摘要
由于移动终端和网络带宽的限制,基于RSA加密算法的电子支付安全协议SET不能被直接用于移动支付。现有移动支付系统都采用对称加密算法,存在一定安全风险,本文提出一个新的基于椭圆曲线加密算法ECC的移动支付协议。该协议除了提供高效的支付认证过程,还确保交易信息从商家到用户的传递,增强用户信息安全性。理论分析证明,ECC不仅能在很短的时间里产生符合条件的密钥,而且在同样破解时间下RSA与ECC密钥长度比大于5:1,这个比例随着破解时间增加而越来越大。新的协议在签名、证书验证、非对称和对称加密次数上较SET协议也明显减少,这样当前移动终端和网络能力完全可以支撑该协议,保证安全有效的移动支付过程。
Owing to the limitations of mobile terminals and network bandwidth, the current Secure Electronic Transaction (SET) protocol based on RSA can not be introduced into mobile payment directly. The present mobile payment system often uses symmetric encryption algorithm which exsits some security risk, in this paper a new secure mobile payment protocol based on ECC (Elliptic curve cryptography) was presented. This protocol not only provides efifcient payment authentication, but also ensures information lfows from merchant to customer that enhances the security of customer’s information. Security analysis and Performance evaluation demonstrates the security and efifciency of the new protocol. Theoretical analysis shows that, ECC can not only meet the requirements of the key generated in a very short time, and at the same time of cracking the code the RSA and ECC key length is greater than 5:1, the ratio increases with increasing time of crack. In the number of signing the certiifcate veriifcation, asymmetric and symmetric encryption the new protocol is also signiifcantly reduced than SET protocol, so the current mobile terminal and network capabilities can support this protocol to ensure safe and effective mobile payment process.
出处
《软件》
2013年第12期202-204,207,共4页
Software
关键词
移动支付
安全
ECC
mobile payments
security
ECC
