A System For Secure Mobile Payment Transactions

II HELSINKI UNIVERSITY OF TECHNOLOGY ABSTRACT OF MASTER’S THESIS Abstract Author: Teppo Halonen Name of thesis: A System for Secure Mobile Payment Transactions Date: 3 January 2002 Pages: 78 Department: Department of Computer Science and Engineering Chair: Tik-110 Supervisor: Professor Teemupekka Virtanen Instructor: M.Sc. Kimmo Rytkönen A need for secure payment methods in the mobile access channels has arisen as a result of the increase of on-line commerce. Most of the current payment methods that can be used in conducting transactions e.g. on the Internet have major drawbacks either in terms of functionality, usability, costs or security. The only widely accepted way of securely and reliably authorizing electronic payment transactions is through the use of digital signatures in a PKI framework. Organizations like the WAP Forum and MeT Initiative have made efforts to introduce industry standards for bringing PKI capabilities to mobile phones. The WAP version 1.2.1 compliant handsets already come with support for making digital signatures using the wireless identity module WIM. These new capabilities readily lend themselves to implementing mobile payment systems. This thesis work presents a system that makes use of the MeT WPKI framework in implementing electronic payment authorization. The Mobile Payment System interacts with the merchant, the payer and the issuer as well as supporting back-end systems in coordinating secured payment transactions. The system is engineered to be highly scalable and modular in addition to meeting the high security requirements set to it here and in general terms. The Mobile Payment System enables securely authorizing payment transactions using a standard WAP enabled handset. It fulfils all the basic requirements set to it. However, the success of payment systems based on this technology and these concepts, remains to be decided by the markets and consumers. This paper starts by discussing the enabling security technologies and standards that act as the foundation for this work. The issues addressed include public key cryptography, PKIs – especially X.509v3, the WAP security specifications and the MeT specifications. Some systems closely related to or resembling the one created in this thesis, are discussed. The criteria for the work are presented. The system architecture and design of the Mobile Payment System are discussed on a high level. The special issues of the system implementation and testing are presented and finally the work is analyzed to determine how the criteria were met. The work and the findings are finally summarized in the conclusions chapter.