Abstract Mobile payment allows users to perform payment transactions through their mobile devices

Mobile payment allows users to perform payment transactions through their mobile devices. Mobile payment is considered as the accelerator of e-commerce and m-commerce. Currently mobile payments deal with several problems to improve requirements of m-commerce such as: simplifying the mobile payment processes for consumers, improving the security of payment, especially the application of digital signing in mobile payment. To enhance the security of the proposed protocols, we introduce a limited use key generation technique which eliminates the need of long-term shared key distribution among engaging parties prior to each transaction. We then apply the proposed key generation technique to the proposed protocols and discuss its potential applications to other kinds of Internet applications. Finally, to emphasize the generality of our mobile payment model, we propose a (token-based) micropayment protocol for wireless environments that satisfies the proposed model. However, it brings up many emerging issues regarding security and performance of mobile payment systems that can be classified into at least two main problems. The purpose of this thesis is to propose methods to enable practical and secure mobile payment. The results obtained from this thesis may serve as a basis for protocol designers and system implementers to design and implement secure mobile payment systems .The research conducted in this thesis focuses on three different levels of reasoning and securing mobile payment: framework, formal model and protocol. We generalize transaction performance and define the transaction performance which is acceptable by engaging parties. The proposed model can be seen as a guideline for designing and implementing practical and secure mobile payment frameworks and protocols for both account-based and token-based payment. At the framework level, we investigate the problems of existing mobile payment frameworks. In addition, we show that the proposed framework can be captured by the proposed formal model. At the protocol level, we propose a lightweight, yet secure cryptographic technique. This technique not only reduces the computation at engaging parties, especially at mobile users, but also satisfies the transaction security properties including the trust relationships among engaging parties stated in the proposed formal model. We then introduce two account-based mobile payment protocols which deploy the proposed technique. to develop a prototype of one of the proposed protocols to demonstrate its practicability as a real world application. We also demonstrate that both of the proposed protocols have better transaction performance than existing protocols. To show that the proposed framework and protocols satisfy the formal model, The results from the implementation show that the implemented protocol itself operates well in wireless environments, yet has better transaction performance if the proposed mobile payment framework is applied to it. Combining with the above analysis results, it can be concluded that either a payment system based on the proposed framework deploying an existing payment protocol or a payment system based on the proposed protocol operating on an existing framework is considered as a practical and secure mobile payment system because it satisfies all the required properties stated in the model. The protocol deploys the proposed lightweight cryptographic technique to enhance its transaction security. The proposed protocol is prepaid-based, yet extensible to post-paid- based micropayment. This results in a general framework for wireless micropayment. We then demonstrate that our micropayment protocol is more secure and has better transaction performance compared to existing micropayment protocols. Nowadays, an agent-based mobile payment has become more popular. However, existing payment systems still lack of necessary mobile payment properties. we develop a formal logic for analyzing them and successfully prove ii that they satisfy the goals and requirements for payment transactions and the transaction security properties, stated in the formal model. Especially, they should be shorter and lightweight for making payment on the move. This protocol not only satisfies necessary transaction security properties, but it is also simple and compatible to existing mobile payment infrastructure Mobile payments are payments that are carried out through mobile devices in wireless environment.. The secure mobile payment system to allow mobile users to conduct mobile transactions over Bluetooth communications but also supports the related secured transactions between the payment server and mobile clients. Using m-payment a person with a wireless device could pay for items in a store or settle a restaurant bill without interacting with any staff members According to orange Mobile Payment (Danish Company) the entire transaction should take not more than 10 seconds. In order to provide a secure and comprehensive m-payment, the payment scenario should be designed so that it performs fast and simple for the end-use, but secure and comprehensive for the provider. An efficient payment scenario takes efficient steps in performance. With rising new smart phones available in markets, the facilities of smart mobile device could be exploited to develop an application to perform required m-commerce operations. M-Commerce is a subset of electronic commerce where the Internet-enabled HWDs and wireless networking environment are necessary to provide ‘location independent connectivity’. It is predicted that M-Commerce services would be the next biggest growth area in the telecommunications market, represent-in the fusion of two of the current consumer technologies: wireless communications and E-Commerce .Generally speaking, The discipline of M-Commerce includes reference to the infrastructures and electronic technologies necessary for wireless data and information transfer in the form of text, graphics, voice, and video. Mobile commerce, commonly known as M-Commerce, ‘is concerned with the use, application and integration of wireless telecommunication technologies and wireless devices’, such as Internet- enabled mobile phones, personal digital assistants (PDA), palmtops, laptops, and pagers, commonly known as handheld wireless devices (HWD). M-Commerce creates more security concerns than traditional E-Commerce-payment is a point of sale payment made through a mobile device such as cellular telephone, a Smartphone or a personal digital assistant (PDA) Mobile payment system provides attractive opportunities to, merchants financial and users. These opportunities were simplicity and ease of a-payment transaction for the user and they also enable merchants to access customer information and target specific customer through various incentive programs such as discount coupons and reward programs.