Other users monitor their transactions  If a user fails to broadcast HELLO messages  Not in range  Lost of connection  If a user phone is lost or turned off  Cannot provide collected HELLO messages  Find endorsers  Provide endorser’s confirmation GPS coordinates in HELLO message constantly replace the e-coin GPS coordinates Intervals between HELLO messages are added to e-coin Monitoring Based on Location 25
 Allows a person to get a message signed by another party without revealing the message Original Message Envelope containing Message and Carbon paper Signature Envelope is signed (by signer) Message has now been signed Signature Sent to Signer Envelope Removed Binding Process  There is an existing research on how to get digital blind signature Blind Signature Scheme Preventing Reset Attack (2/2) 26
 The techniques stated above are adopted to prevent attacks  Reset and Recovery attacks  Collusion attack  A Customer or endorsers  Blinds the message  Broadcasts the message to other users  Monitoring customer  Checks GPS coordinates and HELLO message intervals  Checks e-coin attached to the endorsement message  Creates one-time session token and appends to message  Signs message with his/her digital signature Preventing Attacks 27
Conclusion  Proposed a new mobile payment system by  Adopting infrastructureless mobile ad-hoc networks (MANETs)  Allowing users to purchase amenities in disaster areas  Providing secure transactions  Users authenticates each other without a network connection a third party  Users anonymity is protect by using user’s nickname  Ensures confidentiality of messages and transaction  Ensures integrity  Reliability of transaction messages  The proposed system suits the limitation of mobile payment transaction in a disaster area 28

Recommended

ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ijcsit
 
Direct Debit Services
Direct Debit ServicesDirect Debit Services
Direct Debit Services
AbhinavKofner
 
Lecture 4 e commerce 2 payment systems
Lecture 4 e commerce 2 payment systemsLecture 4 e commerce 2 payment systems
Lecture 4 e commerce 2 payment systems
Kopapcalvince
 
E Payment System Introduction Of Large Value Payment System
E Payment System Introduction Of Large Value Payment SystemE Payment System Introduction Of Large Value Payment System
E Payment System Introduction Of Large Value Payment System
Hai Vu
 
Direct Debit System
Direct Debit SystemDirect Debit System
Direct Debit System
Newgen Software Technologies Limited
 
Presentation on Electronic Fund Transfer
Presentation on Electronic Fund TransferPresentation on Electronic Fund Transfer
Presentation on Electronic Fund Transfer
PRINSHU SINGH
 
E money guide presentation
E money guide presentationE money guide presentation
E money guide presentation
Camilo Tellez
 
Security and trust in e payment
Security and trust in e paymentSecurity and trust in e payment
Security and trust in e payment
حمد الشلوي
 

Recommended

ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ijcsit
 
Direct Debit Services
Direct Debit ServicesDirect Debit Services
Direct Debit Services
AbhinavKofner
 
Lecture 4 e commerce 2 payment systems
Lecture 4 e commerce 2 payment systemsLecture 4 e commerce 2 payment systems
Lecture 4 e commerce 2 payment systems
Kopapcalvince
 
E Payment System Introduction Of Large Value Payment System
E Payment System Introduction Of Large Value Payment SystemE Payment System Introduction Of Large Value Payment System
E Payment System Introduction Of Large Value Payment System
Hai Vu
 
Direct Debit System
Direct Debit SystemDirect Debit System
Direct Debit System
Newgen Software Technologies Limited
 
Presentation on Electronic Fund Transfer
Presentation on Electronic Fund TransferPresentation on Electronic Fund Transfer
Presentation on Electronic Fund Transfer
PRINSHU SINGH
 
E money guide presentation
E money guide presentationE money guide presentation
E money guide presentation
Camilo Tellez
 
Security and trust in e payment
Security and trust in e paymentSecurity and trust in e payment
Security and trust in e payment
حمد الشلوي
 
An Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster AreaAn Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster Area
Naoki Shibata
 
Ch 2
Ch 2Ch 2
Ch 2
Muhammad Hijab
 
electronic payment system
electronic payment system electronic payment system
electronic payment system
RonakJain191
 
Electronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platformElectronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platform
Mohammad Smoke
 
Electronic payment system (e-payment)
Electronic payment system (e-payment)Electronic payment system (e-payment)
Electronic payment system (e-payment)
hmnasim15
 
Electronic payment systems
Electronic payment systemsElectronic payment systems
Electronic payment systems
Rajiv Sikroria
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment System
Tushar B Kute
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
Aman Singh (असर)
 
Electronic Fund Transfer (EFT)
Electronic Fund Transfer (EFT)Electronic Fund Transfer (EFT)
Electronic Fund Transfer (EFT)
Ansif Ek
 
Security consideration with e commerce
Security consideration with e commerceSecurity consideration with e commerce
Security consideration with e commerce
StudsPlanet.com
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
Mandar Thakur
 
Chandra e payment system
Chandra e payment systemChandra e payment system
Chandra e payment system
Suresh Chandra
 
ELECTRONIC FUND TRANSFER
ELECTRONIC FUND TRANSFERELECTRONIC FUND TRANSFER
ELECTRONIC FUND TRANSFER
ANANDHU BALAN
 
chapter 7 : electronic banking
chapter 7 : electronic bankingchapter 7 : electronic banking
chapter 7 : electronic banking
Hajar Hafizah
 
E banking & security
E banking & securityE banking & security
E banking & security
Sumeer Sharma
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryption
ijcisjournal
 
10
1010
10
Akash Gokhale
 
Electronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.comElectronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.com
LearnInUrdu.com & Ustaadjee.com
 
Payment system to e commerce business
Payment system to e commerce businessPayment system to e commerce business
Payment system to e commerce business
Qamar Farooq
 
6. electronic payment systems
6. electronic payment systems6. electronic payment systems
6. electronic payment systems
Pratap Tirkey
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146
IJRAT
 
World of mobile payments by Muthu
World of mobile payments by MuthuWorld of mobile payments by Muthu
World of mobile payments by Muthu
Muthu Siva
 

More Related Content

What's hot

An Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster AreaAn Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster Area
Naoki Shibata
 
Electronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platformElectronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platform
Mohammad Smoke
 
Security consideration with e commerce
Security consideration with e commerceSecurity consideration with e commerce
Security consideration with e commerce
StudsPlanet.com
 
chapter 7 : electronic banking
chapter 7 : electronic bankingchapter 7 : electronic banking
chapter 7 : electronic banking
Hajar Hafizah
 
Electronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.comElectronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.com
LearnInUrdu.com & Ustaadjee.com
 
Payment system to e commerce business
Payment system to e commerce businessPayment system to e commerce business
Payment system to e commerce business
Qamar Farooq
 

What's hot (20)

An Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster AreaAn Endorsement Based Mobile Payment System for A Disaster Area
An Endorsement Based Mobile Payment System for A Disaster Area
 
Ch 2
Ch 2Ch 2
Ch 2
 
electronic payment system
electronic payment system electronic payment system
electronic payment system
 
Electronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platformElectronic Payment System via mobile banking platform
Electronic Payment System via mobile banking platform
 
Electronic payment system (e-payment)
Electronic payment system (e-payment)Electronic payment system (e-payment)
Electronic payment system (e-payment)
 
Electronic payment systems
Electronic payment systemsElectronic payment systems
Electronic payment systems
 
MIS 10 Electronic Payment System
MIS 10 Electronic Payment SystemMIS 10 Electronic Payment System
MIS 10 Electronic Payment System
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
 
Electronic Fund Transfer (EFT)
Electronic Fund Transfer (EFT)Electronic Fund Transfer (EFT)
Electronic Fund Transfer (EFT)
 
Security consideration with e commerce
Security consideration with e commerceSecurity consideration with e commerce
Security consideration with e commerce
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
Chandra e payment system
Chandra e payment systemChandra e payment system
Chandra e payment system
 
ELECTRONIC FUND TRANSFER
ELECTRONIC FUND TRANSFERELECTRONIC FUND TRANSFER
ELECTRONIC FUND TRANSFER
 
chapter 7 : electronic banking
chapter 7 : electronic bankingchapter 7 : electronic banking
chapter 7 : electronic banking
 
E banking & security
E banking & securityE banking & security
E banking & security
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryption
 
