CFP last date
20 January 2025
Reseach Article

Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments

by Amal Saha, Sugata Sanyal
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 108 - Number 8
Year of Publication: 2014
Authors: Amal Saha, Sugata Sanyal
10.5120/18934-0347

Amal Saha, Sugata Sanyal . Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments. International Journal of Computer Applications. 108, 8 ( December 2014), 32-34. DOI=10.5120/18934-0347

@article{ 10.5120/18934-0347,
author = { Amal Saha, Sugata Sanyal },
title = { Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments },
journal = { International Journal of Computer Applications },
issue_date = { December 2014 },
volume = { 108 },
number = { 8 },
month = { December },
year = { 2014 },
issn = { 0975-8887 },
pages = { 32-34 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume108/number8/18934-0347/ },
doi = { 10.5120/18934-0347 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:42:29.328568+05:30
%A Amal Saha
%A Sugata Sanyal
%T Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments
%J International Journal of Computer Applications
%@ 0975-8887
%V 108
%N 8
%P 32-34
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

After discussing the concept of DUKPT based symmetric encryption key management (e. g. , for 3DES) and definition of cloud or remote wallet, the paper analyses applicability of DUKPT to different use cases like mobile banking, NFC payment using EMV contactless card and mobile based EMV card emulation, web browser based transaction and cloud or remote wallet. Cloud wallet is an emerging payment method and is gaining momentum very fast. Anticipating that the wallet product managers and security specialists may face these questions from different stakeholders, the authors have addressed applicability of DUKPT to cloud wallet use case quite elaborately. As per knowledge of the authors, this topic has been analysed and discussed for the first time.

References
  1. Use of DUKPT Key Management Scheme in Mobile Banking Product from Gemalto - http://www. gemalto. com/brochures/download/mob_banking_product. pdf
  2. http://en. wikipedia. org/wiki/FIPS_140-2#Level_2, NIST publication http://csrc. nist. gov/publications/fips/fips140-2/fips1402. pdf
  3. FIPS 140-3 Level 3 certified SIM card proposed by Gemalto to Indian Telecom Regulator TRAI, http://www. trai. gov. in/writereaddata/consultationpaper/document/10gemalto. pdf. FIPS 140-3 is a revision of FIPS 140-2, http://csrc. nist. gov/groups/ST/FIPS140_3/documents/FIPS_140-3%20Final_Draft_2007. pdf
  4. Ingenico mobile POS terminal products to enable turn a smartphone into a POS terminal, http://www. ingenico. com/en/products/payment-terminals/mobility/ismp/specs/
  5. EMV Contact Payment Specification, http://www. emvco. com/specifications. aspx?id=223
  6. EMV Contactless Payment Specification, http://www. emvco. com/specifications. aspx?id=21
  7. EMV Mobile Payment Specification, http://www. emvco. com/specifications. aspx?id=22
  8. DUKPT first introduced by VISA - http://en. wikipedia. org/wiki/Derived_unique_key_per_transaction
  9. Google Wallet - https://www. google. com/wallet/ , http://en. wikipedia. org/wiki/Google_Wallet
  10. Secure Element and smart card form factors as per GlobalPlatform, http://globalplatform. org/me-diaguideSE. asp
  11. PCI POS PIN Entry Device Security Requirements, https://www. pcisecuritystandards. org/documents/pos_ped_security_requirements. pdf
  12. EMVCo Contact Terminal, http://www. emvco. com/approvals. aspx?id=95
  13. Animesh Kr Trivedi, Rishi Kapoor, Rajan Arora, Sudip Sanyal and Sugata Sanyal, RISM - Reputation Based Intrusion Detection System for Mobile Ad hoc Networks,Third International Conference on Computers and Devices for Communications, CODEC-06, pp. 234-237. Institute of Radio Physics and Electronics, University of Calcutta, December 18-20, 2006, Kolkata, India
  14. Sandipan Dey, Ajith Abraham and Sugata Sanyal "An LSB Data Hiding Technique Using Natural Numbers", IEEE Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIHMSP 2007, Nov 26-28, 2007, Kaohsiung City, Taiwan, IEEE Computer Society press, USA, ISBN 0-7695-2994-1, pp. 473-476, 2007.
  15. Ajith Abraham, Ravi Jain, Sugata Sanyal and Sang Yong Han, SCIDS: A Soft Computing Intrusion Detection System,6th International Workshop on Distributed Computing (IWDC-2004), A. Sen et al (Eds. ). Springer Verlag, Germany, Lecture Notes in Computer Science, Vol. 3326. ISBN: 3-540-24076-4, pp. 252-257, 2004.
Index Terms

Computer Science
Information Sciences

Keywords

Derived Unique Key Per Transaction (DUKPT) Cloud or Remote Wallet Payment EMV Contact Payment EMV Contactless Payment EMV mobile card emulation.