research-article

Privacy-preserving management of transactions' receipts for mobile environments

Authors:

Kevin Steuer, Jr,

Elisa BertinoAuthors Info & Claims

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

Pages 73 - 84

https://doi.org/10.1145/1527017.1527027

Published: 14 April 2009 Publication History

Abstract

Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to M-commerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactions' information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.

References

[1]

J-P Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Fr. Mjolsnes, F. Muller, T. P. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallee, and M. Waidner. The ESPRIT project CAFE -- high security digital payment systems. In ESORICS, pages 217--230, 1994.

Digital Library

[2]

Bouncy Castle Crypto APIs. http://www.bouncycastle.org/.

[3]

Nokia Forum. Nokia 6131 NFC Technical Description. http://www.forum.nokia.com.

[4]

Help for lost and stolen phones. http://news.bbc.co.uk/1/hi/technology/4033461.stm.

[5]

W. Gautschi. Numerical Analysis: An Introduction. Birkhauser Boston Inc., Cambridge, MA, USA, 1997.

Digital Library

[6]

J. Li and N. Li. OACerts: Oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing, 3(4):340--352, 2006.

Digital Library

[7]

Met initiative. http://www.mobiletransaction.org.

[8]

S. F. Mjolsnes and C. Rong. Localized credentials for server assisted mobile wallet. ICCNMC'01: International Conference on Computer Networks and Mobile Computing, 00:203, 2001.

Digital Library

[9]

Near Field Communication Forum. http://www.nfc-forum.org.

[10]

T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO '91: Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, pages 129--140, London, UK,

Digital Library

[11]

SET- Secure Electronic Transaction specification book 1: Business description, 1997. 1992. Springer-Verlag.

[12]

C-P Schnorr. Efficient identification and signatures for smart cards. In CRYPTO '89: Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, pages 239--252, London, UK, 1990. Springer-Verlag.

Digital Library

[13]

A. Shamir. How to share a secret. Commun. ACM, 22(11):612--613, 1979.

Digital Library

[14]

TechRepublic. Identify and reduce mobile device security risks. http://articles.techrepublic.com.com/5100-22_11-5274902.html.

[15]

J. Veijalainen, V. Y. Terziyan, and H. Tirri. Transaction management for m-commerce at a mobile terminal. Electronic Commerce Research and Applications, 5(3):229--245, 2006.

Cited By

Cha SWang HTan ZJoung YTseng YYeh K(2020)On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence MiningIEEE Transactions on Emerging Topics in Computational Intelligence10.1109/TETCI.2019.29385474:5(641-652)Online publication date: Oct-2020
https://doi.org/10.1109/TETCI.2019.2938547
Shang NBertino ESteuer KAhson MIlyas S(2011)Privacy-Preserving Receipt Management with NFC PhonesNear Field Communications Handbook10.1201/b11226-9(231-258)Online publication date: 21-Dec-2011
https://doi.org/10.1201/b11226-9
Steuer KFernando RBertino EGroß TTakahashi K(2010)Privacy preserving identity attribute verification in windows cardspaceProceedings of the 6th ACM workshop on Digital identity management10.1145/1866855.1866860(13-16)Online publication date: 8-Oct-2010
https://dl.acm.org/doi/10.1145/1866855.1866860
Show More Cited By

Index Terms

Privacy-preserving management of transactions' receipts for mobile environments
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...
VeryIDX - A Privacy Preserving Digital Identity Management System for Mobile Devices
MDM '09: Proceedings of the 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware

The combined use of the Internet and mobile technologies is leading to major changes in how individuals communicate, conduct business transactions and access resources and services. In such a scenario, digital identity management (DIM) technology is ...
Strengthening Authentication with Privacy-Preserving Location Verification of Mobile Phones
WPES '15: Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society

Mobile devices are increasingly used in security-sensitive contexts such as physical access control and authorization of payment transactions. In this paper we contribute a mechanism to verify whether a mobile device currently resides within a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet

April 2009

131 pages

ISBN:9781605584744

DOI:10.1145/1527017

Editors:
Kent Seamons
Brigham Young University
,
Neal McBurnett
Internet2
,
Tim Polk
National Institute of Standards and Technology

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Internet2
The National Institute of Standards and Technology
OASIS IDtrust Member Section
FPKIPA: Federal Public Key Infrastructure Policy Authority

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

IDtrust '09

Sponsor:

FPKIPA

IDtrust '09: 8th Symposium on Identity and Trust on the Internet

April 14 - 16, 2009

Maryland, Gaithersburg, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
716
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cha SWang HTan ZJoung YTseng YYeh K(2020)On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence MiningIEEE Transactions on Emerging Topics in Computational Intelligence10.1109/TETCI.2019.29385474:5(641-652)Online publication date: Oct-2020
https://doi.org/10.1109/TETCI.2019.2938547
Shang NBertino ESteuer KAhson MIlyas S(2011)Privacy-Preserving Receipt Management with NFC PhonesNear Field Communications Handbook10.1201/b11226-9(231-258)Online publication date: 21-Dec-2011
https://doi.org/10.1201/b11226-9
Steuer KFernando RBertino EGroß TTakahashi K(2010)Privacy preserving identity attribute verification in windows cardspaceProceedings of the 6th ACM workshop on Digital identity management10.1145/1866855.1866860(13-16)Online publication date: 8-Oct-2010
https://dl.acm.org/doi/10.1145/1866855.1866860
Shang NNabeel MPaci FBertino E(2010)A privacy-preserving approach to policy-based content dissemination2010 IEEE 26th International Conference on Data Engineering (ICDE 2010)10.1109/ICDE.2010.5447902(944-955)Online publication date: Mar-2010
https://doi.org/10.1109/ICDE.2010.5447902
Akahoshi TOkamoto MShimomura MKomatsu NBertino EGross TTakahashi K(2009)Improving the safety and practicality of authorization technology using LOAFProceedings of the 5th ACM workshop on Digital identity management10.1145/1655028.1655033(13-16)Online publication date: 13-Nov-2009
https://dl.acm.org/doi/10.1145/1655028.1655033

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents