Research Article

Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments

by  Amal Saha, Sugata Sanyal
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 108 - Issue 8
Published: December 2014
Authors: Amal Saha, Sugata Sanyal
10.5120/18934-0347
PDF

Amal Saha, Sugata Sanyal . Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments. International Journal of Computer Applications. 108, 8 (December 2014), 32-34. DOI=10.5120/18934-0347

                        @article{ 10.5120/18934-0347,
                        author  = { Amal Saha,Sugata Sanyal },
                        title   = { Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments },
                        journal = { International Journal of Computer Applications },
                        year    = { 2014 },
                        volume  = { 108 },
                        number  = { 8 },
                        pages   = { 32-34 },
                        doi     = { 10.5120/18934-0347 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2014
                        %A Amal Saha
                        %A Sugata Sanyal
                        %T Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments%T 
                        %J International Journal of Computer Applications
                        %V 108
                        %N 8
                        %P 32-34
                        %R 10.5120/18934-0347
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

After discussing the concept of DUKPT based symmetric encryption key management (e. g. , for 3DES) and definition of cloud or remote wallet, the paper analyses applicability of DUKPT to different use cases like mobile banking, NFC payment using EMV contactless card and mobile based EMV card emulation, web browser based transaction and cloud or remote wallet. Cloud wallet is an emerging payment method and is gaining momentum very fast. Anticipating that the wallet product managers and security specialists may face these questions from different stakeholders, the authors have addressed applicability of DUKPT to cloud wallet use case quite elaborately. As per knowledge of the authors, this topic has been analysed and discussed for the first time.

References
  • Use of DUKPT Key Management Scheme in Mobile Banking Product from Gemalto - http://www. gemalto. com/brochures/download/mob_banking_product. pdf
  • http://en. wikipedia. org/wiki/FIPS_140-2#Level_2, NIST publication http://csrc. nist. gov/publications/fips/fips140-2/fips1402. pdf
  • FIPS 140-3 Level 3 certified SIM card proposed by Gemalto to Indian Telecom Regulator TRAI, http://www. trai. gov. in/writereaddata/consultationpaper/document/10gemalto. pdf. FIPS 140-3 is a revision of FIPS 140-2, http://csrc. nist. gov/groups/ST/FIPS140_3/documents/FIPS_140-3%20Final_Draft_2007. pdf
  • Ingenico mobile POS terminal products to enable turn a smartphone into a POS terminal, http://www. ingenico. com/en/products/payment-terminals/mobility/ismp/specs/
  • EMV Contact Payment Specification, http://www. emvco. com/specifications. aspx?id=223
  • EMV Contactless Payment Specification, http://www. emvco. com/specifications. aspx?id=21
  • EMV Mobile Payment Specification, http://www. emvco. com/specifications. aspx?id=22
  • DUKPT first introduced by VISA - http://en. wikipedia. org/wiki/Derived_unique_key_per_transaction
  • Google Wallet - https://www. google. com/wallet/ , http://en. wikipedia. org/wiki/Google_Wallet
  • Secure Element and smart card form factors as per GlobalPlatform, http://globalplatform. org/me-diaguideSE. asp
  • PCI POS PIN Entry Device Security Requirements, https://www. pcisecuritystandards. org/documents/pos_ped_security_requirements. pdf
  • EMVCo Contact Terminal, http://www. emvco. com/approvals. aspx?id=95
  • Animesh Kr Trivedi, Rishi Kapoor, Rajan Arora, Sudip Sanyal and Sugata Sanyal, RISM - Reputation Based Intrusion Detection System for Mobile Ad hoc Networks,Third International Conference on Computers and Devices for Communications, CODEC-06, pp. 234-237. Institute of Radio Physics and Electronics, University of Calcutta, December 18-20, 2006, Kolkata, India
  • Sandipan Dey, Ajith Abraham and Sugata Sanyal "An LSB Data Hiding Technique Using Natural Numbers", IEEE Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIHMSP 2007, Nov 26-28, 2007, Kaohsiung City, Taiwan, IEEE Computer Society press, USA, ISBN 0-7695-2994-1, pp. 473-476, 2007.
  • Ajith Abraham, Ravi Jain, Sugata Sanyal and Sang Yong Han, SCIDS: A Soft Computing Intrusion Detection System,6th International Workshop on Distributed Computing (IWDC-2004), A. Sen et al (Eds. ). Springer Verlag, Germany, Lecture Notes in Computer Science, Vol. 3326. ISBN: 3-540-24076-4, pp. 252-257, 2004.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Derived Unique Key Per Transaction (DUKPT) Cloud or Remote Wallet Payment EMV Contact Payment EMV Contactless Payment EMV mobile card emulation.

Powered by PhDFocusTM