基于加密短信验证码的移动安全支付解决方案

doi:10.11772/j.issn.1001-9081.2017.08.2270

计算机应用 ›› 2017, Vol. 37 ›› Issue (8): 2270-2274.DOI: 10.11772/j.issn.1001-9081.2017.08.2270

基于加密短信验证码的移动安全支付解决方案

李赛, 李晓宇

郑州大学信息工程学院, 郑州 450001

收稿日期:2017-02-10 修回日期:2017-04-22 出版日期:2017-08-10 发布日期:2017-08-12
通讯作者: 李晓宇
作者简介:李赛(1989-),男,河南永城人,硕士研究生,主要研究方向:移动计算、移动安全;李晓宇(1974-),男,河南南阳人,副教授,博士,CCF会员,主要研究方向:量子计算与量子信息、移动计算。
基金资助:
国家自然科学基金资助项目（61472412）；河南省教育厅自然科学基金资助项目（14A520012）。

Mobile secure payment solution based on encrypted SMS verification code

LI Sai, LI Xiaoyu

School of Information Engineering, Zhengzhou University, Zhengzhou Henan 450001, China

Received:2017-02-10 Revised:2017-04-22 Online:2017-08-10 Published:2017-08-12
Supported by:
his work is partially supported by the National Natural Science Foundation of China (61472412),the Education Department Natural Science Foundation of Henan Province (14A520012).

摘要/Abstract

摘要： 针对移动支付过程中支付验证码容易泄露的问题，提出了基于加密短信息验证码的双因素移动支付系统方案。该方案基于公开密钥系统，使用公钥基础设施/认证机构（PKI/CA）的认证方法进行服务器与客户端的在线安全认证，并且利用客户在服务器上注册的用户名、密码和加密的交易验证短信来确保即使验证码密文泄漏，攻击者也无法获取验证码，从而杜绝了验证码泄漏造成的失窃风险。仿真结果表明，加密验证码方案在使用短信接口发送给用户时，系统的反应时间与未加密验证码方案的反应时间差别并不明显，而且增长趋势保持一致，均随着用户访问量的增加呈线性增长，能够兼顾系统的安全性和有效性。

关键词: 移动支付, 短信验证码, 双因素验证, 公钥基础设施/认证机构, 加密算法

Abstract: Aiming at the problem that payment verification code is easy to leak during the process of mobile payment, a two-factor mobile payment solution based on encrypted SMS was proposed. Based on the public key system, the Public Key Infrastructure/Certification Authority (PKI/CA) authentication method was used to authenticate the server and the client online, and the registered user name, password and encrypted transaction verification SMS were used to ensure that even if the verification code ciphertext was leaked, the attacker can not obtain the verification code, thus eliminating the risk of theft caused by the verification code leakage. The simulation results show that the response time of the encrypted verification solution using the SMS interface is not very different from the unencrypted solution, and the growth trend is consistent with that of the unencrypted solution and increases linearly with the increase of the user access, which can take into account both of security and effectiveness of the system.

Key words: mobile payment, SMS verification code, two factor authentication, Public Key Infrastructure/Certification Authority (PKI/CA), encryption algorithm

中图分类号:

李赛, 李晓宇. 基于加密短信验证码的移动安全支付解决方案[J]. 计算机应用, 2017, 37(8): 2270-2274.

LI Sai, LI Xiaoyu. Mobile secure payment solution based on encrypted SMS verification code[J]. Journal of Computer Applications, 2017, 37(8): 2270-2274.

