Today’s mobile devices are capable of multitude of functionalities. Among many other potential mobile applications, a mobile device can be used for financial services. Due to this fact the field of m-commerce has evolved. One important concern for m-commerce applications is their security. This thesis focuses on security of messages (transaction data) as key to achieve end-to-end security. Security goals and objectives are achieved after identifying different kinds of mobile transactions. Security requirements are identified independent of communication environments and infrastructure.
Proposed solution is based on prevailing standards for different kind of transactions. These standards include ETSI-based secure GSM messages in the form of command and response packets and EMV-based secured command APDUs for credit/debit card transactions. Analysis, design and implementation is done using object oriented approach which also fulfills additional objectives of reusability, extensibility and functional abstraction.
The main result of this thesis is “Generic Message Security Object” which can be used by any mobile application to achieve message security. It can be a Mobile Wallet, chat application or trading application. The implemented solution is incorporated into SAFE™ Mobile Wallet, which demonstrates task fulfillment of this Project.
