Today, e-commerce transactions are typically protected using SSL/TLS. However, there are risks in such use of SSL/TLS, notably threats arising from the fact that information is stored in clear at the end point of the communication link and the lack of user authentication. Although SSL/TLS does offer the latter, it is optional and usually omitted since users typically do not have the necessary asymmetric key pair. In this paper, we propose a payment protocol in which user authentication is provided using GSM ‘subscriber identity authentication’. In the protocol, a consumer is required to possess a GSM mobile station registered under a subscriber name corresponding to that on his/her debit/credit card. The cardholder identity is combined with the GSM subscriber identity in such a way that without a mobile station, in particular the SIM, and the corresponding debit/credit card, an unscrupulous user will find it difficult to make a fraudulent payment at the expense of the legitimate cardholder. This is achieved in such a way that no management overhead is imposed on the user.
CITATION STYLE
Khu-Smith, V., & Mitchell, C. J. (2003). Enhancing e-commerce security using GSM authentication. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2738, pp. 72–83). Springer Verlag. https://doi.org/10.1007/978-3-540-45229-4_8
Mendeley helps you to discover research relevant for your work.