• secure digital media content purchase;
  • 3G network security;
  • security;
  • cryptography


We propose the notion of a Secure Virtual Point of Service (SVPOS) as a network-centric transaction server that facilitates the enhancement of 3G cell phones with a ‘mobile wallet’ capability allowing 3G subscribers to use their cell phones (or, in fact, other preferred mobile gadgets) for their daily transactions and payments. This paper shows how to design an SVPOS and an associated operator/subscriber/merchant protocol for purchasing digital media content over 3G networks. The resulting protocol guarantees a number of desirable privacy and security properties, such as privacy/anonymity of 3G subscribers (i.e. no identities, credit information or credit card numbers are revealed by subscriber to merchants), and protection of 3G operator, merchant, subscriber against various types of malicious behaviour, including transaction repudiation. The proposed SVPOS is ‘built’ on top of the Hypertext Transfer Protocol (HTTP), utilizes the 3rd Generation Partnership Project (3GPP) Generic Authentication Architecture (GAA) for subscriber and merchant authentication, and has an implicit key distribution mechanism that easily provides necessary encryption keys for the novel non-repudiation mechanism of SVPOS. It also sends the necessary records of the transactions to the accounting entity of the network for charging and billing through standard protocols (e.g. Parlay-X). Copyright © 2008 John Wiley & Sons, Ltd.