International Association
for Cryptologic Research

Although NFC mobile services have great potential for growth, they have raised a number of issues which are of concern to researchers and are preventing the wide adoption of this technology within society. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes requires that they share access permission to applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing. This offers a wider range of advantages than the use of a Secure Element (SE) as a single entity in an NFC enabled mobile phone. In this paper, we propose a protocol for NFC mobile payments based on cloud Wallet model. In our protocol, the SE in the mobile device is used for customer authentication whereas the customer\'s banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). The proposed protocol eliminates the requirement for a shared secret between the Point of Sale (PoS) and the MNO before execution of the protocol, a mandatory requirement in the earlier version of this protocol. This makes it more practicable and user friendly. A detailed analysis of the protocol discusses multiple attack scenarios.