U2F based secure mutual authentication protocol for mobile payment

With the increasing popularity of the fintech, the e-commerce market has grown rapidly in last decade, and now the mobile devices are unprecedented popular and playing an ever-increasing role in the e-commerce field, especially the mobile payment. However, it is hard for online authentication technology based on traditional mode to maintain the healthy and stable development of mobile payment. Besides that, it can't meet the security demand of user's privacy or some sensitive information else. In this paper, we propose a secure mutual authentication protocol (SMAP) based on U2F for mobile payment. In this system, the asymmetric cryptosystem is used for mutual authentication between server and client to guarantee a reliable service, which is based on the architecture of U2F. It can resist disguise and dispose counterfeit user. Compared to the current existing modes, the proposed protocol strengthens the security of user's account information as well as individual privacy in whole transaction process with mobile payment. The practice proves that the proposed protocol is secure and convenient.

[1]  Kai Fan,et al.  An ultra-lightweight RFID authentication scheme for mobile commerce , 2017, Peer-to-Peer Netw. Appl..

[2]  Shao Mingxing,et al.  An Empirical Study on Consumer Acceptance of Mobile Payment Based on the Perceived Risk and Trust , 2014, 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[3]  Chengjion Wang The Solution Design Using USB Key for Network Security Authentication , 2012, 2012 Fourth International Conference on Computational Intelligence and Communication Networks.

[4]  Hermann de Meer,et al.  QR code based mutual authentication protocol for Internet of Things , 2016, 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[5]  Wenqi Zhang,et al.  A Mutual Authentication Security RFID Protocol Based on Time Stamp , 2015, 2015 First International Conference on Computational Intelligence Theory, Systems and Applications (CCITSA).

[6]  Dalibor Dobrilovic,et al.  Usage of QR codes in web based system for the electronic market research , 2016, 2016 IEEE 14th International Symposium on Intelligent Systems and Informatics (SISY).

[7]  Jin-wei Yu The program design for the network security authentication based on the USB Key technology , 2011, EMEIT.

[8]  Yu Jin-wei The program design for the network security authentication based on the USB Key technology , 2011, Proceedings of 2011 International Conference on Electronic & Mechanical Engineering and Information Technology.

[9]  Hamid R. Arabnia,et al.  A Methodology to Conceal QR Codes for Security Applications , 2011 .

[10]  Stuart Walker,et al.  NFC performance in mobile payment service compared with a SMS -based solution , 2013, 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE).

[11]  Esma Aïmeur,et al.  Watch Your Mobile Payment: An Empirical Study of Privacy Disclosure , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[12]  Ahmet Cosar,et al.  An open, NFC enabler independent Mobile payment and identification method: NFC feature box , 2016, 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[13]  Hua Jiang Study on Mobile E-commerce Security Payment System , 2008, 2008 International Symposium on Electronic Commerce and Security.

[14]  Xiang Pan,et al.  SafePay: Protecting against credit card forgery with existing magnetic card readers , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[15]  Young-Sil Lee,et al.  Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF) , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[16]  Nael Hirzallah,et al.  A secure mobile payment system using QR code , 2013, 2013 5th International Conference on Computer Science and Information Technology.

[17]  Guy Pujolle,et al.  An online security protocol for NFC payment: Formally analyzed by the scyther tool , 2016, 2016 Second International Conference on Mobile and Secure Services (MobiSecServ).

[18]  Jing-Chiou Liou,et al.  A feasible and cost effective two-factor authentication for online transactions , 2010, The 2nd International Conference on Software Engineering and Data Mining.