Implementation of a MicropaymentSystem for Mobile Devices

Kennzahl J151

Matrikel-Nr.: 9651146

Diplomarbeit

Eingereicht von

Klaus Brosche

am Institut fur

Informationsverarbeitung und Informationswirtschaft,

Abteilung fur Angewandte Informatik

insbesondere Betriebsinformatik

an der WIRTSCHAFTSUNIVERSITAT WIEN

Studienrichtung: Betriebswirtschaft

Begutachter: Ass.Prof.Univ.Doz. Dr. Andreas Geyer-Schulz

Wien, Tag. Monat Jahr

Ehrenwortliche Erklarung

Ich erklare hiermit ehrenwortlich, daß ich diese Diplomarbeit selbststandig ver-faßt, keine anderen als die angegebenen Hilfsmittel und Quellen verwendet, michauch sonst keiner unerlaubten Hilfsmittel bedient und diese Diplomarbeit wederim In- noch im Ausland in irgendeiner Form als Prufungsarbeit vorgelegt habe.

Klaus Brosche Tag. Monat Jahr

Inhaltsverzeichnis

I Part I Theory 1

1 Introduction 2

2 Payment 32.1 Different Kinds of Payment and their Transfer Costs . . . . . . . . 3

2.1.1 cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.1.2 banktransfer . . . . . . . . . . . . . . . . . . . . . . . . . 32.1.3 credit card and Secure Electronic Transaction Protocol . . 32.1.4 ec - card . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3 Micropayment 43.1 What is Micropayment? . . . . . . . . . . . . . . . . . . . . . . . 43.2 Existing Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.2.1 e-cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43.2.2 paybox . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.3 How to avoid Transfer Costs? . . . . . . . . . . . . . . . . . . . . 43.4 Market Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . 4

4 Mobile Devices 54.1 Types of Mobile Devices . . . . . . . . . . . . . . . . . . . . . . 54.2 Special Requirements . . . . . . . . . . . . . . . . . . . . . . . . 54.3 Communication Standards for Mobile Devices . . . . . . . . . . . 5

4.3.1 SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.2 WAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.3 Irda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.4 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.5 GSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.6 GPRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54.3.7 UMTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

4.4 Mobile Security Standards . . . . . . . . . . . . . . . . . . . . . 54.4.1 HBSCI . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3

4.4.2 Wireless Transport Layer Security . . . . . . . . . . . . . 5

5 Smart Cards 65.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65.2 Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

6 Programming Languages 76.1 Java 2 Micro Edition . . . . . . . . . . . . . . . . . . . . . . . . 7

6.1.1 The architecture of J2ME . . . . . . . . . . . . . . . . . . 76.1.2 J2ME profiles . . . . . . . . . . . . . . . . . . . . . . . . 7

6.2 Java 2 ME and its Alternatives . . . . . . . . . . . . . . . . . . . 7

II Part II Practical 8

7 Analysis 9

8 Design 10

9 Prototyping 11

10 Maintainance 12

11 Source Code 13

4

Zusammenfassung

The goal of this dissertation submitted for a diploma is to describe the basics ofmicropayment which are necessary to implement a payment system on a smalldevice like a cellular phone and to write a prototype of such a payment system.It will be devided up into two parts. The first part will handle the theory of micro-payment, like discussing the term and describing existing communication proto-cols, mobile payment and the technologies which are used. The second part willbe the practical one in which i will try to design and implement such a micropay-ment system on a cellular phone as a prototype.

The term micropayment consists of two words. The first one micro describes thevalue of a good which is offered for sale - the amount we are talking about, is inthe range of 1 cent up to 10 euro. Second part of this term is payment. It descri-bes how the payment - we also can say transfer of the amount - is executed. Themain question in this context is: How large are the costs for this transfer and howcan we reduce the transfer costs for a payment transaction to verify that there is amaximum profit for the sale of the good?

To describe the problem of transfer costs i will list the costs for the encashmentof:

� payment on delivery: � 3 euros

� sending an invoice: � 2 euros

� paying by creditcard: 3% of the turnover plus a fixed accounting fee - all inall about 1 euro

� paying by ec-card: � 1 euro

� account debit: � 3 cent but if the payment is refused the cost raise up to 4euros

For example if you buy a cup of coffee in a shop for about 1.50 euro and payit by credit card and deduct the costs for payment the turnover (without transfercosts) for the shopowner will be 50 cent. He still has to deduct the costs for thecoffee, for the rent of the shop, and and and.

This example should ilustrate the need for real micropayment systems which canreduce the transfer costs, provide a maximum of profit and which are as conveni-ent as a credit card and as cheap as cash payment.

As we are already living in a mobile world - for example more than 81% [Wirtschaftskammer, 2002]of the austrian population are mobile phone users - the next step for micropaymentis to combine it with mobile technologies. This idea to combine these two tech-nics is not a new one. Existing mobile payment systems are traditionaly based ona client - server system, where all the status information is situated on the serverside. I personaly think there is a need to break this tradition and try to bring thelogical part of the payment to the client side. For such a system it is possible touse the smart card which is used as SIM card to store the data of the cellular phoneprovider. On this card the whole source code as well as passwords and paymentinformation can be stored.

Existing mobile payment systems work with relativly complex technologies whichmake it rather difficult to use them. Paybox is a german company which usedstrategic partnerships like one whith the ”Deutsche Bank” to build up a paymentsystem, to guarantee a large acceptance of their standard in five countries. As anfirst example the next graph [1] will show the steps which are necessary to run apayment via a mobile phone for buying a good using the paybox system.

