1.1 Overview
Mobile communications have grown rapidly in the past ten years. For example, the penetration rate of mobile phones is over 100% in Taiwan, i.e., many people have more than one mobile phone. The total number of mobile phones has outnumbered that of personal computers worldwide. In addition to mobile telephone service, mobile network operators have also been promoting mobile data service, such SMS (Short Message Service) and GPRS (General Packet Radio Service). Mobile network operators expect mobile data service can be the next big wave. For now, mobile data service is still at the initial stage with limited success.
The DoCoMo i-mode service and the number of short messages transmitted worldwide have increased exponentially. The highly promoted mobile service based on WAP (Wireless Access Protocol) does not realize because of the long transmission delay.
Mobile phones have become personal goods that every person owns. In addition to providing telephone communications at any place, anytime, mobile users in Europe can use mobile phones to buy soft drink from a vending machine, and pay parking fee or gasoline charge. Mobile network operators have a large base of subscribers and a well functioning charging and billing system; they hold the upper hand on making mobile phones as the payment tool for mobile commerce. Mobile network operators can be the banks in mobile commerce. From the user’s viewpoints, using mobile phones as a mobile payment tool offers the following advantages: ubiquity, security, localization, convenience, and personalization.
However, mobile phones also have limitations, such as limited memory capacity and computation power.
Mobile payment is an extension of electronic payment; at present, there are more than
one hundred of electronic payment schemes. Electronic payments can be classified into credit type and debit type payments. The debit type includes electronic cash, electronic check, and bank transfer, etc. Since cash must be deposited in advance, the debit type payments are similar to prepaid accounts in mobile networks. On the other hand, the credit type electronic payments are similar to postpaid accounts; both receive and pay monthly bills.
In the future, more mobile devices, such as mobile phones, Personal Digital Assistant (PDA) etc., will be used to make a the payment. If we use devices equipped with SIM/USIM cards, we can have a general mobile payment scenario to do the mobile commerce under the Third Generation (3G) UMTS (Universal Mobile Telephone Service) security architecture [10]. UMTS is a 3G Mobile System developed by ETSI
This thesis is organized as follows. The remaining of this chapter describes the motivation behind anonymous mobile payment solutions. Chapter 2 presents authentication method, charging principles of 3G UMTS and mobile payment concept. Chapter 3 looks at the anonymous mobile payment in the architecture of our solution. The fourth chapter presents how the system is implemented. The final chapter gives conclusions and describes future work.
1.2 Motivation
Important issues that must be considered in electronic payment include the amount of the payment, anonymity, security, and on-line or off-line validation. Electronic payments should protect the customer’s privacy, just as the merchants do not know the identity of a customer in a cash transaction. The security issues of electronic payment include integrity, authentication, authorization, confidentiality, availability, and reliability. The security issues described above require cryptographic technologies. For electronic payments using off-line verification, no
third party is involved besides the merchant and the customer. On the other hand, for those using on-line verification, a trusted third party, such as a bank or a network operator, is involved. On-line verification needs more messages exchanged, but can prevent the users from double spending.
Current mobile phone users can buy goods by dialing a premium-rate number; network operators charged the users based on the number dialed. For example, using the Mobile Pay provided by Sonera [1], a mobile user dials the number displayed on a vending machine to buy goods from it. Moreover, mobile handsets are used to authenticate the users and to obtain authorization from the user for a payment. Movilpago, Spain, provides merchants terminals, through which a customer’s mobile phone number and the code of the purchased goods are input. The customer’s handset will show the price and the description of the goods. After the customer enters his or her PIN to the handset, the network operator sends transaction confirmation messages to both the merchant and the customer. Paybox and GiSMo [1] use similar scheme to support mobile commerce.
The mobile commerce examples described above are based on the telephone number of a user to ensure a limited level of user authentication. MobilePay and MobileSmart use the caller identity information provided in the IN. Movilpago, Payboxand GiSMo the callee identity. Each transaction requires at least one phone call connected, or one short message transferred. The mobile network of next generation will be an all-IP network. User authentication based on the caller or callee ID is inadequate for the dynamic mobile commerce. Neither the anonymity requirement for mobile commerce is satisfied by current solutions, since the phone number of the customer is revealed to the merchants. Another limitation of the mobile commerce schemes above is that a mobile user can only purchase goods or value-added service from merchants who have signed contracts with the network operator. Due to the rapid development of wireless LANs, in the near future, there may be numerous independent small wireless networks based on 802.11 wireless LAN. In the
independent small networks, value-added services, such as printers, can be provided. To enable a mobile user to buy any products or obtain any service, in any networks, from any merchants (contracted or non-contracted) is an important issue.
The goal of this thesis is to design a charging and payment gateway and an AAA server for mobile networks to enable mobile users to purchase value-added service and goods using their mobile phones. The existing user authentication mechanism of mobile networks is reused for this mobile payment, and the VASP (value-added service provider) or merchant is paid by the network operators, which in turn charge the users for the transactions. Both postpaid users and prepaid users are supported. Moreover, the third parties can be involved through the charging and payment gateway.
1.3 Related work
Payment for mobile network usage can be classified into two categories: postpaid and prepaid. For a postpaid user, the CDRs (call detail records) generated by the mobile switches for each phone call are used to produce the monthly bills. A CDR [5] contains the information of a phone call, including the calling party, the called party, the date and time, the duration, the types of the call, etc. The CDR of a mobile phone call includes additional information, such as location area, cell ID, radio channel and the IMEI (International Mobile Equipment Identity). An MSC sends the CDRs in batch, usually during the off-peak hours, to a central CDR database. The billing system retrieves the CDR database, rates each call and generates the monthly bills for the subscribers.
The charging and billing of mobile data network, such as GPRS network, and its value-added services are based one the extensions of current CDR system. Take GPRS for example, the nodes of GPRS core network, SGSN and GGSN, generate mobility management
CDR (M-CDR records user location), SGSN CDR (S-CDR records radio channel usage and QoS) and GGSN CDR (G-CDR records the data volume with external IP network) [5]. The CDRs are relayed by the CGF (Charging Gateway Function) [5] to the billing system. In addition, 3G UMTS define even more types of CDRs to support the charging and billing system.
There are four approaches to provide mobile prepaid service: hot billing, service node, IN (Intelligent Network) and handset-based. The hot billing and the handset-based approaches provide solutions without major changes to the network infrastructure. Intelligent network solution offers real time rating and real time call control, but is not widely deployed today.
The service node approach, which utilizes extra voice circuits and switching resources for prepaid calls, provides a variant to the intelligent network solution. The mobile data networks, GPRS and UMTS, extend the IN approach to support prepaid services. The ETSI have defined CAMEL (Customized Application for Mobile Enhanced Logic) phase 3 for service control of short messages and packet data.
1.4 Summary
In this thesis, it provides a few basics about mobile payment and charging principles for the 3G Networks. And finally, some payment solutions will be offered that can strengthen the 3G charging principles. In this mechanism, the architecture does not use special hardware or modify the architecture of 3G UMTS networks that the specification has defined. These allow users to issue the payment for their purchase or content downloading and keep their privacy.
By using the 3G UMTS security, it provides the network access security to users with secure access to 3G services.