Designing a cryptosystem for data at rest encryption in mobile payments
International Journal of Applied Science and Engineering
College of Science and Technology, Chaoyang University of Science and Technology
School of Science
Since the evolution of m-commerce, security and entrustment of digitized transactions have become of captious concern to financial institutions. Card information hacking has caused money losses around the world, therefore it is imperative for financial institutions to get rid of such losses. Currently, the number of mobile payment schemes have been purposed but primarily the schemes aim attention at transaction security, fraud detection and prevention, not on data at rest encryption in mobile payments. Therefore, this work aims attention to encrypt sensitive static data residing at database server in mobile payments. Data at rest is the static data i.e., card details of the users which resides at the server. It is essential to ensure that the sensitive data of the payment users stay protected so as to prevent the adversaries looking for unauthorized access to the data. The encryption of data at rest is accomplished at the database level in this work. Cryptography is increasingly being used to combat against the security of sensitive data to guarantee data confidentiality and data integrity. In this work a cryptosystem is proposed which describes the management of cryptographic keys of the sensitive data at rest, in a mobile payment system with symmetric cryptographic implementation, the keys involved are identical for both encrypting and decrypting the sensitive data.