P. 1
Secure Service-Oriented Architecture for Mobile Transactions

Secure Service-Oriented Architecture for Mobile Transactions

|Views: 200|Likes:
Published by Subbarao Ravikrindi

More info:

Published by: Subbarao Ravikrindi on Jan 10, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Secure Service-Oriented Architecture for Mobile Transactions

Abstract The paper describes secure service-oriented architecture for mobile transactions. The architecture comprises components, protocols, applications and interfaces and it provides various security services to various mobile applications: Registration, Certification, Authentication, and Authorization of users, secure messaging at an application–level (end–to–end security), protection of data in databases, and security services for protection of its own components. The architecture is modular, integrated, extendible and scalable. The paper describes design of the architecture, the status of its current implementation, and future research and development plans. Architecture

it provides the possibility for interlinking of mutually independent. comprehensive architecture for secure mobile applications and transactions. The concept is Comprehensive. which are not adequate. Modular.e. Proposed System: In Proposed system we going to use 6-Tier Architecture describes the concept. But. SMS fraud. such as SMS spam. As such. functions and components can be easily added to the architecture. flooding. if based on the described architecture. o o Deployments. many security services are provided by the architecture. all current systems are just “point-solutions”. new services. they cannot scale. components and services of a large–scale. current mobile transaction systems are not mutually compatible. o o Scalable. especially for financial environments or on use of simple PIN schemes. and they are not easily extendable with additional functions or services. There are also many security issues related to SMS services. i. and impersonation of users.Existing System: In Existing system there are several systems in some countries supporting mobile financial transactions.e. i. Security of these systems relies on features provided by the GSM network. They are based on proprietary products and therefore not compliant to any standard. All current implementations provide very limited scope of functions and generally have no security features. .

.e. Authorization Service. Smart cards management services. meaning that integration of new components is based on utilization of standard based Web services and interfaces.1 3. 3. Security components and services. i.3 3.o Expandable. mobile applications can easily be linked to the architecture and can utilize its services and Open. Communication components and services. SOA with (6-tier) Services. 2.4 Registration and identity management services.2 3. 3. Certificates Management. o Modules: 1.

PC–based or device–based Point–of– Sale (PoS) applications. 6th tier Architecture is various back–end (“native”) Servers supporting appropriate mobile applications . 4th tier Architecture is SAFE Communication Server.Modules Description: 1. 1st tier Architecture (the first group of components) is various SAFE clients: browser access to the system. In this architecture we use system is SAFE (Secure Applications for Financial Environments). It provides communication services at the application level – analyzing and dispatching SAFE messages to various SAFE Mobile Application Servers. 3rd tier Architecture is communication components of the SAFE system: there is one component for each of the communication protocols provided by communication networks. 5th tier Architecture are various SAFE Mobile Application Servers. 2nd tier Architecture is various networks and corresponding communication protocols: large–area networks (based on Internet or GSM/3G protocols) and proximity networks (Bluetooth or NFC protocols). SOA with (6-tier) Services In this module we use 6-tier architecture concepts.

Internet. services. They support various communication protocols.2. Communication components and services This module communicates with users at the front-end and with Message Dispatcher at the back-end. Each Communication Module supports two services:  establishment of secure session  secure exchange of messages. such as SMS. transactions. Security components and services In this module provide the full scope of security services to users. NFC. These security servers are: Authorization Server. Bluetooth. and provide connection interfaces for mobile phones. applications and data stored in the database. 3. etc. and . They provide security services to mobile transactions. cards certification management and certificates and management authorization smart services. GPRS. services. There are four groups of those security services: registration and identity management services. Strong Authentication (SA) Server.

3. Smart card is a secure and reliable media for storing credentials and sensitive data in financial environments.     PIV Authentication Certificate Key Exchange Certificate Digital Signature Certificate Card Management Certificate .2 Smart cards management services In this module.3.1 Registration and identity management services Two types of Registration Service provided in this module.   Quick registration and Comprehensive registration.

PIN is generated by SAFE system during user registration phase and securely stored on mobile user’s device. and However. 3.4 Authorization Service In this module service communicate with each other to perform mobile transactions. achieve Strong between Authentication is performed. store and display data. access each person must be To a able to authenticate authentication authorized communicating resources. entitles.3 Certificates Management In this module Certification is very important services since trust must be built among entities involved in financial transactions The certification process is more complex such as limited ability to process. Mobile user can use mobile phone to generate RSA key pair b.3. . There are some prerequisites for mobile certification: a. Mobile phone is capable to digitally sign messages by using user’s private key c.

: Logitech.44 Mb. : 15 VGA Colour.System Requirements: Hardware Requirements: • • • • • • System Hard Disk Floppy Drive Monitor Mouse Ram : Pentium IV 2. : ASP. : 40 GB.4 GHz.Net with C# : SQL Server 2005 . : 512 Mb. : 1. Software Requirements: • • • Operating system Coding Language Data Base : Windows XP.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->