Cryptology ePrint Archive: Report 2014/538

A Secure Cloud-based NFC Mobile Payment Protocol

pardis pourghomi and muhammad qasim saeed and george ghinea

Abstract: Near Field Communication (NFC) is one the most recent technologies in the area of application development and service delivery via mobile phone. NFC enables the mobile phone to act as identification and a credit card for customers. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes they should share their access permissions on the applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing which offers wide range advantages compare to the use of a Secure Element (SE) as a single entity in an NFC enabled mobile phone. In this paper, we propose a protocol based on the concept of NFC mobile payments. Accordingly, we present an extended version of the NFC cloud Wallet model [14], in which, the Secure Element in the mobile device is used for customer authentication whereas the customer's banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). In this circumstance, Mobile Network Operator plays the role of network carrier which is responsible for controlling all the credentials transferred to the end user. The proposed protocol eliminates the requirement of a shared secret between the Point-of-Sale (POS) and the Mobile Network Operator before execution of the protocol, a mandatory requirement in the earlier version of this protocol [16]. This makes it more practicable and user friendly. At the end, we provide a detailed analysis of the protocol where we discuss multiple attack scenarios.

Category / Keywords: Near Field Communication; Security; Mobile transaction; Cloud

Original Publication (with minor differences): International Journal of Advanced Computer Science and Applications

Date: received 10 Jul 2014, withdrawn 31 Oct 2014

Contact author: pardispourghomii at gmail com

Available format(s): (-- withdrawn --)

Version: 20141031:123650 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]