10
1010
10
 
Electronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.comElectronic payment systems - Presentation by IrfanAnsari.com
Electronic payment systems - Presentation by IrfanAnsari.com
 
Payment system to e commerce business
Payment system to e commerce businessPayment system to e commerce business
Payment system to e commerce business
 
6. electronic payment systems
6. electronic payment systems6. electronic payment systems
6. electronic payment systems
 

Similar to Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area

Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146
IJRAT
 
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
IJRESJOURNAL
 
E-Payment System on E-Commerce in India
E-Payment System on E-Commerce in IndiaE-Payment System on E-Commerce in India
E-Payment System on E-Commerce in India
IJERA Editor
 
Mobile paymentmethodbased on public key
Mobile paymentmethodbased on public keyMobile paymentmethodbased on public key
Mobile paymentmethodbased on public key
IJCNCJournal
 
SDP Global Summit 2012
SDP Global Summit 2012SDP Global Summit 2012
SDP Global Summit 2012
Martin Prosek
 
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTSAN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
ijcsit
 
An Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
An Exploration of the Factors Affecting User's Satisfaction with Mobile PaymentsAn Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
An Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
AIRCC Publishing Corporation
 
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
AIRCC Publishing Corporation
 

Similar to Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area (20)

Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146
 
World of mobile payments by Muthu
World of mobile payments by MuthuWorld of mobile payments by Muthu
World of mobile payments by Muthu
 
Online payment system
Online payment systemOnline payment system
Online payment system
 
Escrow-Style Payment Apps vs Traditional Payment Methods
Escrow-Style Payment Apps vs Traditional Payment MethodsEscrow-Style Payment Apps vs Traditional Payment Methods
Escrow-Style Payment Apps vs Traditional Payment Methods
 
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
Implementing a Secured E-Payment Authorisation System Using Two-Factor Authen...
 
Project security
Project securityProject security
Project security
 
Project security
Project securityProject security
Project security
 
E-Payment System on E-Commerce in India
E-Payment System on E-Commerce in IndiaE-Payment System on E-Commerce in India
E-Payment System on E-Commerce in India
 
Mobile paymentmethodbased on public key
Mobile paymentmethodbased on public keyMobile paymentmethodbased on public key
Mobile paymentmethodbased on public key
 
SDP Global Summit 2012
SDP Global Summit 2012SDP Global Summit 2012
SDP Global Summit 2012
 
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
 
E-payment and E-payment System (EPS) / Classification of E-payment
E-payment and E-payment System (EPS) / Classification of E-paymentE-payment and E-payment System (EPS) / Classification of E-payment
E-payment and E-payment System (EPS) / Classification of E-payment
 
Mobile_Wallet_Acceptance
Mobile_Wallet_AcceptanceMobile_Wallet_Acceptance
Mobile_Wallet_Acceptance
 
Enforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-PaymentEnforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-Payment
 
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYSUNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
 
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTSAN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYMENTS
 
An Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
An Exploration of the Factors Affecting User's Satisfaction with Mobile PaymentsAn Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
An Exploration of the Factors Affecting User's Satisfaction with Mobile Payments
 
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
AN EXPLORATION OF THE FACTORS AFFECTING USERS’ SATISFACTION WITH MOBILE PAYM...
 
Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011Best Practices in Risk Management for Mobile Payments - MRC 2011
Best Practices in Risk Management for Mobile Payments - MRC 2011
 
electronic commerce payment systems
electronic commerce payment systemselectronic commerce payment systems
electronic commerce payment systems
 

Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area

  • 1. Consideration of a Mobile Payment System using Endorsement in MANETs for a Disaster Area Ojetunde Babatunde Nara Institute of Science and Technology Division of Foundations of Software
  • 2. Introduction (1/2) One of the major problems in disaster areas  People have no cash at hand to buy necessary amenities 2
  • 3. Introduction (2/2)  Due to non-availability of network infrastructure  People have no access to  Their bank account  Electronic transaction  An infrastructureless Payment System is required 3
  • 4. Many researches are conducted on Mobile Payment Systems Related Work on Payment System  Online service1  Computation overhead1  Privacy of users1  Compensate users2  Work without third party vendor2 [1] Hu, Z., Liu, Y., Hu, X., and Li, J.: Anonymous Micropayments Authentication (AMA) in Mobile Data Network, IEEE INFOCOM 2004, Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies Issue: 7 March (2004) [2] Chitra Kiran, N., and Kumar, G. N.: Implication of Secure Micropayment System Using Process Oriented Structural Design by Hash chain in Mobile Network, IJCSI International Journal of Computer Science, Issues, Vol. 9, Issue 1, No 2, January (2012)  No mobile payment system developed for disaster areas 4
  • 5. Main Contributions to Mobile Payment System • Dynamic topology • Disconnected network • It takes two days to communicate with the bank MANETs Issues • Authentication issues • Impersonation • Double spending • Resetting phone Fraudulent Transactions • Money is deducted online real-time through direct access to bank No need for merchants to trust users  Mobile payment system for disaster areas  Need no connection to the bank to work  Avoid fraud  Users account balance is checked by surrounding mobile nodes  Guarantee payment of each transaction by endorsing Challenges Contributions 5
  • 6. Customer Merchant Bank/MP Service provider Customer Merchant Send transaction order Forward payment information Deduct money from the customer’s account Supply the item to the customer Merchant and customer agree to start transaction 6 Normal Transaction Without Disaster (1/2)
  • 7. Normal Transaction Without Disaster (2/2)  This method is not suitable in a disaster area due to the challenges mentioned above  We propose an endorsement based mobile payment system for disaster areas 7
  • 8.  Introduction  Endorsement Based Mobile Payment System  Schemes to Prevent Attacks  Conclusion Outline 8
  • 9.  All users are required to register with a Bank in advance  The Bank issues digital certificates to all users at registration  Merchant  Customer  Endorser  Bank  We assume that all users except the bank are in the disaster area Endorsement Based Mobile Payment System (1/8) Registration process 9
  • 10. Endorsement Based Mobile Payment System (2/8) Merchant Customer A Send transaction order “ I want to buy an apple from you” Merchant Verify the customer using pre- digitally signed picture Customer A 10
  • 11. How to check the Identity of a Customer  A user sends digitally signed picture to merchant  Merchant checks and compares digitally signed picture with customer’s appearance  Merchant confirms the digital signature of the bank  Another kind of biometric authentication can also be used for verification 11
  • 12. Merchant Bank/MP Service provider Forwards the forms to the Bank “Apple cost $2”  It takes at least two days for a message to get to Bank  No means of confirming customer’s account balance  Network infrastructure is not available  Customer collects his/her money before the bank deducts money for items purchase  Bank will not have money to deduct from customer  Merchant will lose money Endorsement Based Mobile Payment System (3/8) Motivation for Endorsement 12
  • 13.  To prevent this and allow transaction in a disaster area  We introduce endorsement Merchant Endorsers Create and forward Billing Form “Customer A wants to buy $2 apple. Do you guarantee the transaction?” Endorsement Based Mobile Payment System (4/8)  Merchant forwards the billing form to endorsers  To obtain guarantee that the transaction can be paid by endorsers in case customer fails to pay We assume that endorsers are available during transaction 13
  • 14.  A person agrees to pay for another person, who fails to pay for an item.  The agreement is made before a disaster happens Endorsement 14
  • 15. Many Challenges of Endorsement Based Payment System 1 Endorsers What Happen?  If endorsers are not available  Frequent change in topology of networks  Transaction cannot be successfully completed without an endorser  A customer can have more than one endorser  If one endorser is not available another endorser can endorse  Reduce endorser’s liability  Endorsers are rewarded for successful transaction 15
  • 16. MerchantEndorsers Authenticate the Merchant and Create endorsement form “I guaranteed customer A purchase of $2 apple” Endorsement Based Mobile Payment System (5/8)  Endorsers send endorsement form back to the merchant 16
  • 17. Merchant Bank/MP Service provider Forward the forms to the Bank “Customer A bought an apple at $2”  It takes at least two days for a message to get to Bank Endorsement Based Mobile Payment System (6/8) Send transaction confirmation to customer and endorsers Deliver items to customer Merchant Customer A Endorsers 17
  • 18. Merchant Bank/MP Service provider Bank pays merchant “Pay merchant $2” Customer A Bank/MP Service provider Deduct responding money from customer’s account “Deduct $2 from customer A’s account”  The bank authenticates all users and checks for consistency of messages 18 Endorsement Based Mobile Payment System (7/8)
  • 19. Bank/MP Service provider Endorsers Deduct money from endorsers “Deduct $2 from endorsers” Send acknowledgement to Merchant, Customer and Endorser Customer A Merchant  Endorser may have no money or collude with a customer  Mechanism to check endorser balance  We assume that some endorsers will pay  However, if there is no money in customer’s account 19 Endorsement Based Mobile Payment System (8/8)
  • 20.  Introduction  Endorsement Based Mobile Payment System  Schemes to Prevent Attacks  Conclusion Outline 20
  • 21.  Customer and endorsers may carry out  Reset and Recovery attacks  A reset and recovery is when a user,  Backups all data  Resets phone to default state  Recovers all data already used  Reset attack cannot be detected if there is no network connection  We assume that,  Most but not all users are trustable  Most of the users do not change location often Many Challenges of Endorsement Based Payment System 2 21 Reset and Recovery Attack
  • 22.  Customer and endorsers can collude to do fraud  Customer A has no money  Endorsers have no money  There is no means of confirming endorsers account balance  Endorsers will endorse many transactions without paying 22 Many Challenges of Endorsement Based Payment System 3 Collusion Attack
  • 23. Monitoring Based on Location Information • Proof user are in a particular location … One-time Session Token • Prevent user from using same message E-coin •Confirm amount in user account Blind Signature • Ensure anonymity of message Schemes to Prevent Attacks 23
  • 24. Preventing Collusion and Checking Balance Bank creates unique tokens called e-coin Users account balance is divided into e- coins of same amount of money Customer ¥10,000 eT1, eT2, eT3, ….. eT10 E-coin is limited to endorsers  The e-coin contains  Customer ID  E-coin identifier  GPS coordinates  HELLO message interval  Monitoring customer signature  Only bank can encode the ID and identifier  Endorser attaches e-coin to endorsement  Bank deletes e-coin from endorser account if a customer defaults  If a customer does not default, the bank reissues e- coin with new identifier  Endorsement without e-coin is rejected E-coin 24
  • 25. Preventing Reset Attack (1/2) User User Customer User User User User User Each user constantly exchanges HELLO message to show their respective location HELLO HELLO HELLO HELLO HELLO: Customer ID GPS Coordinates HELLO HELLO HELLO:  If a user stays in a location for a long time  Other users monitor their transactions  If a user fails to broadcast HELLO messages  Not in range  Lost of connection  If a user phone is lost or turned off  Cannot provide collected HELLO messages  Find endorsers  Provide endorser’s confirmation GPS coordinates in HELLO message constantly replace the e-coin GPS coordinates Intervals between HELLO messages are added to e-coin Monitoring Based on Location 25
  • 26.  Allows a person to get a message signed by another party without revealing the message Original Message Envelope containing Message and Carbon paper Signature Envelope is signed (by signer) Message has now been signed Signature Sent to Signer Envelope Removed Binding Process  There is an existing research on how to get digital blind signature Blind Signature Scheme Preventing Reset Attack (2/2) 26
  • 27.  The techniques stated above are adopted to prevent attacks  Reset and Recovery attacks  Collusion attack  A Customer or endorsers  Blinds the message  Broadcasts the message to other users  Monitoring customer  Checks GPS coordinates and HELLO message intervals  Checks e-coin attached to the endorsement message  Creates one-time session token and appends to message  Signs message with his/her digital signature Preventing Attacks 27
  • 28. Conclusion  Proposed a new mobile payment system by  Adopting infrastructureless mobile ad-hoc networks (MANETs)  Allowing users to purchase amenities in disaster areas  Providing secure transactions  Users authenticates each other without a network connection a third party  Users anonymity is protect by using user’s nickname  Ensures confidentiality of messages and transaction  Ensures integrity  Reliability of transaction messages  The proposed system suits the limitation of mobile payment transaction in a disaster area 28