Skip to main content
SpringerLink
Log in

Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model

  • Published:
Computing Aims and scope Submit manuscript

Abstract

Many mobile payment systems have emerged in the last few years which allow payments for services and goods from mobile devices. However, most of them have been based on a scenario where all the entities are directly connected to each other (formally called the full connectivity scenario) and do not consider those situations where the client cannot directly communicate with the merchant. We present the design and the implementation of an anonymous secure payment protocol based on the payment gateway centric scenario for mobile environments where the client cannot communicate directly with the merchant to process the payment request. Our proposed payment protocol uses symmetric-key operations because of their low computational requirements. We present a performance evaluation of the proposed payment protocol in a real environment. Performance results obtained with the implemented protocol demonstrate that our protocol achieves a small execution time (11.68 s) for a payment transaction using a mobile phone and a restricted scenario which causes only a slight increase in the number of the steps necessary to complete a payment transaction as a result of the lack of direct communication between the client and the merchant.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. The BigInteger class is a library available in JAVA which allows the representation of very large numbers.

References

  1. Asokan N, Janson PA, Steiner M, Waidner M (1997) The state of the art in electronic payment systems. IEEE Comput 30(9):28–35

    Article  Google Scholar 

  2. Yu HC, Hsi KH, Kuo PJ (2002) Electronic payment systems: an analysis and comparison of types. Technol Soc 24(3):331–347

    Article  Google Scholar 

  3. Kungpisdan S (2005) Design and analysis of secure mobile payment systems. PhD thesis, Monash University

  4. González JAO (2006) Multi-party non-repudation protocols and applications. PhD thesis, University of Malaga (Campus de Teatinos)

  5. Leavitt N (2010) Payment applications make e-commerce mobile. Computer 43(12):19–22

    Article  Google Scholar 

  6. Antovski L, Gusev M (2003) M-payments. In: 25th international conference on informafion technology inferfaces (ITI’2003), pp 16–19

  7. Siau K, Sheng H, Nah FFH (2004) The value of mobile commerce to customers. Third annual workshop on HCI research in MIS, pp 65–69

  8. Song X (2001) Mobile payment and security. Helsinki University of Technology Telecommunications Software and Multimedia Laboratory. http://www.tml.tkk.fi/Studies/T-110.501/2001/papers/xing.song.pdf

  9. Kshetri N (2012) Mobile payments in emerging markets. IT Prof 14(4):9–13

    Article  Google Scholar 

  10. Chita Kiran N, Kumar GN (2011) Building robust m-commerce payment system on offline wireless network. In: IEEE 5th international conference on advanced networks and telecommunication systems (ANTS’ 2011), pp 1–3

  11. Hu ZY, Liu YW, Hu X, Li JH (2004) Anonymous micropayments authentication (ama) in mobile data network. In: 23rd annual joint conference of the IEEE computer and communications societies (INFOCOM’2004), pp 46–53

  12. Hwang RJ, Shiau SH, Jan DF (2007) A new mobile payment scheme for roaming services. Electron Commer Res Appl 6(2):184–191

    Article  Google Scholar 

  13. Martinez-Pelaez R, Rico-Novella FJ, Satizabal C (2010) Study of mobile payment protocols and its performance evaluation on mobile devices. Int J Inf Technol Manag 9(3):337–356

    Google Scholar 

  14. Chari S, Kermani P, Smith S, Tassiulas L (2001) Security issues in m-commerce: a usage-based taxonomy. E-commerce agents, marketplace solutions, security issues, and supply and demand, pp 264–282

  15. Hall J, Kilbank S, Barbeau M, Kranakis E (2001) Wpp A secure payment protocol for supporting credit-and debit-card transactions over wireless networks. In: International conference on telecommunications (ICT’2001)

  16. Hong Wang EK (2003) Secure wireless payment protocol. International conference on wireless networks, pp 576–582

  17. Lei Y, Chen D, Jiang Z (2004) Generating digital signatures on mobile devices. In: 8th international conference on advanced information networking and applications (AINA’2004), pp 532–535

