Secure Mobile Transactions (M-Payment)

Secure Mobile Transactions (M-Payment)

DOI: 10.4018/978-1-5225-2759-6.ch005
OnDemand PDF Download:
No Current Special Offers


The Payment Proxy Server monitors and analyses the content headers in HTML and WML pages moving between the content providers and merchants. Whenever it intercepts priced content it initiates a payment transaction and redirects the user to the Payment Server. Pricing and provisioning of the digital content and the payment service can be done through the administration tools. These tools are also used to monitor the events occurring in the payment server. In this chapter, we describe a system that achieves a secure data transmission over a mobile voice channel with a further goal to provide secure voice transmission. Here we describe each component of the system in detail and discuss the issues that we encountered while building the system.
Chapter Preview

Requirements For Online Transaction

Mobile Phones

Mobile phones (Small and Seltzer 1996) used in this experiment are two Samsung Galaxy SII phones Nokia N950, Nokia Xpress Music 5530 and Sony Erycsson Xperia Pro. All of these models have ports for 3.5 mm 4-conductor TRRS phone connectors (hands-free headset connector). N950 and Xperia Pro both have an option to enable noise suppression, whereas Xpress Music and both Galaxy SII phones do not. We have upgraded an operation system of one of the Galaxy SII phones to enable noise suppression option.

In the course of experimentation, we have discovered that the XpressMusic would add background noise to the signal and interpret some input signal as “end call” command. For this reason, we did not use Xpress Music afterwards. To enforce a client-side encryption of a voice channel, a microphone captures the voice (A) before it reaches the mobile phone. The voice signal is then redirected into an encryption & modulation unit. An audio codec processes the analog voice signal into digital data (B). Digital data are then encrypted (C). Encrypted digital data are modulated into an analog signal (D). The data-carrying analog signal is sent to a mobile phone (E). Steps (F) and (G) follow as in a usual mobile call. In case of a digital data transmission, the voice recording and encoding steps are omitted and the process follows steps C-D-E-F-G. Of the experiments, we used a Galaxy SII as a sending device and either N950 or Xperia Pro as a receiver.

Encryption and Modulation Unit

In our prototype, an encryption and modulation unit is a Dell Latitude E5410 notebook computer. It has a 3.5 mm headphones output (headset-out) and a 3.5 mm microphone input (microphone-in) ports. It also has an internal microphone. The computer runs Debian GNU/Linux distribution with kernel version 3.11-2. 3.1.3 Custom Headset to connect a mobile phone via its headset port to a microphone-in and headset out ports of a computer, we modified a standard hands-free headset. A typical headset cable usually provides two channels for an audio output from a mobile phone (left and right headphone), one auxiliary input for a microphone and a grounding pin. In the modified cable, an audio output goes into a 3.5 mm connector on the other end of the cable. Another 3.5 mm connector in connected to the auxiliary pin of the headset connector instead of a microphone. Although all four phones have a headset port and recognize both headphones and a microphone with their stock headset, only Galaxy SII recognized the microphone on our custom headset.

Complete Chapter List

Search this Book: