Secure protocol for financial transactions using smartphones — SPFT formally proved by A VISPA

Smartphones are overpowering the IT world by rising as a prerequisite for other technologies. Emerging technology paradigms such as Cloud computing, web data services, online banking and many others are revamping them as compatibility to smartphones. Banking is a vital and critical need in daily life. It involves routine financial transactions among sellers, buyers and third parties. Several payment protocols are designed for mobile platforms which involve hardware tokens, PIN, credit cards, ATMs etc. for secure transactions. Many of them are not properly verified and have hidden flaws. Numerous vulnerabilities have been found in existing solutions which raise a big question about the defense capability of smartphones to protect user´s data. In this paper we propose a secure payment protocol for smartphones without using any hardware token. It implicates bank as a transparent entity and users rely on a payment gateway to mark a successful transaction. Suggested protocol uses symmetric keys, Digital certificates X.509, and two-factor authentication to make a secure financial deal. To prove the secrecy and authentication properties of the protocol we have formally verified it by AVISPA.