A Framework for Privacy-Preserving Mobile Payment on Security Enhanced ARM TrustZone Platforms

Modern smartphones with the capability to be always online and equipped with data transfer interfaces such as NFC allow to take advantage of a wide variety of services and pave the way for new classes of services. Naturally, not every service will be available for free, some providers will charge money for the services provided. Usually, users are uniquely identified by the provider of a service for billing purposes and providers therefore maintain user profiles. This allows to personalize services with respect to user´s interests and preferences. However, it is problematic regarding user´s privacy since users disclose lots of sensitive information to the service provider. Different mobile payment solutions have been proposed to date, but privacy aspects are usually not considered at all. In this paper, we demonstrate how privacy friendly payment can be realized using a recent payment mechanisms in combination with an ARM processor platform with TrustZone enhancements. We discuss the public transport ticket domain as an example. Then we propose a platform framework that can be used for arbitrary applications requiring a privacy preserving online remote prepaid payment system suitable for micro as well as macro payments.