Computer Science ›› 2020, Vol. 47 ›› Issue (1): 293-301.doi: 10.11896/jsjkx.181202414

• Information Security • Previous Articles     Next Articles

Mobile Secure Payment Scheme Using Identity-based Cryptographic Algorithm+SMS Verification Code

LIU Ya-qiang,LI Xiao-yu   

  1. (School of Information Engineering,Zhengzhou University,Zhengzhou 450001,China)
  • Received:2018-12-25 Published:2020-01-19
  • About author:LIU Ya-qiang,born in 1992,postgra-duate,is not member of China Computer Federation (CCF).His main research interests include mobile information security,mobile payment;LI Xiao-yu,born in 1974,Ph.D,associate professor,is member of China Computer Federation (CCF).His main research interests include mobile computing,quantum computing and quantum information.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China (61472412) and National Natural Science Foundation of Henan Educational Committee (14A520012).

Abstract: Aiming at the problem of stolen funds caused by stolen SMS verification code in mobile payment process,as well as the mobile device and the mobile network are under great pressure when establishing a mobile payment system under the certificate-based cryptosystem,a mobile secure payment scheme based on identity-based cryptographic algorithm+SMS verification code was proposed.In this scheme,users and bank servers join an identity-based cryptosystem,so they no longer need digital certificate-based identity authentication,which will greatly reduce the storage and computational overhead of mobile devices and mobile networks.Users need to go to the bank counter to register and open mobile banking services,set the user name,password and reserved security issues,and complete the first installation and initialization of mobile banking APP with the help of bank staff.When logging in,the bank serverauthenticates the user’s identity to ensure that the user is legal.In payment,the user’s private key is used to generate the digital signature of SMS verification code,and the combination of digital signature and SMS verification code is encrypted with the bank server’s public key and sent to the bank server for verification,the bank server will not allow the user to pay until the verification is passed.In this scheme,the SMS verification code and the digital signature will jointly provide security guarantee for the user.Even if the verification code is leaked,the attacker cannot generate a digital signature accor-ding to the verification code,thus ensuring the security of the mobile payment.Theoretical analysis and experimental results show that this scheme not only can greatly improve the security of mobile payment,but also the average response time of the system will not increase sharply with the increase of mobile terminals,so it has better robustness and feasibility.

Key words: Digital signature, Identity-based cryptographic algorithm, Mobile payment, Payment security, SMS verification code

CLC Number: 

