AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (1.2 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Secure Authentication Protocol for Mobile Payment

Kai Fan( )Hui LiWei JiangChengsheng XiaoYintang Yang
State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China.
Shanghai Haijiye High Tech Co. Ltd, Shanghai 200000, China.
Key Lab. of the Ministry of Education for Wide Band-Gap Semiconductor Materials and Devices, Xidian University, Xi’an 710071, China.
Show Author Information

Abstract

With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever-increasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention. However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.

References

[1]
J. C. Liou and S. Bhashyam, A feasible and cost effective two-factor authentication for online transactions, in Proc. 2nd Int. Software Engineering and Data Mining Conf., Chengdu, China, 2010, pp. 47-51.
[2]
S. Nseir, N. Hirzallah, and M. Aqel, A secure mobile payment system using QR code, in Proc. 5th Int. Computer Science and Information Technology Conf., Amman, Jordan, 2013, pp. 111-114.
[3]
Z. Sahnoune, E. Aïmeur, G. E. Haddad, and R. Sokoudjou, Watch your mobile payment: An empirical study of privacy disclosure, in Proc. 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 934-941.
[4]
M. Shao, J. Fan, and Y. Li, An empirical study on consumer acceptance of mobile payment based on the perceived risk and trust, in Proc. 2014 Int. Cyber-Enabled Distributed Computing and Knowledge Discovery Conf., Shanghai, China, 2014, pp. 312-317.
[5]
H. Jiang, Study on mobile e-commerce security payment system, in Proc. 2008 Int. Electronic Commerce and Security Symposium, Guangzhou, China, 2008, pp. 754-757.
[6]
C. Wang, The solution design using USB key for network security authentication, in Proc. 4th Int. Computational Intelligence and Communication Networks Conf., Mathura, India, 2012, pp. 766-769.
[7]
I. Turk and A. Cosar, An open, NFC enabler independent Mobile payment and identification method: NFC feature box, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-3.
[8]
Z. Čović, Ü. Viktor, J. Simon, D. Dobrilović, and Ž. Stojanov, Usage of QR codes in web based system for the electronic market research, in Proc. 14th Int. Intelligent Systems and Informatics Symposium, Subotica, Portugal, 2016, pp. 187-192.
[9]
K. Fan, N. Ge, Y. Gong, H. Li, R. Su, and Y. Yang, An ultra-lightweight RFID authentication scheme for mobile commerce, Peer-to-Peer Netw. Appl., vol. 10, no. 2, pp. 368-376, 2017.
[10]
J. Yu, The program design for the network security authentication based on the USB Key technology, in Proc. 2011 Int. Electronic & Mechanical Engineering and Information Technology Conf., Harbin, China, 2011, pp. 2215-2218.
[11]
Y. Cao, X. Pan, and Y. Chen, SafePay: Protecting against credit card forgery with existing magnetic card readers, in Proc. 2015 Int. Communications and Network Security (CNS) Conf., Florence, Italy, 2015, pp. 164-172.
[13]
N. E. Madhoun, F. Guenane, and G. Pujolle, An online security protocol for NFC payment: Formally analyzed by the scyther tool, in Proc. 2016 Int. Mobile and Secure Services (MobiSecServ) Conf., Gainesville, FL, USA, 2016, pp. 1-7.
[14]
A. Choche and H. R. Arabnia, A methodology to conceal QR codes for security applications, in Proc. Int. Information and Knowledge Engineering Conf., Las Vegas, NV, USA, 2011, pp. 151-160.
[15]
A. M. Alshahrani and S. Walker, NFC performance in mobile payment service compared with an SMS—based solution, in Proc. 2013 Int. Green Computing, Communication and Conservation of Energy (ICGCE) Conf., Chennai, India, 2013, pp. 282-286.
[16]
V. E. Von Bokern, P. Goel, S. Schrecker, and N. M. Smith, Hardware-based device authentication, US Patent 8955075, February 10, 2015.
[17]
Y. S. Lee, H. J. Lee, and E. Alasaarela, Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF), in Proc. 9th Int. Wireless Communications and Mobile Computing Conference (IWCMC) Conf., Sardinia, Italy, 2013, pp. 1314-1318.
[18]
C. Zhang, W. Zhang, and H. Mu, A mutual authentication security RFID protocol based on time stamp, in Proc. 1st Int. Computational Intelligence Theory, Systems and Applications (CCITSA) Conf., Yilan, China, 2015, pp. 166-170.
[19]
T. Marktscheffel, W. Gottschlich, W. Popp, P. Werli, S. D. Fink, A. Bilzhause, and H. Meer, QR code based mutual authentication protocol for Internet of Things, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-6.
Tsinghua Science and Technology
Pages 610-620
Cite this article:
Fan K, Li H, Jiang W, et al. Secure Authentication Protocol for Mobile Payment. Tsinghua Science and Technology, 2018, 23(5): 610-620. https://doi.org/10.26599/TST.2018.9010031

772

Views

52

Downloads

22

Crossref

N/A

Web of Science

35

Scopus

3

CSCD

Altmetrics

Received: 01 November 2017
Accepted: 21 November 2017
Published: 17 September 2018
© The author(s) 2018
Return