Abstract
The popularity of handheld mobile devices and deployment of the public key infrastructure in many parts of the world have led to the development of electronic commerce on mobile devices. For the current version of mobile phones, the main challenge is the limited computing capacity on these devices for PKI-based end-to-end secure transactions. This paper presents a new architecture and protocol for authentication and key exchange as well as the supporting infrastructure that is suitable for the mobile phone environment. The system requirements and our solutions in addressing these requirements in the restrictive environment are discussed. An evaluation of the system performance is also included. The system has been implemented and is supporting some real-life applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
A. Aziz and W. Diffie, “Privacy and authentication for wireless local area networks,” IEEE Personal Commun. 1, 1994, 25-31.
M. J. Beller, L.-F. Chang, and Y. Yacobi, “Privacy and authentication on a portable communication system,” IEEE J. Selected Areas Commun. 11, August 1993, 821-829.
S. Blake-Wilson, D. Johnson, and A. Menezes, “Key agreement protocols and their security analysis,” in Sixth IMA Internat. Conf. on Cryptography and Coding, December 1997.
U. Carlsen, “Optimal privacy and authentication on a portable communications system,” ACM Operating Systems Rev. 28(3), 1994, 16-23.
J. Clark and J. Jacob, “A survey of authentication protocol literature: Version 1.0,” http://www.cs.york. ac.uk/jac/papers/drareview.ps.gz, 17 November 1997.
T. Dierks and C. Allen, “The TLS protocols version 1.0,” RFC 2246, 1999, ftp://ftp.isi.edu/in-notes/rfc2246.txt.
W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inform. Theory 22(6), 1976, 644-654.
“GSM system security study,” RACAL Research, http://jya.com/gsm061088.htm, 1998.
Hongkong Post e-Cert, http://www.hongkongpost.gov.hk.
Java Card API 2.1, Sun Microsystems, http://java.sun.com/products/javacard.
K. H. Lee and S. J. Moon, “AKA protocols for mobile communications,” in Proc. of the 5th Australasian Conf. on Information Security and Privacy (ACISP 2000), 2000, pp. 400-411.
C. H. Lim and P. J. Lee, “Several practical protocols for authentication and key exchange,” Inform. Process. Lett. 53, 1995, 91-96.
H.-Y. Lin and L. Harn, “Authentication protocols with nonrepudiation services in personal communication systems,” IEEE Commun. Lett. 3(8), 1999, 236-238.
R. Needham and M. Schroeder, “Using encryption for authentication in large networks of computers,” Commun. ACM 21(12), 1978.
“Secure Socket Layer (SSL) version 3.0,” http://home.netscape.com/eng/ssl3.
“Specification of the SIM application toolkit for the Subscriber Identity Module — Mobile Equipment (SIMME) Interface (GSM11.14 version 7.1.0 release 1998),” European Telecommunications Standards Institute.
“Specification of the SIM application toolkit for the Subscriber Identity Module — Mobile Equipment (SIMME) interface (3GPP TS 11.14 version 8.5.0),” ETSI, 1999.
“Wireless application protocol architecture specification version 30 April 1998,” Wireless Application Protocol Forum, http://www.wapforum.org.
“Wireless transaction protocol specification version 05 November 1999,” Wireless Application Protocol Forum, http://www.wapforum.org.
“Wireless application protocol wireless transport layer security specification version 18 February 2000,” Wireless Application Protocol Forum, http://www.wapforum.org.
Y. Zheng, “An authentication and security protocol for mobile computing,” in Proc. of IFIP, September 1996, pp. 249-257.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Chanson, S.T., Cheung, TW. Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce. World Wide Web 4, 235–253 (2001). https://doi.org/10.1023/A:1015160717604
Issue Date:
DOI: https://doi.org/10.1023/A:1015160717604