Secure Applications for Financial Environments (SAFE) System

Abstract: One of the main trends in the IT field today is to provide more mobility to existing IT based systems and users. With this trend, more and more people are using mobile financial transactions due to a widespread proliferation of mobile phones and wireless technologies. One of the most important concerns with such transactions is their security. The reasons are based on weaknesses of wireless protocols and additional requirements for handling of financial data. These aspects make mobile financial transactions and applications even more vulnerable to fraud and illegal use than similar transactions performed over fixed networks. There are two important aspects related to security in mobile environments. First, security features provided by the communication protocols, such as GSM, SMS, Bluetooth, Mobile Internet, etc. are not adequate. Some security algorithms used by these protocols have even been broken, what requires upper layer applications to provide comprehensive protection in order to compensate the shortcomings of a transportation layer. Second, mobile devices have limited capabilities, limited processing speed, limited storage, etc, so that many security mechanisms are not suitable for mobile environments. Therefore, new, effective, lightweight and flexible security solutions are required. In order to solve these two groups of security issues, in this research we created a service-oriented security infrastructure for mobile financial transactions and applications. Based on this infrastructure, we also designed and implemented a system, which is called SAFE (Secure Applications for Financial Environment), that represents a secure, convenient and reliable large–scale infrastructure for mobile financial transactions. The components of the system are Secure Mobile Wallet and three SAFE servers: Communications (Gateway) Server, IDMS (Identity Management System) Server, and Payment Server. Those core infrastructure components with secure messages exchanged between them provide a number of secure financial services. These services may be used for various types of mobile transactions: m–Banking, m–Commerce, m–Ticketing, m-Parking, m–Loans, etc. all supported by additional Application Services Provider servers, connected to the SAFE security system. This report gives the details of the concept design and current implementation of the SAFE system.