Trusted service manager (TSM) based privacy preserving and secure mobile commerce framework with formal verification

Abstract

Mobile contactless payment (MCP) is the future technology that is used for mobile payments, mobile wallet, transportation, and for mobile coupons. Existing solutions in this realm do not ensure end-to-end communication, information privacy, and the client’s anonymity. In order to overcome these flaws, we propose a secure and privacy preserving mobile commerce (SPPMC) framework for near-field communication (NFC) based proximity payments. SPPMC framework achieves both communication and information privacy. It ensures the client’s anonymity by making use of traceable anonymous certificates (TAC). Grid of secure elements (GSE) is used at the banking servers. The cost of computation and communication is very less. SPPMC ensures end-to-end security and withstands any type of known attack including multi-protocol attack. SPPMC is successfully verified using Burrows–Abadi–Needham (BAN) logic and Scyther tool. It ensures all the security properties.