Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to M-commerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactions' information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jean-Paul Boly , Antoon Bosselaers , Ronald Cramer , Rolf Michelsen , Stig Fr. Mjølsnes , Frank Muller , Torben P. Pedersen , Birgit Pfitzmann , Peter de Rooij , Berry Schoenmakers , Matthias Schunter , Luc Vallée , Michael Waidner, The ESPRIT Project CAFE - High Security Digital Payment Systems, Proceedings of the Third European Symposium on Research in Computer Security, p.217-230, November 07-09, 1994
	2	Bouncy Castle Crypto APIs. http://www.bouncycastle.org/.
	3	Nokia Forum. Nokia 6131 NFC Technical Description. http://www.forum.nokia.com.
	4	Help for lost and stolen phones. http://news.bbc.co.uk/1/hi/technology/4033461.stm.
	5	Walter Gautschi, Numerical analysis: an introduction, Birkhauser Boston Inc., Cambridge, MA, 1997
	6	Jiangtao Li , Ninghui Li, OACerts: Oblivious Attribute Certificates, IEEE Transactions on Dependable and Secure Computing, v.3 n.4, p.340-352, October 2006  [doi>10.1109/TDSC.2006.54]
	7	Met initiative. http://www.mobiletransaction.org.
	8	Stig F. Mjlsnes , Chunming Rong, Localized Credentials for Server Assisted Mobile Wallet, Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01), p.203, October 16-19, 2001
	9	Near Field Communication Forum. http://www.nfc-forum.org.
	10	Torben P. Pedersen, Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, p.129-140, August 11-15, 1991
	11	SET- Secure Electronic Transaction specification book 1: Business description, 1997. 1992. Springer-Verlag.
	12	Claus-Peter Schnorr, Efficient Identification and Signatures for Smart Cards, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.239-252, August 20-24, 1989
	13	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979  [doi>10.1145/359168.359176]
	14	TechRepublic. Identify and reduce mobile device security risks. http://articles.techrepublic.com.com/5100-22_11-5274902.html.
	15	J. Veijalainen, V. Y. Terziyan, and H. Tirri. Transaction management for m-commerce at a mobile terminal. Electronic Commerce Research and Applications, 5(3):229--245, 2006.