Skip to main content
SpringerLink
Log in

A cloud-based mobile payment system using identity-based signature providing key revocation

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Along with the increasing expansion of wireless networks and mobile devices, security, and efficiency in mobile payment systems have become especially important. In this research, a secure and efficient mobile payment system is provided using an Identity-Based Signature (IBS). In the proposed scheme, issues related to managing digital certificates and also the key escrow problem related to identity-based cryptosystems are resolved. In the proposed system, malicious users are not only tracked but revoked from the system. The security and correctness of the proposed protocol are analyzed theoretically and also ProVerif (Protocol Verifier) automated tool used for verifying the security of the proposed scheme formally. The proposed scheme reduces the computational overhead of mobile devices by modifying system parameters and utilizing a cloud server and demonstrates an appropriate technology to communicate between mobile devices to perform payment transactions. Moreover, the proposed protocol provides more security attributes and reduces the total running time of the signature validation algorithm server-aided compared to existing similar protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Boden J, Maier E, Wilken R (2020) The effect of credit card versus mobile payment on convenience and consumers’ willingness to pay. JRCS 52:101910. https://doi.org/10.1016/j.jretconser.2019.101910

    Article  Google Scholar 

  2. Isaac JT, Zeadally S (2014) Secure mobile payment systems. IT Prof 16:36–43. https://doi.org/10.1109/MITP.2014.40

    Article  Google Scholar 

  3. Bhardwaj A, Subrahmanyam GVB, Avasthi V, Sastry H (2016) Security Algorithms for cloud computing. Procedia Comput Sci 85:535–542. https://doi.org/10.1016/j.procs.2016.05.215

    Article  Google Scholar 

  4. Verma TBAK (2017) Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues. J Supercomput 73:2558–2631. https://doi.org/10.1007/s11227-016-1945-y

    Article  Google Scholar 

  5. Tso R, Yi X, Huang X (2011) Efficient and short certificateless signatures secure against realistic adversaries. J Supercomput 55:173–191. https://doi.org/10.1007/s11227-010-0427-x

    Article  Google Scholar 

  6. Shamir A (1985) Identity-based cryptosystems and signature schemes LNCS 84:47–53. https://doi.org/10.1007/3-540-39568-7_5

    Article  Google Scholar 

  7. Dev D, Baishnab KL (2014) A review and research towards mobile cloud computing. API. https://doi.org/10.1109/MobileCloud.2014.41

    Article  Google Scholar 

  8. Dahlberg T, Guo J, Ondrus J (2015) A critical review of mobile payment research. Electron Commer Res Appl 14:265–284. https://doi.org/10.1016/j.elerap.2015.07.006

    Article  Google Scholar 

  9. Chaum D (1983) Blind signatures for untraceable payments. Adv Crypto 199:199–203. https://doi.org/10.1007/978-1-4757-0602-4_18

    Article  MATH  Google Scholar 

  10. Chang C, Lai Y (2003) A flexible date-attachment scheme on e-cash. Comput Secur 22:160–166. https://doi.org/10.1016/S0167-4048(03)00214-1

    Article  Google Scholar 

  11. Juang WS (2007) D-cash: a flexible pre-paid e-cash scheme for date-attachment. Electron Commer Res Appl 6:74–80. https://doi.org/10.1016/j.elerap.2005.12.001

    Article  Google Scholar 

  12. Fan C, Guan DJ, Wang C, Lin D (2009) Cryptanalysis of Lee-Hwang-Yang blind signature scheme. Comput Stand Interfaces 31:319–320. https://doi.org/10.1016/j.csi.2008.02.002

    Article  Google Scholar 

  13. Desmedt Y, Odlyzko AM (1985) A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes. LNCS 218:516–522. https://doi.org/10.1007/3-540-39799-X_40

    Article  Google Scholar 

  14. Bisel LD (2007) The role of SSL in Cybersecurity. IT Prof 9:22–25. https://doi.org/10.1109/MITP.2007.41

    Article  Google Scholar 

  15. Guan HJ (2009) The Research of SET-Based Electronic Payment System Model. 2009 Int Conf E-bus Inf Syst Secur EBISS 2009. https://doi.org/10.1109/EBISS.2009.5138128.

  16. Frisby W, Moench B, Recht B, Ristenpart T (2012) Security Analysis of Smartphone Point-of-Sale Systems. Woot, pp 1–3. http://dl.acm.org/citation.cfm?id=2372399.2372403.

  17. Leu FY, Huang YL, Wang SM (2015) A secure M-Commerce system based on credit card transaction. Electron Commer Res Appl 14:351–360. https://doi.org/10.1016/j.elerap.2015.05.001

    Article  Google Scholar 

  18. Martínez-Peláez R, Toral-Cruz H, Ruiz J, Velarde-Alvarado P (2015) P2PM-pay: person to person mobile payment scheme controlled by expiration date. Wirel Pers Commun 85:289–304. https://doi.org/10.1007/s11277-015-2738-y

    Article  Google Scholar 

  19. Hou M, Xu Q, Lin F (2012) An efficient certificate revocation and verification scheme from multi-Hashing. Compute 7:1437–1444. https://doi.org/10.4304/jcp.7.6.1437-1444

    Article  Google Scholar 

  20. Hu Q, Asghar MR, Brownlee N (2019) Checking certificate revocation efficiently using certificate revocation guard. JISA 48:102356. https://doi.org/10.1016/j.jisa.2019.06.012

    Article  Google Scholar 

  21. Isaac JT, Zeadally S (2012) An anonymous secure payment protocol in a payment gateway centric model. Procedia Comput Sci 10:758–765. https://doi.org/10.1016/j.procs.2012.06.097

    Article  Google Scholar 

  22. Yang JH, Lin PY (2016) A mobile payment mechanism with anonymity for cloud computing. J Syst Softw 116:69–74. https://doi.org/10.1016/j.jss.2015.07.023

    Article  Google Scholar 

  23. Paar C, Pelzl J (2010) Understanding cryptography A textbook for students and practitioners. Springer, Heidelberg, pp 1–239. https://doi.org/10.1007/978-3-642-04101-3.

