M D NFC P A: Obile Evices Using IN Ayment Pplications
M D NFC P A: Obile Evices Using IN Ayment Pplications
Abstract 2. Survey
Now-a-days people do not face complications and prob- Pourghomi has proposed a model referred as “NFC Cloud
lems of establishing a network of connections between de- Wallet” which deals with a complete transaction mechanism
vices and each other, leading to Near Field Communication based on NFC and GSM networks [1].
(NFC). This can also be termed as “Tap ‘n Go” because it Although this technology is increasingly becoming
conveys the clear picture of how it is used in different tech- mainstream, it still has issues that need to be addressed
nologies. In the past few years there have been numerous [2]. These issues are mainly security concerns with
successful NFC operational trials conducted on many appli- Secure Element (SE) personalization, management,
cations globally. In this paper, we propose a method of short ownership and architecture that can be exploitable by
range radio communication which enables users to exchange attackers to delay the adaption of NFC within societies.
data between devices and how it is effectively used in pay- This newly developed intelligent device is proposed as an
ment applications using mobile phones only using NFC. all-in-one personal device that can be personalized and used
Keyword: Near Field Communication; Security; Mobile
transaction; GSM authentication
.
Introduction
Near Field Communication (NFC) standards were first
developed by the NFC forum, which was founded by a con-
sortium of Nokia, Sony and Philips in the year 2004. It is a
wireless communication standard using radio frequency
waves. The devices use the 13.56MHz frequency which en-
ables short-range data transfer and communication. NFC
transfers data at speeds ranging from 106 Kbit/s to 424
Kbit/s, depending upon the protocol used. The devices
should be in close proximity to one another to enable com- in a highly interactive environment [3].
munication. The range may vary depending upon the device
form, casing and the antennae size, but it is less than 10cm The above figure demonstrates the concept of the NFC
(usually less than 4cm). The link is established in a very mobile phone which is made by the combination of mobile
short period of time, ranging from 100-150 milliseconds. phone and contactless IC card [4].
With NFC technology, mobile phones can have additional Universal Integrated Circuit Card is (UICC) is one of the
functionality to act as a contactless card to be used as an most reliable components to act as a SE in NFC architecture
easy method of payment. Successful development of NFC [5]. It is removable, provides the same security as a smart-
technology has recently started in some countries where card, can run multiple applications issued by multiple pro-
companies offer several services based on the contactless viders, it is compliant with all smart card standards and it
card technology and mobile phones. We also aim to acceler- supports GSM and UMTS network.
ate the development of NFC mobile payment services by
According to GSMA guidelines, UICC is the most appro-
describing the NFC ecosystem in order to raise the attention
priate NFC Secure Element in mobile phones [3]. NFC mo-
of business players in terms of the new potential models that
bile services are important emerging area for NFC technolo-
can be implemented in order to achieve a cost beneficial and
gy with great potential for growth. The NFC forum analyses
less complex ecosystem framework. We used the existing how to expand the excisting contactless card ecosystem to
security features of GSM network to achieve authentication, enable NFC mobile services, identifies new functionalities
data integrity and data confidentiality.
[4].
32
INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY & SCIENCE | VOLUME 3, NUMBER 1
ISSN:2321-1156
International Journal of Innovative Research in Technology & Science(IJIRTS)
Issues related to the level of security that should be pro- smartphone. Also, the number of supported credit cards and
vided by NFC handset to store personal data and application the number of available payment locations is still limited at
in safe place have then arisen.Indeed, multiple secure ele- present.
ment alternatives depending on the position of secure ele- 3.2 SIMpass technology
ment in the handset can be considered and NFC stakeholders
encounters difficulties to define which of them should be A different approach for mobile payment is conducted by a
technique called SIMpass, developed and distributed by
favored[5].
Watch data System Ltd. This solution however is currently
3. Proposed model only available and adapted for the Chinese market.
Compared to traditional payment solutions, NFC payment 3.3 NFC Cloud Wallet Model
primarily leads to faster and easier payment at the Point of This model brought the idea of using cloud computing in
Sale (POS), e.g. at the supermarket checkout or at a ticket order to manage the NFC payment applications which re-
vending machine. At present, a customer conventionally sulted in flexible and secure management, personalization
pays either by cash or with a debit card. In the first case and ownership of the applications [1]. This architecture
when paying cash, the user is required to always carry cash provides easy management of multiple users and delivers
money with him. Then, at the POS the proper amount of personalized contents to each user. It supports intelligent
invoiced money as well as the change need to be counted profiling functions by managing customized information
and scrabbled together. This leads to a cumbersome and relevant to each user in certain environments which updates
time-consuming procedure. the service offers and user profiles dynamically. Depending
Once an adequate payment terminal is available, paying on the MNO network’s reception, deployment of this service
with a usual debit card is certainly more efficient, but there takes around one minute and deployments can be scaled to
is still an expenditure of time. The appropriate card needs to any number of users.
be picked out of the wallet, it needs to be inserted into the The idea of this approach is that every time the customer
terminal with considering the correct orientation and the makes a purchase the payment application which contains
right PIN needs to be entered. With NFC payment a single the customer’s credentials is downloaded into the mobile
movement of the hand is sufficient. By just waving the NFC- device (SE) from the cloud and, after the transaction, it is
capable phone over the reader device, the payment is en- deleted from the device and the cloud will update itself to
forced. Entering a PIN however might still be necessary and keep a correct record of customer’s account balance. Figure
advisable for security reasons. 2 illustrates the steps that should be undertaken to complete
Moreover, the NFC phone can not only replace the the transaction process [1].
debit card itself, but also store personalized discount cou-
pons and bonus cards. This additionally contributes to mak-
ing a traditional wallet becoming redundant. Also, a simple
person-to-person money transfer is imaginable by simply
holding two phones closely together and by using the dis-
cussed NFC peer-to-peer operating mode. On the
user side, the biggest barrier however for using such contact-
less ways of payment probably remains the psychological
concern of feeling insecure when transferring sensitive data
invisibly over the air without physical contact. Anyway,
most of the major banks and related stakeholders have been
working on trial applications and efficient architectures for
NFC based mobile payment solutions. Some of the proposed
models are below:
3.1 Google wallet
A first meaningful and promising concept available for
the public has been developed by Google, called Google
Wallet [6]–[8]. It was officially presented for the first time in
May 2011 and launched in September 2011. Google Wallet
is primarily built upon an application for Google’s own op-
erating system Android and is available at the Android mar-
ket free of charge. Currently however, only a single NFC The execution of the model is described in what follows:
phone is supported, that is Google’s Nexus S 4G
33
MOBILE DEVICES USING NFC IN PAYMENT APPLICATIONS
ISSN: 2321-1156
International Journal of Innovative Research in Technology & Science (IJIRTS)
1) Customer waves the NFC enabled phone on the POS ter- As soon as the user places his mobile device, NFC link
minal to make the payment between the mobile device and the shop POS terminal is
2) The payment application is downloaded into customer’s established. The shop POS terminal sends an ID Request
mobile phone SE. message to the mobile device. The mobile device sends
3) The reader communicates with the cloud provider to TMSI, LAI as its ID. The shop POS terminal sends TMSI,
check whether the customer has enough credit or not. LAI, and Shop ID to respective MNO for customer authenti-
4) Cloud provider transfers the required information to the cation and shop identification.
reader. In case of wrong TMSI declined message will be
5) Based on the information which was transferred to the sent.MNO generates authentication triplets(R,S,Kc) and
reader, the reader either authorizes the transaction or rejects send to POS terminal then to mobile device through
customer’s request. POS.SIM generates Rs and concatenates with R ,then en-
6) Reader communicates with the cloud to update custom- crypts with Kc and send it to MNO via POS.
er’s balance - if customer’s request was authorized, the
amount of purchase will be withdrawn from his account oth-
erwise customer’s account will remain with the same bal-
ance.
