簡易檢索 / 詳目顯示

回結果列表
研究生: 劉達峰
Doni Winata
論文名稱: Indoor Location-Based Authentication for Mobile Payment POS with BLE Technology
Indoor Location-Based Authentication for Mobile Payment POS with BLE Technology
指導教授: 羅乃維
Nai-Wei Lo
口試委員: 吳宗成
Zong-Cheng Wu
查士朝
Shi-Chao Cha
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2017
畢業學年度: 105
語文別: 英文
論文頁數: 70
中文關鍵詞: AuthenticationBeaconBluetooth Low EnergyInformation SecurityLocation Based ServiceMobile Payment POS
外文關鍵詞: Authentication, Beacon, Bluetooth Low Energy, Information Security, Location Based Service, Mobile Payment POS
相關次數: 點閱:265下載:4
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • The advance technology of current smartphones has generated a new and scalable mobile payment environment. In this thesis, we propose an indoor location-based authentication protocol for mobile payment system with point of sale (POS) using tokenization payment system and Bluetooth Low Energy (BLE) technology. The customer in the proposed system uses a token as a reference to their credit card information when making a payment with a POS terminal. The proposed authentication protocol ensures that the customer and the POS terminal are mutually authenticate before payment process is carried out. The proposed authentication protocol is divided into three stages: initialization phase, key agreement phase, and authentication phase. In the initialization phase, the position of customer towards the payment area is assessed. Based on the assessment result, the customer would be given a secret key that can be used to establish an authenticated communication session with POS to perform the payment process. A prototype is implemented to assess the performance of the proposed design for mobile payment system. Furthermore, security analysis is conducted to evaluate the security strength of the proposed protocol.

    The advance technology of current smartphones has generated a new and scalable mobile payment environment. In this thesis, we propose an indoor location-based authentication protocol for mobile payment system with point of sale (POS) using tokenization payment system and Bluetooth Low Energy (BLE) technology. The customer in the proposed system uses a token as a reference to their credit card information when making a payment with a POS terminal. The proposed authentication protocol ensures that the customer and the POS terminal are mutually authenticate before payment process is carried out. The proposed authentication protocol is divided into three stages: initialization phase, key agreement phase, and authentication phase. In the initialization phase, the position of customer towards the payment area is assessed. Based on the assessment result, the customer would be given a secret key that can be used to establish an authenticated communication session with POS to perform the payment process. A prototype is implemented to assess the performance of the proposed design for mobile payment system. Furthermore, security analysis is conducted to evaluate the security strength of the proposed protocol.

    Abstract II Acknowledgment III Contents IV List of Figures VI List of Tables IX Chapter 1 Introduction 1 Chapter 2 Literature Review 6 2.1 Payment Tokenization 6 2.2 Bluetooth Low Energy and Bluetooth Beacon 9 2.3 Mobile Payment System 11 Chapter 3 System Environment and Design 14 3.1 Assumptions 14 3.2 Applicable Scenario 15 3.3 System Architecture 17 Chapter 4 Proposed Authentication Protocol 23 4.1 Initialization Stage 24 4.2 Key Agreement Stage 26 4.3 Authentication Stage 27 Chapter 5 Prototype Implementation 30 5.1 Prototype Design 30 5.2 Prototype Implementation and Experiments 37 Chapter 6 Security Analysis & Discussion 55 6.1 Security against attacks before BLE connection 57 6.2 Security against attacks within the authentication session 59 6.3 Discussion 63 Chapter 7 Conclusion 67 References 68

    Bank, E.C.: Payments statistics for 2015. (2016).
    2. eMarketer: Mobile Payments Will Triple in the US in 2016, https://www.emarketer.com/Article/Mobile-Payments-Will-Triple-US-2016/1013147.
    3. Special, V., Group, I.: Information Supplement : PCI DSS Virtualization Guidelines. (2011).
    4. Yohan, A., Lo, N., Randy, V., Chen, S., Hsu, M.: A Novel Authentication Protocol for Micropayment with Wearable Devices. Imcom ’16. 18:1--18:7 (2016).
    5. Smowton, C., Lorch, J.R., Molnar, D., Saroiu, S., Wolman, A.: Zero-Effort Payments : Design , Deployment , and Lessons. Ubicomp’14. 763–774 (2014).
    6. Codification, C.: Radiocommunication Act Loi sur la radiocommunication. (2017).
    7. Enforcement Bureau/Federal Communication: Frequently Asked Questions ( FAQs ).
    8. Chapman, C., Bean, R.: Radiocommunications ( Prohibition of PMTS Jamming Devices ) Declaration 2011. 190, 1–4 (2011).
    9. Hao, F., Ryan, P.: J-PAKE: Authenticated Key Exchange without PKI. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 6480, 192–206 (2010).
    10. Apple Inc: Getting Started with Apple Pay, https://developer.apple.com/apple-pay/get-started/.
    11. EMVCo: EMV Payment Tokenisation Specification. (2014).
    12. Ramakrishnan, R., Gaur, L., Singh, G.: Feasibility and Efficacy of BLE Beacon IoT Devices in Inventory Management at the Shop Floor. 6, 2362–2368 (2016).
    13. Chang, K.H.: Bluetooth: A viable solution for IoT? [Industry Perspectives]. IEEE Wireless Communications. 21, 6–7 (2014).
    14. Bluetooth SIG: Bluetooth Core Specification Version 4.2. (2014).
    15. Bluetooth Special Interest Group: Specification of the Bluetooth System Covered Core Package Version 4.2. History. 0, 2272 (2014).
    16. Zhu, J., Zeng, K., Kim, K.H., Mohapatra, P.: Improving crowd-sourced Wi-Fi localization systems using Bluetooth beacons. Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks workshops. 1, 290–298 (2012).
    17. Cook, B., Buckberry, G., Scowcroft, I., Mitchell, J., Allen, T.: Indoor Location Using Trilateration Characteristics. 2–5.
    18. Pierlot, V., Urbin-Choffray, M., VanDroogenbroeck, M.: A new three object triangulation algorithm based on the power center of three circles. Communications in Computer and Information Science. 161 CCIS, 248–262 (2011).
    19. Mautz, R.: Overview of current indoor positioning systems. Geodezija ir Kartografija. 35, 18–22 (2009).
    20. Dahlgren, E., Mahmood, H.: Evaluation of indoor positioning based on Bluetooth Smart technology. Master of Science Thesis in the Programme Computer Systems and Networks,. 94 (2014).
    21. Wener, M.: Indoor Location-Based Services Prerequisites and Foundations. Springer (2014).
    22. Faragher, R., Harle, R.: Location Fingerprinting With Bluetooth Low Energy Beacons. 33, 2418–2428 (2015).
    23. Zolfaghar, K., Mohammadi, S.: Securing Bluetooth-based payment system using honeypot. In: 2009 International Conference on Innovations in Information Technology (IIT). pp. 21–25. IEEE (2009).
    24. Badra, M., Borghol, R.: A lightweight security protocol for NFC-based mobile payments. Procedia - Procedia Computer Science. 83, 705–711 (2016).
    25. Paideasy: Paideasy, http://paideasy.co/.
    26. MobilePay: The story of MobilePay, https://www.mobilepay.dk/da-dk/Pages/The-story-in-English.aspx.
    27. The Estimote Team Blog: How do beacons work? The physics of beacon tech, http://blog.estimote.com/post/106913675010/how-do-beacons-work-the-physics-of-beacon-tech.
    28. Shamir, A., Shamir, A.: How To Share a Secret. Communications of the ACM (CACM). 22, 612–613 (1979).
    29. Hassidim, A., Matias, Y., Yung, M., Ziv, A.: Ephemeral Identifiers : Mitigating Tracking & Spoofing Threats to BLE Beacons. 1–11 (2016).
    30. Estimote: Secure beacon advertising with Estimote Secure UUID, http://developer.estimote.com/ibeacon/secure-uuid/.
    31. Barker, E., Barker, W., Burr, W.: Recommendation for Key Management – Part 1 : General. 4, (2016).

    QR CODE