Work done while at Telcordia.
A secure virtual point of service for purchasing digital media content over 3G wireless networks
Article first published online: 2 DEC 2008
Copyright © 2008 John Wiley & Sons, Ltd.
Security and Communication Networks
Special Issue: Secure Multimedia Communication
Volume 1, Issue 6, pages 441–450, November/December 2008
How to Cite
Di Crescenzo, G., Morera, R., Vakil, F. and Varma, V. K. (2008), A secure virtual point of service for purchasing digital media content over 3G wireless networks. Security Comm. Networks, 1: 441–450. doi: 10.1002/sec.71
- Issue published online: 2 DEC 2008
- Article first published online: 2 DEC 2008
- secure digital media content purchase;
- 3G network security;
We propose the notion of a Secure Virtual Point of Service (SVPOS) as a network-centric transaction server that facilitates the enhancement of 3G cell phones with a ‘mobile wallet’ capability allowing 3G subscribers to use their cell phones (or, in fact, other preferred mobile gadgets) for their daily transactions and payments. This paper shows how to design an SVPOS and an associated operator/subscriber/merchant protocol for purchasing digital media content over 3G networks. The resulting protocol guarantees a number of desirable privacy and security properties, such as privacy/anonymity of 3G subscribers (i.e. no identities, credit information or credit card numbers are revealed by subscriber to merchants), and protection of 3G operator, merchant, subscriber against various types of malicious behaviour, including transaction repudiation. The proposed SVPOS is ‘built’ on top of the Hypertext Transfer Protocol (HTTP), utilizes the 3rd Generation Partnership Project (3GPP) Generic Authentication Architecture (GAA) for subscriber and merchant authentication, and has an implicit key distribution mechanism that easily provides necessary encryption keys for the novel non-repudiation mechanism of SVPOS. It also sends the necessary records of the transactions to the accounting entity of the network for charging and billing through standard protocols (e.g. Parlay-X). Copyright © 2008 John Wiley & Sons, Ltd.