Abstract
M-commerce provides convenient services and has developed rapidly in recent years. But security and privacy have always been major concerns for most users. Among existing payment systems, PayPal as well as Alipay has a third-party payment provider (TPP) but does not provide anonymity. Bitcoin provides anonymity but its decentralized framework without TPP causes high energy consumption and security attack issues. Further information can be deduced from the public decentralized ledger, Bitcoin cannot offer strong privacy guarantees. Therefore, unifying strong anonymity, security and efficiency is challenging in mobile payment. This paper proposes a strong anonymous mobile payment against a curious third-party provider (SATP). A ticket as a new means of payment is partially blindly signed by TPP using certificateless cryptographic primitives. SATP can ensure confidentiality of payment data, non-repudiation and revocation of payment operation, and anonymity of payer’s identity. Especially, it can enable a user to pay anonymously even in face of a curious TPP. Performance analysis shows that SATP avoids high energy consumption like Bitcoin, and its communication cost is less than that of the existing anonymous research work.
Similar content being viewed by others
References
Isaac, J. T., & Zeadally, S. (2014). Design, implementation, and performance analysis of a secure payment protocol in a payment gateway centric model. Computing, 96(7), 587–611.
Preibusch, S., Peetz, T., Acar, G., & Berendt, B. (2016). Shopping for privacy: Purchase details leaked to PayPal. Electronic Commerce Research and Applications, 15, 52–64.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.
Bohannon, J. (2016). The Bitcoin Busts. Science, 351(6278), 1144–1146. https://doi.org/10.1126/science.351.6278.1144.
Conti, M., Lal, C., & Ruj, S. (2017). A survey on security and privacy issues of Bitcoin. arXiv preprint arXiv:1706.00916.
Miyazaki, A. D., & Fernandez, A. (2001). Consumer perceptions of privacy and security risks for online shopping. Journal of Consumer Affairs, 35(1), 27–44.
Specification, S. S. E. T. (1997). Book 3: Formal protocol definition. In SET Secure Electronic Transaction LLC, Version (p. 1).
Bellare, M., Garay, J. A., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., et al. (2000). Design, implementation, and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications, 18(4), 611–627.
Pukkasenung, P., & Chokngamwong, R. (2016). Review and comparison of mobile payment protocol. Advances in parallel and distributed computing and ubiquitous services (pp. 11–20). Singapore: Springer.
Han, J., Yang, Y., Huang, X., Yuen, T. H., Li, J., & Cao, J. (2016). Accountable mobile E-commerce scheme via identity-based plaintext-checkable encryption. Information Sciences, 345, 143–155.
Isaac, J. T., Zeadally, S., & Cámara, J. S. (2012). A lightweight secure mobile payment protocol for vehicular ad-hoc networks (VANETs). Electronic Commerce Research, 12(1), 97–123.
Isern-Deya, A. P., Magdalena Payeras-Capella, M., Mut-Puigserver, M., & Ferrer-Gomila, J. L. (2012). Anonymous, secure and fair micropayment system to access location-based services. In Trustworthy ubiquitous computing (pp. 227–247).
Sekhar, V. C., & Sarvabhatla, M. (2012). Secure lightweight mobile payment protocol using symmetric key techniques. In International Conference on Computer Communication and Informatics (pp. 1–6).
Gong, P., & Li, P. (2015). Further improvement of a certificateless signature scheme without pairing. International Journal of Communication Systems, 27(10), 2083–2091.
Yeh, K. H. (2017). A secure transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments. IEEE Systems Journal, 99, 1–12.
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Crypto (vol. 84, pp. 47–53).
Zhang, F., Safavi-Naini, R., & Susilo, W. (2003). Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In Indocrypt (vol. 2904, pp. 191–204).
Chow, S., Hui, L., Yiu, S., & Chow, K. (2005). Two improved partially blind signature schemes from bilinear pairings. Information security and privacy (pp. 355–411). Berlin: Springer.
Li, F., Zhang, M., & Takagi, T. (2013). Identity-based partially blind signature in the standard model for electronic cash. Mathematical and Computer Modelling, 58(1), 196–203.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213–229). Berlin: Springer.
Pointcheval, D., & Stern, J. (1996). Security proofs for signature schemes. In Eurocrypt (vol. 96, pp. 387–398).
Wang, N. W., Huang, Y. M., & Chen, W. M. (2008). A novel secure communication scheme in vehicular ad hoc networks. Computer Communications, 31(12), 2827–2837.
Chen, L., Ng, S. L., & Wang, G. (2011). Threshold anonymous announcement in VANETs. Selected Areas in Communications, 29(3), 605–615.
Calandriello, G., Papadimitratos, P., Hubaux, J. P., & Lioy, A. (2007). Efficient and robust pseudonymous authentication in VANET. In International workshop on vehicular ad hoc networks, Vanet 2007, Montréal, Québec, Canada (pp. 19–28). OAI.
Acknowledgements
This work was supported by the Major Research Project for Social Science Innovation and Development of Anhui Province (Grant No. 2017ZD005), the Visiting Scholar Projects of Anhui Province for Excellent Young and Middle-aged Backbone Talents (Grant No. gxfxZD2016305), and the Natural Science Foundation of Anhui Province (Grant No. 1608085MF141). We would like to thank the anonymous referees and Editors for their valuable comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Cao, C., Zhu, X. Strong anonymous mobile payment against curious third-party provider. Electron Commer Res 19, 501–520 (2019). https://doi.org/10.1007/s10660-018-9302-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-018-9302-2