  • TP399
[1]China Internet Network Information Center.The 42nd Statistical Report on Internet Development in China [R].Beijing:China Internet Network Information Center,2018.
[2]DAHLBERG T,GUO J,ONDRUS J.A critical review of mobile payment research[J].Electronic Commerce Research and Applications,2015,14(5):256-284.
[3]LIU Y L,JIN Z G,GAO T Y.Survey of Security Research in Mobile Payment System [J].Information Network Security,2017(2):1-5.
[4]ISAAC J T,SHERALI Z.Secure Mobile Payment Systems[J].IT Professional,2014,16(3):36-43.
[5]CAO W,ZHAO Y.Research on the Technology of Mobile Payment Security Based onTwo-Factor Authentication [J].Information Security and Technology,2014,5(2):10-12,15.
[6]MTAHO A B.Improving Mobile Money Security with Two- Factor Authentication[J].International Journal of Computer Applications,2015,109(7):9-15.
[7]FAN M,CHEN L.Research on Security Threats of SMS Verification Code Based on Mobile E-commerce[J].Journal of Hefei University of Technology (Social Science Edition),2017,31(5):37-41.
[8]ZHOU C Y,WANG J W,LI M.Research on Identity—Based Cryptography Application in Internet of Things [J].Information Security Research,2017,3(11):1040-1044.
[9]SHAMIR A.Identity-based Cryptosystems and Signature Sche- mes[M].Germany:Springer-Verlage,1984.
[11]RAY S,BISWAS G P,DASGUPTA M.Secure Multi-Purpose Mobile-Banking Using Elliptic Curve Cryptography[J].Wireless Personal Communications,2016,90(3):1331-1354.
[12]LAUTER K.The advantages of elliptic curve cryptography for wireless security[J].IEEE Wireless Communications,2004,11(1):62-67.
[13]JANA B,PORAY J.A performance analysis on elliptic curve cryptography in network security[C]∥International Conference on Computer.IEEE,2017.
[14]SINGH S R,KHAN A K,SINGH S R.Performance evaluation of RSA and Elliptic Curve Cryptography[C]∥International Conference on Contemporary Computing and Informatics.Noida:India:IEEE,2017:302-306.
[15]LI J F,CUI J S.Elliptic Curve Encryption Algorithm and Case Analysis[J].Network Security Technology and Application,2004(11):56-57.
[16]SHIM K A.An ID-based aggregate signature scheme with constant pairing computations[J].Journal of Systems & Software,2010,83(10):1873-1880.
[17]EKBERG J E,KOSTIAINEN K,ASOKAN N.The Untapped Potential of Trusted Execution Environments on Mobile Devices[J].IEEE Security & Privacy,2014,12(4):29-37.
[18]DAI W,JIN H,ZOU D,et al.TEE:A virtual DRTM based execution environment for secure cloud-end computing[J].Future Generation Computer Systems,2015,49:47-57.
[19]YONGKAI F,SHENGLE L,GANG T,et al.Fine-grained access control based on Trusted Execution Environment[J/OL].
[20]ABDULWAHID A A,CLARKE N,STENGEL I,et al.The Current Use of Authentication Technologies:An Investigative Review[C]∥International Conference on Cloud Computing.Riyadh,Saudi Arabia:IEEE,2015.
[21]CRAWFORD H,RENAUD K. Understanding user perceptions of transparent authentication on a mobile device. Journal of Trust Management,2014,1(1).
[22]FAN J S,ZHANG J X.On Identity Authentication Technology in Network Security.Network Security Technology and Application,2018(1).
[23]LI L,LIU Y.Security analysis of mobile payment system .Journal of Electronic Measurement and Instrument,2017(3).
[24]China Communications Standards Association.Technical re-quirements for security capability of smart mobile terminal:YD/T 2407-2013 .Beijing:The People’s Posts and Telecommunications Press,2013.
[25]XU Y P,MA Z F,WANG Z H,et al.Survey of security for Android smart terminal.Journal on Communications,2016,37(6):169-184.
[26]LAUTER K E.The advantages of elliptic curve cryptography for wireless security.IEEE Wireless Communications,2004,11(1):62-67.
[27]ABDULLAH K.Comparison between the RSA cryptosystem and elliptic curve cryptography.Hamilton,New Zealand:The University of Waikato,2010.
[28]PAAR C,PELZL J.The RSA Cryptosystem.Understan- ding Cryptography.Berlin:Springer,2010.
[1] REN Chang, ZHAO Hong, JIANG Hua. Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism [J]. Computer Science, 2022, 49(5): 333-340.
[2] JIANG Hao-kun, DONG Xue-dong, ZHANG Cheng. Improved Certificateless Proxy Blind Signature Scheme with Forward Security [J]. Computer Science, 2021, 48(6A): 529-532.
[3] DAI Chuang-chuang, LUAN Hai-jing, YANG Xue-ying, GUO Xiao-bing, LU Zhong-hua, NIU Bei-fang. Overview of Blockchain Technology [J]. Computer Science, 2021, 48(11A): 500-508.
[4] ZHANG Jun-he, ZHOU Qing-lei and HAN Ying-Jie. Sanitizable Signature Scheme Based on Ring Signature and Short Signature [J]. Computer Science, 2020, 47(6A): 386-390.
[5] ZUO Li-ming,CHEN Lan-lan. Special Digital Signature Scheme Based on Identity Identification and Its Application [J]. Computer Science, 2020, 47(1): 309-314.
[6] WANG Xing-wei, HOU Shu-hui. Improved Efficient Proxy Blind Signature Scheme [J]. Computer Science, 2019, 46(6A): 358-361.
[7] LI Lei, JIA Hui-wen, BAN Xue-hua and HE Yu-fan. Obfuscation-based Broadcasting Multi-signature Scheme [J]. Computer Science, 2017, 44(Z11): 329-333.
[8] YE Jun-yao, ZHENG Dong and REN Fang. Improved Veron’s Identification with Lightweight Structure and Digital Signature Scheme [J]. Computer Science, 2017, 44(3): 168-174.
[9] REN Yan. Deniable Attribute-based Designated Confirmer Signature without Random Oracles [J]. Computer Science, 2016, 43(7): 162-165.
[10] WANG Hu-qing and SUN Zhi-xin. Research on ONS Security [J]. Computer Science, 2016, 43(1): 1-7.
[11] SHAN Mei-jing. Analytic Hierarchy Process-based Assessment Method on Mobile Payment Security [J]. Computer Science, 2015, 42(Z11): 368-371.
[12] LIU Ya-li, QIN Xiao-lin, ZHAO Xiang-jun, HAO Guo-sheng and DONG Yong-quan. Lightweight RFID Authentication Protocol Based on Digital Signature [J]. Computer Science, 2015, 42(2): 95-99.
[13] ZHOU Ke-yuan. Digital Signature Scheme Based on Elliptic Curve and Factoring [J]. Computer Science, 2014, 41(Z6): 366-368.
[14] CAO Shuai and WANG Shu-ying. Research on Security Technology of Workflow Customization for Collaborative SaaS Platform of Industrial Chains [J]. Computer Science, 2014, 41(1): 230-234.
[15] WU Jie-ming,SHI Jian-yi and LI Shou-zheng. Information Secure Transmission System Based on CAPICOM and IAIK [J]. Computer Science, 2013, 40(Z11): 184-187.
Full text



No Suggested Reading articles found!