摘要
针对移动支付中验证码泄露问题,提出了一种基于无双线性对的无证书公钥加密短信验证码的移动支付系统方案。该方案引入了标记化思想,双因素认证,解决了移动端私钥存储泄露问题。利用无证书公钥密码签密验证码,即使密文被泄露,攻击者也无法得到真正的验证码,从而避免了验证码泄露的风险。分析结果表明,该方案可以有效抵御多种攻击,并能对用户信息进行隐私保护,是一种安全可靠的移动支付方案。
To solve the problem of authentication code leakage in mobile payment,this paper proposed a scheme of mobile payment system based on certificateless public key cryptographic short message authentication code without bilinear pairings.The scheme introduced the idea of markup and two-factor authentication,which solved the problem of private key storage leakage in mobile terminals.Using certificateless public key cryptographic signcryption verification code,even if the ciphertext was leaked,the attacker could not get the real authentication code,thus avoiding the risk of authentication code leakage.The analysis results show that the scheme can effectively resist multiple attacks and protect the privacy of user information.It is a secure and reliable mobile payment scheme.
作者
柳毅
罗子强
Liu Yi;Luo Ziqiang(School of Computer,Guangdong University of Technology,Guangzhou 510006,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第7期2132-2135,共4页
Application Research of Computers
基金
国家自然科学基金资助项目(61572144)
广东省科技计划资助项目(2016B090918125)。
关键词
无证书公钥密码
验证码
移动支付
签密
certificateless public key cryptography
authentication code
mobile payment
signcryption