参考文献

[1] 中国互联网络信息中心.第37次中国互联网络发展状况统计报告报告[R]. 北京:中国互联网络信息中心,2016. (China Internet Network Information Center. The 37th China Internet Development Statistics Report[R]. Beijing:CNNIC, 2016.)
[2] 李海飞.移动支付中的安全协议研究[D].西安:西安电子科技大学,2014:7-13. (LI H F. Research on security protocol in mobile payment[D]. Xi'an:Xidian University, 2014:7-13.)
[3] DAHLBERG T, GUO J, ONDRUS J. A critical review of mobile payment research[J]. Journal of Electronic Commerce Research and Applications, 2015, 14(5):265-284.
[4] 杨晨,杨建军.移动支付安全保障技术体系研究[J].信息技术与标准化,2010(7):17-20. (YANG C, YANG J J. Research on the technical system and standardization of security assurance for mobile payment[J]. Information Technology & Standardization, 2010(7):17-20.)
[5] XU Z, ZHANG T, ZENG Y, et al. A secure mobile payment framework based on face authentication[C]//IMECS2015:Proceedings of the 2015 International MultiConference of Engineers and Computer Scientists, LNCS 2215. Berlin:Springer-Verlag, 2015, 1:495-501.
[6] 白璐.信息技术对我国商业银行创新的影响研究[D].长春:吉林大学,2013:13-17. (BAI L. Research on the influence of information technology on the innovation of China's commercial banks[D]. Changchun:Jilin University, 2013:13-17.)
[7] 周晓谊,姚孝明,李益红.互联网金融存在的安全问题亟待解决——以移动远程支付APP为例[J].信息安全与技术,2014,5(10):8-12. (ZHOU X Y, YAO X M, LI Y H. Security problems of Internet finance urge solutions-an example of remote payment APPs on mobile devices[J]. Information Security and Technology, 2014, 5(10):8-12.)
[8] 冯韵.移动支付中身份认证分析与研究[J].信息通信,2012(3):107-109. (FENG Y. Analysis and research of identity authentication in mobile payment[J]. Journal of Information Communication,2012(3):107-109.)
[9] 曹巍,赵滟.一种基于双因素认证的移动支付安全技术研究[J].信息安全与技术,2014,5(2):10-12,15. (CAO W, ZHAO Y. Research on the technology of mobile payment security based on two-factor authentication[J]. Information Security and Technology,2014, 5(2):10-12,15.)
[10] WARD H, GREENWALD G E, SHANAHAN F A. Systems and methods for remote authorization of financial transactions using Public Key Infrastructure (PKI):US, 9462473[P]. 2016-10-04.
[11] 张裔智,赵毅,汤小斌.MD5算法研究[J].计算机科学,2008,35(7):295-297. (ZHANG Y Z, ZHAO Y, TANG X B. Research on MD5 algorithm[J]. Computer Science, 2008, 35(7):295-297.)
[12] DAEMEN J, RIJMEN V.高级加密标准(AES)算法:Rijndael的设计[M].谷大武,徐胜波,译.北京:清华大学出版社,2003:9-52. (DAEMEN J, RIJMEN V. The Design of Rijndael AES:The Advanced Encryption Standard[M].GU D W,XU S B, translated. Beijing:Tsinghua University Press, 2003:9-52.)
[13] 王茜,倪建伟.一种基于RSA的加密算法[J].重庆大学学报(自然科学版),2005,28(1):68-72. (WANG Q, NI J W. An RSA based encryption algorithm[J]. Journal of Chongqing University (Natural Science Edition), 2005, 28(1):68-72.)
[14] 周晓斌,许勇,张凌.一种开放式PKI身份认证模型的研究[J].国防科技大学学报,2013,35(1):169-174. (ZHOU X B, XU Y, ZHANG L. Research on an open PKI identity authentication model[J]. Journal of National University of Defense Technology, 2013, 35(1):169-174.)
[15] 肖振久,胡驰,姜正涛,等.AES与RSA算法优化及其混合加密体制[J].计算机应用研究,2014,31(4):1189-1194. (XIAO Z J,HU C,JIANG Z T et al. AES and RSA algorithm optimization and its hybrid encryption system[J]. Application Research of Computers, 2014, 31(4):1189-1194.)

基于加密短信验证码的移动安全支付解决方案

Mobile secure payment solution based on encrypted SMS verification code

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	刘荣, 潘洪志, 刘波, 祖婷, 方群, 何昕, 王杨. 基于密文策略属性基加密算法的云存储数据更新方法[J]. 计算机应用, 2018, 38(2): 348-351.
[2]	张望, 贾佳, 孟渊, 白旭. 基于高层次综合的AES算法研究与设计[J]. 计算机应用, 2017, 37(5): 1341-1346.
[3]	陈建, 沈潇军, 姚一杨, 邢雅菲, 琚小明. 基于密文策略属性基加密系统访问机制的缓存替换策略[J]. 计算机应用, 2017, 37(10): 2964-2967.
[4]	张呈钰, 王让定, 姚灵, 傅松寅, 左富强, 高旗飞, 蒋铭. 移动支付近场通信智能水表系统[J]. 计算机应用, 2017, 37(1): 166-169.
[5]	江帆, 吴小天, 孙伟. 基于稀疏矩阵的Arnold数字图像加密算法[J]. 计算机应用, 2015, 35(3): 726-731.
[6]	王冠范红杜大海. 云存储访问控制方案的安全性分析与改进[J]. 计算机应用, 2014, 34(2): 373-376.
[7]	周庆黄党志. 基于Ising模型的QR码加密算法[J]. 计算机应用, 2013, 33(10): 2861-2864.
[8]	闫丽霞肖明波. 基于El Gamal算法的数字水印协议[J]. 计算机应用, 2013, 33(09): 2529-2531.
[9]	孔令晶曾华燊李耀. 等级OSPF网的安全保护方案[J]. 计算机应用, 2013, 33(08): 2212-2217.
[10]	刘君昌张曦煌. KNXnet/IP协议安全性分析与改进[J]. 计算机应用, 2011, 31(07): 1912-1916.
[11]	吴升郭新宇肖伯祥陆声链温维亮. 基于非均匀B-样条曲线的加密算法[J]. 计算机应用, 2011, 31(02): 517-519.
[12]	卢辉斌刘海莺. 基于耦合混沌系统的彩色图像加密算法[J]. 计算机应用, 2010, 30(07): 1812-1814.
[13]	张涛. 基于混沌的序列密码算法[J]. 计算机应用, 2010, 30(05): 1221-1223.
[14]	胡宏银姚峰何成万. 一种基于文件过滤驱动的Windows文件安全保护方案[J]. 计算机应用, 2009, 29(1): 168-171.
[15]	熊静张旭魏建赵鸣吴菁鲍世谊. 移动计算环境下的通用安全支付系统框架[J]. 计算机应用, 2008, 28(2): 428-431.