Secure Authentication Protocol for Mobile Payment

Kai Fan; Hui Li; Wei Jiang; Chengsheng Xiao; Yintang Yang

doi:10.26599/TST.2018.9010031

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (1.2 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

Secure Authentication Protocol for Mobile Payment

Kai Fan(

), Hui Li, Wei Jiang, Chengsheng Xiao, Yintang Yang

State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China.

Shanghai Haijiye High Tech Co. Ltd, Shanghai 200000, China.

Key Lab. of the Ministry of Education for Wide Band-Gap Semiconductor Materials and Devices, Xidian University, Xi’an 710071, China.

Show Author Information

Abstract

With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever-increasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention. However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.

Keywords

security privacy mutual authentication Universal 2nd Factor (U2F)mobile payment

References

[1]

J. C. Liou and S. Bhashyam, A feasible and cost effective two-factor authentication for online transactions, in Proc. 2nd Int. Software Engineering and Data Mining Conf., Chengdu, China, 2010, pp. 47-51.

[2]

S. Nseir, N. Hirzallah, and M. Aqel, A secure mobile payment system using QR code, in Proc. 5th Int. Computer Science and Information Technology Conf., Amman, Jordan, 2013, pp. 111-114.

Crossref

[3]

Z. Sahnoune, E. Aïmeur, G. E. Haddad, and R. Sokoudjou, Watch your mobile payment: An empirical study of privacy disclosure, in Proc. 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 934-941.

Crossref

[4]

M. Shao, J. Fan, and Y. Li, An empirical study on consumer acceptance of mobile payment based on the perceived risk and trust, in Proc. 2014 Int. Cyber-Enabled Distributed Computing and Knowledge Discovery Conf., Shanghai, China, 2014, pp. 312-317.

[5]

H. Jiang, Study on mobile e-commerce security payment system, in Proc. 2008 Int. Electronic Commerce and Security Symposium, Guangzhou, China, 2008, pp. 754-757.

Crossref

[6]

C. Wang, The solution design using USB key for network security authentication, in Proc. 4th Int. Computational Intelligence and Communication Networks Conf., Mathura, India, 2012, pp. 766-769.

Crossref

[7]

I. Turk and A. Cosar, An open, NFC enabler independent Mobile payment and identification method: NFC feature box, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-3.

Crossref

[8]

Z. Čović, Ü. Viktor, J. Simon, D. Dobrilović, and Ž. Stojanov, Usage of QR codes in web based system for the electronic market research, in Proc. 14th Int. Intelligent Systems and Informatics Symposium, Subotica, Portugal, 2016, pp. 187-192.

[9]

K. Fan, N. Ge, Y. Gong, H. Li, R. Su, and Y. Yang, An ultra-lightweight RFID authentication scheme for mobile commerce, Peer-to-Peer Netw. Appl., vol. 10, no. 2, pp. 368-376, 2017.

Crossref Google Scholar

[10]

J. Yu, The program design for the network security authentication based on the USB Key technology, in Proc. 2011 Int. Electronic & Mechanical Engineering and Information Technology Conf., Harbin, China, 2011, pp. 2215-2218.

[11]

Y. Cao, X. Pan, and Y. Chen, SafePay: Protecting against credit card forgery with existing magnetic card readers, in Proc. 2015 Int. Communications and Network Security (CNS) Conf., Florence, Italy, 2015, pp. 164-172.

[12]

M. Schmidt and N. Perlroth, Credit card data breach at barnes & noble stores, http://www.nytimes.com/2012/10/24/business/hackersget-credit-data-at-barnes-noble.html?r=1&adxnnl=1&adxnnlx=1363194210-ff1jKgh5cV-LKuz8egxYwCmw, 2012.

[13]

N. E. Madhoun, F. Guenane, and G. Pujolle, An online security protocol for NFC payment: Formally analyzed by the scyther tool, in Proc. 2016 Int. Mobile and Secure Services (MobiSecServ) Conf., Gainesville, FL, USA, 2016, pp. 1-7.

Crossref

[14]

A. Choche and H. R. Arabnia, A methodology to conceal QR codes for security applications, in Proc. Int. Information and Knowledge Engineering Conf., Las Vegas, NV, USA, 2011, pp. 151-160.

[15]

A. M. Alshahrani and S. Walker, NFC performance in mobile payment service compared with an SMS—based solution, in Proc. 2013 Int. Green Computing, Communication and Conservation of Energy (ICGCE) Conf., Chennai, India, 2013, pp. 282-286.

Crossref

[16]

V. E. Von Bokern, P. Goel, S. Schrecker, and N. M. Smith, Hardware-based device authentication, US Patent 8955075, February 10, 2015.

[17]

Y. S. Lee, H. J. Lee, and E. Alasaarela, Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF), in Proc. 9th Int. Wireless Communications and Mobile Computing Conference (IWCMC) Conf., Sardinia, Italy, 2013, pp. 1314-1318.

Crossref

[18]

C. Zhang, W. Zhang, and H. Mu, A mutual authentication security RFID protocol based on time stamp, in Proc. 1st Int. Computational Intelligence Theory, Systems and Applications (CCITSA) Conf., Yilan, China, 2015, pp. 166-170.

Crossref

[19]

T. Marktscheffel, W. Gottschlich, W. Popp, P. Werli, S. D. Fink, A. Bilzhause, and H. Meer, QR code based mutual authentication protocol for Internet of Things, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-6.

Crossref

Tsinghua Science and Technology

Volume 23 Issue 5,
October 2018

Pages 610-620

DOI: 10.26599/TST.2018.9010031

Cite this article:

Fan K, Li H, Jiang W, et al. Secure Authentication Protocol for Mobile Payment. Tsinghua Science and Technology, 2018, 23(5): 610-620. https://doi.org/10.26599/TST.2018.9010031

636

Views

Downloads

Crossref

N/A

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 01 November 2017

Accepted: 21 November 2017

Published: 17 September 2018