  18. Misra SK, Wickramasinghe N (2004) Security of a mobile transaction: a trust model. Electron Commer Res 4(4):359–372

    Article  Google Scholar 

  19. Hassinen M, Hyppönen K, Haataja K (2006) An open, pki-based mobile payment system. In: International conference emerging trends in information and communication security (ETRICS’2006), pp 86–100

  20. Kumar SBR, Rabara SA (2010) Mpcs: secure account-based mobile payment system. Int J Inf Process Manag 1(1):59–69

    Google Scholar 

  21. Alizadeh MV, Moghaddam RA, Momenebellah S (2011) New mobile payment protocol: mobile pay center protocol (mpcp). In: 3rd international conference on electronics computer technology (ICECT)’2011), pp 74–78

  22. Brahma M, Patra GK, Thangavelu RP, Kumar VA (2011) Mobile based payment model for hpc clouds. In: International conference on recent trends in information technology (ICRTIT’ 2011), pp 189–193

  23. Buccafurri F, Lax G (2011) Implementing disposable credit card numbers by mobile phones. Electron Commer Res 11(3):271–296

    Article  MATH  Google Scholar 

  24. Launiainen T (2009) A comparison of mobile authentication methods. http://www.cse.tkk.fi/en/publications/B/5/papers/Launiainen_final.pdf

  25. Shuai F, You J, Zhensong L (2010) Research on symmetric key-based mobile payment protocol security. In: IEEE international conference on information theory and information, security (ICITIS’2010), pp 340–344

  26. Bellare M, Rogaway P (1993) Entity authentication and key distribution. In: Advances in cryptology (CRYPTO’1993), pp 232–249

  27. Kohl J, Neuman BC (1993) The kerberos network authentication service (version 5). Technical report, IETF RFC1510

  28. Neuman BC, Ts’o T (1994) Kerberos: an authentication service for computer networks. IEEE Commun 32(9):33–38

    Article  Google Scholar 

  29. Ford W (1995) Advances in public-key certificate standards. ACM SIGSAC Rev 13(3):9–15

    Article  Google Scholar 

  30. Housley R, Ford W, Polk W, Solo D (1999) Internet x.509 public key infrastructure certificateand crl profile. Technical report, IETF RFC2459

  31. Bakhtiari S, Baraani A, Khayyambashi MR (2009) Mobicash: A new anonymous mobile payment system implemented by elliptic curve cryptography. World Congress on computer science and information engineering, pp 286–290

  32. Vincent OR, Folorunso O, Akinde A (2010) Improving e-payment security using elliptic curve cryptosystem. Electron Commer Res 10(1):27–41

    Article  MATH  Google Scholar 

  33. Wu X, Dandash O, Le PD, Srinivasan B (2006) The design and implementation of a wireless payment system. In: First international conference on communication system software and middleware (Comsware’2006), pp 1–5

  34. Torres J, Carbonell M, Téllez J, Sierra JM (2008) Application of network smart cards to citizens identification systems. In: Smart card research and advanced applications, 8th IFIP WG 8.8/11.2 international conference (CARDIS’2008), pp 241–254

  35. Gao J, Kulkarni V, Ranavat H, Chang L (2009) A 2d barcode-based mobile payment system. In: Third international conference on multimedia and ubiquitous, engineering (MUE’2009), pp 320–329

  36. Lee J, Cho CH, Jun MS (2011) Secure quick response-payment(qr-pay) system using mobile device. In: 13th international conference on advanced communication technology (ICACT’2011), pp 1424–1427

  37. Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634

    Article  Google Scholar 

  38. Xi K, Ahmad T, Han F, Hu J (2010) A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment. Secur Commun Netw 4(5):487–499

    Google Scholar 

  39. Asokan N (1994) Anonymity in mobile computing environment. In: First workshop on mobile computing systems and applications (WMCSA’1994), pp 200–204

  40. Isaac JT, Camara JS, Manzanares AI, Márquez JT (2006) Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices. J. Theor. Appl. Electron. Commer. Res. 1(2):1–11

    Google Scholar 

  41. Isaac JT, Cámara JS (2007) A secure payment protocol for restricted connectivity scenarios in m-commerce. In: 8th international conference E-commerce and web technologies (EC-Web’2007), pp 1–10

  42. Isaac JT, Zeadally S, Camara JS (2010) Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electron Commer Res 10(2):209–233

