MMPS: A Versatile Mobile-to-Mobile Payment System+

Ashutosh Saxena Institute for Development and Research in Banking Technology Road No.1, Masab Tank, Hyderabad-500057, India. Email: asaxena@idrbt.ac.in Abstract
The paper presents an effective mobile-to-mobile payment system. A mobile phone with or without SIM card is enabled as an EMV payment instrument and is linked to a debit or credit account in a bank to pay merchant who has a mobile phone or an on-line EMV capable terminal. In a single phone, multiple credit or debit accounts from different banks can be configured without compromising on security. The proposed framework provides a secure and convenient payment mechanism without any terminal infrastructure. Index TermsMobile phone, SIM, EMV, Digital signature.

Manik Lal Das Institute for Development and Research in Banking Technology Road No.1, Masab Tank, Hyderabad-500057, India. Email: mldas@idrbt.ac.in

Anurag Gupta ZERO-Mass Consortium 403, Alpha, Hiranandani Gardens, Powai, Mumbai-400076, India. Email: anurag@alittleworld.com

1. Introduction
The impact of the Internet technology on our everyday life is often compared to that of the introduction of the telephone network around the beginning of the 20th century. Internet makes the relationship between merchant and customer closer and flexible using the e-commerce technology. Recent advances in this technology enable portable computers and electronic devices to be equipped with wireless interfaces, allowing networked communication while being on the move. It offers a new paradigm of computing, in which users carrying portable devices have access to a shared infrastructure independent of their geographical location. The success of NTT DoCoMos i-mode service in Japan, which currently has more than 34 million data subscribers, illustrates the appetite for compelling mobile data services. In Europe the viral uptake of Short Messaging Services (SMS) has demonstrated the huge demand for non-voice services in the market. According to the GSM Association[11], there were over 30 billion SMS messages sent in 2001. Forecasters predict more than a billion wireless users by end of year 2005. Various mobile devices are now designed to help users reach to the servers of service providers and process tasks like stock trading, product purchasing, product information collecting.
This research is supported in part by the Ministry of Communications and Information Technology, Govt. of India, under the grant no. 12(35)/05-IRSD dated 18/Jan/2005
Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE

Payment has evolved from the physical exchange of notes and coins, to writing cheque, through transferring payment card details either in person over the phone or the Internet. This evolution has involved a shift from the physical transference of tangible tokens of value to an exchange of information between parties. In the case of payment cards, this exchange takes place between the consumers bank and the merchants bank over networks managed either by regional payment providers or global card organizations. The emergence of e-commerce has further digitized the payment process, whereby payment details are sent over open networks with no physical contact between the buyer and the seller. The recent development of high-speed mobile data networks has created a new channel for commerce, while more sophisticated mobile devices are enabling the virtual exchange of payment information known as proximity payments. The shift from physical to virtual payments has brought enormous benefits to consumers and merchants. However, it has put extra pressure on payment service providers, including banks, card companies, and mobile operators, to provide robust security and interoperability. The advent of mobile payments has added another layer of complexity through the use of constrained devices with different capabilities and network limitations. Mobile payments, whether executed via a mobile network or a proximity-based protocol, must be subject to the same level of standardization that governs physical payment card use in order to be perceived as familiar and secure. Attempts to introduce proprietary payment schemes on top of the already confusing array of networks, devices, and operating systems, may therefore seriously hinder the growth of this new medium. Mobile payments are many and are somewhat determined by regional differences and individual market dynamics. For example: in Japan, the success of mobile Internet services can be attributed to the high concentration of populations in urban areas, long commute times, consumer comfort with small electronic devices, and the lack of a ubiquitous fixed-line Internet infrastructure. In Europe, mobile top-up for prepaid

