Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (8): 2270-2274.DOI: 10.11772/j.issn.1001-9081.2017.08.2270

Previous Articles     Next Articles

Mobile secure payment solution based on encrypted SMS verification code

LI Sai, LI Xiaoyu   

  1. School of Information Engineering, Zhengzhou University, Zhengzhou Henan 450001, China
  • Received:2017-02-10 Revised:2017-04-22 Online:2017-08-10 Published:2017-08-12
  • Supported by:
    his work is partially supported by the National Natural Science Foundation of China (61472412),the Education Department Natural Science Foundation of Henan Province (14A520012).


李赛, 李晓宇   

  1. 郑州大学 信息工程学院, 郑州 450001
  • 通讯作者: 李晓宇
  • 作者简介:李赛(1989-),男,河南永城人,硕士研究生,主要研究方向:移动计算、移动安全;李晓宇(1974-),男,河南南阳人,副教授,博士,CCF会员,主要研究方向:量子计算与量子信息、移动计算。
  • 基金资助:

Abstract: Aiming at the problem that payment verification code is easy to leak during the process of mobile payment, a two-factor mobile payment solution based on encrypted SMS was proposed. Based on the public key system, the Public Key Infrastructure/Certification Authority (PKI/CA) authentication method was used to authenticate the server and the client online, and the registered user name, password and encrypted transaction verification SMS were used to ensure that even if the verification code ciphertext was leaked, the attacker can not obtain the verification code, thus eliminating the risk of theft caused by the verification code leakage. The simulation results show that the response time of the encrypted verification solution using the SMS interface is not very different from the unencrypted solution, and the growth trend is consistent with that of the unencrypted solution and increases linearly with the increase of the user access, which can take into account both of security and effectiveness of the system.

Key words: mobile payment, SMS verification code, two factor authentication, Public Key Infrastructure/Certification Authority (PKI/CA), encryption algorithm

摘要: 针对移动支付过程中支付验证码容易泄露的问题,提出了基于加密短信息验证码的双因素移动支付系统方案。该方案基于公开密钥系统,使用公钥基础设施/认证机构(PKI/CA)的认证方法进行服务器与客户端的在线安全认证,并且利用客户在服务器上注册的用户名、密码和加密的交易验证短信来确保即使验证码密文泄漏,攻击者也无法获取验证码,从而杜绝了验证码泄漏造成的失窃风险。仿真结果表明,加密验证码方案在使用短信接口发送给用户时,系统的反应时间与未加密验证码方案的反应时间差别并不明显,而且增长趋势保持一致,均随着用户访问量的增加呈线性增长,能够兼顾系统的安全性和有效性。

关键词: 移动支付, 短信验证码, 双因素验证, 公钥基础设施/认证机构, 加密算法

CLC Number: