This document provides an overview of the requirements for developing a mobile banking system. It describes the key components of mobile banking including the business mediation server, bank secure platform, and security modules. The purpose is to allow customers to perform banking activities such as checking balances and making payments using their mobile phones. The system aims to extend financial access to underserved populations through a familiar technology. It defines important terms and references design documents and standards that will be used in developing the mobile banking software requirements specification.
This document provides an overview of the requirements for developing a mobile banking system. It describes the key components of mobile banking including the business mediation server, bank secure platform, and security modules. The purpose is to allow customers to perform banking activities such as checking balances and making payments using their mobile phones. The system aims to extend financial access to underserved populations through a familiar technology. It defines important terms and references design documents and standards that will be used in developing the mobile banking software requirements specification.
This document provides an overview of the requirements for developing a mobile banking system. It describes the key components of mobile banking including the business mediation server, bank secure platform, and security modules. The purpose is to allow customers to perform banking activities such as checking balances and making payments using their mobile phones. The system aims to extend financial access to underserved populations through a familiar technology. It defines important terms and references design documents and standards that will be used in developing the mobile banking software requirements specification.
Team Members: Chanchal Garg Anju Khandelwal Project Guide:
INDEX 1. Introduction 1.1 Objective 05 1.2 Purpose 05 1.3 A Mobile Banking Conceptual Model 0 1.! "e#initions and Abbreviations 0$ 1.5 %e#erences 0& 1. Overvie' 0& 1.$ (ools to be used 12 1.) (ec*nologies to be used 13 2. Overall Description 2.1 Product Perspective 1! 2.2 +et'ork Con#iguration 1$ 2.3 ,o#t'are -eatures 1) 2.! ,ervice Overvie' 20 2.5 Bene#its 20 2. .nter#aces and Protocols 22 3. Security, Operation and Maintenance 3.1 ,calabilit/ 23 3.2 0nd1to1end ,ecurit/ 23 3.3 ,ecurit/ and Con#identialit/ o# in#or2ation 2! 3.! ,trong 21-actor Aut*entication 25 3.5 "ata .ntegrit/ 25 3. +on1%epudiation 25 3.$ Cr/ptograp*ic Operations 2 3.) (ransaction -lo' 2$ 3.& Operating ,/ste2 %e3uire2ents 2) 3.10 Operation and Maintenance 2& 1. .ntroduction4
Mobile bankin 5also kno'n as M1Banking or ,M, Banking6 is a ter2 used #or per#or2ing balance c*ecks7 account transactions7 pa/2ents7 credit applications and ot*er banking transactions t*roug* a 2obile device suc* as a 2obile p*one or Personal "igital Assistant 5P"A6. (*e earliest 2obile banking services 'ere o##ered over ,M,. 8it* t*e introduction o# t*e #irst pri2itive s2art p*ones 'it* 8AP support enabling t*e use o# t*e 2obile 'eb in 1&&&7 t*e #irst 0uropean banks started to o##er 2obile banking on t*is plat#or2 to t*eir custo2ers. Mobile banking *as until recentl/ 520106 2ost o#ten been per#or2ed via ,M, or t*e Mobile 8eb. Apple9s initial success 'it* .1P*one and t*e rapid gro't* o# p*ones based on :oogle9s Android 5operating s/ste26 *ave led to increasing use o# special client progra2s7 called apps7 do'nloaded to t*e 2obile device. Mobile p*one usage *as spread in a ver/ broad 2anner7 beco2ing t*e #irst co22unications tec*nolog/ to *ave 2ore users in developing countries t*an in developed ones. 8it* 2obile co22unications alread/ as a pri2e case #or leap#rogging traditional in#rastructure7 2obile banking 5M1Banking6 *as great potential #or e;tending t*e provision o# #inancial services to unbanked people t*roug* a tec*nolog/ t*at is bot* #a2iliar and 'idespread. 1.1 Ob!ective" (*is project is ai2ed at developing 2obile banking s/ste2 t*at allo's bank custo2er to use t*eir 2obile p*one to do banking7 pa/ing Bills etc. (*e objective o# t*is concept note is to 2ake t*e case t*at 2obile pa/2ent s/ste2s 2erit #urt*er e;ploration #ro2 t*e M.- as a #irst step to'ards e;tending access to #inancial services to t*e poor and t*ose living in re2ote areas. 1.2 Purpose4 (*e 2ain purpose o# t*is docu2ent is to s*o' t*e re3uire2ents o# t*e project #$%ankin. (*e purpose o# So&t'are (e)uire#ents Speci&ication *S(S+ docu2ent is to describe t*e bene#its associated 'it* M1Banking and increased access to better7 lo' cost #inancial services #or t*e currentl/ unbanked population include4 easier and sa#er cas* *andling7 allo'ing #or t*e possibilit/ o# investing in asset creation or inco2e1 generating activities< reduced vulnerabilit/ to cas* #lo' s*ocks< and in general7 stronger econo2ies b/ encouraging trade and 2arkets. .t also describes t*e design constraints t*at are to be considered '*en t*e s/ste2 is to be designed7 and ot*er #actors necessar/ to provide a co2plete and co2pre*ensive description o# t*e re3uire2ents #or t*e so#t'are. (*e ,o#t'are %e3uire2ents ,peci#ication 5,%,6 captures t*e co2plete so#t'are re3uire2ents #or t*e s/ste27 or a portion o# t*e s/ste2. %e3uire2ents described in t*is docu2ent are derived #ro2 t*e =ision "ocu2ent prepared #or t*e 21Banking. 1.3 A Mobile Banking Conceptual Model4 .n one acade2ic 2odel7 2obile banking is de#ined as4 Mobile Banking re#ers to provision and avail2ent o# banking1 and #inancial services 'it* t*e *elp o# 2obile teleco22unication devices. (*e scope o# o##ered services 2a/ include #acilities to conduct bank and stock 2arket transactions7 to ad2inister accounts and to access custo2i>ed in#or2ation. According to t*is 2odel Mobile Banking can be said to consist o# t*ree inter1related concepts4 Mobile Accounting Mobile Brokerage Mobile -inancial .n#or2ation ,ervices Most services in t*e categories designated Accounting and Brokerage are transaction1 based. (*e non1transaction1based services o# an in#or2ational nature are *o'ever essential #or conducting transactions 1 #or instance7 balance in3uiries 2ig*t be needed be#ore co22itting a 2one/ re2ittance. (*e accounting and brokerage services are t*ere#ore o##ered invariabl/ in co2bination 'it* in#or2ation services. .n#or2ation services7 on t*e ot*er *and7 2a/ be o##ered as an independent 2odule. 1.! "e#initions and Abbreviations4 D%24 "B2 "atabase is t*e database 2anage2ent s/ste2 t*at delivers a #le;ible and cost1 e##ective database plat#or2 to build robust on de2and business applications. ,ersonal details" "etails o# custo2er suc* as userna2e7 co2pan/7 p*one nu2ber7 address7 'ebsite7 e1 2ail address etc. -I%" A 2obile bro'ser7 also called a 2icro bro'ser7 2inibro'ser7 or 'ireless internet bro'ser 58.B67 is a 'eb bro'ser designed #or use on a 2obile device suc* as a 2obile p*one or P"A. Mobile bro'sers are opti2i>ed so as to displa/ 8eb content 2ost e##ectivel/ #or s2all screens on portable devices. Mobile bro'ser so#t'are 2ust be s2all and e##icient to acco22odate t*e lo' 2e2or/ capacit/ and lo'1band'idt* o# 'ireless *and*eld devices. ./M0" ?/perte;t Markup @anguage is a 2arkup language used to design static 'eb pages. .//," ?/per te;t (rans#er Protocol is a transaction oriented clientAserver protocol bet'een 'eb bro'ser B a 8eb ,erver. 1SM" :lobal ,/ste2 #or Mobile (eleco22unications I22$ID" .ntegrated Circuit5s6 Card C .denti#ier7 kno'n as t*e ,.M card .denti#ier .SM" ?ost ,ecurit/ Module. %S," Banking ,ervice Plat#or2 %MS" Bank Mediation ,erver 3DES" (riple "ata 0ncr/ption ,tandard /2,3I," (rans2ission Control ProtocolA.nternet Protocol7 t*e suite o# co22unication protocols used to connect *osts on t*e .nternet. (CPA.P uses several protocols7 t*e t'o 2ain ones being (CP and .P. 1.5 %e#erences4
.000 ,%, -or2at. Proble2 "e#inition 5Provided b/ .BM6. DM@ so#t'are #or DM@ diagra2s. 1. Overvie'4 Mobile %ankin 2o#ponents" Mobile Banking is enabled in t*e 2obile p*one t*roug* a secure applet located in t*e enduserEs ,.M card. ,ecure trans#ers over t*e 'ireless net'ork and #inancial transaction processing are 2anaged b/ t*e ,.M card and a distributed plat#or27 deplo/ed at t*e 2obile operatorEs site and at t*e #inancial institution. (*e plat#or2 includes t*e #ollo'ing co2ponents4 t*e Business Mediation ,erver7 t*e Bank ,ecure Plat#or2 and t*e ?ost ,ecurit/ Module. Additionall/7 an adaptor 2a/ be re3uired to enable co22unication over non1standard inter#aces to bank s/ste2s. %usiness Mediation Server 5BM,6 on t*e operatorEs side7 t*e BM, ensures co22unication bet'een 2obile subscribers and #inancial institutions7 and routes 2obile banking transactions e;c*anged bet'een t*e ,.M card in t*e 2obile userEs p*one and t*e B,P at t*e userEs bank. (*e BM,4 %eceives subscribersE 2obile banking re3uests7 interprets t*e27 #or2ats and #or'ard t*e re3uests to t*e subscribersE bank #or processing. Maintains t*e status o# t*e re3uests. @ogs transaction results #or auditing and billing purposes. %eceives t*e bankEs responses and sends t*e2 to t*e ,.M. Maintains t*e list o# #inancial institutions available on t*at operatorEs services. %ank Secure ,lat&or# 5B,P6 on t*e #inancial institution side7 t*e B,P *andles transactions bet'een 2obile users and t*e bankEs s/ste2s. More speci#icall/7 t*e B,P4 -acilitates co22unication bet'een bank s/ste2s and end1users. ?osts response te2plates 5pages6 Aut*enticates 2obile custo2ers. Maintains connectivit/ bet'een t*e 'ireless teleco2 'orld and t*e banking environ2ent. 0nsures t*at #inancial transactions and custo2er data are secure7 using t*e services o# t*e ?ost ,ecurit/ Module7 .ost Security Module *.SM6 (*e ?,M7 a ta2per1proo# *ard'are co2ponent7 provides state1o#1t*e1art cr/ptograp*ic #unctions to t*e B,P. Dpon receiving a re3uest #ro2 t*e B,P7 it per#or2s cr/ptograp*ic operations7 generating transaction ke/s7 encr/pting and decr/pting sensitive in#or2ation. (*e ?,M also 2anages t*e cr/ptograp*ic ke/s used to secure 2obile #inancial transactions. (*e ?,M is #urt*er en*anced 'it* t*e Mobile ,*ield #ir2'are #or secure business transactions.(*e Adaptor7 re3uired onl/ '*en non1standard inter#aces to t*e bank s/ste2s are used7 is a custo2i>able 2odule t*at translates 2essages to and #ro2 t*e #or2at used b/ t*e bankEs back1end. (*e Adaptor sea2lessl/ insulates t*e B,P #ro2 t*e speci#ics o# t*e bank s/ste2sE inter#aces. ,everal operator1o'ned 2odules also participate in delivering t*e Mobile Banking #unctionalities4 @in3Ds Online ,ervice :ate'a/ 5O,:6 *elps operators to o##er ,.M card1based services to t*eir subscribers b/ connecting t*e2 to re2ote content in a session 2ode. .n t*e conte;t o# 2obile banking7 O,: rela/s 2obile banking 2essages bet'een t*e 2obile p*one and t*e BM, and translates t*e2 #ro2 ,M, to ?((P #or2at. @in3Ds Over1(*e1Air 5O(A6 Manager is an optional co2ponent t*at o##ers operators t*e convenience o# re2otel/ provisioning and 2anaging ,.M cards. A ,*ort Message ,ervice Center 5,M,C67 a standard :,M net'ork ele2ent7 delivers ,M, 2essages. 1.4 /ools to be used" D%2 5 "atabase E20I,SE 5 "evelop2ent (ool (6/ION60 (OSE 5 "esign (ool -6S 58eb ,erver 72EE 5 Application Arc*itecture 72ME 5 Mobile Application Arc*itecture 1.8 /ec9noloies to be used" 72ME" F2M0 stands #or Fava 27 Micro 0dition. .t is a stripped1do'n version o# Fava targeted at devices '*ic* *ave li2ited processing po'er and storage capabilities and inter2ittent or #airl/ lo'1band'idt* net'ork connections. (*ese include 2obile p*ones7 pagers7 'ireless devices and set1top bo;es a2ong ot*ers. -E% 2.:" (*e ter2 -eb 2.: is associated 'it* 'eb applications t*at #acilitate participator/ in#or2ation s*aring7 interoperabilit/7 user1centered design7 and collaboration on t*e 8orld 8ide 8eb. 0;a2ples o# 8eb 2.0 include social net'orking sites7 blogs7 'ikis7 video s*aring sites7 *osted services and 'eb applications XM0"
E;tensible Markup 0anuae 5XM06 is a 2arkup language t*at de#ines a set o# rules #or encoding docu2ents in a #or2at t*at is bot* *u2an1readable and 2ac*ine1 readable. .t is de#ined in t*e GM@ 1.0 ,peci#ication
produced b/ t*e 83C7 and several ot*er related speci#ications7 all gratis open standards. 72EE" 7ava 2 Enterprise Edition is a progra22ing plat#or2 part o# t*e Fava Plat#or2 #or developing and running distributed 2ultitier arc*itecture Fava applications7 based largel/ on 2odular so#t'are co2ponents running on an application server. <M0" Dni#ied Modeling @anguage 5<M06 is a standardi>ed general1purpose 2odeling language in t*e #ield o# object1oriented so#t'are engineering. 676X" AFAG is a group o# interrelated 'eb develop2ent 2et*ods used on t*e client1side to create as/nc*ronous 'eb applications. 8it* Aja;7 'eb applications can send data to7 and retrieve data #ro27 a server as/nc*ronousl/ 5in t*e background6 'it*out inter#ering 'it* t*e displa/ and be*avior o# t*e e;isting page. 2.(*e Overall "escription4 2.1 Product Perspective4 Mobile Banking o##er is a co2plete #inancial services solution #or 2obile operators and #inancial institutions. .t includes a secure ,.M applet and a distributed transactional plat#or2 t*at provide secure access #ro2 a 2obile p*one to 2obile banking7 2obile pa/2ent and 2obile 2one/ trans#er services.(*e ,ecure Applet is pre1installed on t*e ,.M card7 readil/ available to t*e end1user. (*is applet *andles4 "ispla/ing appropriate 2enus processing user responses. ,ending and receiving transaction 2essages. 0ncr/pting and decr/pting sensitive in#or2ation. Managing transaction securit/ and con#identialit/. Dsing 21Banking ,o#t'are t*e e##ectiveness o# Bank7 bank e2plo/ees and 21Banking so#t'are users can be developed. (*e 21Banking so#t'are provides no. o# 'a/s #or being connecting to t*e Bank. (*ese 'a/s includes "eposit7 'it*dra'7 pa/2ents o# bills7 balance c*ecking and 2obile rec*arge t*roug* t*e use o# 2obile p*ones. (*e co2plete overvie' o# t*e s/ste2 is as s*o'n in t*e overvie' diagra2 belo'4 (*e 'eb pages 5G?(M@AF,P6 are present to provide t*e user inter#ace on user side. Co22unication bet'een client and server is provided t*roug* ?((PA?((P, protocols. (*e client ,o#t'are is to provide t*e user inter#ace on s/ste2 user client side and #or t*is (CPA.P protocols are used. On t*e server side 'eb server is #or 0FB and database server is #or storing t*e in#or2ation. 2.2 +et'ork Con#iguration 4 Mobile Banking7 an operator can provide t*e service to subscribers t*at *ave bank accounts 'it* di##erent #inancial institutions. A bank can also c*oose to 'ork 'it* several operators7 to provide 2obile banking services to its custo2ers7 independentl/ o# t*eir 2obile service provider. .t is also possible #or several banks 'it* lig*t 2obile banking tra##ic to s*are a %ank Secure ,lat&or#. (*e ,.M card sends Mobile Banking re3uests using ,M, 5,H( protocol6 2essages. O,: translates t*ese 2essages into ?((P re3uests be#ore sending t*e2 to t*e %MS 5Business Mediation ,erver6. (*e %MS 5Bank ,ecure Plat#or26 #or'ards t*e ?((P re3uests to t*e B,P o# t*e selected bank. (*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations. (*e B,P co22unicates 'it* t*e bankEs s/ste2s7 possibl/ t*roug* an adaptor7 using a series o# 'eb services. (*e bank s/ste2 5or adaptor6 responds. B,P cip*ers t*e necessar/ in#or2ation 5using t*e ?,M6 be#ore proceeding. (*e B,P #or'ards and #or2ats t*e response and t*en sends it to t*e BM, (*e BM, sends t*e response to t*e O,:. O,: co2piles t*e response and sends it to t*e ,.M using t*e ,M, c*annel. 2.3 ,o#t'are #eatures4 8it* Mobile Banking 2obile users can per#or2 t*e #ollo'ing banking operations4 ,ubscribe to t*e 2obile banking service at t*eir #inancial institution7 and cancel t*eir subscription at an/ ti2e. Add or re2ove a bank account #ro2 a list o# available accounts 2anaged t*roug* 2obile banking. ,i2ulate transactions in order to tr/ t*e s/ste2. =eri#/ t*e balance o# t*eir bank accounts. =ie' t*e 2ost recent transactions on t*eir bank accounts. accounts 2anaged t*roug* 2obile banking. Appl/ #or and pa/ o## a credit line. C*eck t*e a2ount o# credit available on t*eir credit cards. Obtain cas* advances on t*eir credit cards. C*eck t*e balance o# t*eir credit card accounts. Pa/ t*eir credit card accounts. %ec*arge t*eir pre1paid 2obile accounts. Pa/ utilit/ bills7 suc* as electricit/7 .nternet and 2obile subscriptions7 or an/ ot*er bill t*at can be registered 'it* t*e #inancial institution. Pa/ ot*er services t*roug* re#erence nu2bers #ound on t*e bills. 2.! ,ervice Overvie'4 Mobile Banking provides 2obile users 'it* eas/ and secure access to #inancial operations #ro2 t*eir 2obile p*ones 2! *ours a da/7 $ da/s a 'eek. 8*et*er t*e/ need to pa/ a bill '*ile a'a/ #ro2 *o2e7 to c*eck t*eir account balance at t*e super2arket7 to trans#er #unds on t*e 'a/ to t*e airport7 to rec*arge t*eir prepaid 2obile subscription account be#ore going to t*e beac* or to obtain credit online #or t*at ne' (=7 2obile users can pick up t*e p*one and carr/ out t*e desired transaction b/ *itting a #e' ke/s. (*e/ si2pl/ need to bro'se user1#riendl/ 2enus and respond to service pro2pts. (*e in#or2ation t*e/ need to enter *as been scaled do'n to a 2ini2u27 in order to si2pli#/ t*e use o# t*e application. (*is in#or2ation 2ainl/ consists o# t*eir P.+ and t*e a2ount o# 2one/ involved in t*e transaction. A 2essage su22ari>ing t*e userEs re3uest is t*en sent to t*e selected #inancial institution7 '*ere t*e re3uest is processed. (*e result is displa/ed on t*e userEs 2obile screen 'it*in seconds. 2.5 Bene#its4 Mobile p*one operators and #inancial institutions 'ill bene#it #ro2 using Mobile Banking to o##er 2obile #inancial services to t*eir custo2ers7 '*et*er t*e/ operate in saturated 2arkets '*ere co2petition is tig*t and service di##erentiation is ke/ to attracting and retaining custo2ers7 or in re2ote areas in need o# cost1e##ective #inancial services. %ene&its &or Mobile Operators 8it* Mobile Banking7 operators can e;pand t*eir services port#olio7 pro2ote t*eir brands and create strategic 2arketing di##erentiation 1 attracting ne' custo2ers. ,ubscribers '*o use 2obile #inancial services begin to rel/ on t*e27 2aking t*e2 a di##erentiating #actor #or t*e operator. As a result7 Mobile Banking strengt*ens custo2er lo/alt/ and reduces c*urn and attrition rates. Mobile Banking increases operator revenue b/ boosting tra##ic and providing subscribers 'it* instant access to airti2e purc*ase4 'it* #inancial services at t*eir #ingertips7 2obile users 'ill rec*arge t*eir prepaid accounts 2ore readil/ and use t*eir 2obile p*ones to pa/ bills or c*eck t*eir account balance. (*anks to t*e ubi3uit/ and *ig* penetration o# t*e 2obile device7 2obile operators are uni3uel/ positioned to pla/ an i2portant role in t*e e;panding 2obile 2one/ trans#er and 2obile pa/2ents 2arkets. %ene&its &or =inancial Institutions Mobile Banking allo's #inancial institutions to en*ance custo2er satis#action and retention b/ o##ering ne'7 better services '*ile gaining a direct 2arketing c*annel #or t*eir products and services7 '*ic* can be tailored to t*e speci#ic needs o# custo2ers. At t*e sa2e ti2e7 t*e/ attract ne' custo2ers to t*e one$on$ one bank$custo#er relations9ip. As access to 2obile p*ones gro's 'orld'ide7 so does t*e opportunit/ to attract 2ore custo2ers and e;tend t*e reac* o# #inancial services. B/ turning 2obile p*ones into t*eir bankEs A(Ms7 #inancial institutions gain access to ne' 2arkets7 di##erent #ro2 t*ose traditionall/ served b/ t*eir p*/sical branc*es. Access to banking services at an/ti2e and #ro2 an/'*ere also generates revenue t*roug* *ig*er service usage7 and reduces operating e;penses because o# #e'er direct teller interactions7 '*ile 2aintaining or i2proving t*e level o# service. -inancial institutions gain anot*er i2portant bene#it b/ adding Mobile Banking to t*eir e;isting c*annels. (*e/ 'ill be 'it* t*eir custo2ers at all ti2es7 read/ to *elp t*e27 to rec*arge a pre1paid 2obile p*one on a ,aturda/ nig*t7 to get a ne' MP3 pla/er via online credit #unds7 to pa/ a #orgotten bill a#ter leaving #or a vacation7 t*e bank is ever/'*ere7 all t*e ti2e. %ene&its &or t9e End <ser (*e 2obile banking application4 Provides state o# t*e art securit/ %e3uires no con#iguration .s readil/ available .s lo' cost 5no data connection6 itEs resides on t*e ,.M7 t*e bro'sing is local. .s device independent7 supported on A@@ p*ones #ro2 lo' to *ig*1end
2. .nter#aces and Protocols4 Mobile Banking co2ponents use standard protocols and inter#aces to e;c*ange in#or2ation and to co22unicate 'it* ot*er net'ork ele2ents and bank s/ste2s7 t*us #acilitating t*e integration o# Mobile Banking into t*e e;isting in#rastructure. A *ig*1level vie' o# t*e protocols used to e;c*ange 2essages bet'een di##erent 2obile banking operator and bank co2ponents to process a re3uest '*ic* is as #ollo's4 (*e ,.M card sends Mobile Banking re3uests using ,M, 5,H( protocol6 2essages. O,: translates t*ese 2essages into ?