  24. Qin Zhen, Sun J, Wahaballa A, Zheng W, Xiong H, Qin Zhiguang (2017) A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing. Comput Stand Interfaces 54:55–60. https://doi.org/10.1016/j.csi.2016.11.012

    Article  Google Scholar 

  25. Huang X, Mu Y, Susilo W, Wong DS, Wu W (2012) Certificateless signatures: new schemes and security models. Comput J 55:457–474. https://doi.org/10.1093/comjnl/bxr097

    Article  Google Scholar 

  26. Zhang C, Lu R, Lin X, Ho PH, Shen X (2008) An efficient identity-based batch verification scheme for vehicular sensor networks. API, pp 816–824. https://doi.org/10.1109/INFOCOM.2008.58.

  27. Liao Y, He Y, Li F, Zhou S (2018) Analysis of a mobile payment protocol with outsourced verification in cloud server and the improvement. Comput Stand Interfaces 56:101–106. https://doi.org/10.1016/j.csi.2017.09.008

    Article  Google Scholar 

  28. Boyen X (2008) A tapestry of identity-based encryption: practical frameworks compared. IJACT 1:3–21. https://doi.org/10.1504/IJACT.2008.017047

    Article  MathSciNet  MATH  Google Scholar 

  29. Penttinen JTJ (2017) Wireless communications security: solution for the Internet of Things. Wiley Online Library, pp 189–206. https://doi.org/10.1002/9781119084402.

  30. Fu Y, Chen CS, Zhou H (2009) Smart phone for mobile commerce. Comput Stand Interfaces 31:740–747. https://doi.org/10.1016/j.csi.2008.09.016

    Article  Google Scholar 

  31. Rodríguez-Hernández MC, Ilarri S (2015) Pull-based recommendations in mobile environments. Comput Stand Interfaces 44:185–204. https://doi.org/10.1016/j.csi.2015.08.002

    Article  Google Scholar 

  32. Park S, Lee I (2019) Enhanced signature RTD transaction scheme based on Chebyshev polynomial for mobile payments service in IoT device environment. J Supercomput 75:4617–4637. https://doi.org/10.1007/s11227-018-2546-8

    Article  Google Scholar 

  33. Badra M, Badra RB (2016) A lightweight security protocol for NFC-based mobile payments. Procedia Comput Sci 83:705–711. https://doi.org/10.1016/j.procs.2016.04.156

    Article  Google Scholar 

  34. Ning J, Ming L, Yang H (2014) An anonymous e-rental protocol based on ID-based cryptography and NFC. J Supercomput 70:31–53. https://doi.org/10.1007/s11227-013-1051-3

    Article  Google Scholar 

  35. Yang JH (2017) An electronic transaction mechanism using mobile devices for cloud computing. Wirel Pers Commun 94:713–724. https://doi.org/10.1007/s11277-016-3646-5

    Article  Google Scholar 

  36. Jia X, He D, Zeadally S, Li LI (2017) Efficient revocable ID-based signature with cloud revocation server. API 5:2945–2954. https://doi.org/10.1109/ACCESS.2017.2676021

    Article  Google Scholar 

  37. Blanchet B (2016) Modeling and verifying security protocols with the applied Pi Calculus and ProVerif. Foundations Trends Priv Secur 1:1–135. https://doi.org/10.1561/3300000004

    Article  Google Scholar 

  38. Blanchet B, Smyth B, Cheval V, Sylvestre M (2017) Automatic cryptographic protocol verifier, user manual and tutorial. http://www.cs.bham.ac.uk/~bas/papers/ProVerif-manual-version-1.98pl1.pdf.

  39. Scott M (2011) On the Efficient Implementation of Pairing-Based Protocols. LNCS 7089:296–308. https://doi.org/10.1007/978-3-642-25516-8_18

    Article  MATH  Google Scholar 

Download references

Acknowledgements

The authors sincerely thank this journal for giving chances to proposing the scheme.

Author information

Authors and Affiliations

  1. Department of Computer, Faculty of Engineering, Shahrekord Branch, Islamic Azad University, Shahrekord, Iran

    Fatemeh Alidadi Shamsabadi & Shaghayegh Bakhtiari Chehelcheshmeh

Authors
  1. Fatemeh Alidadi Shamsabadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaghayegh Bakhtiari Chehelcheshmeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaghayegh Bakhtiari Chehelcheshmeh.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alidadi Shamsabadi, F., Bakhtiari Chehelcheshmeh, S. A cloud-based mobile payment system using identity-based signature providing key revocation. J Supercomput 78, 2503–2527 (2022). https://doi.org/10.1007/s11227-021-03830-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-03830-4

Keywords

Search

Navigation