Secure Authentication Protocol for Mobile Payment

Kai Fan; Hui Li; Wei Jiang; Chengsheng Xiao; Yintang Yang

doi:10.26599/TST.2018.9010031

Tsinghua Science and Technology 2018, 23(5): 610-620 https://doi.org/10.26599/TST.2018.9010031

Open Access | Issue | Published: 17 September 2018

Secure Authentication Protocol for Mobile Payment

Show Author's Information Hide Author's Information Kai Fan(

), Hui Li, Wei Jiang, Chengsheng Xiao, Yintang Yang

State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China.

Shanghai Haijiye High Tech Co. Ltd, Shanghai 200000, China.

Key Lab. of the Ministry of Education for Wide Band-Gap Semiconductor Materials and Devices, Xidian University, Xi’an 710071, China.

Keywords:

security, privacy, mutual authentication, Universal 2nd Factor (U2F), mobile payment

Cite this article:

Fan K, Li H, Jiang W, et al. Secure Authentication Protocol for Mobile Payment. Tsinghua Science and Technology, 2018, 23(5): 610-620. https://doi.org/10.26599/TST.2018.9010031

Download citation

EndNote(RIS)

BibTeX

561

Views

Downloads

Citations

Crossref

N/A

WoS

Scopus

CSCD

Abstract Full text About this article

Abstract

With the increasing popularity of fintech, i.e., financial technology, the e-commerce market has grown rapidly in the past decade, such that mobile devices enjoy unprecedented popularity and are playing an ever-increasing role in e-commerce. This is especially true of mobile payments, which are attracting increasing attention. However, the occurrence of many traditional financial mishaps has exposed the challenges inherent in online authentication technology that is based on traditional modes of realizing the healthy and stable development of mobile payment. In addition, this technology ensures user account security and privacy. In this paper, we propose a Secure Mutual Authentication Protocol (SMAP) based on the Universal 2nd Factor (U2F) protocol for mobile payment. To guarantee reliable service, we use an asymmetric cryptosystem for achieving mutual authentication between the server and client, which can resist fake servers and forged terminals. Compared to the modes currently used, the proposed protocol strengthens the security of user account information as well as individual privacy throughout the mobile-payment transaction process. Practical application has proven the security and convenience of the proposed protocol.

Full text

Abstract

Full text

Outline

About this article

Secure Authentication Protocol for Mobile Payment

Show Author's information Hide Author's Information Kai Fan(

), Hui Li, Wei Jiang, Chengsheng Xiao, Yintang Yang

State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China.

Shanghai Haijiye High Tech Co. Ltd, Shanghai 200000, China.

Key Lab. of the Ministry of Education for Wide Band-Gap Semiconductor Materials and Devices, Xidian University, Xi’an 710071, China.

Abstract

Keywords: security, privacy, mutual authentication, Universal 2nd Factor (U2F), mobile payment

References(19)

[1]

J. C. Liou and S. Bhashyam, A feasible and cost effective two-factor authentication for online transactions, in Proc. 2nd Int. Software Engineering and Data Mining Conf., Chengdu, China, 2010, pp. 47-51.

[2]

S. Nseir, N. Hirzallah, and M. Aqel, A secure mobile payment system using QR code, in Proc. 5th Int. Computer Science and Information Technology Conf., Amman, Jordan, 2013, pp. 111-114.

DOI

[3]

Z. Sahnoune, E. Aïmeur, G. E. Haddad, and R. Sokoudjou, Watch your mobile payment: An empirical study of privacy disclosure, in Proc. 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 934-941.

DOI

[4]

M. Shao, J. Fan, and Y. Li, An empirical study on consumer acceptance of mobile payment based on the perceived risk and trust, in Proc. 2014 Int. Cyber-Enabled Distributed Computing and Knowledge Discovery Conf., Shanghai, China, 2014, pp. 312-317.

[5]

H. Jiang, Study on mobile e-commerce security payment system, in Proc. 2008 Int. Electronic Commerce and Security Symposium, Guangzhou, China, 2008, pp. 754-757.

