Skip to main content
Log in

Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

The popularity of handheld mobile devices and deployment of the public key infrastructure in many parts of the world have led to the development of electronic commerce on mobile devices. For the current version of mobile phones, the main challenge is the limited computing capacity on these devices for PKI-based end-to-end secure transactions. This paper presents a new architecture and protocol for authentication and key exchange as well as the supporting infrastructure that is suitable for the mobile phone environment. The system requirements and our solutions in addressing these requirements in the restrictive environment are discussed. An evaluation of the system performance is also included. The system has been implemented and is supporting some real-life applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. A. Aziz and W. Diffie, “Privacy and authentication for wireless local area networks,” IEEE Personal Commun. 1, 1994, 25-31.

    Google Scholar 

  2. M. J. Beller, L.-F. Chang, and Y. Yacobi, “Privacy and authentication on a portable communication system,” IEEE J. Selected Areas Commun. 11, August 1993, 821-829.

    Google Scholar 

  3. S. Blake-Wilson, D. Johnson, and A. Menezes, “Key agreement protocols and their security analysis,” in Sixth IMA Internat. Conf. on Cryptography and Coding, December 1997.

  4. U. Carlsen, “Optimal privacy and authentication on a portable communications system,” ACM Operating Systems Rev. 28(3), 1994, 16-23.

    Google Scholar 

  5. J. Clark and J. Jacob, “A survey of authentication protocol literature: Version 1.0,” http://www.cs.york. ac.uk/jac/papers/drareview.ps.gz, 17 November 1997.

  6. T. Dierks and C. Allen, “The TLS protocols version 1.0,” RFC 2246, 1999, ftp://ftp.isi.edu/in-notes/rfc2246.txt.

  7. W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory 22(6), 1976, 644-654.

    Google Scholar 

  8. “GSM system security study,” RACAL Research, http://jya.com/gsm061088.htm, 1998.

  9. Hongkong Post e-Cert, http://www.hongkongpost.gov.hk.

  10. Java Card API 2.1, Sun Microsystems, http://java.sun.com/products/javacard.

  11. K. H. Lee and S. J. Moon, “AKA protocols for mobile communications,” in Proc. of the 5th Australasian Conf. on Information Security and Privacy (ACISP 2000), 2000, pp. 400-411.

  12. C. H. Lim and P. J. Lee, “Several practical protocols for authentication and key exchange,” Inform. Process. Lett. 53, 1995, 91-96.

    Google Scholar 

  13. H.-Y. Lin and L. Harn, “Authentication protocols with nonrepudiation services in personal communication systems,” IEEE Commun. Lett. 3(8), 1999, 236-238.

    Google Scholar 

  14. R. Needham and M. Schroeder, “Using encryption for authentication in large networks of computers,” Commun. ACM 21(12), 1978.

  15. “Secure Socket Layer (SSL) version 3.0,” http://home.netscape.com/eng/ssl3.

  16. “Specification of the SIM application toolkit for the Subscriber Identity Module — Mobile Equipment (SIMME) Interface (GSM11.14 version 7.1.0 release 1998),” European Telecommunications Standards Institute.

  17. “Specification of the SIM application toolkit for the Subscriber Identity Module — Mobile Equipment (SIMME) interface (3GPP TS 11.14 version 8.5.0),” ETSI, 1999.

  18. “Wireless application protocol architecture specification version 30 April 1998,” Wireless Application Protocol Forum, http://www.wapforum.org.

  19. “Wireless transaction protocol specification version 05 November 1999,” Wireless Application Protocol Forum, http://www.wapforum.org.

  20. “Wireless application protocol wireless transport layer security specification version 18 February 2000,” Wireless Application Protocol Forum, http://www.wapforum.org.

  21. Y. Zheng, “An authentication and security protocol for mobile computing,” in Proc. of IFIP, September 1996, pp. 249-257.

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chanson, S.T., Cheung, TW. Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce. World Wide Web 4, 235–253 (2001). https://doi.org/10.1023/A:1015160717604

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1015160717604

Navigation