Implementing Timestamps with Personal Identification Number (PIN) Mechanism to Enhance PIN to Provide Non-Repudiation in Mobile Payment Systems Isaac Kega Mwangi A thesis submitted in partial fulfillment for the degree of Master of Science in Software Engineering in the Jomo Kenyatta University of Agriculture and Technology 2013

Abstract

There are many mechanisms that can be used to authenticate and authorize transactions in mobile payment applications, but the most common one is the Personal Identification Number mechanism (PIN). PIN is widely used because it is easy to implement, also it is easy for the users to remember a 4 digit number that remembering a password. For these and other more reasons PIN is the mostly used mechanism to authorize transactions in a payment application, but PIN has never been able to provide non-repudiation. Non-repudiation is defined as the act of ensuring that parties that are involved in a transaction do not fault on that transaction. It acts as evidence that indeed a said transaction took place between a set of parties and either of those parties cannot fault on that transaction while authorization is defined as the act of ensuring that only authenticated and authorized persons are able to effect a transaction in an application. Hence the main goal or objective of this project was to enhance PIN to provide non-repudiation through the use of timestamps. Timestamps are one of the mechanisms that can be used to provide non-repudiation in applications. The choice for timestamps was that for each transaction there has to be time split between them, hence to ensure non-repudiation, the issue of time is of great importance not only to the people involved in the transactions but also to the authorities that are called upon incase a fraud case crops up.