Abstract:
Acceleration in Smartphones technology is overpowering everything; it has ascended as a prerequisite for every other technology that has come or yet to come, every utility is been revamping itself as a compatibility to smartphones, it is becoming a one-for-all device that handles routine life matters education, health, shopping everything. One of the essential and critical human is daily routine financial transactions involving sellers, buyers, third parties and most notably our money. Many protocols are designed for mobile platforms to deal with the financial transactions which involve hardware tokens like credit cards which are not secure anymore. Growth of smartphones also leads to increased vulnerabilities if not properly tested which raises a big question about the defence capability of smartphones to protect user’s data. In this paper we propose a secure payment protocol for smartphones to take care of transactions involved in daily routine without using any hardware token. It involves bank as a transparent entity but seller and buyer customarily rely on a payment gateway to mark a successful transaction. The suggested protocol uses symmetric keys, certificates, and two-factor authentication to make protocol safe and to prove the secrecy and authentication properties the protocol is formally verified by AVISPA.