2

customer tellsshopassistent phone number

shop calls pay-box center and

submitscustomer data

paybox calls customerto verify the payment

data

customer verifiespayment with password

amount will bepaid via account

debit

Abbildung 1: Payment via Paybox

3

In my opinion this procedure for a simple payment transaction is much toocomplicated. Also the transfer costs of such a payment are very high. The custo-mer hast to pay a yearly fee, the shopkeeper pays 0.25 euro for each transfer orat minimum 5 % of the price. Also the costs for the submitment of the customerdata hast to be paid by the shopowner. This shows that the paybox system was notprimary designed as a micropayment facility. Of course there are not only disad-vantages - one big advantage is the security feature which is offered through itsused complexity.

As shown in the last paragraph existing mobile payment systems are not desi-gned for micropayment and this is why i will try to design and implement a systemwhich does not need a lot of communication with other systems and which willbe easy to use. How could such a system work? The technology will not be acompletly new one. The system will be modelled on the existing ”Quick Chip”technology. Quick Chip has the advantage that it does not need to communicatewith an external system for each payment, contrasting to the payment with an ec-card. This is why the transfer costs are very low and also the yearly fees for theshopholders are lower. The only disadvantage are the security lacks. For exampleif a Quick Chip is lost everybody can use it.

Mostly the mobile services communicate via voice, short message service orwireless application protocol. Why should it not be possible to use existing tech-nologies like the infrared interface? This is what i would like to implement, anopen system which is able to communicate via several interfaces and which offersa little bit more security by using a personal identification number to verify pay-ments. Like the Quick Chip it should only work for small amounts. In future therecould be a combination of existing systems like the paybox for larger amounts(offering large security features) and a mobile micropayment system easy to use.

The implementation will be executed in java2 micro edition which is a program-ming language designed for devices with small storage capabilities and slowercentral processing units. The main advantage of this programming language isthat the code can easyly be transported onto other platforms.

4

Teil I

Part I Theory

1

Kapitel 1

Introduction

2

Kapitel 2

Payment

2.1 Different Kinds of Payment and their TransferCosts

2.1.1 cash

2.1.2 banktransfer

2.1.3 credit card and Secure Electronic Transaction Protocol

2.1.4 ec - card

3

Kapitel 3

Micropayment

3.1 What is Micropayment?

3.2 Existing Systems

3.2.1 e-cash

3.2.2 paybox

3.3 How to avoid Transfer Costs?

3.4 Market Perspectives

4

Kapitel 4

Mobile Devices

4.1 Types of Mobile Devices

4.2 Special Requirements

4.3 Communication Standards for Mobile Devices

4.3.1 SMS

4.3.2 WAP

4.3.3 Irda

4.3.4 Bluetooth

4.3.5 GSM

4.3.6 GPRS

4.3.7 UMTS

4.4 Mobile Security Standards

4.4.1 HBSCI

4.4.2 Wireless Transport Layer Security

5

Kapitel 5

Smart Cards

5.1 Architecture

5.2 Usability

6

Kapitel 6

Programming Languages

6.1 Java 2 Micro Edition

6.1.1 The architecture of J2ME

6.1.2 J2ME profiles

6.2 Java 2 ME and its Alternatives

7

Teil II

Part II Practical

8

Kapitel 7

Analysis

9

Kapitel 8

Design

10

Kapitel 9

Prototyping

11

Kapitel 10

Maintainance

12

Kapitel 11

Source Code

13

Literaturverzeichnis

[Choi et al., 1997] Soon-Yong Choi, Dale O. Stahl, and Andrew B. Whinston.The Economics of Electronic Commerce. Macmillan Technical Publishing, In-dianapolis, IN, 1997.

[Fritz Steimer, 2001] Mike Spinner Fritz Steimer, Iris Maier. mCommerce: Ein-satz und Anwendung von portablen Geraten fur mobilen eCommerce. Businessand Computing. Addison-Weseley, Munchen, 2001.

[Geer and Goss, 2001] Ralf Geer and Roland Goss. m-commerce,Geschaftsmodelle fur das weltweite Internet. Reihe e-business. VerlagModerne Industrie, Landsberg/Lech, 2001.

[Hansmann et al., 2001] Uwe Hansmann, Martin S. Nicklous Lothar Merk and,and Thomas Stober. Pervasive Computing Handbook. Springer, Berlin, Hei-delberg, New York, 2001.

[Hassler, 2001] Vesna Hassler. Security Fundamentals for E-Commerce. Com-puter Security Series. Artech House, Norwood, MA, 2001.

[Schreiber, 2000] Gerhard Andreas Schreiber. Schlusseltechnologie Mobilkom-munikation: mCommerce - das Handy offnet neue Markte. Dt. Wirtschafts-dienst, Koln, 2000.

[White and Hemphill, 2002] James P. White and David A. Hemphill. Java2 Mi-cro Edition. Manning Publications Co, Greenwhich, CT, 2002.

[Wirtschaftskammer, 2002] Osterreich Wirtschaftskammer. Der telekommunika-tionsmarkt in zahlen. 05 2002.

14

[Choi et al., 1997] [Hansmann et al., 2001] [Hassler, 2001] [White and Hemphill, 2002][Geer and Goss, 2001] [Fritz Steimer, 2001] [Schreiber, 2000]

15