((P re3uests be#ore sending t*e2 to t*e BM,. (*e BM, #or'ards t*e ?((P re3uests to t*e B,P o# t*e selected bank. (*e B,P interacts 'it* t*e ?,M #or t*e cr/ptograp*ic operations. (*e B,P co22unicates 'it* t*e bankEs s/ste2s7 possibl/ t*roug* an adaptor7 using a series o# 'eb services. (*e bank s/ste2 5or adaptor6 responds. B,P cip*ers t*e necessar/ in#or2ation 5using t*e ?,M6 be#ore proceeding. (*e B,P #or'ards and #or2ats t*e response and t*en sends it to t*e BM,. (*e BM, sends t*e response to t*e O,:. O,: co2piles t*e response and sends it to t*e ,.M using t*e ,M, c*annel. 3. ,ecurit/7 operation and Maintenance4 3.1 Scalability Mobile Banking is scalable t*roug* *ard'are clustering. (o increase t*roug*put7 bot* BM, and B,P can 5independentl/6 be installed in clusters 'it* a clustering engine distributing t*e tra##ic a2ong several servers. 3.2 End$to$end Security ,ince 2obile banking transactions can be initiated #ro2 al2ost an/'*ere and transaction details are trans2itted over unprotected net'orks7 securit/ poses t*e biggest c*allenge in developing a success#ul solution and is likel/ to be a 2ake1it1or1break1it #actor #or 2obile banking. 8e takes securit/ issues and concerns seriousl/. As long1ti2e leader in digital securit/7 'e uses t*e state1o#1t*e1art securit/ tec*nolog/ to secure 2obile applications. (*e Mobile Banking solution addresses t*e re3uire2ents o# data con#identialit/7 strong user aut*entication7 data integrit/ as 'ell as non1repudiation7 and con#or2s to relevant standards 5suc* as PC. ",,6 establis*ed b/ #inancial organi>ations and govern2ent bodies to prevent #raud and ot*er securit/ t*reats. 3.3 ,ecurit/ and Con#identialit/ o# .n#or2ation4 (*e Mobile Banking solution provides end1to1end securit/ and con#identialit/ o# data b/ cip*ering in#or2ation in t*e ,.M #or secure trans#er over t*e 2obile p*one7 t*e :,M net'ork7 t*e operatorEs in#rastructure and t*e connection to t*e #inancial institution. (*e in#or2ation entered b/ t*e user is collected and encr/pted b/ t*e applet residing in t*e ta2per1proo# ,.M card.
-or t*e *ig*est level o# securit/7 sensitive data7 suc* as P.+ and transaction details are never stored in t*e ,.M card or t*e plat#or2. All custo2er and #inancial in#or2ation is kept e;clusivel/ at t*e bank7 '*ic* also *as t*e sole control over t*e cr/ptograp*ic ke/s used to secure #inancial transactions. 3.! ,trong 21-actor Aut*entication4 Bank custo2ers 2ust be sure t*at no one can 2ake transactions on t*eir be*al#7 and banks 2ust be able to veri#/ t*at custo2ers are indeed '*o t*e/ clai2 to be. 8e respond to t*is re3uire2ent 'it* strong t'o #actor aut*entication. -it9 Mobile %ankin" Dsers are re3uired to identi#/ t*e2selves to t*e bank 'it* a Mobile Banking P.+ t*at protects access to #inancial in#or2ation and transactions. ,ecret ke/s onl/ kno'n to t*e ,.M card and t*e bank are used to encr/pt and sign transaction data7 #urt*er proving t*e identit/ o# t*e user. 3.> Data Interity ,ince data is digitall/ signed7 an/ atte2pt to 2anipulate it 'ill be detected because t*e signature 'ill no longer correspond to t*e signed 2essage. 3.? Non$repudiation .n t*e conte;t o# 2obile banking7 non1repudiation re#ers to aut*enticating t*e custo2er and t*e #inancial institution participating in a #inancial transaction 'it* *ig* degree o# certaint/ so t*at t*e parties cannot later den/ *aving per#or2ed t*e transaction. (o ensure non1repudiation7 a proo# 2ust be generated to s*o' t*at t*e transaction 'as per#or2ed b/ t*at part/. Mobile Banking addresses t*is re3uire2ent t*roug* t*e use o#4 A user P.