Abstract:
This paper introduces a new secure hybrid payment system in KSA that enables people to pay their bills, recharge their mobiles, as well as transfer balance using secure SMS messages. The proposed system implements a flexible and scalable architecture that has three main components: Customer, bank, and provider. The system is called hybrid because it combines two transmission media, SMS messages and the Internet. The SMS messages are used between the customer and the bank components while the Internet is used between the bank and provider components. Also the SMS messages can be used between the provider and the customer components. When a customer gets notified about his/her bill, he/she makes a payment request to the bank through a secure SMS message. The system supports both prepaid and post-paid payments. In prepaid, customers initiate payment requests with the desired amount while in post-paid, customers respond for payment notifications. Unlike current SMS-based mobile payment systems in which mobile operators are involved in transactions as a payment gateway, our system provides end-to-end secure transaction. Accordingly, the proposed system provides algorithms for key generation and distribution, confidentiality, integrity, authentication, non-repudiation, and protection against replay attacks. To complete the system, an android application called PayingSMS is developed to enable customers make their payment requests in an easy and secure environment. Finally, the security analysis of the proposed system is discussed