Skip to main content
SpringerLink
Log in

Secure and Efficient Mobile Payment Using QR Code in an Environment with Dishonest Authority

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10066))

Abstract

Quick response (QR) code payment has become the mainstream of mobile payment in China. However, severe security threat greatly influences consumer confidence. Unifying security and convenience of QR code is a difficult issue. The paper proposes a secure and efficient mobile payment (SEMP) solution where signed and encrypted payment data are embedded into QR code. Since private keys are issued by fully distributed private key generators (PKGs), no matter malicious user, dishonest third party payment platform (TPP), or dishonest PKG, can not impersonate a legal person to authorize a payment or eavesdrop on the communication to obtain privacy information. The scheme has confidentiality and unforgeability. Especially, it can resist against authority attacks. Since no public key certificate is required, it has clear advantage over existing PKI schemes. The comparisons with related schemes show our SEMP scheme maintains less communication cost, while it provides higher security level. So it can better meet security and convenient requirements of mobile payment and it can apply in the QR code payment environment with dishonest authority.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Heidelberg (2014). doi:10.1007/978-3-319-07620-1_8

    Google Scholar 

  2. Tencent Inc. (2016). https://wx.qq.com/

  3. Alibaba Group (2016). https://www.alipay.com/

  4. Shah, D., Shah, Y.: QR code and its security issues. Int. J. Comput. Sci. 2(11), 22–26 (2014)

    Google Scholar 

  5. Yao, H., Shin, D.: Towards preventing qr code based attacks on android phone using security warnings. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346 (2013)

    Google Scholar 

  6. Wang, C.D., Feng, C.R., Gao, S.M.: Research on the security of two-dimension code used in the mobile payment. J. Tian Jin Univ. Technol. 30(3), 15–20 (2014)

    MathSciNet  Google Scholar 

  7. Czuszynski, K., Ruminski, J.: Interaction with medical data using QR-codes. In: Human System Interactions (HSI), pp. 182–187 (2014)

    Google Scholar 

  8. Lee, J., Cho, C.H., Jun, M.S.: Secure quick response-payment (QR-Pay) system using mobile device. In: Advanced Communication Technology (ICACT), pp. 1424–1427 (2011)

    Google Scholar 

  9. Han, J., Yang, Y., Huang, X., Yuen, T.H., Li, J., Cao, J.: Accountable mobile E-commerce scheme via identity-based plaintext-checkable encryption. Inf. Sci. 345, 143–155 (2016)

    Article  Google Scholar 

  10. Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_24

    Chapter  Google Scholar 

  11. Libert, B., Vergnaud, D.: Towards practical black-box accountable authority IBE: weak black-box traceability with short ciphertexts and private keys. IEEE Trans. Inf. Theor. 57(10), 7189–7204 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  12. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi:10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  13. Paterson, K.G.: ID-based signatures from pairings on elliptic curve. Electron. Lett. 38(18), 1025–1026 (2002)

    Article  Google Scholar 

  14. Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Foundations of Computer Science, pp. 427–438 (1987)

    Google Scholar 

  15. Chen, L., Ng, S.L., Wang, G.: Threshold anonymous announcement in VANETs. Sel. Areas Commun. 29(3), 605–615 (2011)

    Google Scholar 

  16. Milburn, J., Lee, H.: FassKey: a secure and convenient authentication system. In: IEEE Netsoft Conference and Workshops, pp. 489–495 (2016)

    Google Scholar 

  17. Steve, G.: SQRL–Secure Quick Reliable Login (2013). https://www.grc.com/sqrl/sqrl.htm

  18. Raya, M., Hubaux, J.P.: Securing vehicular ad hoc networks. J. Comput. Secur. 15(1), 39–68 (2007)

    Article  Google Scholar 

  19. Calandriello, G., Papadimitratos, P., Hubaux, J.P., Lioy, A.: On the performance of secure vehicular communication systems. IEEE Trans. Dependable Secure Comput. 8(6), 898–912 (2011)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the Natural Science Foundation of Anhui Province (Grant No.1608085MF141), by the Fundamental Research Funds for the Central Universities (Grant No. J2014HGBZ0131) and by the Humanity and Social Science Key Foundation of Anhui Province (Grant No. SK2015A578).

Author information

Authors and Affiliations

  1. School of Computer and Information, Hefei University of Technology, Hefei, 230009, China

    Xiaoling Zhu, Zhengfeng Hou, Donghui Hu & Jing Zhang

Authors
  1. Xiaoling Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhengfeng Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Donghui Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoling Zhu .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Department of Computer Science, Colorado State University, Fort Collins, Colorado, USA

    Indrakshi Ray

  3. University of the West of Scotland, Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

  4. Indian Institute of Information Technology and Management, Kerala (IIITMK), Trivandrum, Kerala, India

    Sabu M. Thampi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Zhu, X., Hou, Z., Hu, D., Zhang, J. (2016). Secure and Efficient Mobile Payment Using QR Code in an Environment with Dishonest Authority. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49148-6_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49147-9

  • Online ISBN: 978-3-319-49148-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation