VIEWS: 1 PAGES: 4 POSTED ON: 12/16/2011
SYSTEM FRAME FOR SECURE END-TO-END MOBILE COMMERCE Gai Jianhua School of Economy and Finance, Xi’an Jiaotong University, Shanxi, PRC, 710061 Abstract: This article introduces the status quo of the security problems of mobile commerce and clarifies that the main obstacle for the development of mobile commerce lies in people’ s worry about the security problems. The security problems of mobile commerce evidently differ from those of traditional e-commerce for the specialization of mobile network. By analyzing factors that influence the security of mobile commerce, this article develops a system frame for secure end-to-end mobile commerce. This system frame has definite referential value for designing schemes to solve the security problems of mobile commerce. Keywords: Mobile commerce, Security 1. The Status Quo Of The Security Problems e-commerce achieve a series of strategies and Of Mobile Commerce processes for secret keys, authentication The rush developments of wireless management and enciphering, etc. By combining communication technology made the application the designing and use of WAP, WTLS, WML and of Internet extend from wired to wireless and WAPGATE, we may apply to mobile commerce made e-commerce expand to mobile commerce. with higher security. Using handheld device such as mobile phone and 2. The Comparison Of Security Problems personal data assistant (PDA), one may achieve Between Mobile Commerce And Traditional information exploration, security transaction, E-commerce on-line payment, ticket ordering and purchase and Not only mobile commerce but also mobile businesses. traditional e-commerce finally needs to connect to The security problems of wired world mostly Internet via router, so both of them face up with centralize on data steal and virus. While the many common security problems. Relative to security problems of wireless world put forward a commercialized Internet, the history of wireless series of new problems because of the industry is much longer. Therefore, if we want to characteristics of wireless technology. Because carry out some security strategies in mobile area, wireless technology may achieve transmission we may need to make stand against many anywhere anytime, people will invent more technological and non-technological factors. Internet transmission channels, especially those Furthermore, for the resource limitations of used by more sensitive data related to banks, handheld mobile devices, it is more difficult for us games, commerce and health. Such circumstance to solve the security problems based on mobile makes it more important for us to solve the platform. problems of wireless security. The reason for the large differences of Security is a key problem deciding the security problems between mobile network and development of e-commerce, while the continuous wired network lies in the limitations of mobile development of mobile commerce poses new network devices. Compared to desktop computers, challenges for the security problems. The existing mobile devices are limited to the computing security technologies for mobile commerce environments, including lower-power CPU, less include firewall, encryption, digital signing, and memory and smaller monitor, inferior input identity authentication, etc. At present the most devices and power limitations. In contrast to wired mature and most effective method to achieve network, wireless network is restricted to secure mobile commerce is drawing support from communications environment, including lower Public Key Infrastructure (PKI). PKI is a kind of bandwidth, longer time delay, more insecure enciphering or deciphering and digital connection and less possible to be forecasted. Not authentication that uses a set of completed policy, only that, because mobile network will be human, process, technology and service to conduct connected to wired Internet in the end, special large-scale management and makes use of public security problems arise between the seam of the secret keys system to complete data transmission connection and the protocol of the connection and communication. The PKI used for wireless sides. For example, the connection between PDA communication is called Wireless Public Key and computer, the seam of WAP and the Infrastructure (WPKI). WPKI optimizes and connection between WTLS and TLS are the very expands wired PKI according to wireless places more possibly attacked. communication environment, and makes mobile 3. Secure System Frame For Mobile Commerce user, mobile communications network, Internet At present, there are two common ways for and server end, and poses an enterprise-level implementing such wireless channels--the mobile system frame of secure mobile commerce. phone network and wireless LAN. Nevertheless, Iris Scanning、 considering the typical profile of target mobile Hand Geometry commerce users, mobile phone channel is believed CA Certificate、 to have a much higher penetration and Intelligent Card development prospect compared to wireless LAN. User Name、 In this article, we mainly discuss security Password problems of end-to-end mobile phone transactions. Normal Security Scheme Middle Security 3.1 Analysis For Insecure Factors Of Mobile Scheme High Security Commerce Scheme Kinds of insecure factors exist in wireless communications network, including pack spying Figure 2、Security Scheme of Different Level (stealing wireless transmission data), identity Secure mobile e-commerce platform is counterfeit (faking as end user or service end to open-ended. It may support multi-form of call attack), data revising (change the data of the service and makes different users connect to wireless transmission channel) and service denial service supplier through different devices such as (promise break on user end or server end), etc. As Pocket Pc and Mobile Phone. one kind of wireless communications network, Mobile devices connect to mobile applied mobile communications network also involves servers through Internet. Applied servers check such insecure factors. As figure 1 shows, to user’s identity according to user’ s disposable files analyze the insecure factors of mobile commerce, and tabulation of calling control. Then applied one may start separately from the end user, the servers transform data into right patterns. This way mobile communications network, the Internet and mobile devices can call for commerce database. the server end. Moreover, as figure 3 shows, we can also build VPN channel between m-commerce application programs and commerce data. The particular procedures are as follows: (1) Users input data demanded by applied service supplier from mobile end, then encipher the data and sign; Figure 1、Main Components of Mobile Commerce (2) Through mobile network, transfer data 3.2 Secure System Frame For Mobile enciphered and signed to WapGate of secure Commerce platform of mobile e-commerce; As illustrated in figure 2, different users need (3) Transfer to corresponding applied server; different security level of solution scheme. (4) The secure server located in applied service supplier deciphers and verifies the data Usually general individual users only need to set enciphered and signed; users name and password on their own mobile (5) The end-point results dealt with by devices or on the servers to connect. While applied server are enciphered by secure server and enterprise users need enciphering or deciphering are transferred to distribution platform. The authentication under PKI system or security distribution platform takes the data apart into enciphered data pack and transmits them to mobile combined with intelligent card strengthening end through mobile network; system. Bio-characteristic identification (iris (6) After having received the enciphered data, scanning, hand geometry) has high security level. the mobile end recomposes the data pack, With price of such devices lowering, deciphers the enciphered data, and shows the final bio-characteristic authentication technology will results to users. be widely applied to. This article combines end Figure 3、Security Frame for End-to-end Mobile Commerce End-to-end security means that the using mobile devices should know clearly the enciphered data can only be deciphered on amount and quality of the existing mobile data. executing point. This way data are not exposed to Otherwise they may not sense the seriousness of transmission process and even to server. losing data. Moreover, mobile devices should be End-to-end security has no secure gap on data installed enciphered software to protect data from channel because its data channel is built between being stolen by other persons. From beating the mobile end and the server to call for and the keyboard to inputting data through sounds mobile data are being enciphered continuously during the devices, people are more possibly exposed to process of transmission. Data are enciphered with security problems. WTLS between mobile end and WAP Server. 5. Prospects There is no protocol transfer on data channel. As Network security and insecure factors seem one part of end server, WAP gateway is no longer to be contradictions that cannot be reconciled a segment of the whole process. Data are forever. New security technologies or methods are deciphered and are submitted to server to be dealt possibly faced up with new security threats as with. This way, the end-to-end security is soon as they are developed. Wireless technology is achieved. absolutely not simple as mobile phone and PDA. Developed from security protocol TLS1.0, The greatest significance of wireless technology WTLS provides the communications counterparts for commerce lies in that every product or every with data’ s secrecy and completeness, and management process may be connected to Internet authentication system of one another. On the basis by wireless technology. So corporations’ competitive of TLS, and according to wireless environment, capability is improved to a great extent. At present, long distance, and applicable scope of lower mobile Internet and mobile e-commerce develop bandwidth, WTLS adds some new peculiarities very soon. Mobile e-commerce based on WPKI such as supports for data pack, optimization of involves many-faceted technologies. Future work shaking hands protocol, and renovation of will focus on developing schemes based on WAP to dynamic enciphered keys, etc. WTLS functions to solve problems of mobile e-commerce system. ensure the security of transmission layer, and as a Future mobile commerce network will develop layer of WAP protocol depot, it provides upper towards high transmission efficiency and small-sized layer with secure transmission interface. network. The development and application of 3G/4G 4. Other Security Problems Worth networks, carried computers and WLAN/WASP will Considering bring about new security problems of mobile What’ s the biggest hidden danger for the commerce. security of mobile commerce? Is it transmitting personal or financial information through mobile Bibliography devices? In fact, during this process, the danger is The Open Mobile Alliance Ltd, Wireless very small because it is almost impossible for Application Protocol, http://www.wapforum.org K. Christopher, Public key infrastructure: people to steal information without foundation. end-to-end security,Business Communications The answer should be the person who takes part in Review 27 (11) (1997). mobile commerce. For security problems, the C. Ajluni, Secure your wireless future, Wireless weakest part is the user. Systems Design 6 (4)(2001). S. Ginevan, Networking in the palm of your hand, If the mobile devices held by individuals Network Computing 13 (16) (2002). store a lot of important data, then dangers that data Corradi, R. Montanari, C. Stefanelli, Security of are lost by individuals arise. Therefore, individuals mobile agents on the Internet, Internet Research 11 (1) (2001).
Pages to are hidden for
"SYSTEM FRAME FOR SECURE END-TO-END MOBILE COMMERCE"Please download to view full document