+ kno'n onl/ to t*e user and protected b/ encr/ption A transaction con#ir2ation code sent b/ t*e bank A transaction log t*at records t*e details o# ever/ transaction. 3.4 2ryptorap9ic Operations All sensitive data is encr/pted 'it* double lengt* 3"0, 512)bit6 ke/s. .n addition7 transactional securit/ standards suc* as "erived Dni3ue Ie/ per (ransaction 5"DIP(67 s*ort1lived transactional conte;ts and ke/ roles are used #or added protection o# #inancial transactions. (*e cr/ptograp*ic #unctions7 including ke/ 2anage2ent7 are per#or2ed using t*e 2ost #raud1 resistant *ard'are solution7 '*ic* personali>es t*e ?,M #or Mobile Banking. (*e selected ?,M7 (*ales ?,M )0007 is certi#ied as co2pl/ing 'it* t*e 2ost stringent securit/ standard4 -.P, 1!012 @evel 3. 3.) (ransaction #lo'4 A 2obile banking transaction is initiated b/ t*e 2obile user and is co2pleted '*en t*e result is displa/ed on t*e userEs p*one. (*e #ollo'ing e;a2ple s*o's t*e co22unication #lo' #or an account balance re3uest. A custo2er bro'ses Mobile Banking pages on t*e 2obile p*one and re3uests an account balance #ro2 t*e bank b/ selecting t*e account and entering t*e P.+ to con#ir2 t*e transaction. (*e re3uest is encr/pted and signed in t*e ,.M and sent to t*e BM, via t*e 2obile operatorEs net'ork t*roug* t*e ,M,C and t*e ,H( :ate'a/. (*e BM, co22unicates 'it* t*e B,P at t*e bank. (*e B,P decr/pts in#or2ation related to t*e transaction 5t*e account67 translates t*e P.+7 translates t*e re3uest and sends it to t*e bank s/ste2 #or processing. 8*en t*e B,P obtains t*e re3uested in#or2ation it sends t*e response back to t*e BM,. (*e BM, sends t*e response to t*e ,H( gate'a/ '*ic* #or2ats and #or'ards it to t*e ,.M card in t*e 2obile p*one. (*e response is decr/pted in t*e ,.M card and presented to t*e user. (*e 2obile user sees t*e result o# *er or *is re3uest on t*e p*one displa/. 3.@ Operatin Syste# (e)uire#ents (*e Mobile Banking plat#or2 so#t'are runs on standard D+.G or @inu; servers #reeing t*e operator and t*e #inancial institution #ro2 t*e *ig* cost o# purc*asing and 2aintaining proprietar/ operating s/ste2s. .t can also be used on Microso#t 8indo's $AGP7 Opera7 Mo>illa -ire#o; and :oogle c*ro2e. 3.10 Operation and Maintenance4 (*e Mobile Banking plat#or2 re3uires 2ini2al 2aintenance7 2ostl/ consisting o# veri#/ing s/ste2 logs regularl/. (*e 2aintenance o# t*e plat#or2 servers7 t*e %"BM, and t*e ?,M is as speci#ied b/ t*e 2anu#acturers o# t*ose products. Mobile 6ccount Manae#ent (*e standard version o# Mobile Banking does not include an/ 2obile account 2anage2ent or billing #unctionalit/7 since di##erent operators and banks use di##erent account 2anage2ent 2et*ods and7 o#ten7 proprietar/ bill ing s/ste2s. Mobile Banking does *o'ever allo' t*e operator to con#igure t*e BM, 'it* (P"A codes #or billable and non1billable ,M, 2essages. Additionall/7 'e can develop custo2 2obile account 2anage2ent #unctionalities tailored to t*e needs o# #inancial institutions or operators. Storae o& <ser In&or#ation All t*e banking records are kept in t*e #inancial institutionEs s/ste2s7 outside o# Mobile Banking. ?o'ever7 t*e Mobile Banking application needs custo2er in#or2ation suc* as t*e M,.,"+7 .CC1."7 client and operator ." re3uired b/ t*e B,P to process 2obile transactions. (*is data is stored in a relational database o'ned b/ t*e #inancial institution. Mobile Banking re3uires a speci#ic %"BM,7 but its ad2inistration is le#t to t*e #inancial institution.