phone services is popular. In individual markets in Asia-Pacific, Europe, and the U.S., there is a drive to implement proximity payments in environments such as road-tolling, fast-food drivethrough, and service stations. Despite the regional variations, there is a shared requirement for payment to be secure, interoperable, and easy to use. Mobile payments can be divided into: Micro-payments and Macro-payments. A Micro-payments refers to a payment of approximately $5 ( Indian Rs 200.00) or less, and in the mobile environment this will often be for mobile content provider. Macro-payments refer to larger value payments such as online shopping or proximity-based payments. The distinction between these two types of payment is important since the security required for each will be different. For example, authentication for every macro-payment transaction through a trusted financial entity is extremely important, whereas network authentication may be sufficient for micro-payments that only use the operators infrastructure. Every mobile phone equip with Subscriber Identification Module (SIM) card which is a smart card capable to process task with limited code size and computation power. The processing speed and memory capacity of a SIM is also comparable to the early age of computers. The principal requirements for successful mobile payments are: authentication, confidentiality, data integrity, non-repudiation; interoperability; and usability. The main entities involved in a mobile payment transaction are the user; the network operator; financial institution, and merchant. All share many of the same concerns that need to be addressed in mobile payment system. However, not all concerns are given equal weight by each party. For example: - Consumers are mostly concerned with security, ease of use, and privacy. They also require any payment scheme to work across multiple devices, including mobile phones, PDAs, wireless tablets, and handheld computers. - Mobile operators principal concerns revolve around standardization and interoperability. Operators want payment to be seamless, allowing them to compete on services and applications. - Financial institutions are primarily concerned with ensuring the integrity of the payment system and reducing the risk of fraud. - Merchants or content providers want the payment process to be transparent to the user, as this encourages greater usage and/or tendency to complete a purchase. They also want any payment scheme to facilitate swift and easy completion to ensure they get paid on time. In this paper, we present a secure framework for mobile-tomobile payment system, where mobile phones with or without a SIM can be enabled as EMV (Europay, Mastercard and Visa International [1]) payment instrument linked to a debit and/or credit account in a bank. Using wireless communication, the phone owner can pay any merchants or consumers who have mobile phones or on-line EMV capable terminals. With this versatile payment network, mobile-to-mobile debit and/or credit

transactions through the intended phone owners bank account can be securely done without any terminal infrastructure. This framework saves huge operational load as well as deployment cost as compared to the traditional ATM (automated teller machine) like payment infrastructure. The proposed framework provides the following features: - In a single mobile phone, multiple debit and/or credit accounts from different banks can be configured without compromising security. - The customer/consumer can manage many accounts with a common PIN (Personal Identification Number). This avoids the PIN management burden. - Transaction amount-limit can be managed on phone and the transaction details (typically up to last 100 transactions) stored on SIM. - It provides secure and convenient payment over-the-air and uses PKI (Public Key Infrastructure [2][3]) based digital signatures for non-repudiation of transaction initiator/acceptor. - It provides ubiquitous, instant, anytime payment of utility bills, insurance premium, pre-paid top-ups, payment to vending machines, loyalty points-pool-on-phone etc. - The interoperability between SIM cards and terminals is achieved through Global Platform standards [4]. The rest of the paper is organized as follows. In the next section, we present the proposed framework. In section 3, we show a typical transaction process flow. In section 4, we discuss the security aspects of the framework. We conclude the paper with section 5.

2. Proposed Framework
The core processes for a mobile payment system (MPS) can be generically categorized as follows: - Registration for the payment service - Transact and Authorize Typically, the mobile phone is a device that is sold by a phone company or its agents, and is not packaged with applications such as payments. To use the payment service, a user would likely be needed to perform a registration. Transactions are initiated by a wireless device such as the mobile phone and completed by the presentment of an authorization. Initiation of the transaction may be from a service provider device or from the consumer (individual or business consumer). The authorization confirms the obligations of the transaction, and is typically presented in the following mechanisms - Secure electronic digital signature - Personal Identification Number (PIN) - Presentment of completion of transaction Once the authorization is successfully provided and processed, the presentment of the completion of transaction gives the

Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE

consumer a positive affirmation of the transaction. The receipt is legal proof that the transaction has occurred and obligations tied to it. The receipt may be presented as a virtual digital receipt or a physical hardcopy receipt of transaction. Consumers and service providers must have the ability to re-call from transaction archives references to transaction details. For example, on the mobile phone, consumers will have the ability to review the last n transactions performed. A typical mobile payment system core processes are illustrated below in figure 1. Merchant Merchant Transact Settlement

The payment framework requires a GSM Phase-2+ network [10] to operate (all mobile operators today are Phase-2+) and takes into account both the existing SIM cards (SIM application toolkit capable) and new SIM cards with interoperable operating environment (e.g., Java Card SIMs). The resident applications on the SIM being GSM applet, SIM application toolkit applet and SIM browser environment applet along with scheme specific cryptographic plug-ins. The banks can upgrade their back-end infrastructure to EMV or utilize an intermediary EMV handler offers by the scheme provider such as [6]. The merchant uses PKI for nonrepudiation. The transaction will be cleared and settled through the inter-bank switch like National Financial Switch [7]. Using this framework, multiple GSM/CDMA [8] operators and multiple issuer and acquiring banks will be part of the system. The entire funds flow will be handled through the banking system with proven EMV security and the added layer of GSM/CDMA security for secure communications.

Registration

Mobile Phone Owner

IP/GPPs/ GSM/CDMA

Clearing House

MPS Core Process Figure 1: How Mobile Payment System Works. In the proposed framework, the SIM card of mobile phone can be personalized with multiple applications in two ways. Firstly, in the case of availability of a SIM in the phone, the application is installed into the phone without customizing the phones hardware or software. The only change is made to the SIM software through the use of the SIM application toolkit or a script using existing SIM browsing environment (e.g., WIB, DomB, SIMGo, Celltic). Secondly, in the case of phone without SIM, the application is installed into the phone as J2ME [5] MIDlets or a script using existing phone browsing environment (e.g., WAP). In both cases, the application installation and personalization on the phones SIM will be done over-the-air (OTA). The complete application functionality for the customers payment card is provided on the SIM. The application functionality for the merchants terminal is provided at the back-end, with the phone or a connected Point-of-Sale terminal being used for confirmation of the transaction. The payment framework is shown in Figure 2.
Customer Device O T A I N T E R F A C E E M V System Administration Key Management ME/SIM Profile P K I Application control D A T A P R O V I D E R

3. Transaction Process Flow

In the scenario where the service provider initiates the transaction, for example, in a retail-shopping environment after the goods are handed to the counter staff, the service provider device would be able to communicate through wireless protocols to the consumers device. Similarly, for a consumer-initiated transaction, the consumers wireless device will be able to communicate with a service providers device to establish a handshake. The transaction details are presented to the consumer, stating minimum details such as service provider identifier, transaction amount and currency. The presentment interaction may be voice-based (e.g. for persons who are more comfortable with voice, or for the visually disabled) or visual. In the following, we show a transaction flow initiated by the customer as well as the merchant. A. Customer Initiated Mode (Customer side application) 1. Suppose a customer wants to send a Bank Cheque of Rs.500 to a merchant, whose mobile no. is 9844098440. 2. The customer writes a cheque of no. 45680-146 of Rs.500 and sends it to the merchant through Short Messages Peer to Peer (SMPP) scheme. 3. The scheme SMPP generates a reference no. c236574009 and a receipt for the customer request.

O T A

TCP/IP SMPP GSM / CDMA

Key Management Merchant Management Customer/merchant Mgmt Customer Management Card Life Cycle Manager

Merchant Device

Perso Database

Figure 2. Mobile-to-Mobile payment framework

Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE

O F F L I N E

1. Write Cheque 2. View 3. Counterfoil 4. Order Cheque 5. Inquire Balance 6. Change PIN Select

O F F L I N E

Select Account Bank A- Debit 1 Bank B- Credit 1 Bank B- Credit 2

Select

Details

O F F L I N E

1. Request Pmt. 2. View Receipts 3. Change PIN

Rs.500 ID: 9844098441 O F F L I N E

Select

ID: 9844098440 Pin: ****

O F F L I N E

Confirm Details Merchant ID: 9844098440

Ch.No.45680-146 Rs. 500 Confirm Alter

O F F L I N E

Write Cheque Merchant ID: 9844098440 Checksum 3847 Pin: **** Rs. 500 Deposit O N L I N E

Receipt Ref no.:m236574009 Ch. No.45680-146 Date: 03/03/2005 Rs. 500 OK Info

Please Wait Processing O N L I N E

Please Wait Processing O N L I N E O N L I N E

Receipt Ref. No: c236574009 Ch. No. 45680-146 Date: 03/03/2005 Rs. 500 OK Info

Figure 5. Process flow for merchant initiated mode of merchant side application D. Merchant Initiated Mode (Customer side application) To make the payment, the customer writes a cheque and sends it to the scheme SMPP. For this, the customer needs to enter his scheme PIN. The scheme SMPP generates a receipt and executes the subsection B for the payment.
Please Pay AG & Sons Rs.500 ID: 9844098440 Rs. 500 OK Cancel Select Account Bank A- Debit 1 Bank B- Credit 1 Bank B- Credit 2

Figure 3. Process flow for customer initiated mode of customer side application B. Customer Initiated Mode (Merchant side application) Upon generating the receipt, the SMPP sends a message to the merchant with the payment details for confirmation. If the merchant accepts, the SMPP sends the receipt to both customer and merchant.
Do You Accept? Rs. 500 From: 9844098441 M Thomas M37 O N L I N E O N L I N E Receipt Ref no. m236574009 Ch. No. 45680-146 Date: 03/03/2005

O F F L I N E

O F F L I N E

Select Details

Rs. 500 OK Cancel

OK

Cancel

O N L I N E

Receipt Ref. No: c236574009 Ch. No. 45680-146 Date: 03/03/2005

Rs. 500 OK Info

Figure 4. Process flow for customer initiated mode of merchant side application

O F F L I N E

Write cheque ID: 9844098440 Checksum: 3847

Rs. 500 Pin: *** Deposit

Figure 6. Process flow for merchant initiated mode of customer side application

C. Merchant Initiated Mode (Merchant side application) The merchant of mobile no. 9844098440 sends a message to the customer through the scheme SMPP for a payment request. For this, the merchant enters his scheme PIN. Then, the scheme SMPP generates the receipt and forwards a message to the customer for the payment.

4. Security Analysis
Security is a big concern and challenge in this payment framework. The service provider, scheme provider, consumers and customers must ascertain the end-to-end authorization, data integrity and non-repudiation. GSM provides a basic range of security features to ensure adequate protection for both the operator and customer. Over the lifetime of a system threat and technology change, the security is periodically reviewed and

Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE

changed. The security provider by GSM is well in advance of similar mobile radio systems and should ensure that it remains at the front of the field for some time to come. However it is important that there capabilities are designed in from the start, as they will have an impact on the system requirements. Business cases should show the effect of fraud and the costs of protection. In our proposed framework, the SIM of a phone supports GSM 03.48 [8] security. Further, PKI provides the authorization and non-repudiation properties. The mobile phone will have the capability of a universally usable digital certificate (e.g., X.509 certificate) for signing the transaction. Mainly, the security of the framework caters into the application personalization in a SIM and the transaction level security. The application personalization process is shown in Figure 7. In that figure, SCMS, KMA and KMS denote smart card management system, key management agency and key management system, respectively. The personalization data preparation system prepares phone owner and application specific data into the data format required by the SIM application. The input to the personalization system is typically raw data of phone owner data (e.g., embossing file). The personalization system generates the required keys, calculates values for required fields and formats the data into a format suitable to the personalization device (e.g., OTA application or card printer). All the secret data created in the data preparation process are encrypted under the personalization transport key shared with the personalization device and the data sent to the personalization device is MACed for data integrity.
GSM and EMV STK application personalization Scripts Embossing File Issuing Bank SCMS Data Preparation Scheme KMA KMS Database Server Operator OTA Personalization Device SIM

5. Conclusion
We have presented a secure mobile-to-mobile payment framework, where a mobile phone with or without SIM is enabled as an EMV payment instrument and is linked to a debit or credit account in a bank to pay any merchant who has a mobile phone or an on-line EMV capable terminal. The framework provides secure and convenient payment over-the-air and uses PKI based digital signatures for non-repudiation of transaction initiator/acceptor. Building blocks for secure services and bringing together all the key players in the mobile payment market in a trusted, mutually beneficial environment can create ubiquitous mobile payment system. These building blocks will address and allow for enhanced security, interoperability, simplicity, and low costs of deployment. There is enormous potential for mobile payments as it save huge operational load and also deployment cost, as it does not require any huge investment on terminal infrastructure. The proposed framework can support and process transactions for ecommerce, m-commerce and proximity commerce payments. More broadly, this can further be utilized into remote payments (e.g. Internet, faceless payments, or card-not-present payments) and local payments (over-the-counter payments). The future mobile payment infrastructure should cater to the needs of multiple types of payment methods including: credit card charge card debit card (i.e. local ATM or global debit card) direct debit to bank account account based stored value However, there are considerable hurdles to be overcome before ubiquitous and easy-to-use payment on a mobile device becomes a reality.

6. Acknowledgements
We acknowledge the efforts made by ZERO Multi Application Smart card solution consortium lead by Alittleworld Pvt. Ltd. for several useful discussions on this payment framework. We thank Prof. Deepak B. Phatak and Dr. V. P. Gulati for encouragement to carry out the work.

Figure 7. GSM and EMV STK application Personalization The scheme provider uses X.509 on the merchant SIM for non-repudiation of the transaction. The scheme provider adds EMV specific information to the embossing file including the card master key derived from the issuer master key. The EMV data is securely transmitted through OTA to the customer SIM. The EMV authorization system should proactively monitor EMV transactions to detect fraudulent use of cards and terminals and can make the decision regarding whether to approve or decline the transaction. EMV authorization system validates the authorization cryptogram and clearing messages to assure the validity of the SIM card. Application transaction counter is also useful indicator to identify possible fraudulent transaction.

7. References
[1] Europay, Mastercard and Visa international. Security and Key
Management. http://www.emvco.com. [2] Public Key Infrastructure (X.509). http://www.ietf.org/html.charters/pkix-charter.html. [3] Ashutosh Saxena. Public Key Infrastructure: concepts, design and deployment, Tata McGraw-hill, 2004. [4] Global Platform. http://www.globalplatform.org/ [5] Java 2 Platform, Micro Edition (J2ME). http://java.sun.com/j2me. [6] ZERO-on-Mobile Payment. ZERO: A consortium for Multiapplications Smart Card, http://www.alittleworld.com.

Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE

[7] National Financial Switch. A Giant Leap for the Banking and Financial Sector, Fast Forward Newsletter, vol. 7, no.2 IDRBT, October 2004. [8] GSM. http://www.gsmworld.com/technology/index.shtml. [9] P. Bieber, J. Cazin, P. Girard, J. Lanet, V. Wiels and G. Zanon. Checking secure interactions of smart card applets. Journal of Computer Security, 10, 2002. [10] Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module -Mobile Equipment (SIM-ME) interface (GSM 11.11). European Telecommunications Standards Institute. [11] GSM Association http://www.gsmworld.com/about/index.shtml

Proceedings of the International Conference on Mobile Business (ICMB05) 0-7695-2367-6/05 $20.00 2005 IEEE