DOI

[6]

C. Wang, The solution design using USB key for network security authentication, in Proc. 4th Int. Computational Intelligence and Communication Networks Conf., Mathura, India, 2012, pp. 766-769.

DOI

[7]

I. Turk and A. Cosar, An open, NFC enabler independent Mobile payment and identification method: NFC feature box, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-3.

DOI

[8]

Z. Čović, Ü. Viktor, J. Simon, D. Dobrilović, and Ž. Stojanov, Usage of QR codes in web based system for the electronic market research, in Proc. 14th Int. Intelligent Systems and Informatics Symposium, Subotica, Portugal, 2016, pp. 187-192.

[9]

K. Fan, N. Ge, Y. Gong, H. Li, R. Su, and Y. Yang, An ultra-lightweight RFID authentication scheme for mobile commerce, Peer-to-Peer Netw. Appl., vol. 10, no. 2, pp. 368-376, 2017.

DOI Google Scholar

[10]

J. Yu, The program design for the network security authentication based on the USB Key technology, in Proc. 2011 Int. Electronic & Mechanical Engineering and Information Technology Conf., Harbin, China, 2011, pp. 2215-2218.

[11]

Y. Cao, X. Pan, and Y. Chen, SafePay: Protecting against credit card forgery with existing magnetic card readers, in Proc. 2015 Int. Communications and Network Security (CNS) Conf., Florence, Italy, 2015, pp. 164-172.

[12]

M. Schmidt and N. Perlroth, Credit card data breach at barnes & noble stores, http://www.nytimes.com/2012/10/24/business/hackersget-credit-data-at-barnes-noble.html?r=1&adxnnl=1&adxnnlx=1363194210-ff1jKgh5cV-LKuz8egxYwCmw, 2012.

[13]

N. E. Madhoun, F. Guenane, and G. Pujolle, An online security protocol for NFC payment: Formally analyzed by the scyther tool, in Proc. 2016 Int. Mobile and Secure Services (MobiSecServ) Conf., Gainesville, FL, USA, 2016, pp. 1-7.

DOI

[14]

A. Choche and H. R. Arabnia, A methodology to conceal QR codes for security applications, in Proc. Int. Information and Knowledge Engineering Conf., Las Vegas, NV, USA, 2011, pp. 151-160.

[15]

A. M. Alshahrani and S. Walker, NFC performance in mobile payment service compared with an SMS—based solution, in Proc. 2013 Int. Green Computing, Communication and Conservation of Energy (ICGCE) Conf., Chennai, India, 2013, pp. 282-286.

DOI

[16]

V. E. Von Bokern, P. Goel, S. Schrecker, and N. M. Smith, Hardware-based device authentication, US Patent 8955075, February 10, 2015.

[17]

Y. S. Lee, H. J. Lee, and E. Alasaarela, Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF), in Proc. 9th Int. Wireless Communications and Mobile Computing Conference (IWCMC) Conf., Sardinia, Italy, 2013, pp. 1314-1318.

DOI

[18]

C. Zhang, W. Zhang, and H. Mu, A mutual authentication security RFID protocol based on time stamp, in Proc. 1st Int. Computational Intelligence Theory, Systems and Applications (CCITSA) Conf., Yilan, China, 2015, pp. 166-170.

DOI

[19]

T. Marktscheffel, W. Gottschlich, W. Popp, P. Werli, S. D. Fink, A. Bilzhause, and H. Meer, QR code based mutual authentication protocol for Internet of Things, in Proc. 17th Int. A World of Wireless, Mobile and Multimedia Networks (WoWMoM) Symposium, Coimbra, Portugal, 2016, pp. 1-6.

DOI

About this article

Publication history

Acknowledgements

Rights and permissions

Publication history

Received: 01 November 2017

Accepted: 21 November 2017

Published: 17 September 2018

Issue date: October 2018

Copyright

Acknowledgements

This work was supported by the National Key R&D Program of China (No. 2017YFB0802600), the National Natural Science Foundation of China (Nos. 61772403 and U1401251), the Natural Science Basic Research Plan in Shaanxi Province of China (No. 2017JM6004), and National 111 Program of China (Nos. B16037 and B08038).