    Article  MATH  Google Scholar 

  43. Sekhar VC, Sarvabhatla M (2012) A secure kiosk centric mobile payment protocol using symmetric key techniques. In: 7th IEEE international conference on industrial and, information systems (ICIIS’2012), pp 1–6

  44. Li W, Wen Q, Su Q, Zhengping, (2012) An efficient and secure mobile payment protocol for restricted connectivity scenarios in vehicular ad hoc network. Comput Commun 35(2):188–195

  45. Isaac JT, Zeadally S, Camara JS (2012) A lightweight secure mobile payment protocol for vehicular ad-hoc networks (vanets). Electron Commer Res 12(1):97–123

    Article  Google Scholar 

  46. Isaac JT, Zeadally S (2012) An anonymous secure payment protocol in a payment gateway centric model. Proc Comput Sci 10:758–765

    Article  Google Scholar 

  47. Abad-peiro JL, Asokan N, Steiner M, Waidner M (1997) Designing a generic payment service. IBM Syst J 37(1):72–88

    Article  Google Scholar 

  48. Kungpisdan S, Srinivasan B, Le PD (2003) Lightweight mobile credit-card payment protocol. In: 4th international conference on cryptology in India (Progress in Cryptology, INDOCRYPT’2003), pp 295–308

  49. Krawczyk H, Bellare M, Canetti R (1997) Hmac: keyed-hashing for message authentication (rfc 2104)

  50. Bellare M, Garay JA, Hauser R, Herzberg A, Krawczyk H, Steiner M, Tsudik G, Herreweghen EV, Waidner M (2000) Design, implementation, and deployment of the ikp secure electronic payment system. IEEE J Select Areas Commun 18(4):611–627

    Article  Google Scholar 

  51. Mastercard Visa (1997) Set protocol specifications book, pp 1–3

  52. Toh BTS, Kungpisdan S, Le PD (2004) Ksl protocol: design and implementation. In: IEEE conference on cybernetics and intelligent systems, pp 544–549

  53. Sun Microsystem (2008) Java platform, micro edition (java me), api specification. http://java.sun.com/javame/index.jsp

  54. Fun TS, Beng LY, Likoh J, Roslan R (2008) A lightweight and private mobile payment protocol by using mobile network operator. International conference on computer and communication engineering, pp 162–166

  55. Sun Microsystem (2008) Java platform, micro edition (java se) v 1.6.0, api specification. http://java.sun.com/javase/index.jsp

  56. Zhao H, Muftic S (2011) The concept of secure mobile wallet. In: World congress on internet, security (WorldCIS’2011), pp 54–58

  57. The Legion of the Bouncy Castle (2008) The legion of the bouncy castle java cryptography apis version 1.4. http://www.bouncycastle.org

  58. NIST (2001) Fips pub 197 advance encryption standard (aes). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  59. Sánchez-Avila C, Sánchez-Reillol R (2001) The rijndael block cipher (aes proposal): a comparison with des. In: 35th IEEE international Carnahan conference on security, technology, pp 229–234

  60. Menezes A, Oorschot PV, Vanstone S (1997) Handbook of applied cryptography. CRC Press Inc, Boca Raton

    MATH  Google Scholar 

  61. Yuan MJ (2003) Enterprise J2ME: developing mobile Java applications. PTR, Prentice Hall

    Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewers for their constructive comments which helped us improve the presentation and quality of this paper. Sherali Zeadally was partially supported by a District of Columbia NASA Space Grant during the course of this work.

Author information

Authors and Affiliations

  1. Computer Science Department (Facyt) Av. Universidad, Universidad de Carabobo, Sector Bárbula, Valencia, Venezuela

    Jesús Téllez Isaac

  2. Department of Computer Science and Information Technology, University of the District of Columbia, Washington, D.C., 20008, USA

    Sherali Zeadally

Authors
  1. Jesús Téllez Isaac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sherali Zeadally
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sherali Zeadally.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Isaac, J.T., Zeadally, S. Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model. Computing 96, 587–611 (2014). https://doi.org/10.1007/s00607-013-0306-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-013-0306-4

Keywords

Mathematics Subject Classification

Search

Navigation