An improved certificate mechanism for transactions using radio frequency identification enabled mobile phone

Abstract

Due to rapid advance of the RFID systems, there is sufficient computing power to implement the encryption and decryption required for the authentication during transactions nowadays. In addition, RFID tags have enough capacity to store the corresponding information. Therefore, RFID enabled credit card can be used to improve the potential security issues occurred while using the traditional credit card, however, the limitation of the production cost of RFID tag, its computing power and storage capacity is limited. Thus, it cannot perform sophisticated computation needed for the authentication mechanism, i.e., security technologies adopted from traditional wireless network cannot be transplanted to the contactless RFID transmission directly. Many solutions have been proposed to improve the RFID security issues raised in the research. Most of these studies assume the communication infrastructure between the RFID reader and the back-end database are based wired enterprise networking environment which is usually defined as the secured communication channel. However, there are many applications that users need to use RFID enabled handheld devices such as mobile phones or PDAs to link with the back-end database via wireless communication protocols like GSM, GPRS or wi-fi. These communication channels are exposed to unsafe environments and the security issues must be taken into account. In this paper, we construct an RFID system based on mobile communication devices such as cellular phones. We propose an effective and secured certificate mechanism using mobile devices as RFID readers together with the credit cards containing RFID tags. The result shows it can improve the existing RFID security issues under the premise of safety, efficiency and compatibility of the EPC network.