| E-business has been booming for years; however, transaction security is still the biggest worry in the E-business world. Public key infrastructure is introduced to protect electronic transactions, wherein digital signing plays an important role that provides authentication and non-repudiation services. A smart card-based hardware security module is able to provide signing service with strong tamper-resistant and mobility. However, since smart cards do not have I/O interfaces, a user may blindly sign a document that has been altered by a malicious application.;In my thesis, a mobile phone-based signing solution that is based on the Personal Transaction Protocol (PTP) defined by MeT is proposed. However, the original PTP is designed to work in a personal environment, where all devices are trusted. My thesis proposed an improved PTP to allow it to work in a public environment. In addition, J2ME platform is chosen to be the development platform of the proposed solution. The J2ME's applicability is discussed according to the PTP server's development requirements. Finally, a PTP server's prototype is designed and developed to demonstrate the feasibility of the proposed solution.;Since mobile phones have user-friendly interfaces, strong computing power and short-distance wireless links, etc, they could be promising candidates for signing service. Some mobile phone-based signing solutions have been proposed as alternatives to smart cards. However, most of these solutions, including Zurich University's SIM based solution and Vodafone's mPKI, stick to GSM mobile networks. So far, there is no uniform standard for signing solution. |
