a secure NFC mobile payment protocol based on biometrics

What is it about?

We propose a secure NFC mobile payment protocol based on biometrics (SNMPBs) using wireless public key infrastructure (WPKI) and universal integrated circuit card (UICC).

Featured Image

Why is it important?

In this paper, we propose a secure NFC mobile payment protocol based on biometrics (SNMPBs) using wireless public key infrastructure (WPKI) and universal integrated circuit card (UICC). Electronic signatures generated in this protocol are considered qualified signatures as they are generated in UICC which is tamper resistant device. A procedure for the personalisation of mobile payment application (on the UICC) (by the issuer/bank) is proposed. Our SNMPB resolves disputes efficiently among stakeholders by collecting evidence using transaction counters, transaction log, forensics mode and cryptographic audit log techniques. SNMPB ensures end-to-end security (i.e., from mobile payments application in UICC to the bank server) thereby achieving confidentiality, authentication, integrity and non-repudiation properties, prevents double spending and over spending. Our proposed SNMPB protocol withstands replay, man in the middle (MITM), impersonation and multi-protocol attacks as SNMPB is formally verified successfully using BAN logic and Scyther tool.