4. GSM Authentication
When a mobile device signs into a network, the Mobile
Network Operator (MNO) first authenticates the device
(specifically the SIM). The authentication stage verifies the
identity and validity of the SIM and ensures that the sub-
scriber has authorized access to the network. The Authenti-
cation Centre (AuC) of the MNO is responsible for authenti-
cating each SIM that attempts to connect to the GSM core
network through Mobile Switching Centre (MSC).
5. Implementation of NFC Cloud
Wallet Model
This model is based on cloud architecture where the cloud
is being managed by the MNO. The cloud and the banking
sector are the subsystems of MNO, in addition to the exist-
ing subsystems of an MNO. The main assumption is that the
communication is secure between various subsystems of the
MNO. The shop POS terminal, registered with one or more
MNO, shares an MNO specific secret key with the corre-
sponding MNO. This key is issued once a shop is registered
with the MNO. The bank detail of the shopkeeper is also
registered with the MNO for monetary transactions. The
communication between the shop POS terminal and the mo-
bile device is wireless using NFC technology. The mobile
device has a valid SIM. The existing feature of GSM net-
work for mutual authentication. A recent study by reference
[9] proposed a mechanism for GSM authentication in NFC
environment.
The proposed protocol executes in three different phases:
Authentication, Keys generation and Transaction. The pro-
tocol initiates when the customer places his cell phone for
the payment after agreeing to the total price displayed on the
shop POS terminal. The details of these phases are described
in what follows:
MNO checks the validity of SIM. It decrypts Ekc(R||Rs)
Phase 1: Authentication using Kc.MNO compares R with R in response. If both are
34
INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY & SCIENCE | VOLUME 3, NUMBER 1
ISSN:2321-1156
International Journal of Innovative Research in Technology & Science(IJIRTS)
same transaction will be authenticated otherwise STOP mes- After transaction is executed Transaction Information
sage will be sent. message as: TI=Transaction Serial Number, amount, TSTr.
Phase 2: Key Generation and PIN Verifica- MNO encrypts TI with Kc2 and sends to POS.POS verifies
the signature.If it is correct it will send the Shopping De-
tion tails(SD) and the corresponding digital signature.
Shared key is a shared secret between the MNO and the
shop POS terminal. Kc is the shared secret between the 6. Advantages
MNO and the customer's mobile device. There is no shared
secret between the POS terminal and the mobile device till
this stage.
Using One-Way Hash function MNO and Mobile device
generates KC1 from KC.It is encrypted with Kp and send to
shop POS terminal. Mobile device compute Kc2 as it al-
ready has Kc1. Kc2 is the encryption key between MNO,
shop POS, and customer’s mobile device. Shop POS en-
crypts the Total Price and Receipt Number using Kc2 and
sends it to Mobile device.
User’s Mobile device decrypts the details and displays it
to the User. If User agree with that he will type the PIN.PIN
is another layer of security.PIN is stored in a secured loca-
tion SIM.SIM compares both the PINS typed by User and
the Shop Keeper .If both are same transaction will be au- NFC enables connected consumer applications.
thenticated. Otherwise Protocol will be stopped. It makes eTicketing easy.
Phase 3: Transaction It enhances personal mobility.
It gives you access to your favourite music.
It connects you to a world of entertainment and in-
formation.
It turns posters into smart posters.
7. Conclusion
Thus NFC demonstrates the another way of payment for
all those people who do not have bank accounts. This way of
making payments eases the process of purchasing for ordi-
nary people as they only have to top up with their MNO
without having to follow allthe banking procedures. This
provides a secured and trusted communication to the people.
Eventhough this method has some issues, it is a most wel-
coming technology.
8. Future work
As a part of future work, a proof of concept implementa-
tion can be carried out in order to determine the reliability of
the proposed protocol in terms of number of factors such as
The customer's cell phone generates two messages, PI timing issues. This implementation refers to the performance
and TRM, such that; domain of the proposed protocol which can be taken into the
PI= Receipt No, Total Price, Time Stamp (TSU) TRM=PI, account to consider the performance of the protocol rather
Rs, Transaction Counter By this way transaction happens in than its security that is discussed in this paper. The idea of
a secured manner. TSU gives the exact date and of Transac- the proposed protocol can also be extended to a multi-party
tion. Tc is incremented for every transaction to prevent the protocol. Furthermore, other possible architectures in this
replay attack.POS decrypts PI only with Kc2 to check its area should be explored and defined in order to finalize the
correctness. most reliable architecture for cloud-based NFC payment
applications.
35
MOBILE DEVICES USING NFC IN PAYMENT APPLICATIONS
ISSN: 2321-1156
International Journal of Innovative Research in Technology & Science (IJIRTS)
C. Mrs.A.PACKIALATHA is working as an Associate
References Professor in the Department of Information technolo-
[1]. P. Pourghomi, and G. Ghinea “Managing NFC pay- gy at Jeppiaar Engineering College in Chennai,
ments applications through cloud computing,” In 7th Inter- Tamilnadu. Her area of interest is networking tech-
national Conference for Internet Technology and Secured nology.
Transactions (ICITST).IEEE, pp. 772–777, December 2012. Email - [email protected]
[2]. G. Madlmayr, J. Langer, J. Scharinger, “Managing an
NFC ecosystem,” In Proceedings of the 7th International
Conference on Mobile Business, Washington, DC, USA:
IEEE Computer Society, pp. 95–101, 2008.
[3]. P. Pourghomi, and G. Ghinea, “Challenges of managing
secure elements within the NFC ecosystem,” in 7th Interna-
tional Conference for Internet Technology and Secured
Transactions (ICITST). IEEE, pp. 720–725, December 2012.
[4]. NFC Forum” Essentials for successful NFC mobile eco-
systems,” 2008. www.nfcforum.org/resources/white pa-
pers/NFC Forum Mobile NFC Ecosystem White Paper.pdf
[5]. M. Reveilhac and M.Pasquet, “Promising secure ele-
ment alternatives for NFC technology,” In: First Internation-
al Workshop on Near Field Communication, IEEE, pp. 75 –
80. 2009.
[6]. C. Gaylord, “Google wallet: Shop with a swipe of your
phone,” september 2011, last visited on January 19th 2012.
[Online]Available:http://www.csmonitor
.com/Innovation/Tech/2011/0920/Google-Wallet-Shop-with-
a-swipe-of-your- phone
[7]. G. P. Ltd, “Google wallet - faq,” 2011, last visited on
January 19th 2012. [Online].Available:http://www.google.co
m/wallet/faq.html
[8]. J. Zou, C. Zhang, C. Dong, C. Fan, and Z. Wen, “Mo-
bile payment based on rfid- sim card,” in Computer and In-
formation Technology (CIT), 2010 IEEE 10th International
Conference on, 29 2010- july 1 2010, pp. 2052 –2054.
[9]. W. Chen, G. Hancke , K. Mayes, Y. Lien, Y, J.H. Chiu,
“NFC mobile transactions and authentication based on GSM
network” In International Workshop on Near Field Commu-
nication, IEEE Computer Society, pp. 83–89. 2010.
Biographies
A. A.ALLYSON is currently doing her Final year B.
TECH Information Technology at Jeppiaar Engi-
neering College in Chennai, Tamil Nadu .She has
presented a paper based on cloud computing in na-
tional level technical symposium and has attended
many workshops.
Email - [email protected]
B. V.JOTHI LAKSHMI is currently doing her Final
year B. TECH Information Technology at Jeppiaar
Engineering College in Chennai, Tamil Nadu .She has
presented a paper based on cloud computing in na-
tional level technical symposium and has attended
many workshops.
Email - [email protected]
36
INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY & SCIENCE | VOLUME 3, NUMBER 1